How to Prevent Fraud and Fake Orders in WooCommerce

Do you want to prevent fraud and fake orders on your WooCommerce store?

Fraud and fake orders can cause serious losses for an online store. Luckily, there are effective tools to prevent spam and block fraudulent orders.

In this article, we’ll show you how to easily prevent fraud and fake orders in WooCommerce.

Why Do You Need to Prevent Fraud and Fake Orders in WooCommerce?

Fraudulent and fake orders can cause serious financial losses to a business. This is why you need to monitor your online store and prevent fraud and fake orders.

Last year, online stores lost more than $20 billion in revenue due to fraudulent payments, chargebacks, and fake orders.

For some eCommerce stores, the total fraudulent order costs were higher than 4% of total revenue.

A large number of fake orders are usually spam and can be easily prevented. Some orders are more malicious and are placed just to annoy or harass an online business.

To know what you’re up against, ecommerce fraud comes in many forms, such as:

• Payment fraud: Payment fraud occurs when scammers use stolen credit card details to make purchases. They may have obtained the credit card information through phishing or data breaches. The best WooCommerce payment gateways for WordPress are PCI compliant, keep all customer details secure, and prevent hackers from getting access to customer data in the future.
• Chargeback and refund fraud: Chargeback fraud occurs when customers buy from an online store only to later dispute the charge with their credit card provider. They’ll try to obtain a refund while still keeping their purchased item.
• Account takeover: Hackers may gain unauthorized access to customer accounts, allowing them to make purchases, steal personal information, or even change passwords. That’s why it’s important to force users to change passwords in WordPress, especially if you own a WooCommerce store or membership site.

That being said, let’s take a look at how to prevent fraud and fake orders in WooCommerce.

Here is a quick overview of all the tips we’ll cover in this guide.

1. Use a WooCommerce Fraud Prevention Plugin

The easiest way to prevent fraudulent and fake orders in WooCommerce is by using an anti-fraud plugin.

First, you need to install and activate the WooCommerce Anti-Fraud plugin. For more details, see our step-by-step guide on how to install a WordPress plugin.

Upon activation, you need to visit the WooCommerce » Settings page and switch to the Anti-Fraud tab.

From here, you can set a minimum and high-risk threshold score.

Below that, you can change the order status based on the risk score. For instance, you can set the score when an order will be automatically canceled and set a score to put an order on hold.

Don’t forget to click on the ‘Save Changes’ button to store your settings.

Next, you need to switch to the Rules tab. From here, you can configure the rules and assign them a risk score.

For instance, you can set a 5-point score for a customer who is placing their first order.

You can set scores for suspicious IP addresses, emails, unsafe countries, matching IP addresses to geographic locations, and more.

Carefully review the rules and their assigned scores and make changes if necessary. If you are unsure, then default settings would work for most eCommerce websites.

If you are using PayPal as a payment option on your store, then you can switch to the PayPal tab. From here, you can require users to verify their PayPal email addresses.

The plugin also allows you to connect with third-party fraud detection service Maxmind.

This paid service uses a global database to collect data about suspicious payment details, emails, IP addresses, and more.

You can then add this score to your plugin risk score and choose what to do when this score is higher.

Once you are satisfied with your settings, don’t forget to click on the ‘Save Changes’ button to store them.

Viewing Fraud Detection Activity

The plugin comes with an easier dashboard where you can see plugin activity in an easy-to-understand format.

Simply click on the Anti Fraud menu item in your WordPress admin sidebar. From here, you can see statistics about all your orders.

The anti-fraud plugin will help you catch most of the fake and fraudulent orders on your WooCommerce store.

However, if you need more strict measures, then continue reading for additional WooCommerce fraud prevention tips.

2. Use Stripe Radar and 3D Secure to Automatically Block Fraud

Stripe is the most popular online payment solution in the world. There is a WooCommerce Stripe gateway by FunnelKit that helps you properly connect WooCommerce with Stripe, so you can take advantage of SCA as well as the 3D Secure payments option by default.

This method would require you to use Stripe as your main payment gateway in WooCommerce. First, you’ll need to install and activate the Stripe for WooCommerce plugin by FunnelKit. Once that’s configured, it will guide you to set up Apple Pay, Google Pay, and other settings to help you protect against fraudulent transactions.

Aside from that, Stripe also offers a feature called Stripe Radar to help fight against fraudulent transactions. This is a powerful set of algorithms that reduces chargeback risks for your business.

Basically, Stripe uses machine learning to block orders. Their machine learning is trained on data across millions of companies worldwide that use Stripe.

We use Stripe Radar on our own eCommerce websites to help reduce fake and fraudulent orders.

Aside from their machine learning algorithm, you can also set custom rules with allow and block lists and more.

Unfortunately, not all WooCommerce gateways have these robust features. If you’re looking to switch to Stripe, then we recommend talking with the FunnelKit team, as they’re WooCommerce experts who can help.

3. Using the Cash on Delivery Payment Option Carefully

In many countries, ‘Cash on Delivery’ is a popular payment option. However, these stores find themselves more vulnerable to fake and fraudulent orders.

Users are able to place an order with a fake address, refuse to accept the order or cancel an order that has already been shipped.

Once you have shipped an order, you will pay out of pocket for shipping and return of that package.

We recommend not using the ‘Cash on Delivery’ option when possible, as that can lower the number of fake orders you may get.

Try to offer alternate payment options for users to pay before you can ship the order.

4. Sell in Specific Countries

WooCommerce allows you to easily restrict orders from specific countries. This helps you prevent fake orders from countries where you don’t sell or ship to.

Simply go to the WooCommerce » Settings page and select the countries you want to sell / ship to under the General tab.

You can also restrict certain WooCommerce products to specific countries in WooCommerce as well.

5. Require Users to Create an Account

Another useful trick to slow down and prevent fake orders is requiring users to create an account before they can checkout.

Simply go to the WooCommerce » Settings page and switch to the Account and Privacy tab. From here, you need to uncheck the box next to the ‘Allow customers to place orders without an account’ option.

Below that, you can check options that allow users to create an account during checkout or from the My Account page.

Asking users to create an account also allows you to easily block customers who placed fraudulent or fake orders.

6. Use a Web Application Firewall and Custom Rules

Many scammers use disposable email addresses, fake IP addresses, and dummy data to place spam or fake orders.

A WordPress firewall helps you block this before it even reaches your website.

We recommend using either Sucuri or Cloudflare; both are among the best WordPress firewall plugins on the market. They come with powerful security features, CDN servers, and a malware removal service.

In Cloudflare, you can also set up custom page rules to trigger CAPTCHA or even automatically block users with suspicious activity. We use Cloudflare Enterprise in our larger eCommerce stores, which comes with all bot anomaly detection and threat response.

If you’re running a large eCommerce store, then it’s worthwhile exploring Cloudflare Enterprise tools.

7. Require Customers to Verify Their Email Addresses

Another way to reduce fake orders and fraudulent activity is by requiring new customers to create an account and then require them to verify their email addresses.

Simply install and activate the Email Verification for WooCommerce plugin. For more details, see our step-by-step guide on how to install a WordPress plugin.

Upon activation, you need to visit the WooCommerce » Settings page and switch to the Email Verification tab.

From here, you can configure the plugin settings to your own requirements.

For instance, you can switch to the Email tab and delay the default WooCommerce new user email until the user verifies their account.

Don’t forget to click on the ‘Save Changes’ button to store your settings.

The plugin will now send a verification email to new WooCommerce customers to verify their email addresses.

It’s important to make sure that if you’re setting up email verification, your WooCommerce store actually has reliable email deliverability. Otherwise, this can block real customers from purchasing your products.

We recommend using WP Mail SMTP along with SendLayer to improve your WooCommerce email delivery rates. Over 3 million websites use the WP Mail SMTP plugin to fix WooCommerce not sending email issue.

There’s also a free version of WP Mail SMTP that you can use as well.

We hope this article helped you prevent fraud and fake orders in WooCommerce. You may also want to see our complete WordPress security guide to make your online store more secure or take a look at our expert pick of the best WooCommerce plugins to grow your store.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.