eCommerce Lifestyle

How To Prevent Fraud On Shopify


Anton shares 2 common types of fraud on Shopify, and how to avoid them.

The podcast is also available on all major podcast players including, Stitcher and Spotify.

Links From This Episode:


Hello everybody. Anton Kraly here and welcome back to The eCommerce Lifestyle podcast. If you're new, just know the show comes out twice a week. I publish a brand new episode every single Monday and Thursday morning, and they are all designed to help eCommerce store owners to increase their revenue, automate their operations and become the authority in their niche.

So typically on the show, what we talk about is making money today. We're going to be talking about how to keep that money. Specifically, what I want to share with you is how to prevent fraud on Shopify. Now, the reason this is coming up today is because in the Facebook group that we have for members of Dropship Lifestyle, I've recently been seeing different posts come up from different members, sharing screenshots of emails they've been receiving on their stores. That to me are clearly attempts at fraudulent orders.

And I just want to put this out there as a message to all Dropship Lifestyle members, but also anybody that listens to this, of how to easily identify those. But before we do that, I want to share the first, most common type of fraud on Shopify that everybody should be paying attention to, because the worst thing that can happen is orders come in, you go ahead and pay your suppliers for the product, you pay for shipping. And then time goes by, you find out that that order was fraudulent. You get a charge back, not only does it hurt your merchant account, but the money gets deducted from your bank accounts. You already paid for products. You already paid for shipping. And now you're just sitting there like "What just happened?" So obviously something we want to avoid.

So the most common type of fraudulent orders on Shopify occur when somebody is using a stolen credit card. So basically they just go to your store like anybody else would, they add items to their cart, they get to checkout. They enter usually their shipping address, sometimes just a random address that they'll know to pick the product up from when it gets delivered. And sometimes people will just use other business addresses. Sometimes they'll use a house in their neighborhood. There's just really shady people out there. But basically they're using a stolen credit card that they either actually physically stole from somebody or found somewhere. But most of the time they're using a credit card they bought somewhere online.

And just to explain what I mean there, there's this whole dark web where things are sold that shouldn't be sold. And one of those things are lists of stolen credit card numbers. So a lot of the people that do this will buy a list of sometimes dozens, sometimes hundreds, sometimes thousands of stolen credit card numbers. And they'll just run through a ton of online stores, placing tons of orders and seeing what actually goes through and what doesn't.

Now, when these orders come through, again if you accept them, then the person whose credit card was stolen might have no idea until again, they see their credit card statement. Which could be in a couple of weeks. It could be in a few months and that's when the chargeback would come through. And by that time, again it's too late. The product's already been delivered, it's out there and you're just at a loss.

So the easiest way to prevent this is to pay attention in the backend of Shopify, to what is known as the fraud analysis. So if you use Shopify payments, which as you know if you follow anything I put out there, you should. But what you'll see in the order information for every order is this fraud analysis section. And it will rank and identify orders as either low, medium or high risk. And you could see what would give an order the ranking, I guess you would call it, of low, medium or high. But it's things like has this credit card or the IP address been used for fraud in the past? Does the billing address match the address from the credit card? Was the secure code from the credit card entered correctly? And a whole bunch of other tests, but basically easy to identify things that would be likely to mean that the order was fraudulent.

So when orders come in through at a medium risk, you can decide what you want to do with those. From my experience, they're more often than not, not fraud. So you should verify them though, just to confirm that the order is legit. Some ways you can do this are really just by calling of the phone number that the person left when placing the order. Just trying to get in contact with that person and see if, first of all it's a real number or not, see if the person answers, see if they can confirm their order. And really whatever the reason is that Shopify gives you for the order being flagged as medium, just try to verify whatever that information is to make sure there's no problems.

Now, the real issue becomes when orders are marked as high risk. Because when orders are marked as high risk, more often than not, they actually are fraud. Again, I would recommend looking at the order information. Looking at why Shopify is flagging it as high risk. And then again, trying to verify if it's real or not. So same things I just mentioned, something else we'll do here is look at the website It's And this website allows you to basically type in any physical address you want to, and it'll give you the list of names of people that reside there.

So it's a good way to see if the name on the billing matches with the actual address. And if the person that ordered it can send you either a photo of their ID or some type of statement with their name and address on it, then maybe that'll make you feel secure enough to actually ship the order. But if you can't verify a high risk order in those ways, my advice is just cancel it. Don't take the money because you're going to lose money in the long run.

Okay so those are some of the quick things we do to prevent stolen credit cards. Now, if you want to take it a step further and feel more confident processing every order, then you can actually get insurance on fraudulent orders. Shopify has this built into Shopify payments. If you want to pay a little bit extra where they will actually guarantee orders if they approve them, if they say they're not fraudulent. If they end up being fraudulent orders, you get reimbursed from Shopify. Many people use a service from, And same thing, they integrate with Shopify and offer this fraud insurance where you'll pay an extra percentage or so of your order processing fees. It goes to them and if an order does end up being fraud, that they originally verify, they would reimburse you for those funds. Now, whether or not you want to use one of those services is entirely up to you. My advice is make that decision, but if orders come in as high risk anyway, make sure you still are verifying them.

So that was the first type of fraud, the main one, the one that I think many people are familiar with, but might not know how to handle. So that's what it is. That's how I handle it. Now, what I want to do is talk about the type of fraud that I've been seeing people post about in our Dropship Lifestyle members Facebook group a lot. And this comes through in the form of email. So I'll refer to this as email fraud. And typically what happens here is, you'll receive an email at your store's email address, or you might receive a contact form submission on your store. And typically what they look like, they usually follow the same pattern. They'll say something like, "Hi, sir / Madame. I am interested in purchasing 10 products or 20 products or a hundred products, or I'm interested in purchasing product XYZ." Which just so happens to be the most expensive product on your store. And then they'll say something like, "I just want to inquire about the price of this product and payment methods accepted. Please respond at your convenience."

So typically they're in broken English and typically these fraudulent emails are asking questions that are obvious. Like I just mentioned, if they're asking what the price is, they should know that because the price is on your store. If they're asking how you accept payments, they should know that because you show your accepted payment methods on your store. So typically red flags right away. With that being said, it's not uncommon to receive emails from people that want to place orders. So don't just discount every email that comes through from somebody asking for information. But that specific format of an email is, in my opinion, 99.9% of time going to be fraud.

Now, what is the fraud here? Because they're just asking a question, so how are you losing money? Well, what will happen if you respond to that email and say, "Oh, you want to buy a thousand units of product 123, the price would be whatever it is. And we accept payments with..." Whatever payment methods you accept. Their response to that would say something like, "Thank you. We would like to purchase these products and we would like to pay you either via a check or a bank wire. And we would like to ship these products with our own shipping carrier because they are going to my son or daughter or whoever, my wife in medical school, on the other side of the world." I've seen that one before to our stores. But basically they're just saying they want to pay with wire or a check and they want to use their own shipping carrier.

Now, how is this fraud still at this point? Well, what will happen from there if you say, "Okay." Is they might send you a check where they actually don't have sufficient funds. So maybe you get the check, you deposit it, it's showing us pending. You ship the product or you ship it with their carrier. You pay for the product then the check bounces. You never hear from them again. More common than that, what they're looking to do is have you say you'll accept a bank wire and then they can either wire you funds from an account that's not theirs. Or they can wire you funds from an account they have access to. And what they'll do is wire you more than they were supposed to wire you.

So let's just say their order total came to $10,000 and you gave them your bank account routing number and checking account number. They might email you and say, "Okay, sir / Madame, I just wired you $20,000. I'm so sorry about that. We meant to do $10,000, but the bank accidentally sent $20,000. If you check your accounts, you'll see it's in there. Please send $10,000 back as soon as possible." Now what you'll see in this situation, again don't get to this part of the scam, please. But if you get there, what you would see in your bank account is an incoming wire, for in this case, $20,000. The thing is it wouldn't have been cleared yet it'll be pending. And what some people will do is see that and think, "Oh wow, I can't believe it. This person sent me $10,000, too much money. I'm going to send them $10,000 back right away." Send them $10,000 and then you find out the next day, two days later, the incoming wire failed because the person had insufficient funds.

So now you don't have their $20,000, you're out $10,000 and you're stuck. So another very common type of... I shouldn't say it's a common type of fraud, because it's more of a common type of attempted fraud because every Shopify store and really every online store will receive these emails. And I would hope that a lot of people don't fall for it. But there obviously are some people falling for it because it's still happening and it's been happening for a decade now. So those are the two most common types of fraud on Shopify that I see and how to avoid them.

Definitely make sure you are not falling for these things because it's great to see sales coming in, but it's terrible to feel like you did work and trusted somebody only to lose money in the long run. So keep an eye on them. They're both easily avoidable as long as you know about them. And now you know about them.

So as always guys, I hope you got value from this episode. If you did, and you listen on Apple podcasts, I would really appreciate it if you can leave a review. And as always, if you are not yet subscribed to the podcast, be sure to do so, so you can get notified every time a new episode comes out, every single Monday and Thursday morning.

Also for everybody listening that is brand new, that wants to know how we build highly profitable semi-automated stores, be sure to check out dropship, D-R-O-P-S-H-I-P where I have a free training showing you how we build highly profitable semi-automated stores that can be managed in between 15 and 30 minutes a day. I'll link that up in the podcast description. So thank you everybody, I appreciate you. And I'll talk to you in the next episode of The eCommerce Lifestyle podcast. See you everybody.