Have your say in Community Polls: What was/is your greatest motivation to start your own business?

Another wave of $0 bot orders, hudson chin, emma metcalf, h w

Another wave of $0 bot orders, hudson chin, emma metcalf, h w

Steve82
Explorer
48 0 52

There is another wave of bot orders going on. We are getting a bunch of $0 orders on 2 websites. Since we use a app to control variations and prices, these orders are not loading/activating the app and instead are able to pierce in and order the $0 base product. I would expect any site with $0 items will have the same issue.

 

The names so far are

hudson chin
emma Metcalf
H W

Fine Art Landscapes - Sawusch Photography - USScenics.com
Replies 3 (3)

chilblains
New Member
5 0 1

It looks like you're facing bot orders exploiting a $0 pricing issue with your app.

 

A good first step would be to add a check that prevents checkout if any item in the cart is priced at $0, or use a Shopify app like Shopify Plus' Bot Protection or FraudFilter to block these types of orders.

 

You can also create custom scripts using Shopify's Shopify Scripts Editor to enforce a minimum price rule or additional validation during checkout. Lastly, consider adding CAPTCHA or reCAPTCHA to your checkout process to reduce bot activity.

Steve82
Explorer
48 0 52

The shopify plus bot protection is only with the plus subscription ($2,300/mo) so that is not happening.

 

It looks like shopify discontinued the fraud filter "The Fraud Filter app is no longer available to install. If you have the Fraud Filter app installed, then you can still use your existing Fraud Filter rules, but you can't create new rules. Consider using Shopify Flow to manage potentially fraudulent orders automatically." https://help.shopify.com/en/manual/fulfillment/managing-orders/protecting-orders/fraud-filter. It looks like that would only allow cancels automatically and not actually prevent the orders. I have already setup a shopify flow rule to cancel the order, but it does not stop the order, which is the goal.

 

Shopify Scripts Editor was discontinued and only available for plus plans ($2,300/mo) https://help.shopify.com/en/manual/checkout-settings/script-editor.

 

I turned on users need to login before checkout and it looks like it may have stopped this bot, but forcing login has a negative impact on checkout conversion so that is not a viable long term option.

The built in captcha (it looks like it is hcaptcha now) is already turned on. I cannot install recaptcha because we do not have access to the server for the server side code that is needed.

 

This problem is similar to the attacks earlier this year https://community.shopify.com/c/shopify-discussions/how-to-stop-bot-from-placing-fake-orders/m-p/251... and the abandoned carts that were happening at the same time https://community.shopify.com/c/technical-q-a/james-james-and-the-world-of-automated-abandoned-cart-....

Fine Art Landscapes - Sawusch Photography - USScenics.com
dylanpierce
Shopify Partner
288 14 124

Hi @Steve82 

Yes, the Shopify Plus subscription cost is out of reach for most merchants. I can definitely understand that.

First thing I recommend is disabling automatic checkout. By default Shopify's checkout will charge the credit card immediately. So if the order is fraudulent and needs cancelled & refunded, then you're paying for two separate transaction fees.

Manual payment capture allows you to authorize payment when the customer checks out, but the capture of the funds is manual. That way you can ignore / cancel obviously fraudulent orders without transaction fees or harming your reputation with your payment gateway.

Additionally, you can use Shopify Flow to automate payment capture on low risk orders. Here's a guide on how to do that with a free workflow template.

Founder of Real ID - Verify your customer's real IDs easily & securely with modern A.I.

Want to see it in action? Check out our demo store.