Risk analysis and chargebacks

Shopify's risk analysis flags orders that might be fraudulent so that you can investigate them before processing.

If you're on the Basic Shopify plan and not using Shopify Payments, then you have access to the basic risk summary, which flags orders that might be fraudulent and identifies the areas of concern, which you can see on each order information page.

Enhanced risk analysis is available for merchants on the Shopify plan or higher, as well as for merchants on the Basic Shopify plan who are using Shopify Payments. It includes risk indicators for each order, recommended next steps, and additional information (for example, the IP address from where the order was placed) when applicable.

Note

Flagged orders are also brought to your attention in order notification emails if you subscribe to them.

Flagged orders aren't necessarily fraudulent, but they do meet fraudulent criteria. If the risk analysis identifies one of your orders as suspicious, then you should investigate it before fulfilling the order. You can capture a payment manually if you want to avoid chargebacks due to fraudulent orders.

Caution

You can't use prepaid bank cards as bank account credentials to receive payouts from Shopify Payments.

View an order's risk summary

To see the risk summary for an order:

Enhanced risk analysis

To see the enhanced risk analysis for an order:

  1. From your Shopify admin, click Orders (or press G O):

    Orders

  2. Click an order number to view its information including the risk analysis for the order. Suspicious orders are flagged with a small exclamation mark next to the order number:

    Flagged order
    The risk level summary is at the bottom of the page:
    Flagged order2
    Additional risk assessment checks are done, based on data shared across the Shopify platform, and can provide additional warnings if an order appears fraudulent.

  3. Click View full risk analysis.

What the risk analysis looks for

Shopify's risk analysis includes many tests that look for potentially suspicious features of an order:

Address Verification System (AVS)

AVS compares the numeric part of the customer’s billing address and zip code to the information on file with the credit card issuer. This helps reduce a significant amount of fraud, because unauthorized users might not have the billing address information for the credit card they’ve stolen.

Card Verification Value (CVV)

The CVV is a 3 or 4 digit number on the back of the customer’s credit card. Credit card companies prohibit the storage of the CVV code, so asking for the CVV is a way of ensuring that a customer has the card physically in their possession. Credit card information stolen from a merchant database is also less useable, because it shouldn't contain CVV information.

IP Address check

The IP address check compares the country of the buyer’s billing address to the country the buyer placed the order from. If there is a mismatch, then Shopify Risk Analysis issues a warning so that you can investigate further.

Messages that you might see include:

  • The customer used a web proxy when placing this order This means that the customer is trying to obscure their network source through a VPN or web proxy. It doesn't always indicate fraud, but is cause for manual verification of the order.

  • IP has been temporarily blocked because of fraudulent activity

    This applies to abandoned checkouts only. If you see this error message it means that the person trying to check out was blocked from doing so:

    Risk analysis ac 1

    Instead of an order being created with a fraud marker - the order is blocked from completing, and creates an abandoned checkout.

Investigate a suspicious order

Sometimes you are better placed to judge whether an order is suspicious, even if it passes the risk analysis checks. You can take a number of steps to investigate an order if you believe it might be fraudulent:

Verify the IP address

The IP address from which an order was placed is a good indicator of potential fraud. There are a few things to consider when investigating an IP address:

  • Is the customer's IP address located in a different general area from where they claim to be?
  • Is the IP address that of a web hosting company?
  • Is the IP address similar to a proxy service IP address?

If you've answered yes to any of the question above, then you should probably contact the customer to verify the authenticity of the order.

There are free tools available that you can use to quickly look up the geographical location, ISP, and other information about a specific IP address:

You will find the IP address associated with the order in:

Call the phone number on the order

Using this step along with any of the other steps is a good idea. You can also use a service such as 411.com to make sure the phone number is located in the same area code as the billing address. Fraudulent customers often use non-valid phone numbers. If someone answers the phone, then ask them some simple questions about their order and see how they respond. Do they know the addresses, phone number, email, and name they used? Are they struggling to give you simple pieces of information?

Use a search engine to look up the email address

Has this email address been used in documented fraud attempts? Can you find information tying the email address to the customer name (forum posts, Facebook, Twitter)?

Verify that the billing and shipping addresses match

A fraudster is likely going to provide a shipping address that does not match the billing address. You can use Google Maps to map out addresses and visualize the distance between them. If the distance between two addresses is significant (different continents, for example), then it is possible that the order is fraudulent. However, keep in mind that legitimate shoppers sending a gift or buying on behalf of someone else might have different addresses.

Multiple orders: are there different billing addresses for the same shipping address?

Are there multiple orders with different billing addresses located in different states, with different names, but sharing the same shipping destination? This is usually a sign of fraudulent orders. Proceed carefully, and contact the customers using the information provided at checkout.

Investigate AVS (Address Verification) or CVV (3-digit code) verification failures

If the AVS or CVV verifications has failed, then you should take a closer look at the orders.

Pay special attention to high value orders

If you receive an order which is substantially higher than normal, then you should verify the customer's identity.

Use apps for increased protection

You can also install a fraud-related application for advanced risk mitigation functionality. There are many available in the app store that serve unique purposes.

To block users who attempt repeat fraudulent orders, you can use Shopify's Fraud Filter app.

Fraud prevention and chargebacks

A transaction that is not authorized by a customer is referred to as fraudulent. Shopify's built-in risk analysis brings suspicious orders to your attention so you can investigate further.

Chargeback FAQ

I just received a chargeback notification. What does it mean?

Chargeback clean

A chargeback occurs when one of your customers questions their order with their bank or credit card company. Banks usually ask customers for a reason for the chargeback.

Following the customer’s complaint, most banks tend to initiate a formal chargeback and to side with the customer without further investigation. This can be frustrating, but there is a chargeback resolution process and, in many cases, you can prove that the charge was valid. Shopify will provide you with the chargeback details and work with you to contest any chargebacks that you feel are unjustified.

How does the chargeback process work?

  • Shopify receives a notification of the chargeback. You will receive an email with details and a link to the affected order. A note will also appear on the Orders page, notifying you of the chargeback.

  • Shopify will deduct the chargeback amount and fee from your pending balance. If you win the chargeback, then Shopify will add the amount back to your pending balance immediately.

  • On the affected order, a header displays the chargeback details, response deadlines, and instructions on how to best resolve the matter. You can respond to the chargeback using a template generated according to your order, fulfillment, and customer details. You can also include any other details that might help convince the customer’s bank that your products or services were delivered as advertised.

  • Shopify will send any evidence you submit to your customer’s credit card company. That company will then make a decision about whether or not to resolve the chargeback in your favor. The chargeback amount and fee are both refunded to your bank account if the chargeback is resolved in your favor.

  • If you do not take any action on a chargeback, then Shopify will automatically submit the pre-generated template on your behalf and attempt to recover the lost sale. To avoid this, you can simply accept the chargeback from the Orders page of the admin.

What should I do when I receive a chargeback notification?

You have four options:

Option 1: Contact the customer

In the affected order you can use the Contact customer link to get in touch with the cardholder to understand the reason for the chargeback. It’s possible that the customer simply did not recognize the transaction. Contacting the customer can often help resolve the issue quickly. If the chargeback is the result of a misunderstanding, then the customer can ask their bank to withdraw the chargeback.

Option 2: Respond to the chargeback

To respond to a chargeback, open the affected order in your Shopify admin and click Respond to chargeback. Enter any additional evidence — aside from what has been automatically generated by Shopify — that the customer did, in fact, receive the product or service within the expected timeframe. Helpful evidence might include:

  • customer service emails
  • USPS/FedEx/UPS or other online tracking or shipping confirmations
  • proof of prior refunds or replacement shipments.

Shopify will submit this information to your customer’s credit card company and update you afterwards. Shopify cannot make changes to the response after it has been submitted.

You can enter only text in the dispute response — hyperlinks and images are not delivered.

Option 3: Accept the chargeback

You can choose to accept the chargeback, leaving the sale reversed. This option is available from the Orders page. You should do this if the reason for the chargeback is legitimate (for example, if your products or services were not delivered).

Option 4: Automated recovery attempt

To help you successfully overturn chargebacks, Shopify will automatically respond on your behalf if you do not submit supporting evidence before the chargeback deadline.

The automated response includes:

  • Product details – title, variants, and quantity purchased
  • Fulfillment information – shipping company used, and tracking information provided
  • Date and Time – date the order was fulfilled
  • Shipping and billing address – the customer's addresses
  • Order date – date the order was placed
  • Customer IP address and customer IP country - Internet protocol addresses of the customer and his/her country.

Caution

To prevent Shopify from automatically responding to a chargeback, you must submit supporting evidence before the deadline found on the order's details page in your Shopify admin. The date shown is the date Shopify will automatically respond. For example:

Chargeback deadline

Is there a fee for chargebacks?

Yes, you must pay a $15 fee in the United States and Canada, £10 in the UK, and $25 in Australia when there is a chargeback on one of your transactions. If the chargeback is resolved in your favor, however, Shopify will refund the fee.

What does the chargeback status mean? How can I tell when it changes?

When a chargeback first comes in, its status is Chargeback: Needs response. When you update the chargeback with evidence, Shopify submits that evidence on your behalf. At some point after that — usually within 3-4 weeks — the chargeback’s status will change to Won or Lost depending on whether the chargeback is resolved in your favor or the cardholder’s favor.

When the chargeback is resolved, Shopify will email you the details of the outcome and update the chargeback status of the affected order.

Can I view all my chargebacks together?

The Orders page allows you to filter all orders with a particular chargeback status. You can look for all chargebacks that are under review by setting the filters to Chargeback status and under review, or you can look for all of your chargebacks by setting the filters to Chargeback status and any. Each chargeback status has a different colored chargeback icon that you can use to tell them apart.

I want to just give the customer a refund instead. Can I do that?

When a chargeback arrives, there is no way for you to refund the charge. Your customer has already received the amount of the chargeback from their bank, so if you agree with the decision to refund, you don’t need to take any further actions.

My customer said the chargeback was a mistake. How do I get the chargeback reversed?

If you’ve talked to your customer and they’ve agreed to drop the chargeback, there are two steps that you need to take. First, have your customer call and tell their bank that they’ve agreed to drop the chargeback. This is critical because the bank won’t know your customer has dropped the chargeback unless your customer tells them.

Second, you need to submit evidence to let the bank know that your customer wishes to drop the chargeback, including any email evidence you have where the customer says so. If your customer had specific complaints that led to the chargeback, then be sure to address those complaints in the evidence.

After you’ve completed the two steps, you need to wait for the bank to let Shopify know that the chargeback has been closed in your favor. When the bank confirms this, Shopify will return the full amount of the charge and the associated fee to you. Note that this process can take some time — it’s not unusual for a bank to take 8 or more weeks to tell Shopify about the results of the chargeback. As soon as this happens, you will receive an email notification.

What are the most common reasons for a chargeback, and how can I prevent chargebacks?

Chargebacks are an unfortunate fact of accepting credit cards, but you can do a few broad things to reduce your risk:

  • Use a recognizable name for your card statement text. You can set it when you first apply for your Shopify Payments account, or edit it at any time from your Shopify Payments settings. It is recommended that you use your website’s domain name.
  • Have clear return and refund policies and make them easy to find on your website.
  • Communicate accurate delivery times and keep customers updated throughout the process. If possible, use online tracking and delivery confirmation.
  • Post customer service contact information prominently and respond to customer inquiries quickly.

Shopify provides you with more details about the reason for a chargeback (if any are available) at the top of the affected order. A few common reasons make up the bulk of chargebacks are:

Reason What it means How to prevent it
Fraudlent The customer didn’t authorize the charge. This is the most common reason for a chargeback and can happen if the card was lost or stolen. Stripe, a third-party payment gateway, has some suggestions for responding to chargebacks. Make sure your statement descriptor is easily recognizable to your customers and reflects the URL they would associate with their purchase. Send receipts upon payment to remind your customers what they paid for. If you ship physical goods, consider shipping only to AVS-approved addresses (in the US, Canada, and the UK) or reaching out to the customer before shipping to addresses that don’t match the AVS or billing address.
Unrecognized The customer doesn’t recognize the merchant name or location on the card statement. Shopify suggests responding to this in the same way that you would to a fraudulent code. The prevention measures are similar to those for fraudulent transactions. In particular, make sure your statement descriptor is easily recognizable so your customers can tell who charged them.
Duplicate You charged twice for the same product. There are some suggestions here for how to respond to this type of chargeback. If a double charge happens accidentally, refund the second charge right away and contact your customer.
Subscription canceled According to the customer, you charged for a subscription after it should have been canceled. It can also mean that the customer expected a reminder before each recurring charge but didn’t receive one. Promptly cancel subscriptions upon request and provide your customer with a confirmation of the cancellation. Make it clear on your sign-up page that your customers are agreeing to a recurring charge and include information about whether you plan to notify the customer before each recurring charge.
Product not received The customer did not receive the goods or services purchased. Promptly ship the products after collecting payment. Estimate shipping and delivery dates as accurately as you can and communicate clearly with your customer. If shipping delays arise unexpectedly, then let your customer know promptly.
Product unacceptable The product was received but was defective, damaged, or not as described. Make sure your product descriptions are clear and accurate. If you’re shipping physical goods, then make sure that you pack and ship your products in a way that protects them from being damaged in transit. Respond promptly and agree to customer requests for replacing defective or damaged products.
Credit not processed The customer informed you that the purchased product was returned or that the transaction with you was canceled, but you have not yet refunded or credited the customer. Have a clear return policy, and make it easy to find. Honor your return/refund policy by issuing refunds promptly.
General This type of chargeback, unlike the majority of chargebacks, doesn’t fall under one of the specific categories described. he suggestions given for the other chargeback reasons are still likely to be helpful.

Want to discuss this page?

Visit the Shopify Community

Ready to start selling online with Shopify?

Try it free