Fraud scammers running credit cards. What can we do?

Well, I do not care who asks for it, they would not get it from me. They will get a library card, but no way, will they get a driver’s permit with adress, age and all kind of info a scammer can use. What you are not thinking about is at the other end, the person who takes the orders from the website, the secretary that could be asking for it, or the shipper, I have to trust them with my ID ??? Seriously ?

When Equifax tells me we should never give our birthdate, I think I will follow their advice. EVEN if you had the id, for example, the 2 chargebacks we got, were people who were out there, quite known and played games with us, so, getting their ids was pointless because I could find out online who they were. Ont was even a neighboor from someone we knew. The probllem was Shopify who did not send our answer to the credit card company when we gave the proof all was shipped and even the customer asking details about the stuff she had received then denying having them ? We had the proof, but Shopify did not do their job. Not much the little ID could do about this right ?? We called Visa and they said they had never gotten our answer.

If anyone asked for my ID, i would tell them to get lost and cancel the order.

At the end, we have to double check every order because Shopify’s chargeback system is worth minus 1000.

I understand ID documentation is not a viable solution for you, but that doesn’t mean it’s not essential for different merchants and industries. We help online pharmacies as well as implement age verification beyond self-reporting your own birthday.

I totally agree, private details shouldn’t be viewable by just anyone. That’s why we provide controls to limit whom can view this data - including at the per staff level. I respectfully disagree with your claim regarding entering in personal information online. Parts of the internet is more dangerous because identity is disposable.

We have also helped overturn fraudulent chargebacks based on ID evidence provided at checkout. But what we hear most often are the dramatic drop in chargebacks, just because friendly fraud (also known as first party fraud) is mostly a crime of opportunity.

At the end, we have to double check every order because Shopify’s chargeback system is worth minus 1000.

Genuinely curious, what do you mean by double check? What is your process for judging if a customer’s order is legitimate, like you said they can file a chargeback based on non-fulfillment. In theory those orders won’t trigger Shopify Fraud Analysis because the billing and shipping details line up.

Just bumping this thread to note I’m having the same issue - bots from Russia and the US (I think it’s the same one disguising its IP) trying to buy a $1.25 item (always the same one) every 6 or so hours.

The bot is trying to pay via credit card unsuccessfully, but I’m nervous in case of a successful attempt. I’m worried it would download all my digital inventory and steal my store basically (I sell only digital templates).

My feeling is that help/support against these bot attacks should be part of the foundational offerings of Shopify. We shouldn’t need fancy development or buying extra modules for this, as the bots are becoming very prevalent, messing up automations and statistics, and are dangerous if they succeed.

So adding my vote here for a future (soon hopefully) fix.

Honestly, do not get what you are trying to say at all. And you must be selling apps to be pushing for something without reading people’s situations

One chargeback

This lady ordered 2 items. All was going through, billing adress matched, cvv, etc. AND she was known and neighboor from a friend of the company (though she did not know that) SO, SHE EXISTS You got me until now ??

And she has money. The order was only 500$

Are you still following me ?? Then, she asks if we have a different colors, we say yes. Then, she said I am returning rush UPS and here is the tracking but please reship asap. Since we knew someone who knew her and she said the package was gone, we reshipped two more items but we never got back the other two AND SHE ASKED FOR A CHARGEBACK !!! No reason at all, lying she had shipped and UPS confirmed not picking up anything from her

So, we lost the chargeback because even with the proofs that she had not reshipped and she did not even wait one day after asking for return, she asked a chargeback, but we lost

The whole story was crazy

But few months later, the lady comes back and says I have 4 items but would like a 3rd version. SO, SHE ADMITTED. We called the credit card company, they were going to open the file for us aid that Shopify never gave them our answer ..

We contacted the lady and said, we will report you to the credit card company and she refunded us.

But she was legit

Unless there is an app that can spot legit people and have a cristal ball that they might try to steal, not interested

Just pick the option to accept payments manually, not automatically. They have this set-up in shopify. You have one week to accept the charge and if you do not, it does not go through and cancels automatically.

It will give you time to review

Thanks, Pripri - looking into it!

You go to Settings, Payments and at the bottom, Payment capture method. Pick manually. and choose Manually.

Ps, wonder if yoir set up of downloading as soon as paid will work with this. We have to ship items so it works for us. But test ot or set it up wot a delivery date as well ?

Yes - you nailed exactly the issue I’m thinking about: the auto delivery email. So still considering the options open to me, but I appreciate adding this one to the mix.

We’ve implemented an email verification or login to shop. So basically the CC fraudsters don’t have legit email addresses. If they want to actually get to checkout they need to either enter their legit email address to which shopify sends them a one time code, or they can login before checkout. This prevents scammers testing cc’s. It makes it slightly more difficult for us because we can’t use shopify payments, we use moneris 3rd party.

Legit email does nothing for us because we were exchanging e mails with the chargeback people before they did and after. Even phone calls.

The problem for a 1000 time is that if we are in our rights and provide the proof to shopify to pass on to the credit card company, itbis apparently npt send to the credit card company. But we called the credit card as well and that will mess up their future try outs.

Just wanted to say this is still a major problem, I run a store selling digital items and I’ve had to turn on users must be logged in to order. I was getting hit with hundreds of fraudulent orders a day, different names, card numbers and email addresses but literally all using the same postal address. I set up manual payment capture so at least it wasn’t costing me but it still completely messes up your store with things like reports and user accounts not to mention the ridiculous number of alerts. Amazingly some orders using this address weren’t even flagged as high risk (or medium risk). The AVS stuff did nothing the orders still go through, which seems odd but shopify support didn’t care.

However by turning on must be logged in the conversion rates lower, so by doing nothing else to help prevent this shopify are losing out on money as well.