Fraudulent orders won't stop

Today we’ve gotten 50+ orders for our lowest-cost item, in bunches at the exact same time time (ex. 4 orders at 6AM, 6 orders at 9:12AM, etc), all from different names/emails/IP addresses/CC numbers, but all from the same (bogus) billing address.

We’ve obviously cancelled the orders, but Shopify support has given us nearly zero help in how to stop these beyond paying for yet another app. And the orders keep coming in. Is there a way to block by billing address BEFORE they come in? That’s the only throughline to help us stop it.

Hi Cara, I understand that this tends to happen to products that are priced at $0.00. Was that the case for your orders?

No, they’re $5

@Cara_Livermore That’s strange. Usually spammers/bots don’t fulfill purchases unless it’s $0.00. In this case, you could either build a Shopify Flow to automatically identify these orders by the 1st line of their billing addresses and cancel them:

Joseph_W_0-1751661090909.png1882×517 70.7 KB

Or, install an app that are built to prevent such orders from happening on the store. These are the only 2 options that seem possible to combat this event.

This is happening to me! It was individual purchases of the same digital item of $2.00, all flagged as high risk at varying degrees. Most from a very similar US address.

I’m pretty af (but also curious) so I upped all my digital goods to $21.97 and they still made a purchase this morning. Scammers who spend money? When this began I had free items available in my store.

Like you, i’ve tried getting help from Shopify and nothing. No help, just referring back to the advice for fraud.

I’d love to know what the endgame is and what it’s all about.

Is this something you’re still dealing with? I really hope not Have you found out any more about this in the past few weeks?

-rachael

“Hi Cara/Rachel - Have you resolved the problem? If not, I saw your post about the $5 fraud orders. I think I know what’s happening and how to stop it. I’m building a solution for exactly this type of coordinated fraud attack. Would you be interested in a 10-minute call to discuss what you’re seeing?”

We were still getting the orders until we took off all $5 (our lowest amount) products from our store, and then it stopped. I put the products back on and haven’t seen any of these type of orders since, but I’m frustrated that Shopify has done little to nothing to address the fact that we have to pay the credit card processing fees of these fraudulent orders. They ordered $500+ of product in just a couple of hours, before we could even see what was happening.

I learned later (after they’d already done the damage) that we could’ve turn off automatic CC processing but on a daily basis, I really don’t have time to go through each one to prevent this from happening again. If there’s a method to prevent fraud without paying for a separate app that I haven’t heard of, I’d love to know.

Glad to know I’m not the only one dealing with this!

I’m so sorry you went through that - losing $500+ in processing fees from bot orders is incredibly frustrating, especially when Shopify’s tools completely missed it.

I’m actually an Industrial Engineering student at KSU working on my senior design project around this exact problem. What you experienced sounds like classic “card testing” - bots place small orders to validate stolen cards, then use the working ones for bigger purchases (often on other platforms).

I’m building a fraud detection system that would catch these bot patterns automatically - even when they use different names/addresses like yours did. The goal is to spot coordinated attacks before they rack up hundreds in processing fees.

**Since you’ve experienced this firsthand, would you be open to giving me some feedback on what I’m building? feel free to check out my landing page and I have a linkedin as well! Here is the anding page link: file:///Users/alyssaenglish/Downloads/simple_truesigna_landing%20(1).html Linkedin: https://www.linkedin.com/in/alyssa-english-116b93236/

https://in-blk.com/ is the landing page actually launching!

The first thing I’d recommend is to turn on Manual Payment Capture immediately.
That way the money isn’t actually taken until you’ve reviewed the order. Even if scammers flood you with fake checkouts, you won’t be stuck with refunds or chargebacks. It gives you a first layer of protection and time to decide what to do with each order.

As for the pattern you’re seeing with 50+ low-cost orders using the same bogus billing address, this is exactly the type of situation where FraudGuard helps. Shopify’s built-in checks don’t connect the dots between orders, but FraudGuard does.

It flags when a single billing address is reused across many different names, emails, IPs, or cards. Orders with these red flags are automatically held for review before capture. You can also trigger an automated verification step so the real buyer (if there is one) has to confirm before the order is processed.

So in short, switch to manual capture right away. Then use something like FraudGuard to spot and block these coordinated attacks before they turn into a mess of cancelled orders.

Hi Everyone,

[reposting here from another thread on the same topic]

Maybe already answered here, but we did build a good (FREE) process to prevent these orders from being processed [ i.e. Payment “Captured ] to avoid the processing fees using the native tools within Shopify, without a 3rd party app.

Like most of you, the bots were placing an order for a low value, non-shippable item. In our case, it was our package insurance and the lowest $1.00 option.

Here are the steps:

1. Payment Capture : go into settings and set payment capture to Manually Capture payments; this is located in Settings > Payments > Payment Capture Method > Manually.

2. Shopify Flows to Automate Payment Capture : next, you’ll need to go into Flows and set up a flow (or multiple) to automate the payment capture process, as you don’t want to manually click “capture” on every order. The flows you set up will be specific to your store and how this situation is impacting you directly, but I’ll share our flows below, if helpful.

3. Void Fraudulent Orders : and that’s it, as the orders will still unfortunately keep coming in, but at least you are not incurring the payment processing fees because the payment is not captured, so you’re voiding the order instead of cancelling it. Best we can do for now

Here are the two flows we set up:

(1) Capture Payment | Order Risk is Low

I’m just going to write it out how it reads, as it is 3 steps. This flow automates the payment capture process for us so that the flow will capture payment for all orders marked as Low Risk, so we do not have to do that manually one-by-one. We were seeing the majority of these scam orders come in as high or medium risk, so this flow solves a lot of them.

Start when…

Order risk analyzed

Then, Check If…

Order risk level is equal to Low

Then, Do this…

Capture Payment

(2) Capture Payment | Address not Associated with Fraud

Start when…

Order created

Then, Check If…

Shipping address city is not equal to Villa Rica

OR

Billing address city is not equal to Villa Rica

OR

Shipping address zip is not equal to 30180

OR

Billing address zip is not equal to 30180

Then, Do this…

Capture Payment

Hopefully that helps some of you, as I know this was super frustrating for us. I’m also no expert, so if there are improvements or modifications, would love to know and comments welcome!

Lastly, like many of you, I’m not impressed with how Shopify is handling this situation and would strongly suggest to Shopify that they reverse / refund processing fees for the fraudulent orders associated with this address — and the two others, one in Toronto and another in the UK — that connects specifically to this fraud scheme. It’s their job to catch and mitigate this stuff, not ours.

At a bare minimum, I’d like to see them send out an email to all merchants providing guidance on how to do something like what I’ve outlined above. When I spoke with their customer reps, they were not helpful, despite being well aware of the issue, and it was nothing but template answers.

Shopify, you can do better, come on.

Hey Matt,

can you take a look and see if this flow setup would work for this case?

shop flow1750×868 110 KB

Almost all of mine are from the 77 villa address, and i’ve had 2 chargebacks in the past few weeks. $3 for the item and $25 for the fees. so ■■■■ frustrating. i’m using the Chargeflow app to care for it all. So far i’m impressed by how they do things. I’ve also refunded all at-risk orders, which came to $135.

I agree with you, Shopify can do better.

I’d also like to see Shopify do something across the board and let all users know about this

Currently, my Shopify store is losing money and I’ve been having fun setting up things on gumroad. I’m just very reluctant to let my domain go and have yet to find a set up elsewhere that’s cheaper than Shopify and justifies all the hassle of moving things around.

Anyways, live and learn and all that jazz

I just saw an ad for Chargeflow while watching YouTube. How is it?

they seem very supportive and knowledgeable via their chat services plus transparent with costs which i appreciate. the app is super easy to use. no complaints from me. especially for people with more expensive items in store or having more pricey items attacked by these fraudulent orders, i can see this being a bit of a lifesaver