Risky Business

Posted on

Shopify’s Risk Analysis feature and how you can protect your business from fraudulent orders

Credit card thieves are everywhere, and they love online shopping. In fact, most of the time people don’t even need to nick an actual credit card, but can capture sensitive information from insecure servers. This sucks as a customer, but sucks even more for businesses who face chargebacks and lose money by shipping out orders that are never paid for.

Shopify has a built-in risk assessment feature to help flag orders that seem...well, fishy. These orders have been put through Shopify and meet certain criteria for being fraudulent. Here’s a closer look.

What does it mean when you receive a “high risk” flag

A “high risk flag” means whoever bought one of your items meets certain criteria that puts the order into question. You’ll see it on your order page, marked with a little orange flag on the line-item, and you’ll also receive a notification email if you’re subscribed.

There are two levels of risk analysis you can get, depending on your Shopify plan.

Shopify Basic members who don’t use Shopify Pay will get a risk summary. Click on the order number from your Shopify Orders page to view it. It will look something like this:

This will tell you what criteria seemed suspicious, so you can be better informed.

Companies using the standard Shopify plan or above (or Shopify Basic with Shopify Pay) will get a level further, and your Enhanced Risk Analysis will actually tell you the level of risk associated with a purchase. The higher-level risk analysis performs a few additional checks:

  • Address Verification System (AVS) check looks at whether the billing address the customer entered is the same as the one the credit card company has on file.
  • Card Verification Value (CVV) is that little 3 or 4 digit code on the back of your credit card. Asking for it is a way of making sure whoever entered their card on your site actually has the card in their possession. This works because CVVs are prohibited from being stored.
  • IP Address Check sees if the country that the customer bought from and the country they live in are the same. An IP Address Check also includes blocking a customer from buying if their payment failed multiple times (like if they are guessing credit card or identify details)

Alternatively, If you're a Shopify Plus merchant, try using Shopify Flow to automate your high risk order reviews. Here's a tutorial on how to set up an automation to send a notification to your customer service team to review high risk orders.

What should you do if someone’s being fishy?

If your risk analysis comes back with something suspicious, it’s not a bad idea to double-check - especially if it’s an unusually high-value order. Sometimes this only takes a few moments, and could save you money from a fraudulent purchase or chargeback.

Here are a few things you can do:

1. Do the addresses make sense?

Check the IP Address to see if the order was placed from the same country as the customer’s address. The IP address will be at the bottom of an extended risk assessment. You can use a free tool to find out.

Also take a look to see if you have multiple orders going to the same shipping address, but from different credit cards and billing addresses. This could be a serial stealer.

2. Get in touch with the customer

It’s no big deal to call the customer and just ask them if they’ve placed an order with you -- and most people would be grateful you’re trying to prevent fraud. Have them verify a few identity details that they should know off the top of their head. You’ll have to go by your gut, but if someone isn’t able to answer basic questions, cancel the order.

3. Do some online digging

Quite a few Bad Guys with Histories of Fraud will have their information (such as their email address) posted somewhere online and marked as fraudulent. Do a basic Google search for the email address used and “fraud” or a similar keyword and see if something comes up.

And hey, if you do find someone who’s doing shady deals, think about posting their email address in a comment to help the next person out.

4. Guard yourself from future attempts

You can install Shopify’s guard dog, the Shopify Fraud Filter, which is an app that lets you put up filters to prevent common fraudulent practices. It’s free, and helps you catch some extra fraudulent orders that may slip through the cracks.

5. Manually process credit cards

If you’re finding that fraud is a common issue with your company, you can consider manually processing credit cards instead of having them automatically go through. It’s a hassle, but it does give you an extra chance to deal with fraud before it happens, rather than a chargeback after the fact.

Want more help making your website safer?

Elkfox is a web developer for e-commerce businesses using Shopify. We are a certified Shopify Expert and can help you set up a safer and more secure business for you and your customers. Talk to us today to learn more.