We are receiving several 'card testing' orders. This is a technique used by criminals where a computer program can rapidly submit orders in an attempt to find a credit card number that is valid, so it can be used for other fraudulent purposes. I would like to add reCAPTCHA to our checkout process, is it true this is only possible using a Shopify Plus account? We are currently on the "Shopify" plan.
Any help would be appreciated.
Hey there, @jamie-hume
Bo here from Shopify Support.
That is an interesting question, I did some digging into this for you. Enabling Google reCaptcha challenges at checkout is available on Shopify Plus plans, only. To learn more about this feature and reCaptcha, see Editing the checkout form options. This is due to the fact that the checkout liquid or code is only available to those who are on the Plus plan.
There are some other options to help you protect your store from fraud. One thing you can do for sure is install our own, free, Fraud Filter app to expand on the existing risk analysis tools in your admin. Further to that, we have some good general fraud prevention tips you can check out to give yourself further context of whether to fulfill or not. If this becomes a common occurrence for you, you might also want to consider the Signifyd app for chargeback prevention (there are charges associated with using this app).
The Shopify System also comes with an in-built fraud analysis system. This will be able to look at things such as the customer's IP address and how it compares to the shipping and billing address of the order and the billing address associated with the card. It also looks at how many times payment was attempted, if the CVV was correct or available, if the billing address matches that of the card, and more! You can read up on this here.
All the Best,
Respectfully, this answer does not help. reCAPTCHA is a free service and it doesn't make sense to hide that option behind an impossible pay wall. Upgrading to Shopify Plus costs 10 time what I am paying now. Why not protect all stores from fraud like this? It doesn't require any extra work on your side, I don't understand why it's not an option for everyone.