Accepting credit cards, warehouses, and shipping and fulfilling orders
Our store has a lot of abandoned carts for our gift card. 15 in the last month. They enter their name (which i can only assume is fake), an email (that doesn't match their name at all), and a billing address that is always
Street
10
apt
2
Various US City, State, Zip
There are 8 where they attempted to charge a card, mostly Discover with 1 Visa, all ending in different numbers but we're unable to authorize from Stripe. Im assuming these are stolen cards. I am thinking this is one person or group as they all use the phone number starting with 250-215-XXXX.
How can I stop this from happening? I can just remove the product gift card from our website (no one buys it, only reason we have it up is because we need it to issue store credits) but it make me nervous our website has so many scammers.
Solved! Go to the solution
This is an accepted solution.
What you're experiencing is called card testing.
Usually criminals purchase stolen credit card numbers in bulk from dark net forums, or perhaps they're just using a script to generate credit card numbers in the hopes they can "brute force" and find a valid credit card number.
First, if you haven't already - switch to manual payments. It just takes a few clicks and it prevents you from becoming liable for a chargeback or credit card processing fees if the bad actor in fact uses a stolen or generated credit card. Here's a guide on how to switch to manual payment capture in Shopify.
Second, you can attempt to block the bad actor by using a firewall. There are many traffic blocking apps on Shopify to choose from. However, none of these apps can block automated scripts, because Shopify doesn't allow apps to block traffic until _after_ your page has been loaded. These apps simply redirect the visitor to another page, a half sophisticated programmer can defeat these apps.
The best option currently is Cloudflare's Bot Protection feature. Shopify includes this same Bot Protection feature but only available for Plus stores.
If you're not on a Plus store, or are not sure how to implement CloudFlare in front of your Shopify site, then your best bet is to set up manual payments and ignore these bot orders. Yes it is annoying and it's effecting analytics, but they're not doing financial harm if you don't accept the payments.
Detecting and blocking bots is a cat and mouse game that is mostly a waste of your time, set up a passive system to flag or cancel these orders using Shopify Flow and move on. Your time is much more valuable than trying to actively prevent these attacks.
Hope this helps,
Want to see it in action? Check out our demo store.
This is an accepted solution.
What you're experiencing is called card testing.
Usually criminals purchase stolen credit card numbers in bulk from dark net forums, or perhaps they're just using a script to generate credit card numbers in the hopes they can "brute force" and find a valid credit card number.
First, if you haven't already - switch to manual payments. It just takes a few clicks and it prevents you from becoming liable for a chargeback or credit card processing fees if the bad actor in fact uses a stolen or generated credit card. Here's a guide on how to switch to manual payment capture in Shopify.
Second, you can attempt to block the bad actor by using a firewall. There are many traffic blocking apps on Shopify to choose from. However, none of these apps can block automated scripts, because Shopify doesn't allow apps to block traffic until _after_ your page has been loaded. These apps simply redirect the visitor to another page, a half sophisticated programmer can defeat these apps.
The best option currently is Cloudflare's Bot Protection feature. Shopify includes this same Bot Protection feature but only available for Plus stores.
If you're not on a Plus store, or are not sure how to implement CloudFlare in front of your Shopify site, then your best bet is to set up manual payments and ignore these bot orders. Yes it is annoying and it's effecting analytics, but they're not doing financial harm if you don't accept the payments.
Detecting and blocking bots is a cat and mouse game that is mostly a waste of your time, set up a passive system to flag or cancel these orders using Shopify Flow and move on. Your time is much more valuable than trying to actively prevent these attacks.
Hope this helps,
Want to see it in action? Check out our demo store.
Thank you for your response! No one has been able to make a purchase yet which is good but im glad to know what this type of scam is. I will look into the cloudflare option! Best - Taylor
@taylorthomas
There is an article might help you for solving or at least understanding your problem: Preventing Cart Abandonment Bots on Shopify: Effective Solutions
Cart abandonment caused by bad bots and malicious actors not only impacts revenue but also imposes significant operational and security challenges. Addressing these issues effectively requires robust cybersecurity measures and sophisticated traffic management strategies. Relying on traditional captcha and IP blocking might not always yield the expected results. To effectively prevent bots and malicious actors from abusing a critical functionality to any shop requires a combination of multiple techniques and controls in place.
Wow, we got these too! Same address!
Late to the response here, but i ended up deleting the gift card product which stopped it but now they moved on to another product on our store and are still trying to do the same thing. Super frustrating. Going to look into more preventative measures.
Crazy! We also have the exact same thing with the same first part of the address.
Thanks to everyone who participated in our AMA with 2H Media: Marketing Your Shopify St...
By Jacqui Sep 6, 2024The Hydrogen Visual Editor is now available to merchants in Shopify Editions | Summer '...
By JasonH Sep 2, 2024Note: Customizing your CSS requires some familiarity with CSS and HTML. Before you cust...
By JasonH Aug 12, 2024