Have your say in Community Polls: What was/is your greatest motivation to start your own business?

Possible Scammer Abandoned Carts

Solved

Possible Scammer Abandoned Carts

taylorthomas
Excursionist
25 1 7

Our store has a lot of abandoned carts for our gift card. 15 in the last month. They enter their name (which i can only assume is fake), an email (that doesn't match their name at all), and a billing address that is always

 

Street

10

apt

2

Various US City, State, Zip

 

There are 8 where they attempted to charge a card, mostly Discover with 1 Visa, all ending in different numbers but we're unable to authorize from Stripe. Im assuming these are stolen cards. I am thinking this is one person or group as they all use the phone number starting with 250-215-XXXX.

 

How can I stop this from happening? I can just remove the product gift card from our website (no one buys it, only reason we have it up is because we need it to issue store credits) but it make me nervous our website has so many scammers.

Accepted Solution (1)

dylanpierce
Shopify Partner
288 14 124

This is an accepted solution.

What you're experiencing is called card testing.

Usually criminals purchase stolen credit card numbers in bulk from dark net forums, or perhaps they're just using a script to generate credit card numbers in the hopes they can "brute force" and find a valid credit card number.

First, if you haven't already - switch to manual payments. It just takes a few clicks and it prevents you from becoming liable for a chargeback or credit card processing fees if the bad actor in fact uses a stolen or generated credit card. Here's a guide on how to switch to manual payment capture in Shopify.

 

Second, you can attempt to block the bad actor by using a firewall. There are many traffic blocking apps on Shopify to choose from. However, none of these apps can block automated scripts, because Shopify doesn't allow apps to block traffic until _after_ your page has been loaded. These apps simply redirect the visitor to another page, a half sophisticated programmer can defeat these apps.

 

The best option currently is Cloudflare's Bot Protection feature. Shopify includes this same Bot Protection feature but only available for Plus stores.

 

If you're not on a Plus store, or are not sure how to implement CloudFlare in front of your Shopify site, then your best bet is to set up manual payments and ignore these bot orders. Yes it is annoying and it's effecting analytics, but they're not doing financial harm if you don't accept the payments.

Detecting and blocking bots is a cat and mouse game that is mostly a waste of your time, set up a passive system to flag or cancel these orders using Shopify Flow and move on. Your time is much more valuable than trying to actively prevent these attacks.

 

Hope this helps,

 

 

Founder of Real ID - Verify your customer's real IDs easily & securely with modern A.I.

Want to see it in action? Check out our demo store.

View solution in original post

Replies 6 (6)

dylanpierce
Shopify Partner
288 14 124

This is an accepted solution.

What you're experiencing is called card testing.

Usually criminals purchase stolen credit card numbers in bulk from dark net forums, or perhaps they're just using a script to generate credit card numbers in the hopes they can "brute force" and find a valid credit card number.

First, if you haven't already - switch to manual payments. It just takes a few clicks and it prevents you from becoming liable for a chargeback or credit card processing fees if the bad actor in fact uses a stolen or generated credit card. Here's a guide on how to switch to manual payment capture in Shopify.

 

Second, you can attempt to block the bad actor by using a firewall. There are many traffic blocking apps on Shopify to choose from. However, none of these apps can block automated scripts, because Shopify doesn't allow apps to block traffic until _after_ your page has been loaded. These apps simply redirect the visitor to another page, a half sophisticated programmer can defeat these apps.

 

The best option currently is Cloudflare's Bot Protection feature. Shopify includes this same Bot Protection feature but only available for Plus stores.

 

If you're not on a Plus store, or are not sure how to implement CloudFlare in front of your Shopify site, then your best bet is to set up manual payments and ignore these bot orders. Yes it is annoying and it's effecting analytics, but they're not doing financial harm if you don't accept the payments.

Detecting and blocking bots is a cat and mouse game that is mostly a waste of your time, set up a passive system to flag or cancel these orders using Shopify Flow and move on. Your time is much more valuable than trying to actively prevent these attacks.

 

Hope this helps,

 

 

Founder of Real ID - Verify your customer's real IDs easily & securely with modern A.I.

Want to see it in action? Check out our demo store.

taylorthomas
Excursionist
25 1 7

Thank you for your response! No one has been able to make a purchase yet which is good but im glad to know what this type of scam is. I will look into the cloudflare option! Best - Taylor

bolabu
Tourist
3 0 1

@taylorthomas 
There is an article might help you for solving or at least understanding your problem: Preventing Cart Abandonment Bots on Shopify: Effective Solutions


Cart abandonment caused by bad bots and malicious actors not only impacts revenue but also imposes significant operational and security challenges. Addressing these issues effectively requires robust cybersecurity measures and sophisticated traffic management strategies. Relying on traditional captcha and IP blocking might not always yield the expected results. To effectively prevent bots and malicious actors from abusing a critical functionality to any shop requires a combination of multiple techniques and controls in place.

Miriamm
Tourist
3 0 8

Wow, we got these too! Same address!

taylorthomas
Excursionist
25 1 7

Late to the response here, but i ended up deleting the gift card product which stopped it but now they moved on to another product on our store and are still trying to do the same thing. Super frustrating. Going to look into more preventative measures.

Turnabot
Visitor
1 0 0

Crazy! We also have the exact same thing with the same first part of the address.