Fraudulent orders are a $20+ billion dollar problem for ecommerce businesses. According to recent surveys, up to 4% of all online orders turn out to be fake, costing companies heavily in chargebacks, shipping, and other expenses.
WooCommerce sites are highly vulnerable if owners don‘t take proactive measures to detect and block bogus purchases. In this comprehensive guide, we‘ll explore proven techniques to identify and prevent fake orders on your store.
Contents
By the Numbers: The Growing Threat of Fraud
Some key statistics that illustrate the scale of the online fraud problem:
- 4% – Average percent of orders estimated as fraudulent for online retailers
- $20 billion+ – Total annual losses attributed to ecommerce fraud
- 25% – Increase in fraud attempt rate during COVID pandemic
- 92% – Of companies surveyed reported an uptick in fraud attempts in past 2 years
For a mid-size ecommerce site generating $100,000 in monthly sales, 4% fraudulent orders would equal $4,000 in stolen revenue per month. That quickly eats into or eliminates profits.
Fraud rates also seem to be climbing higher each year. No online business can afford to ignore the problem – proactive prevention is a must.
Next we‘ll provide an overview of the top techniques and tools to minimize fake orders on your WooCommerce website.
An Overview of Key WooCommerce Fraud Prevention Strategies
There are seven primary methods to reduce fraudulent and bogus orders on your WooCommerce store:
- Install a specialist anti-fraud plugin – Uses rules and analysis to detect high risk orders
- Leverage Stripe Radar – Machine learning to spot fraudulent purchases if using Stripe
- Carefully manage cash on delivery – Major fraud risk if accepting cash on delivery
- Sell only to specific countries – Limit orders to countries you operate in
- Require user accounts – Adds friction vs guest checkout
- Use a firewall – Blocks threats before reaching your site
- Verify emails – Ensures real email addresses are used with accounts
Now let‘s explore each of these in detail, including tips for proper setup and configuration.
1. WooCommerce Anti-Fraud Plugins
The most powerful tool for identifying and stopping fake WooCommerce orders is a dedicated anti-fraud plugin. They work by analyzing orders for common signals associated with fraud, calculating an overall risk score.
Based on the score, the plugin can automatically:
- Flag orders for manual review
- Hold high-risk orders for verification
- Cancel likely fraudulent purchases
Benefits provided by anti-fraud plugins:
- Real-time order scanning – Instantly checking every purchase
- Custom risk scoring – Set rules to fine tune accuracy
- Fraud pattern detection – Spot signs of bots, stolen cards, etc
- Automated order actions – Cancel, hold, flag orders based on risk
- Ease of use – Simple to install and configure
Our recommendation is SkyVerge Fraud Prevention – it offers robust protection and in-depth stats while still being beginner friendly.
For more advanced machine learning capabilities, Sift Science is another top option, albeit less intuitive initially.
How WooCommerce Fraud Prevention Plugins Work
Fraud plugins assess orders by looking for signals commonly associated with fraudulent activity, including:
- Anonymous proxies
- Disposable email addresses
- Mismatched location and billing
- First-time customer
- Abnormal order size
- Suspicious origin country
- Multiple failed logins
- Invalid item quantities
- Story checkout speed
Each matching signal increases the order‘s risk score. If the total exceeds your set threshold, the plugin takes action.
For example, you could configure it to:
- Hold any order with a score over 20 for manual review
- Immediately cancel orders with a score over 60
- Flag orders over 15 for further verification
The plugin essentially automates and streamlines the fraud review process for you.
They monitor all orders in real-time, allowing you to catch more fake purchases early before they lead to chargebacks and other issues.
Leveraging Stripe Radar
If your WooCommerce store uses Stripe for payments, enabling Stripe Radar adds another layer of AI-powered protection.
Stripe Radar is trained on an enormous volume of global transaction data they process, giving it cutting-edge abilities to detect fraud.
It examines hundreds of signals with each order placed through Stripe, generating a risk score. Based on that assessment, Stripe may decline a charge to block fraud.
You also gain access to Radar‘s dashboard within Stripe to:
- View aggregate fraud stats
- Add custom rules and lists
- Adjust filters
- Analyze fraud signals
Integrating Radar with a WooCommerce fraud plugin like SkyVerge gives you sophisticated machine learning combined with configurable store-specific rules for maximum results.
Over 75% of high-risk transactions flagged by Radar are blocked while minimizing false positives. It‘s one of the top fraud prevention tools available to Stripe users.
Using Cash on Delivery Carefully
Allowing Cash on Delivery (COD) payments leaves merchants much more exposed to fraud.
Customers can place fake orders with bogus buyer info, then simply refuse delivery and face no consequences.
COD made up over 30% of overall orders for one retailer. After being hit by a spike in fraud, they discontinued COD and reduced fake purchases by 57%.
If your business relies on accepting COD, take precautions like:
- Requiring a small upfront deposit
- Running enhanced buyer verification
- Capping max order values
- Using fraud scoring plugins
Ideally you should restrict or eliminate COD to decrease fraud if your sales allow. But if you must offer it, put additional guards in place.
Sell Only to Specific Countries
Another easy win to reduce fruitless fraud attempts is to limit orders to countries you actually do business in.
Scammers will try placing fake orders with random stolen cards from all over the world. If you only operate in the US, UK, Canada, and EU for example, restrict orders to just those regions.
In WooCommerce, navigate to Settings > General to select the specific countries you want to sell to:
This cuts down on bogus purchases from other nations where you don‘t even operate.
Verifying actual buyer locations does still matter though, as VPNs can be used to bypass country restrictions.
Require User Accounts at Checkout
Requiring customers to create an account before purchasing is proven to reduce fraud. It adds friction versus allowing guest checkout.
To enforce user accounts at checkout:
- Go to WooCommerce > Settings > Accounts & Privacy
- Uncheck the box for Allow customers to place orders without an account
Now buyers have to signup first instead of checking out directly as a guest.
This extra step stops some fraud attempts from those looking for the quickest route.
It also gives you their account information to block any bad actors who do register and place fake orders.
Use a Web Application Firewall
Hackers frequently target WooCommerce sites with things like credential stuffing attacks and web exploits. Using a firewall blocks many of these automated threats.
We strongly recommend Cloudflare, which includes a world-class WAF in addition to performance benefits.
Cloudflare sits in front of your site filtering all traffic. You can customize rules to:
- Require CAPTCHA after failed logins
- Block traffic from risky IP ranges
- Limit countries prone to attacks
- Deny access from known malicious IPs
For large stores, Cloudflare also offers anomaly detection and threat intelligence add-ons for the firewall.
Sucuri is another robust WAF option. Just make sure to have an external firewall in place as a first line of defense.
Verify Email Addresses
It‘s common for fraudsters to use fake temporary email addresses when registering accounts used for bogus orders.
To counter this, require email verification during signup before allowing purchases. This confirms buyers actually control the address.
Simply installing the Email Verification for WooCommerce plugin enables this protection.
Once activated, navigate to the plugin settings and check the box to make email confirmation mandatory.
Customers must then click the verification link in the confirmation email sent after registration. Only then can they access checkout.
For maximum results, also delay your WooCommerce Welcome Email until after validation is complete.
Bonus Fraud Prevention Tips
Some supplementary tips beyond the major tactics above:
- Use Google reCAPTCHA on checkout pages to deter bots
- Manually review orders daily for any red flags
- Enable popup chat support to verify suspicious orders
- Consider requiring phone verification for high risk transactions
- Set max purchase sizes to prevent large bogus charges
- Check server logs regularly for signs of attacks
- Limit payment methods to safer options like PayPal or Stripe
Stay Vigilant Against Constantly Evolving Fraud
Like cybersecurity threats, fraud tactics are always progressing and adapting. Businesses must continually educate themselves and implement new solutions to stay a step ahead.
No one fraud prevention tool or tactic can stop 100% of fake orders. That‘s why we recommend layered solutions like combining plugins with Stripe Radar, firewall protection, email validation, and more.
The strategies outlined in this guide will significantly protect your WooCommerce store and save you time, money, and headaches. But don‘t rest on your laurels – make fraud prevention an ongoing priority.
