Hello,
Shopify provide an option for users to sign up and create shop account with an email address. Shopify checkout does not check, if a user entered an email, that belongs to already created user (that’s super weird), which means, that non-registered and non-logged users can place orders for other registered users.
The case is like this:
Person A creates a shop account with email a@example.com.
Person B places an order, using email a@example.com (for whatever reason…).
When person A logs in, he sees order from person B under his account.
It’s like when someone uses your already used email and writes posts on your Facebook without logging in.
This can be prevented by enabling only signed users to place orders, but that would mean every single user must be registered (that is a no-go). Do you know about any solution, that would prevent using emails, that belong to registered users by non-registered users, without requiring everyone to be registered?
Hi @5-MeO-DMT
I totally get why this feels like a major flaw—someone could use another person’s registered email and make purchases that end up linked to the wrong account. Shopify’s default checkout doesn’t automatically check if an email belongs to a registered user unless the store requires login. But since forcing all users to register isn’t ideal, here are some alternative solutions:
1. Enable “Login Before Checkout” for Existing Customers- You can modify your checkout flow so that if an email is already linked to an account, Shopify prompts the user to log in before proceeding.
- This isn’t a built-in Shopify feature, but you can use custom Liquid code in the theme checkout.liquid file (for Shopify Plus users) or a third-party app.
2. Use a Third-Party App for Email Verification- Apps like Shop Protector or EcomSend can verify emails before checkout, ensuring that only the rightful owner can use a registered email.
- Some apps also prevent fake emails and bots from using your checkout.
3. Customize Your Checkout with Shopify Scripts (Shopify Plus)- If you’re on Shopify Plus, you can write a Shopify Script that checks if an email is linked to an account and blocks checkout unless the user logs in.
- This requires some coding, but it’s an effective way to ensure emails aren’t misused.
4. Use a Custom App or Webhook- If you have a developer, you can create a custom Shopify app or webhook that cross-checks emails in real time and prevents unregistered users from using registered emails.
- The app could prompt users to sign in or choose a different email.
5. Set Up Two-Factor Authentication for Order Confirmation- While Shopify doesn’t support direct email verification at checkout, you can require email confirmation before an order is processed through third-party integrations like Klaviyo or SendGrid.
No Perfect Solution (Yet), but Workarounds Exist
Unfortunately, Shopify doesn’t natively block this behavior without requiring login. The best approach depends on your setup: if you’re on Shopify Plus, scripts or custom apps work well. Otherwise, third-party apps are your best bet.
If you need any other assistance, I am willing to help.
Best regards,
Daisy.