A transaction that is not authorized by a customer is referred to as fraudulent. A fradulent transaction can result in a chargeback, which can cause you to lose money. Shopify's built-in Risk Analysis brings suspicious orders to your attention so you can investigate further.
Investigate a suspicious order
You can investigate suspicious orders using the following steps:
- Verify the IP address
- Call the phone number on the order
- Use a search engine to look up the email address
- Verify that the billing and shipping addresses match
- Check if multiple orders use different billing addresses for the same shipping address
- Pay special attention to high value orders
- Install fraud prevention apps
Verify the IP address
The IP address from which an order was placed is a good indicator of potential fraud. There are a few things to consider when investigating an IP address:
- Is the customer's IP address located in a different general area from where they claim to be?
- Is the IP address that of a web hosting company?
- Is the IP address a proxy service IP address?
If you've answered yes to any of the question above, then you should probably contact the customer to verify the authenticity of the order.
There are free tools available that you can use to quickly look up the geographical location, ISP, and other information about a specific IP address:
You will find the IP address associated with the order in:
the risk analysis report if you have enhanced risk analysis:
the risk level summary for basic risk analysis:
Call the phone number on the order
Using this step along with any of the other steps is a good idea. You can also use a service such as 411.com to make sure the phone number is located in the same area code as the billing address. Fraudulent customers often use non-valid phone numbers. If someone answers the phone, then ask them some simple questions about their order and see how they respond. Do they know the addresses, phone number, email, and name they used? Are they struggling to give you simple pieces of information?
Use a search engine to look up the email address
Has this email address been used in documented fraud attempts? Can you find information tying the email address to the customer name (forum posts, Facebook, Twitter)?
Verify that the billing and shipping addresses match
A fraudster is likely going to provide a shipping address that does not match the billing address. You can use Google Maps to map out addresses and visualize the distance between them. If the distance between two addresses is significant (different continents, for example), then it is possible that the order is fraudulent. However, keep in mind that legitimate shoppers sending a gift or buying on behalf of someone else might have different addresses.
Check if multiple orders use different billing addresses for the same shipping address
Are there multiple orders with different billing addresses located in different states, with different names, but sharing the same shipping destination? This is usually a sign of fraudulent orders. Proceed carefully, and contact the customers using the information provided at checkout.
Pay special attention to high value orders
If you receive an order which is substantially higher than normal, then you should verify the customer's identity.
Install fraud prevention apps
You can also install a fraud-related application for advanced risk mitigation functionality. There are many available in the app store that serve unique purposes.
To block users who try to make repeat fraudulent orders, you can use Shopify's Fraud Filter app.