Since May, I’ve been faced with bot attacks testing credit cards and abandoning carts, hundreds, sometimes thousands of times per day. Sometimes the orders go through and I have to cancel the fraudulent order.
The free solution: Change the checkout from one-page to three-page. One page is the “recommended” choice, but if that means thousands of bots, I’ll gladly go back to three-page, even if that means conversions could be reduced. I guess it’s a lot like double opt-in on mailing lists to weed out the crap.
It’s been about 36 hours now and I have had zero bot attacks in that time. It is possible that the bots stopped at the exact time I switched from one-page checkout to three-page checkout, so I welcome others to try this out and see how it works for them. Please report back your findings.
@LFGabel Bot attacks at checkout can be incredibly frustrating, especially when they lead to fraudulent orders or disrupt analytics. Switching from the one-page to the three-page checkout sounds like a smart workaround to create more friction for bots without overly affecting legitimate users. It’s encouraging to hear that the attacks stopped shortly after the switch.
For anyone else experiencing similar issues, this could be worth testing, especially if other bot protection tools haven’t been effective.
Would love to hear if others try this and what their results are.
Well, after three and a half days, I got two attempted orders and one abandoned checkout. The scammer tried twice with the same scammer email, failing the first time. It took ten minutes for the second atttempt. Klaviyo still shows no browsing happening before checkout, which is a red flag (cart API call?) Will continue to monitor.
It’s been a week. Time for an update. Spam orders are still getting through but at a much slower rate. One new piece of information - multiple attempts use the same spam email address, which never happened before. So it’s somewhat effective.
One more week. There were a couple of attempts. Nothing like the frequency of before with one-page ordering turned on. What I will try now is going back to one-page ordering and see if the bot orders return.
One week later… With one-page ordering on, the scam attempts do increase.
I hope Shopify’s new fraud detection model will improve things. It is supposed to roll out on September 26 and uses 400+ risk signals, replacing Address Verification (AVS).
Yes, I have since discovered that it is indeed not a solution. The bots do adapt but they do come through slower.
I’m not losing money. I am using a Flow that allows me to process suspected fraudulent transactions manually, and automatically cancelling the high risk transactions.
On September 26, Shopify will introduce a new fraud detection model to replace address verification. Perhaps that will help.
After many weeks of testing, I have discovered something that seems to stop scammers cold. It costs nothing. However, it adds an extra step to the checkout process, which is a downside.
So it’s a trade-off. More spammers, or an extra step for customers.
The answer: Require customers to sign in to t heir account before checkout.
fix what exactly , botting, the internet?, computer science itself.
Does that sound reasonable, no it’s absurd.
This isn’t just a shopify problem it’s every where.
If your a merchant being severely impacted by bottin it’s very simple business logic.
Hoping a third party solves everything for you is a fantasy.
Investing in specific tools that improve revenue or opportunity costs is an actual plan.
Use reasonable solutions in the here and now or keep drowning now and in the future.
