Shopify has grown exponentially since its IPO in 2015, with more than 29% of online businesses using the platform to meet their eCommerce needs.
If you are running an eCommerce store on Shopify, chances are that you've already experienced fraudulent and high-risk orders.
The process is often the same: A scammer steals credit card information from unsuspecting cardholders and places an order on your website. A few days later, the card owner finds out about the bill and slaps you with a chargeback.
Suppose you're not yet acquainted with the chargeback construct. In that case, it's helpful to give you a quick overview of the concept before we continue.
A chargeback occurs when a customer disputes a transaction directly with their issuing bank. The merchant will then re-present the transaction to the customer's bank via the card network before reclaiming the funds. That is if the bank ruled in their favor.
Chargebacks cost e-commerce businesses upwards of $40bn a year, and the typical reasons for chargebacks include:
According to industry data, even though 43% of merchants respond to chargebacks, the average net recovery rate is just 12%.
That said, the rest of this article will provide you with all you need to know to handle fraudulent and high-risk orders on your Shopify store effectively.
What is a high-risk Shopify order?
A high-risk Shopify order is any order that the card owner has not authorized.
High-risk or fraudulent transactions can include orders made with lost, stolen, faked, or synthetic credit/debit cards. But that's not all. High-risk orders can also be in the form of friendly fraud, where a customer receives their purchase and later claim orders were not delivered or that products were damaged.
Every fraudulent order on your Shopify store comes with overwhelming risks. You lose the products/services, for starters, and you’re out of pocket due to ancillary expenses like shipping costs and so on. Plus, if the credit card company invalidates the transaction, you’re left with a chargeback.
Any fraudulent and high-risk order on your Shopify store means heavy out-of-pocket expenses in the final analysis. That's exclusive of the time you invest in the process and opportunities forgone. Several credible reports have found it can take more than a month for an average e-commerce merchant to discover a fraudulent order.
How can you discover a fraudulent and high-risk order on Shopify?
Online shoplifters are continuously devising ways and means of taking a merchant's lunch money. But you shouldn't let that be you.
Below are some vital strategies for detecting high-risk orders on Shopify.
Billing address v/s shipping address: A billing and shipping address mismatch is a significant red flag. Merchants should examine that data point before accepting or declining a transaction. The reason? That data could point to something more (the credit card number is stolen).
Shipping address change after order: Package rerouting is one of the oldest tricks in the fraudster book. Once a buyer provides a new shipping address for a previously approved order, review it again for fraud. Check whether the new address still matches a legitimate purchase story. Is it in a logical geographic range? Do the phone number and email make sense?
A large order from a first-time visitor: First-time customers who place a large order typically set off alarm bells on fraud prevention systems. Once a criminal has tested a stolen card number and verified that the information checks out, they move fast. They steal as much money as possible, as quickly as possible, before moving on to the next unsuspecting store.
Phone orders: Scammers often target stores that allow phone orders because it means they don’t have to expose private information such as their IP address. They trick merchants into fulfilling high-risk orders without the usual security algorithms and technology checks.
Multiple attempts to complete the order: If a customer has tried numerous credit cards, names, billing addresses, and so forth, your fraud sense should be tingling.
To help merchants address fraud cases, Shopify created an inbuilt fraud detection framework that marks each order as low, medium, and high-risk. Shopify is Level 1 PCI DSS compliant that include:
- Maintaining a vulnerability management program
- Actively finding and patching any vulnerabilities
- Monitoring and testing its network regularly
- Strong access control measures
- An information security policy
- Protecting cardholder data
When you see that Shopify has marked any of a transaction as a high-risk order, you might want to cancel the order. If you wish to process with the order, it'll be wise to perform some due diligence to ensure that the order is risk-free.
Due diligence for analyzing high-risk orders on your Shopify store
Did you know: 87% of consumers say they would agree for transactions to take longer to complete if extra steps for authentication meant their information was better protected, according to European Payments Council, 2021.
1. Verify the Customer
Customer Due Diligence begins from obtaining basic, essential information about the customer.
Contact the customer and ask the necessary questions to ensure that the order is not fraudulent. Don't skip this step in a bid to fulfill an order quickly. You might be shooting yourself in the foot if you do.
Below are vital data you should collect as part of your due diligence in verifying a high-risk transaction on your Shopify store.
A government-issued ID: A document issued by an independent and reliable source bearing the customer's photo is one crucial tool for verifying a customer’s identity. That can be an ID card or a passport.
A credit card picture: You can also ask for a photo of them holding the credit card they used for the transaction. Ensure the card has the same name as provided in their government-issued ID, with the last 4-digit credit card number matching what you have on your record.
Proof of day: Ask for proof of day, like any magazine, newspaper, etc. It seems pretty harsh and extreme. But this verification data could be an excellent arsenal in your chargeback representement if the customers go on to dispute the transaction.
2. Call the phone number the customer issued
Online shoplifters often use fake phone numbers to make a transaction. One effective method for ferreting out a fraudulent or high-risk order on your Shopify store is to call the phone number the customer provided. If they pick up, you could ask them simple questions like the specifics of what they ordered, their location, and so. Their answers and consistency of information will help you determine whether you should process the transaction or decline it.
3. Google the email address used
Another thing you can do to evaluate the buyer's credibility is to search the issued email online. If the email address was flagged in previous fraud attempts or shows relevant social media profiles, you will see that.
Use fraud detection and prevention tools to level up.
According to a recent study, global payment fraud is rising and will cost merchants $40.62 billion by 2027. Further, analysts at Lourenco found that the increased use of online payments and contactless credit cards also led to more CNP fraud, which saw a 16.4% uptick in 2021.
While doing your due diligence on every transaction is crucial, fraud detection automation is one highly recommended method for stopping fraudulent and high-risk orders on your Shopify store.
Apart from being much more effective than manual processes, dispute and fraud automation tools offer advanced protection against fraud at little cost.
For example, with the machine learning algorithms trained on historical transactions across all Shopify stores, fraud mitigation tools like Chargeflow helps you stop fraudulent orders with ease. Chargeflow helps prevent high-risk orders with a single dashboard and gives you all the information you need on your disputes and chargebacks across multiple payment gateways. You're never done building your business until you've secured your revenue.