Hi! I got an order flagged as high risk, the only red being it has fraudulent characteristics. Billing and shipping address were the same. CVV code was correct. Not a high risk IP address. Everything green.
I called the customer and left a voicemail. He called me back and his caller ID matched the name on the order. He verified billing/shipping address and the last four digits of payment. I emailed him and he replied via email as well.
would you fulfill this order? It’s $200, which is pretty typical for my store.
I’ve gotten 2 other high risk orders but those had billing and shipping address that didn’t match and customer never responded to me when I reached out.
thanks for your advice!
Hi there, @Justinemarini ! Thanks for taking the time to reach out to the Shopify Community Forums with your question around this high-risk order! My name is Imogen. It’s good to meet you!
Ultimately, the decision to fulfill this order is the responsibility of the store owner, so nobody will be able to advise on specifically if you should or not fulfill this order. Shopify provides fraud detection systems and flags high-risk orders for merchants so they can do the due diligence to do their best to ensure the legitimacy of their customer, which it sounds like you’ve done here! It’s a great sign that your customer has actively engaged with you, and took the steps you mentioned above to help verify their legitimacy.
If you decide to fulfill the order, it’s important to make sure that you keep notes in relation to your dealings with this merchant, just in case. Chargebacks can occur occasionally, and if you fulfil the highrisk order, it wouldn’t hurt to keep a record of your dealings with the merchant regarding this purchase, just in case a chargeback were to occur. This will allow you to have evidence to provide to Shopify if a chargeback does occur, as Shopify allows you to supply evidence related to your dealings with the merchant that will get sent to the chargeback filing bank for their consideration in deciding on how to resolve the chargeback.
Hey there—this is the quick, low-friction check that’s saved my clients and me from dozens of fraudulent orders:
-
Fire a $0 – $1 “auth-only” charge with a coded descriptor
Use something like STORE*123456. Ask the buyer to read back the 6-digit code that appears on their online statement. When that matches the order info you already confirmed by phone/email, you’re 99 % sure it’s the real cardholder.
-
Flip Shopify Payments to Manual capture while you verify
That way no funds settle (and you don’t eat processing fees) if you have to cancel.
Once the code checks out, capture and ship as normal. If no response within 24 h, just void the auth and let them reorder.
Hope that helps! If you’d like this exact flow baked—Hold capture for Fraud orders, auto vefiy last-4-digits for routine checks, auth-code for “High-Risk” orders, and auto capture safe orders—join the early-access list here → https://fraudguard.carrd.co/
— Reuven | Founder, FraudGuard (Shopify app)