When running an online business on Shopify, fraud is unfortunately a real risk. Fraudsters steal credit cards and use them to place orders. This hits your business hard when the real cardholders dispute those charges, triggering chargebacks that refund their money after you've already shipped the goods. I've seen it affect many of my clients, so acting fast is key to avoiding those losses. Fortunately, Shopify does a fraud analysis and informs admins of potential fraud activity, but actions are left with store owners. In this article, I'll cover what you can do to help prevent these issues.
How Shopify’s fraud analysis works
Shopify analyzes every order and assigns it a risk level: low, medium, or high. On the Orders page, medium or high-risk orders show a warning icon for easy identification. When you open any order details page, you’ll find the Order risk section with full analysis details.
Shopify determines the final risk level using several key indicators from the customer's details, such as:
- Whether the shipping address matches the customer's IP location
- Whether a web proxy or VPN was used
- Whether the credit card passes AVS checks (matching billing address, ZIP/postcode)
- Whether there were multiple payment attempts
- Whether the order characteristics resemble past fraudulent patterns
Cancel suspicious orders with Shopify Flow
The most reliable way to protect your business from shipping to fraudsters is to cancel those high-risk orders right away. Fortunately, Shopify Flow lets you tap into Shopify's order risk analysis to automatically cancel them based on that data.
How to set up the Flow
First of all you need to make sure you have Shopify's Flow app installed.
You can set up this Flow in three ways: manually (if you're familiar with Flow), using Shopify's AI Sidekick (try the prompt: "Automatically cancel paid orders with high risk assessment level, refund customer, send notification email to customer"), or the easiest option - install Shopify's native Fraud Control app. It has a low reviews score since it's super basic, but it offers the one-click Flow template installation you need.
- Install the Fraud Control app from the Shopify App Store
- From your Shopify admin, go to Apps > Fraud Control
- Select the "Cancel and restock high risk orders" template, and click Install template
- In the new page that opens, click Install in the top right corner.
- To notify customers of their cancelled order, edit the Cancel order action, check Send notification to customer, and customize the email template via Settings > Notifications > Order cancelled in your Shopify admin
- Scroll down in the Flow to find the Send internal email action (marked with a blue "Review" label). Click it to add your email address - this notifies you when high-risk orders get automatically cancelled. Remove this step entirely if you don't want notifications.
- Finally, click Turn on workflow to activate it.
Prevent fraundsters from placing orders
We’ve implemented the solution above to help your business avoid losing money and unintentionally shipping products on high‑risk orders. However, if you also want to prevent suspicious customers/bots from accessing your store and placing orders in the first place, you need some additional fraud prevenation tools. Shopify does not currently provide native tools to block risky visitors at the storefront level, but there are many paid apps that extend this capability. You can explore them in the Fraud prevention category in Shopify’s App Store and choose an option that fits your needs and budget.
What to look for in a fraud app
- Build for Shopify badge - This badge indicates the app has been reviewed against Shopify’s performance, security, and UX standards, and uses the latest app patterns and integrations. It usually means better stability, lower performance impact, and a more future‑proof integration.
- VPN/proxy detection or blocking - Fraudsters frequently hide behind VPNs or proxies to disguise their location and make IP and shipping countries appear consistent. An app that can detect or block traffic using VPN/proxy services helps you spot or stop many high‑risk sessions before checkout.
- Blocking by country, geolocation, or IP address - The ability to block or challenge visits from specific countries, IP ranges, or geolocation patterns is useful if your store only serves certain markets or you see repeated fraud from particular regions or IPs
- Bot protection - Automated bots can scrape pricing, abuse discount codes, create fake accounts, or skew analytics even if they never place an order. Apps that offer bot protection help keep your storefront and data cleaner, reduce noise in your metrics, and lower the chance of scripted fraud attempts reaching checkout.