FROM CACHE - en_header
Promotion image

Shopify Balance Transfer Fraud! Please read- This is a very serious issue.

Shopify Balance Transfer Fraud! Please read- This is a very serious issue.

XXM
Tourist
7 0 5
‎10-09-2024 03:37 AM

We just got an email from Shopify informing us that there was a transfer of $622.37 from our Shopify balance to some bank that is different from ours. How can this happen? I know there are many credit card frauds in which they use your credit card number. But how can anyone use someone's Shopify account to transfer their balance to their account or pay a bill from your shopify account balance?

This is shocking and unreal. It is severe for all of you who own Shopify stores. How can this even happen? How can Shopify allow this without verifying the bank change? Will this person who has conducted this type of fraud be able to get to our Shopify balance?
 
Can someone explain how this could even happen? We just disputed the transaction, but it is scary that this could happen. 

I needed to post this issue here because Shopify management needs to do this and be aware that their help section for merchants is now unacceptable.

Labels:
509 Views
0 Likes
Report
Reply 1 (1)

dylanpierce
Shopify Partner
306 14 131
‎10-09-2024 08:09 AM

Hi @XXM ,

First off, sorry to hear that you're a victim of fraud. Yes, any vendor on any marketplace is susceptible to Payout Fraud: https://getverdict.com/blog/prevent-payout-fraud

 

The most common way this happens is a bad actor compromises your Shopify account. And the two most common ways this happen is either from password reuse or you opened a phishing link that looked like a Shopify login page but was actually a copy designed to steal your email address and password.

Once the attacker has logged into your Shopify account, they'll swap the payout banking details with their own and then wait for the payout.

Shopify will notify you on every login as well as when banking details are changed, but it's also possible that the attacker changed your Shopify account's notification settings. But by that point it's too late.

Your best defense against this type of attack is implementing a unique password for your Shopify account, as well as set up 2FA (also known as MFA). That way even if the attacker has your email address and password, they still cannot login without physical access to your phone for the 2FA code that rotates every 30 seconds.

 

To regain access to your Shopify account, you'll need to open up a support request. Be prepared to prove your identity with another means such as a Drivers License or Passport. Then immediately when you gain access, change your password and set up 2FA on your account and of course change the payout banking information.

 

I highly recommend using a service like 1Password to manage your passwords, so that way you can follow best practices by setting up a strong unique password for your Shopify account.

 

I hope this helps,

Founder of Real ID - Verify your customer's real IDs easily & securely with modern A.I.

Want to see it in action? Check out our demo store.

443 Views
0 Likes
Report

Community Blog Articles

VS-skills-2025-opt3.png
How to drive more onsite engagement with promotions, loyalty, and recommend...

Discover how to increase customer engagement on your store with articles from Shopify A...

By Jacqui Apr 23, 2025
JasonH_0-1743081651612.jpeg
Members of March '25

Hey Community 👋 Did you know that March 15th is National Everything You Think Is W...

By JasonH Apr 1, 2025
427225466-7b141305-de27-48eb-8d38-643ba2ed8c3f.jpg
The power of automation: New Shopify Flow fundamentals learning path

Discover how to increase the efficiency of commerce operations with Shopify Academy's l...

By Jacqui Mar 26, 2025
Terms of Service Privacy Policy