Risk analysis

Shopify's risk analysis flags orders that might be fraudulent so that you can investigate them before processing.

If you're on the Basic Shopify plan and not using Shopify Payments, then you have access to the basic risk summary, which flags orders that might be fraudulent and identifies the areas of concern, which you can see on each order information page.

Enhanced risk analysis is available for merchants on the Shopify plan or higher, as well as for merchants on the Basic Shopify plan who are using Shopify Payments. It includes risk indicators for each order, recommended next steps, and additional information (for example, the IP address from where the order was placed) when applicable.

Note

Flagged orders are also brought to your attention in order notification emails if you subscribe to them.

Flagged orders aren't necessarily fraudulent, but they do meet fraudulent criteria. If the risk analysis identifies one of your orders as suspicious, then you should investigate the order before fulfilling it. You can capture a payment manually if you want to avoid chargebacks due to fraudulent orders.

Caution

You can't use prepaid bank cards as bank account credentials to receive payouts from Shopify Payments.

View an order's risk summary

To see the risk summary for an order:

Enhanced risk analysis

To see the enhanced risk analysis for an order:

  1. From your Shopify admin, click Orders (or press G O):

    Orders
  2. Click an order number to view its information including the risk analysis for the order. Suspicious orders are flagged with a small exclamation mark next to the order number:

    Flagged order
    The risk level summary is at the bottom of the page:
    Flagged order2
    Additional risk assessment checks are done, based on data shared across the Shopify platform, and can provide additional warnings if an order appears fraudulent.

  3. Click View full risk analysis.

What the risk analysis looks for

Shopify's risk analysis includes many tests that look for potentially suspicious features of an order:

Address Verification System (AVS)

AVS compares the numeric part of the customer’s billing address and zip code to the information on file with the credit card issuer. This helps reduce a significant amount of fraud, because unauthorized users might not have the billing address information for the credit card they’ve stolen.

Card Verification Value (CVV)

The CVV is a 3 or 4 digit number on the back of the customer’s credit card. Credit card companies prohibit the storage of the CVV code, so asking for the CVV is a way of ensuring that a customer has the card physically in their possession. Credit card information stolen from a merchant database is also less useable, because it shouldn't contain CVV information.

IP Address check

The IP address check compares the country of the buyer’s billing address to the country the buyer placed the order from. If there is a mismatch, then Shopify Risk Analysis issues a warning so that you can investigate further.

Messages that you might see include:

  • The customer used a web proxy when placing this order This means that the customer is trying to obscure their network source through a VPN or web proxy. It doesn't always indicate fraud, but is cause for manual verification of the order.

  • IP has been temporarily blocked because of fraudulent activity

    This applies to abandoned checkouts only. If you see this error message it means that the person trying to check out was blocked from doing so:

    Risk analysis ac 1

    Instead of an order being created with a fraud marker - the order is blocked from completing, and creates an abandoned checkout.

Want to discuss this page?

Visit the Shopify Community

Ready to start selling online with Shopify?

Try it free