Since my ecommerce SEO stratgeies started paying off, I’ve had to deal with a spate of Shopify high-risk orders in my store. A lot of these orders (in the abandoned checkouts) were made using dodgy payment details which Shopify thankfully declined.
This is because Shopify’s fraud protection systems automatically flag up any orders that it thinks might be potentially fraudulent. This is a crucial safety net that helps to quickly approve legitimate transactions while allowing you, the seller, to review before fulfilling high-risk orders.
While the red triangle might often be a pain in the neck, this system reduces chargebacks – a bigger pain in the neck. It also reduces the likelihood of false declines while increasing your order approval rates. However, you, as a Shopify seller, have a part to play in keeping the process seamless. You still need to understand how to investigate an order before fulfilling it so you don’t lose money.
How Shopify’s Fraud Detection System Works
Shopify uses a machine learning algorithm to automatically spot and flag orders that “smell fishy”. According to Shopify, the system uses 10 (yes, ten!) indicators to categorize orders by the risk of attracting a chargeback – high, medium, or low risk.
However, it isn’t all black and white. Limited transparency into the intricate details of Shopify’s fraud analysis system can make it challenging for store owners to decide whether or not to accept high-risk orders. It rates each of these as positive (green), negative (red), or neutral (gray). Now, for the available details:
1. Characteristics of this order are similar to fraudulent orders observed in the past
This notice is reserved for serial chargeback filers. If you fulfill an order with this notice, you might find that the customer files a chargeback for a ‘fraudulent transaction’ – usually after the product has been dispatched. Refund or request a bank transfer instead.
2. The location of IP address used to place the order is [City, State, Country]
This is often a neutral indicator. This indicator might mean that the address where the order was placed is significantly far from the billing address — indicating that the card may be stolen. The order originated from a region notorious for high-risk orders, so tread carefully.
3. Card Verification Value (CVV) is [correct/incorrect]
A CVV acts as the “passcode” to ensure a credit card belongs to the person using it. An incorrect CVV may mean a fraudster found the card info online but doesn’t have the actual card in hand. Never complete a transaction without the right CVV.
4. Billing street address doesn’t match credit card’s registered address
A billing address should usually match the credit card’s registered address – except for cases where the order is a gift. If in doubt, call the customer to figure out the reason for the mismatch.
5. Billing address ZIP or postal code doesn’t match the credit card’s registered address
Scammers often try to add slightly off information to confuse systems and avoid getting caught sooner. If the billing postal code is wrong, it should tingle your spidey senses.
6. There were X payment attempts
More than one payment attempt with multiple methods could mean that the buyer doesn’t have the necessary funds to pay. Or, it could mean someone is trying out as many (usually stolen) cards as they can get their hand on. If you smell a rat, don’t fulfill.
7. Payment was made with X credit card[s]
Using multiple credit cards on one order might also mean the buyer doesn’t have the funds to pay for it. In this case, use caution when handling orders.
8. Shipping address is within X miles from location of IP address
Shipping addresses are expected to be close to the IP address from which the order is placed. However, this isn’t an exact science, as it’s perfectly normal for people to send gifts directly to friends’ and family members’ houses.
9. Billing country doesn’t match the country from which the order was placed
The vast majority of online shoppers place orders from the country where their billing details are registered. If a transaction doesn’t follow this convention, review it to ensure that you’re not dealing with a case of card theft with a potential chargeback for you down the line.
10. The IP address used to place the order is a high-risk internet connection (web proxy)
Shopify’s risk analysis systems help you identify high-risk web servers. Higher-risk internet connections may indicate that payment credentials have been stolen and are being tested out on your store. Refund ASAP to save yourself a chargeback.
Identify Shopify High-Risk Orders Yourself
Suspicious orders are sadly the bane of every Shopify store owner’s existence. Shopify’s fraud filters already offer a first-level screen of all your orders, as they handle time-consuming tasks (e.g making sure that billing and shipping addresses match). Ultimately, it falls on you, the store owner to implement your own checks and identify high-risk orders likely to cost you money.
What To Do When a Shopify Order Is Marked as High-Risk?
So, you have a high-risk order. What do you do next? Fulfill, review, or cancel? Knowing what to do at this point can be tricky, so we’ve outlined this nine-step action plan to help you whenever you get a high-risk order. Let’s delve in:
1. Review
Familiarize yourself with the order details. Review the Shopify fraud assessment to find what exactly triggered the flag. Take notes of what the customer ordered, when, and how, as well as any patterns, so you’re prepared to question the customer about it if necessary.
2. Verify the IP address used to make the order
Find the IP address in the order’s “Additional Information.” The IP address can help you learn more about where the order geographically came from. Online tools like WhatIsMyIP.com can help you find out details like the location of the IP address, their internet service provider (ISP), and more.
Clues to look out for that an order might be fraudulent include:
- A different IP address from where the customer claims to be
- An IP address that belongs to a web hosting company rather than an individual
- A proxy service IP address
Any signs like these that smell fishy should lead you to investigate further.
3. Call the customer
If you can’t reach the number on the order, that’s an automatic red flag. If you get the buyer on the phone, ask them to verify simple information about the order. A fraudster might struggle to come up with the answers quickly on the spot.
4. Verify identity
Manually verify customer details by requesting copies of their ID or credit card used for suspected fraudulent orders. If the stakes are higher, proactively collect further evidence that could help in a chargeback case, such as:
- Written confirmation that the ‘customer’ intended to purchase the item(s)
- Photos of the products/packaging used prior to shipping
- Delivery confirmation with photos from the shipping provider
Professionalism is key when asking a customer to prove their identity or intent. Try to avoid making them feel like you’re holding their products ransom, as they may not have done anything wrong.
5. Conduct an email search
Pop the email address into a search engine to see if it was used in any noted fraud attempts in the past. This search might also show results for associated social media accounts, helping you verify the authenticity of the customer.
6. Returning customer or first-time customer?
As a rule of thumb, first-time customers placing large orders present a high risk. You could lose both your goods and the money paid, especially if there are no valid details for reaching the customer. Additionally, this could trigger a chargeback. Get enough chargebacks, and your Shopify payments account could get restricted.
7. Review shipping and billing addresses
Has the shipping address been used in prior or concurrent orders? Shipping multiple orders to the same shipping address using multiple payment methods for each is a popular third-party fraud tactic.
8. Decide what to do
If you’re satisfied with your investigations, complete the order. If you’re still wary, consider delaying shipping until you’re absolutely sure the order is correct.
If you’re not satisfied, cancel the order in your Shopify store admin.
9. Report fraud to appropriate authorities
If you think the fraudulent order is part of a larger scheme, you can contact the authorities with the information you have. You could prevent more vulnerable businesses from losing money and products to the same scammers.
Tips for Merchants to Avoid Fraudulent Orders
Okay, that’s over, and you can finally relax, right? Well, not really. If you don’t manage high-risk orders as a hobby, you should future-proof your operations to better identify and deal with high-risk orders seamlessly.
Here’s how you can do this:
Use fraud prevention tools
Shopify offers a boatload of fraud analysis and prevention tools, including their native Fraud Filter app, which you can use for:
- Potential fraud notifications
- Automatic high-risk order cancellations
- Creating filters for ‘troublesome’ customers or fishy site referrals
- Creating filters for certain brands of credit cards
Create automated fraud notification workflows
Another native Shopify tool, Flow, allows you to create automated workflows to detect fraud. Flow helps you define set conditions for labeling orders as risky. It also helps you orchestrate a series of actions for high-risk orders (e.g., “send a notification for review’).
Set order limits
If, for some reason, you need to pull out the big guns, you can set limits on how much individual customers can spend in your store. While this goes against the basic tenets of why you started the store in the first place, it can help you lower losses in the event of a chargeback. Again, not advisable. Only treat it as an extreme measure.
Use payment gateways
Third-party tools like PayPal and Stripe have built-in machine learning algorithms and fraud prevention measures to help protect you. So leverage these and don’t rely on Shopify payments alone.
Improve Your Shopify Site With Plug In Useful
Handling Shopify high-risk orders in only one cog in the wheel of maintaining a thriving Shopify store. Protecting your ecommerce business from malicious parties is crucial when you start benefiting from increased traffic to your online store.
If, however, you haven’t yet planted the seeds of future organic traffic and are still struggling to get customers to find your store, you can start by installing Plug In SEO. Plug In SEO helps your store rank higher in search results by finding and fixing issues preventing your store from ranking – without hiring an expensive Shopify expert.
If you’d like to know more about how Plug In SEO can boost your organic traffic, send us a message.
You must be logged in to post a comment.