Credit card thieves are everywhere, and they love shopping online. In fact, most of the time people don’t even need to steal a physical credit card, but they can capture important information from insecure servers. This sucks as a customer, but it sucks even more for companies that face chargebacks and lose money by sending orders that are never paid for.
Shopify has a built-in risk assessment function to help mark orders that look suspicious. These orders have been shipped through Shopify and meet certain fraud criteria. Here’s a closer look.
WHAT DOES IT MEAN TO RECEIVE A “HIGH RISK” FLAG?
A “high risk” flag means that someone who has purchased one of your items meets certain criteria that call the order into question. You’ll see it on the ordering page, marked with a small orange flag on the item line, and you’ll also receive a notification email if you’re subscribed.
There are two levels of risk analysis you can get, depending on your Shopify plan.
Shopify Basic members who do not use Shopify Pay will receive a risk summary. Click on the order number on your Buy Orders page to view it.
The notification will tell you what criteria you found suspicious, so that you can be better informed.
Companies that use the Shopify standard plan or higher (or Shopify Basic with Shopify Pay) will get a higher level, and your Enhanced Risk Analysis will actually tell you the level of risk associated with a purchase. The higher level risk analysis performs some additional checks.
The Address Verification System (AVS) verification examines whether the billing address the customer entered is the same as the credit card company has on file.
The Card Verification Value (CVV) is the small 3 or 4 digit code that appears on the back of your credit card. Asking for it is a way to make sure that whoever put your card on your website has the card in their possession. This works because CVVs are prohibited from being stored.
IP Address Check Checks to see if the country the customer bought in and the country, they live in are the same. An IP address check also includes blocking a customer from buying if his payment has failed several times (for example, if he is guessing the credit card or identifying details).
Alternatively, if you are a Shopify Plus merchant, try using Shopify Flow to automate your high-risk order reviews. Here’s a tutorial on how to set up automation to send a notification to your customer service team to review high-risk orders.
WHAT SHOULD YOU DO IF SOMEONE IS BEING SUSPICIOUS?
If your risk analysis comes back with something suspicious, it’s not a bad idea to check it again, especially if it’s an unusually high value order. Sometimes this only takes a few minutes and could save you money from a fraudulent purchase or chargeback.
Here are some things you can do:
ARE THE ADDRESSES THE SAME?
Check the IP address to see if the order was placed from the same country as the customer’s address. The IP address will be at the bottom of an extended risk assessment. You can use a free tool to find out.
Also take a look to see if you have multiple orders going to the same shipping address, but for different credit cards and billing addresses. This could be a serial thief.
CONTACT THE CUSTOMER
It’s no big deal to call the customer and ask if they have placed an order with you, and most people would appreciate it if you would try to avoid fraud. Ask them to verify some identity details they should know from the top of their head. You’ll have to follow your instincts, but if someone isn’t able to answer basic questions, cancel the order.
DO A LITTLE RESEARCH ONLINE
A few thieves with fraud stories will have their information (such as their email address) posted somewhere online and marked as fraudulent. Do a basic Google search for the email address used and “fraud” or a similar keyword and see if anything appears.
If you find someone who is making suspicious deals, consider posting their email address in a comment to help the next person.
PROTECT YOURSELF FROM FUTURE ATTEMPTS
You can install Shopify’s watchdog, the Shopify Fraud Filter, which is an application that allows you to place filters to prevent common fraudulent practices. It’s free and helps you detect some fraudulent orders that may go unnoticed.
MANUALLY PROCESS CREDIT CARDS
If you are discovering that fraud is a common problem in your business, you may want to consider manually processing credit cards rather than having them processed automatically. It’s a hassle, but it gives you an extra chance to deal with the fraud before it happens, rather than a chargeback after the order is shipped.
WANT MORE HELP MAKING YOUR WEBSITE MORE SECURE?
We are web developers for e-commerce companies that use Shopify. We are a certified Shopify expert and can help you establish a safer business for you and your customers.