All of a sudden I'm getting notice that some of my orders are high risk for fraud (based solely of the ip address - or availability of an ip of the shopper) 1. at&t mobile is notorious for reporting IP as the next biggest city, 2. shoppers don't only place orders from their home.
If the credit card billing address expiration date and cvv match, I don't believe where they were when they placed the order should flag an order as HIGH Risk for fraud. This needs to be tweaked properly.
I have a lot of snow birds placing orders to deliver to their florida summer rental when they live in Michigan etc..... And what if they place the order from TN while they're driving down to Fl?
This needs to be fixed or some other method needs to be implemented.
Credit card banks and their third party sellers (such as shopify and paypal) are getting away with chargebacks and winning chargebacks when they shouldn't without being responsible or implementing reputable procedures.
Shopify, you need to tweak your new filters they're not helping.
You're describing the exact problem I'm trying to solve.
Shopify and all of the other 3rd party anti-fraud apps try to make an educated guess on the likelihood of fraud based on signals that can change.
People travel, they use other internet connections, they shop online in public places that have WiFi, they send gifts to friends & family.
Fraud apps work under the assumption that anomalies are bad, but I disagree. It doesn't matter if the billing & shipping addresses don't line up, or their current IP address is very far from their billing address. We live in a mobile world. People don't wait to get on their home WiFi to purchase.
That's why I made real ID verification for Shopify. You can prove that the person behind the transaction lines up with the billing information. You can save these sales to these false flaggings by Shopify and others.
It works like a bouncer for your store, you can set it up so that it only challenges orders classified as elevated risk by Shopify or you can have it only challenge orders over a certain price or within a collection of products.
Sorry to derail your original post a bit, but I don't think fraud filters are effective anymore. And these kinds of tools end up cancelling perfectly fine orders.
I'm sorry to hear you are being so frustrated with Shopify's fraud detection system. I agree that the system needs improvements, but it's a difficult task when you are dealing with millions of orders a month with fraud behaviors changing all the time. According to Shopify, the fraud analysis serves as a system to notify merchants to "investigate" the issue. You can choose to ignore the risk signals and process the orders. Some merchants swear the system is always wrong while some merchants will turn down any orders marked as high risk by the fraud system. As a store owner, you know your audience the best, so it's really up to you.
To help you better understand how the system works, here is a snippet directly from Shopify on how the fraud analysis works.
The fraud recommendation tells you if an order has a low, medium, or high risk of achargebackdue to fraud. If an order has a medium or a high risk, then it's flagged on theOrderspage with a warning symbol next to the order number.
Flagged orders are also brought to your attention inorder notification emailsif you subscribe to them.
Fraud recommendations are powered by machine learning algorithms that are trained on historical transactions across all Shopify stores. The recommendations give you the benefit of years of fraud detection experience. Shopify continuously improves these algorithms to better identify fraudulent orders.
You can read more about it here https://help.shopify.com/en/manual/orders/fraud-analysis
I hope this helps you a bit.
@dylanpierce I'm just afraid that this can result in a "we told you so" chargeback filed. I lost a chargeback for non delivery with proof from USPS that the item was delivered which is ridiculous, so I don't trust shopify when it comes to things like this.
We should be able to set what constitutes a high risk. shopping while traveling should not be blasted red as high risk when the billing and all the credit card info match. And all the nonsense of we couldn't' figure out the ip so therefore this is high risk..... Why couldn't you figure out the ip? If you're going to call it a fraud filter then you should be able to break through whatever you need to to figure out the ip address. (Plus this is widespread with androids on AT&T and your development should know this)
Or even better than that, put a notice to buyers to get off the damn vpn they're not really protecting themselves anyway, the satellites in the sky still knows what color their eyes are And google, alexa and siri know everything they say anyway. It's all such a "False" sense of security and privacy anyway. (ok so that's my rant for the day lol - I'll get off my soap box now)
You bring up 2 different problems, let me try to explain both.
You're experiencing what is called "friendly fraud" which is not really friendly, but it's a result of over consumer protections. Shopify as a payment gateway is not incentivized to provide best in class fraud tools because they don't have any skin in the game.
If you experience a chargeback, they get their fee and they don't incur the cost of the chargeback; they just pass it on to you the merchant. It's an unfair game, which is why I'm trying to offer tools that give you additional evidence that should deter fraudsters because they have to provide their real identity.
As for IP addresses, they aren't an exact science. IP addresses are dynamic and change frequently. Your IP address is not dedicated to your home address, especially with IPv4 which is being rolled out gradually - the best a tracker can do is narrow down by region.
IP addresses can still be useful for fraud tracking, but they are no where near a silver bullet when it comes to identifying a person - especially with the commonplace of VPNs who make it their full time job to create new nodes & endpoints to change the IP addresses of their customers constantly.
@dylanpierce on item 1 Whether they provide their real identity or not, if they claim they did not receive it and the bank could possibly side in their favor when I've shown proof of receipt anyway their real identity is of no consequence. You think they will be worried or embarrassed to file such a claim? Obviously not, or they wouldn't' have done it to begin with.
And furthermore, When I questioned some orders and asked for a driver's license I got a flat out NO. So what methods is your provision seeking to prove real identity? I check a good deal of orders against white pages, truth finder etc etc if something doesn't seem right. Most times, my orders contain the person's name or a name in their family or even their photo. Cant get more proof than that, but they still get away with stupid chargebacks. My Policy should be held to first and foremost as I didn't spend time writing it for my own pleasure. So if I used my policy to protect myself and the customer agrees to it it should supercede anything else.
All third parties, Shopify, Paypal etc etc SHOULD have skin in the game, they are making $ by way of fees etc and providing such service, it doesn't get to only be 1 sided. I don't appreciate being told there is no appeal process when (having been a first data merchant for many years) I know there is in fact an appeal process. Also being told that I cannot handle that myself because they need to protect the fraudster and not give out the banking / claim info is sheer nonsense. In 10 years with first data I got hit with maybe 4 chargebacks and have won each one of them. (because I personally handled the charge back reply) With paypal or shopify I've gotten that amount and more and have not won one of them. That's a little lopsided dont' you think? The canned response to chargebacks does not work. It's not shopify's money so they don't care if it's lost or won.
And yes the consumer is over protected and that's why third parties should be siding with their merchants and going up against these unfair practices whether in legislature or just storming such clearly wrong decisions. I understand back in the day when internet shopping wasn't that popular and there were a lot of scammers out there and even today there's a lot of scammers, but this kind of friendly fraud (said it's not delivered, or my kid used my credit card without my knowledge but hey vendor, I received the really cool product you made and delivered and I'm going to keep it anyway) should be shut down at the getgo. Charges should be filed against the card holder for not protecting their card to begin with (which is their responsibility according to the contract with their credit card company) and then their kid should but charged with theft! Make that happen a few times and we'd see how much "friendly fraud" would decrease!!!
It's pretty clear what businesses are scams and aren't by their history, their product line, how many times they open a shopify store for a month and then close it after they've made their $ etc. I can spot one of those facebook ads a mile away, I'm pretty sure you can too!
As far as the IP Tracker. Exactly which is why I'm saying that that is not the reason that these new filters should be flagging an order as High Risk when the billing address, credit card #, CVV and expiration date all match!!!!!! If the latter didn't match then absolutely go red to your hearts content, but don't alarm the merchant that an order is high risk because you couldn't figure out the IP address.
@Jason_Beacon The new filter is claiming High Risk because the system could not detect the ip address or detect that their location at the time is far from their billing/shipping address! All meanwhile the billing address, credit card #, cvv & expiration match! Anyone using an android with ATT will not show up where they are. VPn's IPV# etc all complicate this. Anyone shopping from a mall, or on the road traveling while placing an order on their mobile device or even a laptop on a hotel will show up like this. This is the new internet and life as we know it now, so for shopify to use this as such a high warning is irresponsible.
@Bikes-Angel correct! Gateways & Shopify should absolutely have some burden of proof, this current setup of arbitration is only harming merchants through this new type of "friendly fraud".
I'm not sure what kind of products you're selling, but if customers are refusing ID verification on high risk orders or high $ amount orders, perhaps you're saving yourself a chargeback. Just the sign of additional ID requirements shows some KYC rules that serious merchants don't employ.
But if you're selling low cost or medium cost goods, the friction could be a bit high.
Our ID verification works by a trained model on tens of thousands of legitimate IDs, we can spot faked submissions by metadata, altered fonts, invalid checksums on the ID, and in correctly formatted or placed data based on the state or government of issue.
However, like you said, if a fraudster is so brazen as to use their real information & real ID but still submit a chargeback - that's a next level of bold and I would guess that's a small percentage of your customers. But correct me if I'm wrong there.
But I definitely see your point, if arbitrage still rejects your appeals despite overwhelming evidence, how is more evidence going to help.
What is nice about ID verification though, is that the same ID can only be used once and we can detect it's use again on a different order even when the customer uses a new payment method. That way they can only commit this fraud one time with your store to help limit the damage done.
But friendly fraud continues to be a systemic problem and I fear without a class action lawsuit there is not incentive by the players to change the game.
>>correct! Gateways & Shopify should absolutely have some burden of proof, this current setup of arbitration is only harming merchants through this new type of "friendly fraud".<<<
Exactly so the thing is how do we get this changed?
>>But if you're selling low cost or medium cost goods, the friction could be a bit high.<< I am! But I still have a right to ask for ID if the customer uses a phone number that has no voicemail and email addresses that bounce. This one particular customer placed an order attempting the credit card twice with a mis spelled email too (icould as opposed to icloud) so I gave her the benefit of the doubt assuming typo-s for both but then with the corrected email it still bounced. No VM on the phone check of address (billing or shipping) does not list her as a registered resident etc. She came to live chat and gave me a different email and different phone. Nope sorry.... show me ID. She refused. I cancelled (yep I avoided a possible chargeback) Comes back 2 days later and places the same order under a new name and new set of addresses. comes back to live chat looking for her mock up proof. Again I told her no ID no Ship. Still flat out refused. She said she didn't trust me and I wanted to scam her by having her driver's license ROFLMAO! But meanwhile I paid fees on 2 orders totaling approx $70.00 each This item happened to be a Realtor's personalized item and she even refused to give me her realty company name so you know for sure it's not valid... no realtor in the world doesn't jump on the chance to advertise themselves LOL. (plus my friend is a realtor and checked her in the registered realtors database and under the 2 different names, 4 addresses (different billing and shipping) and email addresses - she is not a realtor)
>>>But friendly fraud continues to be a systemic problem and I fear without a class action lawsuit there is not incentive by the players to change the game.<<<< And there lies the big issue and question. There must be millions of merchants who have been burnt by this system and who want it changed, how do we actually get this to happen?
How do we also get the consumer protection act changed to only effect real scammers and not real businesses. And it also states that the merchant is responsible if the package is delivered late or not delivered etc. No No No! Once it's handed off to UPS / USPS / Fedex etc, they are responsible sorry, you cannot hold us responsible for something we cannot control.
I don't have the answer to the systemic problem, but clearly the consumer protection arrangements are leaving 100% of the liability on merchants and it's not equally shared.
There are few things that could change this and it all comes to legal pressure or market changes.
Merchants organize and file suit against the credit card issuing banks. The claim might be a class action lawsuit for negligence or some creative legal argument.
However, requiring all of the evidence & merchant support would take a long time, and even longer to go through the courts.
I don't own crypto currencies and I think they're a speculative scam at best. But, if the defacto online payment processing method changes to some form of cryptocurrency or cryptocurrencies, this totally changes the model and cuts completely out banks from transactions.
However, this leaves consumers with 0 protection against merchant fraud, however as a merchant you would hold the final say if you issue a refund or not. It essentially undoes decades of consumer protection laws & procedures.
Consumers might go with it for awhile, but naturally after enough merchant fraud against consumers, there will be a middleman escrow service that will protect them against chargebacks or some kind of merchant verification system.
Realistically, I think the former is more likely than the latter. But someone needs to hold the banner to start the lawsuit against the major banks.