I received an order Monday for about $75. It was marked as high risk due to a bunch of factors.
I created the order, but didn't ship it yet.
Then yesterday I got almost the same order, about the same amount but with a different card, again marked high risk.
Of course at this point I'm not shipping anything, but what happens to the money? What happens if they come back as stolen cards?
I did email the customer, even tried to call to no avail (duh) but I'm reading all these horror stories on the internet where I'm going to end up eating more than just the lost inventory although I didn't process the credit card payment, Shopify did...
I know it's chump change we're talking about, but if it has been a really big order it wouldn't have been funny.
Insight is greatly appreciated.
Solved! Go to the solution
This is an accepted solution.
There could be several reasons why an order is marked high risk; however, you're taking the correct steps to help prevent your business from being a victim of fraud. How the order is handled is up to your discretion but there are several steps you can take to validate the order. For this, I would recommend reviewing our fraud prevention help doc as it provides information on how to validate the order, and how to prevent fraudulent orders in the future.
If you decide that the order is fraudulent, or that you do not want to accept the risk, then you will want to ensure you cancel and refund the order. Leaving the order as-is will leave you open to a chargeback dispute which will cost you more in the long run as you'll not only be on the hook for the cost of the order, but also the chargeback fee. You can find more information on chargebacks here. Also, if you are using Shopify Payments, and choose to fulfill high-risk orders, choose not to action high-risk orders, or begin to see an increase in chargebacks due to fulfilling high-risk orders, then you do also increase the chances of Shopify Payments being removed from your store as it would present a higher than allowed risk that our banking partners can support.
All in all, if the customer is not able to verify their order (provide a screenshot of the CC with their name on it, the address doesn't check out, the phone number is invalid, etc.) then it would be best to cancel and refund the order. If you're unsure of how to cancel and refund an order then I'd recommend reviewing our help doc here.
Let me know if you have any questions.
Faye here, Director of Partnerships at ClearSale.
Peter nailed in on the head, there are so many factors involved and what you are doing are absolutely the right things!
I understand that this post is marked as solved but wanted to chime in anyway :)
ClearSale can help take that stress off you entirely. We work tirelessly to provide our clients a fully outsourced fraud solution - meaning that we deal with all of it for you.
We’d never decline an order up front and will make those hard decisions from our side. If we were to deem an order valid and you later get a fraudulent chargeback, our team will cover that cost for you. Absolute peace of mind.
You are right to worry about this order and the $75 could definitely turn into something greater down the line.
First off, if you falsely decline an order, you are turning away a good customer which means you lose out on any future sales from them as well (Lexis Nexis states that this is about $3.10 for every $1 of fraud so the value is much greater).
In addition, if your system falsely declines someone it is training itself to do it more in the future-an example where machine learning is learning the WRONG thing. On the other hand, if you don't catch a bad order and decline it we all know that it could result in a chargeback with additional costs from your credit card company.
The other potential worrisome item worth mentioning is that is sounds like a pattern that fraudsters use to check vulnerabilities on a site because of the similarities you mentioned. Fraudsters will generally "dabble" with orders then they could potentially find such vulnerabilities and hit a merchant all at once and that could result in many chargebacks at once. We've seen this multiple times. We'd be happy to discuss and explain in more detail.
If you ever have any questions, feel free to reach out to us directly at firstname.lastname@example.org.