Re: Spam orders

Spam orders

Rene_Møller
Visitor
2 0 0

We have "fake" customers placing orders in order to apperenly test creditcards or whatever - how do we stop this?

 

We have added  CaptCha - and closted down for all non danish IP´s. But still they make fake orders.

 

It's a VERY SERIOUS problem as our payment provider are threatening to close us down due to this, so we need this to be fixed.

 

Best regards

Sandy from Yeschef

Replies 3 (3)

shivanimanas
Tourist
5 0 0

Integrate a OTP Verification.

Rene_Møller
Visitor
2 0 0

I'm not, 100% sure how this will help, as they make new hotmails all the time 🐵 

dylanpierce
Shopify Partner
278 13 121

Usually criminals purchase stolen credit card numbers in bulk from dark net forums, or perhaps they're just using a script to generate credit card numbers in the hopes they can "brute force" and find a valid credit card number.

First, if you haven't already - switch to manual payments. It just takes a few clicks and it prevents you from becoming liable for a chargeback or credit card processing fees if the bad actor in fact uses a stolen or generated credit card. Here's a guide on how to switch to manual payment capture in Shopify.

 

Second, you can attempt to block the bad actor by using a firewall. There are many traffic blocking apps on Shopify to choose from. However, none of these apps can block automated scripts, because Shopify doesn't allow apps to block traffic until _after_ your page has been loaded. These apps simply redirect the visitor to another page, a half sophisticated programmer can defeat these apps.

 

The best option currently is Cloudflare's Bot Protection feature. Shopify includes this same Bot Protection feature but only available for Plus stores.

 

If you're not on a Plus store, or are not sure how to implement CloudFlare in front of your Shopify site, then your best bet is to set up manual payments and ignore these bot orders. Yes it is annoying and it's effecting analytics, but they're not doing financial harm if you don't accept the payments.

Detecting and blocking bots is a cat and mouse game that is mostly a waste of your time, set up a passive system to flag or cancel these orders using Shopify Flow and move on. Your time is much more valuable than trying to actively prevent these attacks.

 

Hope this helps,

Founder of Real ID - Verify your customer's real IDs easily & securely with modern A.I.

Want to see it in action? Check out our demo store.