If you've ever gotten that fraud notification in Shopify it can be hard to know what your best next steps are. In today's episode I'll share what usually sets this fraud flag off, how I research whether or not it's a legit order, how you can protect yourself from chargebacks and a tool that can take on the risk for you.
Prefer to listen to this episode? Click here
Raise your hand, well unless you’re driving or doing something else that requires both hands… but raise your hand if you’ve ever had that little red flag pop up in Shopify that says we think this order is fraud…
What do you do? Do you just refund the purchase and not even bother with it, or do you risk the chargeback and ship it out?
And if you’ve ever had a chargeback filed against you, you know what a pain in the ass it is to answer that chargeback and get all the documentation together and there’s still no guarantee you’ll win. It feels like it takes forever for them to get back to you and you sit there and just wait to find out if you’re gonna get your money back.
There is no one-size-fits all solution to this, but I'll walk you through how we used to deal with them at our last job and then give you a company that can take on some of this risk for you.
Also, it’s possible that you’ve never dealt with this before, or that you won’t. We actually had a good amount of fraud issues at my previous company but that honestly just came with the territory of our industry and our size.
Now the first thing to know, is that when Shopify does give that fraud warning, it’s usually because the location of the IP address is not near the shipping address. But that doesn’t automatically mean it’s fraud.
For instance, a few specific instances we encountered was a celebrity that made a very large purchase, over $1000. And her billing and shipping address didn’t match up. In this particular case, it was because the billing address of their credit card was that of their business manager’s office, which is very common.
We would also see this sometimes with those who lived out of the US but used a US mail forwarding address so they could buy from eCommerce companies that don’t ship to other countries.
On the flip side, what did usually end up being fraud were people who shipped to UPS mailboxes, kind of like a post office box, but through UPS. But hey, when I had my subscription box, I used a UPS mailbox so that there was always someone to accept my deliveries. And I ended up using it for all my personal stuff too since I was paying for the service anyway. So.. not automatically fraud, just more likely.
Now for us, we took the time to do the research because we knew some of our customers used VPNs which would explain why the IP address seemed far away, or these other instances that we came across as just mentioned.
One of the first things I would always look at, is the feed of payment attempts which you can see at the bottom of the order screen. If I see a lot of failed addresses or security code failures, then it’s pretty safe to say that it’s fraud. Of course, that’s not always true… I’ve entered that stuff wrong before – but if you see multiple attempts… it might be worth a little more digging.
Now before I get into how we handled it… I am not a lawyer and have no idea about the legality of any of this, especially as it relates to different states or countries, so please do your own due diligence.
We would reach out to the customer and ask them to verify their identity by sending us a picture of their ID. Now, this certainly wasn’t foolproof, if someone stole an entire wallet they would have the ID too. And unlike I’ve had Instagram and Facebook do to me, we didn’t ask them to take a picture of themselves holding the ID.
And when we reached out to people, things went one of three ways. Either they sent us the requested information without hesitation, they asked us to cancel the order, or they ignored us completely.
We were pretty confident that the last two responses meant it probably was fraud and we saved ourselves the headache!
It’s hard to remember exactly how many of these so-called confirmed transactions turned out to still bring us chargebacks, but I do remember winning a lot of them. Sometimes people just file chargebacks because they don’t want to pay for shit. Sometimes, because we valued people’s privacy our company name wasn’t spelled out on their statements so maybe they didn’t even realize the purchase was from us. Who knows. But, like I said in most cases we actually won our chargebacks which is pretty hard to do.
Now, there are some other things you can do to protect yourself like require a signature at delivery. We did this automatically with purchases over a certain dollar amount. Though it does cost extra. In a lot of cases, the chargeback isn’t necessarily asking you to prove that the person was who they say they were, but that you actually delivered the product in question. So if you have received chargebacks. but didn’t bother answering because you thought you wouldn’t win it, I say it’s definitely worth a shot.
Earlier in your business, you may only come across this periodically and it’s not a huge deal. But as you grow, it’s likely you’ll have increased fraud issues. In that case, it might be worth it to invest in a tool like Riskified. Essentially, it’s an app that will review the order in question and make a judgment call. If they verify it as being a legitimate order and not fraud… they take on the liability of a potential chargeback. It’s kinda like fraud insurance.
I haven’t used it, so I can’t speak to the experience of working with them, but when we were researching our options back in the day like were definitely the go-to. I’ll stick a link in the show notes if you need to check them out. I would say though, you really only need to worry about this if you are high volume and the potential fraud and chargebacks are sucking up a lot of time or if it’s heavily hitting your bottom line.