Preventing fraud
Your Shopify store provides you with information and tools to help you review and prevent potential fraudulent activity. For example, Fraud analysis uses machine learning to flag suspicious orders, helping you decide which orders to fulfill. You can also use features such as Shopify Protect, card testing protection, and proxy detection to reduce your exposure to fraud and help you decide if you should cancel and refund an order. If you use Shopify Payments, then you have access to additional fraud prevention features such as dynamic 3D Secure checkout and dispute management.
A transaction that isn't authorized by a customer is referred to as fraudulent. A fraudulent transaction can result in a chargeback, that can cause you to lose money. Shopify's built-in fraud analysis uses machine learning algorithms to help bring suspicious orders to your attention. You can investigate a suspicious order in several ways.
Understanding how to identify and respond to fraudulent transactions is essential for protecting your business. You can review customer information such as IP addresses, email addresses, and billing information to help determine whether an order is legitimate. You can also adjust your payment capture settings to manually review high-risk orders before processing a payment, giving you more control over which transactions you accept.
If you opt not to fulfill a high-risk order, then you can cancel and refund the order.
On this page
Fraud prevention tools in Shopify
Review the following table to learn more about various fraud prevention features and tools in Shopify. You can use them to reduce fraud and its impact on your store.
| Feature | Availability | Description |
|---|---|---|
| Fraud analysis | Stores that use Shopify Payments. Stores that use most third-party payment processors and are on the Grow, Advanced, or Shopify Plus plan. | Use fraud analysis to help decide which orders to fulfill, based on key insights and risk levels. |
| Shopify Protect | US stores that use Shop Pay. | Use Shopify Protect to protect eligible orders against fraudulent and unrecognized chargebacks. |
| Shopify Flow | Stores on the Basic, Grow, Advanced, or Shopify Plus plan. Stores that use Shopify Fulfillment Network (SFN). | Use Shopify Flow's workflows to create rules, allow lists, and block lists that control which orders your store accepts. |
| Dynamic 3DS | Stores that use Shopify Payments. | If you use Shopify Payments and your store is located in a PSD2 region, then you automatically use a 3D Secure (3DS) checkout flow. Shopify Payments only uses 3DS when required by the card-issuing bank. |
| Card testing protection | Stores that use Shopify Payments. | Integrated card testing protection helps to prevent credit card fraud at checkout. |
| Dispute management | Stores that use Shopify Payments | Dispute management is automated to help you to focus on running your business. |
| Proxy detection | Stores that use Shopify Payments. | Customers using a proxy service or IP address are flagged. |
| Authorization rate optimization | Stores that are on the Shopify Plus plan and use Shopify Payments. | Shopify Payments uses machine learning to optimize the authorization rates for transactions, which can help to increase the number of accepted authorizations and lessen the number of declined transactions in your store. This is done by improving the information that's provided to payment processors when a transaction is submitted, and by recovering declined transactions with smart retries and rerouting. |
| Payment capture control | Stores that don't use Shopify Payments. | When your store automatically captures payments for all orders, including high-risk ones, be aware of the third-party transaction fees relevant for your orders. You can control the orders that you accept payment from, and when you accept the payment, with the Payment capture settings in your Shopify admin's Payments page. |
Reviewing customer information
Shopify’s fraud analysis lets you review customer details and provides information about potentially suspicious information on your orders. The following are customer details you can review to help you decide when an order is suspicious and should be cancelled.
Verify the internet protocol (IP) address
The IP address that an order was placed from can indicate potential fraud. Review the following considerations when reviewing the customer’s IP address:
- Is the customer's IP address located in a different general area from where they claim to be?
- Is the IP address for a web hosting company?
- Is the IP address a proxy service IP address?
If any of these statements are true, then you need to contact the customer to verify the authenticity of the order.
You can use the following free tools to quickly determine the geographical location, internet service provider (ISP), and other information about a specific IP address:
- http://www.whatismyip.com/ip-tools/ip-address-lookup
- http://www.ip2location.com
- http://www.infosniper.net
You can find the IP address that's associated with the order in the fraud analysis section of the order detail page.
Call the phone number on the order
Calling the customer is always a good idea. You can also use a service such as 411.com to make sure the phone number is located in the same area code as the billing address. Fraudulent customers often use invalid phone numbers. If someone answers the phone, then ask them some simple questions about their order and consider how they respond. Do they know the addresses, phone number, email, and name they used? Are they struggling to give you simple pieces of information?
Search for the email address
Searching for the email address on Google or another search engine can help you determine whether the email address was used in documented fraud attempts. You might also be able to find social media posts or other information that ties the customer to the email address.
Reviewing shipping details
Shopify's fraud analysis tools highlight any issues with an order's shipping details that could be potential fraud. The following are shipping details you can review to help you decide when an order is suspicious and should be cancelled.
Billing and shipping addresses
Bad actors can provide a shipping address that doesn't match the billing address. You can use Google Maps to map out addresses and visualize the distance between them. If the distance between two addresses is significant (different continents, for example), then the order is potentially fraudulent. Keep in mind that legitimate shoppers sending a gift or buying on behalf of someone else might have different addresses.
Multiple orders using different billing addresses for the same shipping address
If there are multiple orders with different billing addresses located in different states, with different names, but sharing the same shipping destination, then this can be a sign of fraudulent orders. Carefully review the order details, and contact the customers using the information provided at checkout.
Card testing and repeat fraud
Card testing, also known as carding, account testing, and card enumeration, is a type of fraudulent activity where someone uses automated scripts to test whether stolen card details are valid. Fraudsters run many small payment attempts at once to identify which cards are active. Confirmed cards are then used for larger purchases or resold.
Some attacks involve attempts to save card details rather than complete a purchase. These attempts might not appear on cardholder statements, so the activity can go unnoticed longer. These attempts result in many declined transactions and a rise in abandoned checkouts, but some might result in placed orders. Cardholders whose details were used without their knowledge can later file chargebacks with their bank for any unauthorized charges.
Each chargeback counts toward your chargeback rate regardless of whether you win or lose the dispute. A surge of declined transactions can also increase your decline rate for legitimate customers, even after an attack stops. Learn more about how chargebacks work.
To reduce your exposure to card testing and the chargebacks that can follow, take the following steps:
- Cancel high-risk orders before fulfillment: Use fraud analysis to identify suspicious orders. Canceling or voiding an order can help reduce the risk of a chargeback, but it doesn't prevent the cardholder's bank from filing one. Authorization holds can appear on the real cardholder's statement even when no payment is captured. If the cardholder reports the hold to their bank as unauthorized, then their bank can file a chargeback against your store.
- Use manual payment capture: Use manual payment capture to review high-risk orders before funds are collected.
- Automate fraud prevention with Shopify Flow: Use Shopify Flow to create workflows that automatically flag, hold, or cancel orders matching high-risk patterns, without having to review each order manually.
- Review your Shopify Payments fraud-prevention settings: If you use Shopify Payments, then review the fraud prevention tools available to your store. You can configure AVS and CVV fraud filters and use the Fraud Control app to block specific email addresses, IP addresses, or billing details.
To manage and respond to any disputes that are filed, go to Orders in your Shopify admin and review your open chargebacks and inquiries.
For general chargeback prevention practices, refer to preventing chargebacks and inquiries.
Adjusting your payment capture settings
Transaction fees are charged for all processed payments made through a third-party payment provider, and aren't returned to you when you issue a refund. You can change your payment capture settings to prevent automatic payment capture for certain orders and reduce the potential impact of the transaction fees for fraudulent orders to your business.
Review the following alternatives to automatically capturing payments:
- Adjusting your Payment capture settings to capture payments manually.
- Using a manual payment method, such as a bank deposit or cash on delivery (COD).
Manually capturing payments adds an additional step in your order fulfillment workflow, but gives you greater control over capturing payment for specific orders. You can assess the potential cost of transaction fees and the time it adds to your fulfillment workflow to determine what is right for your business.