All things Shopify and commerce
I had a high-risk transaction for digital goods go through this morning, where the currency used was Nepalese Rupees but the registered address of the card was a rural town in the US state of Georgia (I'm in NJ and I sell a book that is rarely purchased by customers outside of the northeastern U.S.). A few minutes before this one went through, an attempt to purchase a $25 digital gift card was made, but I cancelled it as soon as I saw it.
What recourse do I have as a seller against this? My margins are incredibly tight (about 12%), and as an extremely small business, I cannot afford to lose even a little bit to fraud.
Solved! Go to the solution
This is an accepted solution.
Looks good! Thanks for the screenshot. Yes, the flow shows that all medium/high risk orders will be held.
> Is there any way to have seller protection against chargebacks if he tells me the order is legitimate, but then cancels, or it turns out to have been fraudulent after all?
I'm not sure which payment gateway you're using, but Shopify Payments offers Shopify Protect which is essentially chargeback insurance on qualified orders. However, Shopify Protect won't cover all orders, only ones where Shopify determines they can cover the loss if a chargeback is filed.
Additionally, they won't cover if the customer reports the package as "never received", Shopify Protect will only cover "unauthorized charge" chargebacks. Additionally, they will only insure physical goods shipped within the U.S.
There are other chargeback insurance options, but from what I understand they'll charge you a percentage of _all_ revenue, which ends up being very expensive. They may not cover digital goods either.
It really depends on how risky your industry is, if your chargeback % is low, then insurance is most likely overkill and you're bottom line is better off verifying customer email/phone numbers and intent to purchase.
Want to see it in action? Check out our demo store.
If you haven't yet I highly recommend enabling manual payment capture. Here's a short guide on how to do that.
You're still at risk for a chargeback even if you immediately cancel and refund orders, this is because your checkout has automatically processed the payment through the gateway.
I assume you're using the Digital Downloads app for handling digital orders? Or are you using another app to deliver your items digitally after purchase?
Just want to know that detail so I can advise on a way to hold the order's fulfillment until you've captured payment.
Want to see it in action? Check out our demo store.
I have just enabled Manual Capture. In 3 years of selling on digital platforms (here and on Wix before that) I have never had a single bad transaction, but now two in one day (from the same person). I am using the Fileflare Digital Downloads app for digital file fulfillment.
They might just be testing credit cards, not actually caring about the product itself. Credit card testing is when a bad actor either has a sample of stolen credit cards or wrote a bot that generates fake credit card numbers in an attempt to randomly find one.
Since it's a low volume, it might just be manual stolen credit card testing, where they want to sample some stolen credit card numbers before attempting larger purchase somewhere else.
If it's an e-book purchase, then I suspect that's most likely the case.
You could review that app's documentation to find a way to disable the fulfillment until payment is captured, but I suspect that won't help much.
You'll most likely just need to manually capture good actors payments and ignore this bad actors purchases until they move onto the next store that doesn't have manual capture enabled so they can test cards there.
Want to see it in action? Check out our demo store.
That's almost certainly what they've done. The digital asset was never downloaded.
What I'm looking for is a way to hold up only high-risk transactions, and let low-risk, which is pretty much everybody else, through.
Ah good, at least that simplifies the problem. If you were selling gift cards or something that was closer to liquid cash then it would be a bigger problem.
What you can do is download Shopify Flow which is a free app that builds workflows.
Then you can build a workflow that will manually capture payments on all low risk orders, that will automate that process of ignoring these bad actors with high risk orders.
Want to see it in action? Check out our demo store.
Until this morning I did have the option of a gift card for my store. I've never sold one so I just deleted the product after this. It was nothing redeemable for cash, as far as I know. I think I had it set up to give a copy of my book (physical book or digital) to someone.
I have the Shopify Flow app already, and I did manage to get a few workflows set up last year; they've been working great so far. Any idea where I can find out how to test this new workflow?
Shopify Flow is a fantastic app, there's a great team behind it too. One of the most underrated parts of Shopify in my opinion.
I've attached a basic Flow that will capture payment automatically on low risk orders.
You can download it, and import into Shopify Flow using the Import button at the very top of the Shopify Flow app home page:
The best way to test is to create a draft order in Shopify, which will trigger your workflows just the same.
However, testing for high risk orders is a bit tricky, the only way I've found to manually create a test order with high fraud risk is by using the Shopify GraphQL API to manually update the order as high risk.
But if you only need to test low risk orders, which are most orders, then creating a draft order should work just fine.
Hope this helps,
Want to see it in action? Check out our demo store.
I didn't see anything to download, however I went ahead and created one myself that I hope works. It did work on a low-risk transaction early this morning, but obviously I had no way to try a high-risk transaction. This is what I created. Do you see any issues with it? I do get a number of "medium" risk hits every year from customers who use a VPN so the transaction's IP address or location doesn't match the billing address, and in those cases a phone call or an email to the customer invariably results in a good order going out.
Should I be using the Cancel Order action off the bat for high-risk, or something else?
Sorry, I didn't realize Shopify Community wouldn't allow me to attach the Flow files to responses.
You can use to download the sample flow to capture payments on non-risky orders here.
I've also added instructions on how to import it and activate it.
But your flow is attempting to handle all 3 different types of risk levels, my sample one is only for addressing low risk. Your high risk flow branch has two steps that seem a bit out of order. The flow will cancel the order and then attempt to hold it, which will result in errors.
I suggest simplifying the workflow so that all non-low risk orders are simply held for fulfillment. The other suggestion I have is to add a small delay (1 or 2 minutes) before applying the hold.
There are some issues with trying to hold fulfillments immediately, since Shopify itself is changing order fulfillments under the hood so they might overwrite your hold if it's too quick.
> I do get a number of "medium" risk hits every year from customers who use a VPN so the transaction's IP address or location doesn't match the billing address, and in those cases a phone call or an email to the customer invariably results in a good order going out.
Very smart, that's exactly how you can save these sales that might be incorrectly flagged.
We offer a Shopify Flow action to create ID checks to automate that KYC (know your customer) step. It probably is overkill for your use case, but for others that need to verify large ticket orders it's a much better option.
Want to see it in action? Check out our demo store.
So how about this modified version? If low then capture; if medium or high wait 2 minutes then hold fulfillment. I assume that just puts the order in limbo and gives me the opportunity to contact the purchaser. Is there any way to have seller protection against chargebacks if he tells me the order is legitimate, but then cancels, or it turns out to have been fraudulent after all?
This is an accepted solution.
Looks good! Thanks for the screenshot. Yes, the flow shows that all medium/high risk orders will be held.
> Is there any way to have seller protection against chargebacks if he tells me the order is legitimate, but then cancels, or it turns out to have been fraudulent after all?
I'm not sure which payment gateway you're using, but Shopify Payments offers Shopify Protect which is essentially chargeback insurance on qualified orders. However, Shopify Protect won't cover all orders, only ones where Shopify determines they can cover the loss if a chargeback is filed.
Additionally, they won't cover if the customer reports the package as "never received", Shopify Protect will only cover "unauthorized charge" chargebacks. Additionally, they will only insure physical goods shipped within the U.S.
There are other chargeback insurance options, but from what I understand they'll charge you a percentage of _all_ revenue, which ends up being very expensive. They may not cover digital goods either.
It really depends on how risky your industry is, if your chargeback % is low, then insurance is most likely overkill and you're bottom line is better off verifying customer email/phone numbers and intent to purchase.
Want to see it in action? Check out our demo store.
I use Shopify Payments and PayPal only. My business is very small (under $50,000 in gross sales annually) and is something I do in semi-retirement. I publish a reference book in both physical and digital format that I update every year, and which has a somewhat limited audience. I make very little per copy at the end of the day, just enough for a few boxes of cigars and a bottle of Scotch or two. I do it for the enjoyment and the appreciation of the community more than the money, so any fraud really kicks me square in the sensitive bits, for sure. I agree with you that insurance in my situation would be overkill.
Yes, I looked up your site, very cool. It would be a much smaller book but if you end up making a Cleveland street car/subway map, count me as interested.
Got it, then if you have the extra time it's worth it to just manually review these high risk orders. If you suspect they're just mis-flagged, then a quick email or phone call to the customer will probably clear that up.
It might even be possible to automatically send the customer an email for medium risk orders on Shopify Flow, so at least you can save some time with the outreach part.
Then you can save that extra cash for an extra peaty bottle of scotch.
Want to see it in action? Check out our demo store.
As an Ardbeg man, I appreciate the peat 😁. Corryvrecken for the win.
Not sure about Cleveland, but I am considering Chicago. Alas that would entail actually going to Chicago. NJ is bad enough <g>. Last time I rode the Cleveland system was about 30 years ago.
As for contacting customers, I am usually at my desk all day so I have no issue calling or emailing customers with queries. I do it when my shipping software says the address is incomplete or wrong, etc, or they request an inscription that needs clarification. I think they appreciate that the author is reaching out to them personally. It's just the bad actors that I'm worried about.
Yea, the L is much more interesting and larger. But there are some neat old street car lines that are still around here, including an abandoned train station underneath my office here.
Right, the good acting customers will respond whereas bad actors are usually juggling many disposable email accounts. If it becomes that tedious, it might be a good idea to require a phone number at checkout, so that way you can easily tell if a bad actor is checking out because they tend to use VOIP numbers.
Just another signal that's helpful since gmail/hotmail email addresses are disposable yet common.
Want to see it in action? Check out our demo store.
By investing 30 minutes of your time, you can unlock the potential for increased sales,...
By Jacqui Sep 11, 2024We appreciate the diverse ways you participate in and engage with the Shopify Communi...
By JasonH Sep 9, 2024Thanks to everyone who participated in our AMA with 2H Media: Marketing Your Shopify St...
By Jacqui Sep 6, 2024