All things Shopify and commerce
There is another wave of bot orders going on. We are getting a bunch of $0 orders on 2 websites. Since we use a app to control variations and prices, these orders are not loading/activating the app and instead are able to pierce in and order the $0 base product. I would expect any site with $0 items will have the same issue.
The names so far are
hudson chin
emma Metcalf
H W
It looks like you're facing bot orders exploiting a $0 pricing issue with your app.
A good first step would be to add a check that prevents checkout if any item in the cart is priced at $0, or use a Shopify app like Shopify Plus' Bot Protection or FraudFilter to block these types of orders.
You can also create custom scripts using Shopify's Shopify Scripts Editor to enforce a minimum price rule or additional validation during checkout. Lastly, consider adding CAPTCHA or reCAPTCHA to your checkout process to reduce bot activity.
The shopify plus bot protection is only with the plus subscription ($2,300/mo) so that is not happening.
It looks like shopify discontinued the fraud filter "The Fraud Filter app is no longer available to install. If you have the Fraud Filter app installed, then you can still use your existing Fraud Filter rules, but you can't create new rules. Consider using Shopify Flow to manage potentially fraudulent orders automatically." https://help.shopify.com/en/manual/fulfillment/managing-orders/protecting-orders/fraud-filter. It looks like that would only allow cancels automatically and not actually prevent the orders. I have already setup a shopify flow rule to cancel the order, but it does not stop the order, which is the goal.
Shopify Scripts Editor was discontinued and only available for plus plans ($2,300/mo) https://help.shopify.com/en/manual/checkout-settings/script-editor.
I turned on users need to login before checkout and it looks like it may have stopped this bot, but forcing login has a negative impact on checkout conversion so that is not a viable long term option.
The built in captcha (it looks like it is hcaptcha now) is already turned on. I cannot install recaptcha because we do not have access to the server for the server side code that is needed.
This problem is similar to the attacks earlier this year https://community.shopify.com/c/shopify-discussions/how-to-stop-bot-from-placing-fake-orders/m-p/251... and the abandoned carts that were happening at the same time https://community.shopify.com/c/technical-q-a/james-james-and-the-world-of-automated-abandoned-cart-....
Hi @Steve82
Yes, the Shopify Plus subscription cost is out of reach for most merchants. I can definitely understand that.
First thing I recommend is disabling automatic checkout. By default Shopify's checkout will charge the credit card immediately. So if the order is fraudulent and needs cancelled & refunded, then you're paying for two separate transaction fees.
Manual payment capture allows you to authorize payment when the customer checks out, but the capture of the funds is manual. That way you can ignore / cancel obviously fraudulent orders without transaction fees or harming your reputation with your payment gateway.
Additionally, you can use Shopify Flow to automate payment capture on low risk orders. Here's a guide on how to do that with a free workflow template.
Want to see it in action? Check out our demo store.
Dropshipping, a high-growth, $226 billion-dollar industry, remains a highly dynamic bus...
By JasonH Nov 27, 2024Hey Community! It’s time to share some appreciation and celebrate what we have accomplis...
By JasonH Nov 14, 2024In today’s interview, we sat down with @BSS-Commerce to discuss practical strategies f...
By JasonH Nov 13, 2024