Another wave of $0 bot orders, hudson chin, emma metcalf, h w

The shopify plus bot protection is only with the plus subscription ($2,300/mo) so that is not happening.

It looks like shopify discontinued the fraud filter "The Fraud Filter app is no longer available to install. If you have the Fraud Filter app installed, then you can still use your existing Fraud Filter rules, but you can't create new rules. Consider using Shopify Flow to manage potentially fraudulent orders automatically." https://help.shopify.com/en/manual/fulfillment/managing-orders/protecting-orders/fraud-filter. It looks like that would only allow cancels automatically and not actually prevent the orders. I have already setup a shopify flow rule to cancel the order, but it does not stop the order, which is the goal.

Shopify Scripts Editor was discontinued and only available for plus plans ($2,300/mo) https://help.shopify.com/en/manual/checkout-settings/script-editor.

I turned on users need to login before checkout and it looks like it may have stopped this bot, but forcing login has a negative impact on checkout conversion so that is not a viable long term option.

The built in captcha (it looks like it is hcaptcha now) is already turned on. I cannot install recaptcha because we do not have access to the server for the server side code that is needed.

This problem is similar to the attacks earlier this year https://community.shopify.com/c/shopify-discussions/how-to-stop-bot-from-placing-fake-orders/m-p/251... and the abandoned carts that were happening at the same time https://community.shopify.com/c/technical-q-a/james-james-and-the-world-of-automated-abandoned-cart-....

Hi @Steve82 

Yes, the Shopify Plus subscription cost is out of reach for most merchants. I can definitely understand that.

First thing I recommend is disabling automatic checkout. By default Shopify's checkout will charge the credit card immediately. So if the order is fraudulent and needs cancelled & refunded, then you're paying for two separate transaction fees.

Manual payment capture allows you to authorize payment when the customer checks out, but the capture of the funds is manual. That way you can ignore / cancel obviously fraudulent orders without transaction fees or harming your reputation with your payment gateway.

Additionally, you can use Shopify Flow to automate payment capture on low risk orders. Here's a guide on how to do that with a free workflow template.

Hi @chilblains , Shopify scripts are deprecated. The most efficient way to block $0 price orders is using an app like Cart Lock https://apps.shopify.com/cart-lock

You can watch this short video:

This dude bought some of my $0 items, and it keeps doing it. They're meant to be free, so that's no issue for me, but why is it happening? What does this person stand to gain from it?