Fraudulent orders won't stop

Today we’ve gotten 50+ orders for our lowest-cost item, in bunches at the exact same time time (ex. 4 orders at 6AM, 6 orders at 9:12AM, etc), all from different names/emails/IP addresses/CC numbers, but all from the same (bogus) billing address.

We’ve obviously cancelled the orders, but Shopify support has given us nearly zero help in how to stop these beyond paying for yet another app. And the orders keep coming in. Is there a way to block by billing address BEFORE they come in? That’s the only throughline to help us stop it.

Hi Cara, I understand that this tends to happen to products that are priced at $0.00. Was that the case for your orders?

No, they’re $5

@Cara_Livermore That’s strange. Usually spammers/bots don’t fulfill purchases unless it’s $0.00. In this case, you could either build a Shopify Flow to automatically identify these orders by the 1st line of their billing addresses and cancel them:

Joseph_W_0-1751661090909.png1882×517 70.7 KB

Or, install an app that are built to prevent such orders from happening on the store. These are the only 2 options that seem possible to combat this event.

This is happening to me! It was individual purchases of the same digital item of $2.00, all flagged as high risk at varying degrees. Most from a very similar US address.

I’m pretty af (but also curious) so I upped all my digital goods to $21.97 and they still made a purchase this morning. Scammers who spend money? When this began I had free items available in my store.

Like you, i’ve tried getting help from Shopify and nothing. No help, just referring back to the advice for fraud.

I’d love to know what the endgame is and what it’s all about.

Is this something you’re still dealing with? I really hope not Have you found out any more about this in the past few weeks?

-rachael

“Hi Cara/Rachel - Have you resolved the problem? If not, I saw your post about the $5 fraud orders. I think I know what’s happening and how to stop it. I’m building a solution for exactly this type of coordinated fraud attack. Would you be interested in a 10-minute call to discuss what you’re seeing?”

We were still getting the orders until we took off all $5 (our lowest amount) products from our store, and then it stopped. I put the products back on and haven’t seen any of these type of orders since, but I’m frustrated that Shopify has done little to nothing to address the fact that we have to pay the credit card processing fees of these fraudulent orders. They ordered $500+ of product in just a couple of hours, before we could even see what was happening.

I learned later (after they’d already done the damage) that we could’ve turn off automatic CC processing but on a daily basis, I really don’t have time to go through each one to prevent this from happening again. If there’s a method to prevent fraud without paying for a separate app that I haven’t heard of, I’d love to know.

Glad to know I’m not the only one dealing with this!

I’m so sorry you went through that - losing $500+ in processing fees from bot orders is incredibly frustrating, especially when Shopify’s tools completely missed it.

I’m actually an Industrial Engineering student at KSU working on my senior design project around this exact problem. What you experienced sounds like classic “card testing” - bots place small orders to validate stolen cards, then use the working ones for bigger purchases (often on other platforms).

I’m building a fraud detection system that would catch these bot patterns automatically - even when they use different names/addresses like yours did. The goal is to spot coordinated attacks before they rack up hundreds in processing fees.

**Since you’ve experienced this firsthand, would you be open to giving me some feedback on what I’m building? feel free to check out my landing page and I have a linkedin as well! Here is the anding page link: file:///Users/alyssaenglish/Downloads/simple_truesigna_landing%20(1).html Linkedin: https://www.linkedin.com/in/alyssa-english-116b93236/

https://in-blk.com/ is the landing page actually launching!

Hi Everyone,

[reposting here from another thread on the same topic]

Maybe already answered here, but we did build a good (FREE) process to prevent these orders from being processed [ i.e. Payment “Captured ] to avoid the processing fees using the native tools within Shopify, without a 3rd party app.

Like most of you, the bots were placing an order for a low value, non-shippable item. In our case, it was our package insurance and the lowest $1.00 option.

Here are the steps:

1. Payment Capture : go into settings and set payment capture to Manually Capture payments; this is located in Settings > Payments > Payment Capture Method > Manually.

2. Shopify Flows to Automate Payment Capture : next, you’ll need to go into Flows and set up a flow (or multiple) to automate the payment capture process, as you don’t want to manually click “capture” on every order. The flows you set up will be specific to your store and how this situation is impacting you directly, but I’ll share our flows below, if helpful.

3. Void Fraudulent Orders : and that’s it, as the orders will still unfortunately keep coming in, but at least you are not incurring the payment processing fees because the payment is not captured, so you’re voiding the order instead of cancelling it. Best we can do for now

Here are the two flows we set up:

(1) Capture Payment | Order Risk is Low

I’m just going to write it out how it reads, as it is 3 steps. This flow automates the payment capture process for us so that the flow will capture payment for all orders marked as Low Risk, so we do not have to do that manually one-by-one. We were seeing the majority of these scam orders come in as high or medium risk, so this flow solves a lot of them.

Start when…

Order risk analyzed

Then, Check If…

Order risk level is equal to Low

Then, Do this…

Capture Payment

(2) Capture Payment | Address not Associated with Fraud

Start when…

Order created

Then, Check If…

Shipping address city is not equal to Villa Rica

OR

Billing address city is not equal to Villa Rica

OR

Shipping address zip is not equal to 30180

OR

Billing address zip is not equal to 30180

Then, Do this…

Capture Payment

Hopefully that helps some of you, as I know this was super frustrating for us. I’m also no expert, so if there are improvements or modifications, would love to know and comments welcome!

Lastly, like many of you, I’m not impressed with how Shopify is handling this situation and would strongly suggest to Shopify that they reverse / refund processing fees for the fraudulent orders associated with this address — and the two others, one in Toronto and another in the UK — that connects specifically to this fraud scheme. It’s their job to catch and mitigate this stuff, not ours.

At a bare minimum, I’d like to see them send out an email to all merchants providing guidance on how to do something like what I’ve outlined above. When I spoke with their customer reps, they were not helpful, despite being well aware of the issue, and it was nothing but template answers.

Shopify, you can do better, come on.

Hey Matt,

can you take a look and see if this flow setup would work for this case?

shop flow1750×868 110 KB

Almost all of mine are from the 77 villa address, and i’ve had 2 chargebacks in the past few weeks. $3 for the item and $25 for the fees. so ■■■■ frustrating. i’m using the Chargeflow app to care for it all. So far i’m impressed by how they do things. I’ve also refunded all at-risk orders, which came to $135.

I agree with you, Shopify can do better.

I’d also like to see Shopify do something across the board and let all users know about this

Currently, my Shopify store is losing money and I’ve been having fun setting up things on gumroad. I’m just very reluctant to let my domain go and have yet to find a set up elsewhere that’s cheaper than Shopify and justifies all the hassle of moving things around.

Anyways, live and learn and all that jazz

I just saw an ad for Chargeflow while watching YouTube. How is it?

they seem very supportive and knowledgeable via their chat services plus transparent with costs which i appreciate. the app is super easy to use. no complaints from me. especially for people with more expensive items in store or having more pricey items attacked by these fraudulent orders, i can see this being a bit of a lifesaver

I would like to throw my 2 cents in on this too. It is kind of annoying that this is a WELL knowing issue by Shopify and there is no solid fraud protection unless you are on their top-tier plan. Shopify, us small businesses just simply cannot afford that. We are stuck eating processing fees or setting up a work around. That’s kind of crappy. We all collectively pay a lot of money to your platform and some better assistance on this would be greatly appreciated. I am sick of having to research endlessly on how to get them to stop starting cart check outs to see if emails bounce or not. Once they find one buying our cheapest product. It’s ridiculous and truly disheartening. This complaint is a valid complaint. You have endless support threads saying they are having this issue and no valid solution is being offered.

Have you tried Stripe Radar before?

i would like to throw my 2 cents in also, plus plan has no better fraud prevention then any other plan, dont worry.

In that case you have to use the app Fraud Control by Shopify which is completely free to use and it’s work perfect.

Here is the link to app: Fraud Control - Block known fraud and automate operations to maximize revenue. | Shopify App Store

If this was helpful, then mark as Solution and like it.

Thanks

Inaccurate, Fraud control app does not handle billing address fields, only handles shipping address fields.