Overview
Preventing fraud is a crucial aspect of running an online store. This article provides valuable information and steps to help you prevent fraud by integrating with Signifyd, enabling additional security measures, and exploring alternative options. By implementing these measures, you can protect your store against fraudulent activities and chargebacks.
Integration with Signifyd
One of the most effective ways to prevent fraud is by integrating with Signifyd, a third-party service that offers protection against fraud and chargebacks. Follow the steps in this article to set up an account and enable the integration on your store
Steps to Prevent Fraud
In addition to the integration with Signifyd, there are several steps you can take within your store's admin to help prevent fraud:
- Enable reCaptcha: Ensure that reCaptcha is already set up in your store to provide an extra level of protection. More information can be found here
- Block IP addresses: If you notice multiple automated carding attempts, consider blocking the IP addresses they originate from. By blocking the entire IP block using CIDR notation, you can effectively block hundreds of IP addresses at once. Use with caution. Remember to delete active sessions to prevent further test orders. More information can be found in this article: IP Black/White listing and Priority
- Require login for checkout: By requiring customers to create an account and log in before beginning the checkout process, you can deter fraudulent attempts. Each attempt would require creating a new account with a password, using different email addresses. You can also implement a reCaptcha on customer registration to ensure that only legitimate customers can create accounts.
- Set up rule engine rules: You can use rule engine rules to block traffic when certain conditions are met. See more in our article here https://support.americommerce.com/hc/en-us/articles/201903720-How-Do-I-Reduce-Traffic-Bandwidth-Usage-Using-Rules- Depending on the method of the bad actor, and the behavior of their visitor sessions, If the conditions are met, set the customer type to one that is not allowed to log in, preventing future orders from that email address. Keep in mind that legitimate customers purchasing the specific item might be affected by this rule.
Alternative Measures
In addition to the steps mentioned above, here are a few alternative measures you can consider:
- Manual Payment Processing: When this is enabled, no payment will be authorized or captured at the time of checkout, but the credit card information will be securely stored so that a user can manually process the charge from the Order Edit screen. NOTE: This setting will not work with gateways that require CVV! We do not save CVV due to security concerns. See more in Credit Card Processing and What are CVV Codes and Why are they Not Stored
- JS Challenge: At your request, we can implement a JavaScript challenge on the checkout page, requiring all traffic to pass the challenge before proceeding.
With a JS challenge, Cloudflare presents a challenge page that requires no interaction from a visitor, but rather JavaScript processing by their browser.
The visitor will have to wait until their browser finishes processing the JavaScript, which should be less than five seconds. Please reach out to support if you'd like this enabled for your site.