Fraud Prevention Shopify

Scale your Shopify business without worrying about fraud. What you need to know before you start.

Image for post

There are a lot of potentials and opportunities for companies to expand abroad. In 2016, The U.S generated 4.22 Billion dollars with a 15% annual growth while in the same year, Japan generated 100 billion dollars in retail e-commerce sales. Expanding your service overseas allows your brand to grow internationally. However, with internationalization comes a host of new problems. One of those lesser-known problems of every SME e-commerce business is dealing with fraudulent orders and chargebacks.

Chargebacks can be classified into two main categories, “friendly fraud” and “Fraud”.

A friendly fraud chargeback happens when a customer mistakenly sees a forgotten charge on their bill and thought that the purchase was made without their prior knowledge or consent. The customer then makes a call to their card issuer to reverse the charge. Another common scenario is when a customer deliberately commits fraud by calling their credit card company in an attempt to reverse the charge by deceit. The good news, the percentage of this type of fraud is relatively low. The bad news, it’s hard to detect and impossible to prevent.

In most other cases, friendly fraud can be resolved with a quick email or a phone call to the customer. Thanks to a traditionally honest cultural system in Japan, chargebacks are still relatively new and unknown to most business owners that would otherwise have experience only selling domestically.

Fraud is a malicious intent to cheat a company for their goods and services either by falsifying information or by using stolen payment information. I won’t go into great details on the many different attack methods used for the illicit activities, but it can range from having bought a list of stolen credit card credentials off the dark web to simply having access to a person’s log-in information to a payment account like PayPal or Amazon Pay. Luckily, the majority of these types of cases can be prevented if a merchant knows what to look out for and have the right tools.

Image for post
With the advent rise in borderless e-commerce, merchants will need additional knowledge and tools to help fight back fraudulent orders.

Data is your best friend when it comes to deciding if an order is a legitimate one. Shopify is one of the very few platforms that have great expandability when it comes to a basic fraud detection system with a growing range of apps for additional security.

Basic fraud detection starts from looking at the customer’s name, shipping/billing addresses, phone number, and IP address.

Starting with the customer name, does it look strange? Is it written in a non-comprehensible way? The most tale-tale signs of a fraudulent order come from having a matching first and last name. If this is the case, then it is most likely a script running to try and make a quick order to test the system’s weakness.

“Fun Fact: A name, which is typed in all caps has 10 times higher chance of being a fraudulent order.”

Shipping and billing address is a little more difficult to determine whether or not is a true address or not. One quick way to determine if an address is at least valid is to copy and paste the shipping address into Google search or Google Maps. Through Google Maps, you will be able to see using Street view to at least figure out if the address either resident or commercial. In some cases, fraudsters will just input a random address that will not point to any location at all.

Phone numbers are a little tricky, but believe it or not, the first few digits of a phone number can provide some valuable data to us to determine whether or not an order is fraudulent. All phone numbers are always associated with a country code. If the country code does not match that of the shipping address, then this could be a red flag. Some countries like Singapore separate phone number format for mobile and landline. While U.S numbers offer an “area code” that can pinpoint it down to a city level where the phone number is registered. Again, if the area code does not match that of the shipping address or if a phone number from Singapore starts with 3XXX-XXXX, with a 3 designating as a VOIP, number, then there is a cause for concern.

In Japan, all landline phone numbers are associated with an area code. Tokyo starts with a “3” while Nagoya has a “52” appended. Phone numbers that start with “050” are known to be IP based phone numbers while phone numbers ranging from 070 to 090 are associated with mobile numbers.

Image for post
IP-Tracker tool to find additional useful Data Points

“Looking at the IP Organization will tell you if the connection comes from a hosted server (VPN) or from an internet provider.”

Another vital data point to look at is the customer’s IP address. A favorite IP address tool comes from Simply copying and pasting the IP address into the IP-tracker tool will allow you to know the general details of the order. From the data that comes back, you get a wealth of information including where the general location the order was placed and what internet service provider they are using. Looking at the IP Organization will tell you if the connection comes from a hosted server or from an internet provider.

It’s important to note that determining an order based on one or multiple criteria can be extremely difficult at times. There might even be times where there will be false positives, or worse, all the data is accurate, yet you will still receive an email for a fraudulent transaction. For times when a transaction seems to be a legitimate one, yet the data somehow shows a different story, it is recommended to communicate with the customer directly. Still, if you feel you don’t want to turn away potential customers, most e-commerce sites will have a financial cushion to fall back on. This financial cushion allows you to take the loss and still be financially sound when a chargeback case appears. This cushion comes from the added cost to your products. It is recommended to add 0.5 percent of your cost of goods as a way to be self-insured. That way, when you do receive a chargeback later down the road, your company will not have to worry about going into the red.

“Unfortunately, there is no 100% full proof method to preventing a fraudulent order from happening.”

Experiencing your first chargeback can be a huge headache. It can cost you a lot of time, money, and stress. Unfortunately, there is no 100% full proof method to preventing a fraudulent order from happening. You can only minimize it by looking at all the data points available and make your best decision. Communication with your customer is always key and if you feel that there is truly something wrong, then it’s better to just cancel and refund the order. If your gut feeling tells you that this order is a fraud, then it’s better to decline the order rather than processing it.

Image for post

Author’s Note:

My team and I have been in the global e-commerce space for 5 years selling high-risk products. We have been working for the past two years on researching and developing Beacon app for Shopify that helps merchants manage and understand fraud data in an easy, comprehensible way. We are currently working on extending the app to enable and allow merchants to fine-tune automation rules combined with live machine learning. After two half years of private testing, Beacon was released in early April of 2018. We hope our app will help businesses scale without the fear of chargebacks and fraudulent orders.


*1 *2 Source: Japan Consumer Credit Association (JCA), “Credit Statistics of Japan (2015)” statistics-1276.php