I got my first order that Shopify payments marked as High Risk for fraud. The address was in Lithuania, the card had been issued in Canada. Order was placed through a proxy server. The card was associated with fraudulent transactions.
Shopify suggested I verify if it is legitimate so I Googled the email address that the "customer" used. The address was associated with a website that does hacking and carding (selling stolen CC information) so it was obviously a rip-off.
Here is where I face the problem...My payments are set to automatically capture payment so I refunded the amount. After doing this, I started wondering if I may wind up being out that money somehow...I mean, obviously a stolen card so they "pay" me, Shopify captures their payment, I refund it...now I refunded an invalid card so will it essentially be like me having just given them that money? I know what I mean but can't explain it very well. I don't think it will but I just wanted to know if anyone had any ideas.
Now, with just having finally faced my first scam attempt, I decided to set the capture to manual because I would rather reject the payment as opposed to refunding it. This isn't a problem for me at this point but it does raise a question...if it is set to manual, will it still warn me of potential fraud before I manually capture it or will potential fraud only show up after being captured?
A few things here:
1- It's not that the credit card is fraudulent. The card exists and is legitimate, it's just that we suspect the person using the card number is not actually the person who owns the card (i.e. someone stole their card info and is trying to use it to buy from you).
2- As long as you review your orders regularly and refund the ones you don't trust soon after the order was placed, everything will work out fine. In this case, when you refund, you are basically saying you don't want the money and won't ship the product because you suspect that the buyer is not the real card-owner. That's a perfectly reasonable approach to handling fraud (the only approach actually) and there is no further recourse or cause for concern.
This same approach will work well regardless of whether you automatically or manually capture orders.
3- If you decide to go with the authorize + manual capture approach, you will still get order risk notifications for your orders.
Hope this helped.
This happens alot. the problem is, you get charged for the transaction anyway!
I had like 5 today alone.
Tonight, i deactivated shopify payments on my site, as i have made the decision to only use paypal.
at least with paypay, if its a confirmed address we still get paid even if it turns out to be a chargeback.
and their fraud filters are way better than shopify's, they wont approve a transaction if its fishy.
I set everything as shopify recommends but you just cant win.
I REALLY wanted to use it, but unless you are willing to "Fund" these hackers by paying the fees for the fraudulent transaction, its just not worth it.