Re: How can I stop a bot from placing abandoned orders on my ecommerce site?

Today I had one of their attempts to actually go through after months and months of them trying. What does this mean for my site?

Come on. This won't work. 😅 They usually just pick the lowest price point product in the store. How would this work. Come on. Shopify needs a captcha on the check out page. 

In this case, if they pick products with lowest price point, you can simply create a rule to block certain customers based on the email ID they use, mostly all of these orders are from the same email id. 

Plus if you want you can block checkout based on the location also. I mean specfic zip code they enter in the checkout. 

What about in my case where the email differs and the address is always the same except for the state, its always a different state?

The same issue. "tech / street, 10 apt, 2" in all addresses.

same here! Today that one showed locations was from Russia.

was your ever resolved by shopify?

Yep,  Street 10 apt 2.

3-4 times a day different name different address low cost item.

Yes same issue with us. Street 10 apt 2. I will say that after a week of creating abandoned checkouts, they successfully made a purchase today. Thankfully shopify flagged it as high fraud potential, and i immediately recognized the street 10, apt 2 address, so I canceled the order. Still, I’d like to understand if there is anything to do to block them; and what is their end game? It seems that they’re always looking for the lowest cost item in the store, whether it’s $0 or another small figure. 

Oh @jtstevens, I just saw what you read about testing credit cards. That makes complete sense. And it also means our sites aren’t necessarily the target of the malicious activity, but a tool to help them make a greater purchase somewhere else? In any case, what are we supposed to do about this? Can you report when a credit card succeeded?

I found this thread to have some helpful solutions: https://community.shopify.com/c/shopify-discussions/fraud-scammers-running-credit-cards-what-can-we-...

I have not had any credit cards succeed yet.

was your issue ever resolved by shopify? i have the same issue on my site at the moment..

ugh - this is such a huge issue.  I thought it was just me!  And then i saw a million threads in the community.  Now i am angry that shopify is not fixing this.  Plus, I need to figure out what to do!

I finally resolved this issue by updating the "Customer Accounts" to "NEW" in settings. Its been a month now and I have not had a single bot subscribe to my mailing list nor create an abandoned cart. I still see the "bot" ping on the live map (it was the same place on the map every time), but no abandoned carts are created and no fake mailing list subscriptions. Win!

This is the same bot on my store. They are testing credit cards. They target shopify stores because shopify is negligent and doesn't offer a way to stop it. You can require customer to log in before check out which does stop the bot but will kill your conversation rate. One you change it back They will start again.  Seems they are testing a few transactions across alot of Shopify stores. I had one transactions go through.  It is also bad for your conversation rate because it messes up all your sales data. We need to get alot of Shopify stores together and demand they fix it. 

Have you found a solution yet? Mine started a few days ago too. I'm trying to avoid the "require customer to log in" method because I don't want to kill conversions, but Shopify have not replied by with a solution yet. I'm so frustrated. 

Thats the exact issue we are having  
10
apt
2

STreet 10 Apt 2 I am getting for weeks now...   Different names, Different emails... The same $19.95 product.  Some even have failed payment attempts. Most are just abandonded carts.  @Shopify  you need to figure out a bot filter. 

This is the exact same thing happening to me and it seems to be Brazilians (based on the names, emails sometimes ending in .br and sometimes the bank that declines the card is located in Brazil). Has been happening for months beginning only this year.  They choose the cheapest item and then create accounts and abandon carts. I delete all the customers but they just create more.

same! low cost products on our website and same adress but different state everytime 

It's been happening in our store since earlier this year. This increases your bounce rate, which affects conversion. Every scenario given on this page has happened to us. 

same issue happening on my site - did shopify ever offer an answer?

same issue!  was your ever resolved by shopify?

Right now the issue is bots running credit cards. They are testing credit cards across shopify sites because shopify isn't doing anything to stop them. They should add a captcha to check put page. High negligence on shopifys part to allow this go occur. You can change to require customer to log in before check out but that I'd a conversion killer. We need to all get together and demand they fix it. 

Yeah. I'm having the same problem right now too. Shopify doesn't seem to have a solution for this. 

Thanks Immnul! This is a great option. I tried a different app that was supposed to stop the checkout with certain conditions, but I could not get it to work. However, this app seems to be doing the trick. I set up both of the flows that you put in your post, but only one of them has triggered so far. I also added an automatic deletion of the customer. Since yesterday, it has triggered 10 times and deleted all of the customers from the abandoned carts. Also, none of the carts have tested a credit card, so it seems to be stopping that before it can happen too. And none of the customers have ended up on my email automation sequences. So far so good.

Oh I'm so glad it's working for you...  I've added the delete customer step on my side.  However, I'm really finding the tagging based on address to be hit or miss and I'm not sure why. For example, this latest one (Kansas)  Flow didn't tag the customer...  but I really don't get why. Whereas for this Indiana address, it DID tag it. Do you @jtstevens have any idea why it doesn't always work? Does it always work for you? Also, are you concerned about this is affecting your tracking of conversion rate?

NOTE: I'm sharing personal information only because these are CLEARLY fake accounts

Ok. I spoke too soon. Some of mine are hit or miss now too... I think I found out why, though. If I go to an abandoned cart where it still tested a credit card and the customer was not deleted, I found that the 'customer' does not have an address, but the 'order' has a shipping address and billing address. So our trigger in Flow is on customer creation, but the customer does not have an address. I looked for other triggers that can be used, but only can see ones for order creation, which is too late.

I found another thing that I am going to try, though. On an abandoned cart, you can "Copy checkout URL", so I had a look at a few of those pages. Seems like all of my traffic is coming from locale=en-br (in the URL anyways). So I am going to try a different country blocker app.

I have the same bot... Ive spoken to Shopify 7 times. They could easily find out what this bot is and stop it but Shopify doesnt care. The only way to stop it is require log in at check out which is horrible for conversions. Ive tried Blockify to block VPNs, Block all countries except USA, Block IPs etc nothing stops it except log in before check out. 

Ok. So I have a few apps in place that seem to be limiting/reducing the bot now. I was typically getting several abandoned carts per day and most were testing a credit card. Now I only had a couple in the last few days and none of them were able to test a credit card. The last app I put in place was BeSure Checkout Rules https://apps.shopify.com/checkout-rules. I am not connected to these guys at all, but the app seems pretty good. Here is the condition that I set. 

I also currently have SecurityKing enabled to block all traffic from Brazil, since my checkouts have locale=en-br in the URL. However, I am not sure if it is effective since the bot goes directly to a checkout page and I am not sure if it triggers then.

I also have Shopify Flow (see previous posts) which deleted the customers from the bot abandoned carts. 

Very much a bandaid solution. Shopify should fix this!

Ok. So an update. I have been able to stop mine now. Haven't had any in 4 weeks. BSure Checkout Rules seems to be the one that fixed it. Worth the few bucks a month it cost. I also still have SecurityKing and Shopify Flow (described in previous posts), but I think it is BSure Checkout Rules that finally fixed it.

This is the exact same bot that is attacking my abandoned cart too!! Exact same information.

Great idea. Better than requiring log in before checkout. 

This is a great tip. Thank you. We're going through the same on one of my customer's shops.

Hi! I've tried this on our store but we still get bot orders and abandoned checkouts. Is it still working on your end?

The bots were testing credit cards with a .98 cent package protection item and Shopify support did nothing for us. After testing multiple apps the only one that worked was the "Cart Block" app. I had it set to reject all orders under $1.00 so it won't even allow them to check out. Good luck! 

same with my shop

They are targeting a $19.95 on my store.  Different names, Different emails, but always STREET 10 APT 2     Some have failed payment attemps, some are just carts.  

They are testing $7.57 and $15.95 on my store.  Different names but same Street 10 Apt 2 as well.