Shopify includes a fraud analysis on every order, so it's fair to ask whether you need anything else. The short answer: Shopify's tool is a useful starting point, but it's built to flag only the most obvious cases. Here's an honest look at what each one does.
What Shopify's built-in fraud analysis does
On the order page, Shopify shows a fraud recommendation — usually "low" or "high" risk — based on signals like whether the CVV and address checks passed and whether the card has been used for past disputes. It's free, it's built in, and it's a reasonable first filter.
Its limits are equally real:
- It focuses on the highest-risk orders and stays quiet on the medium-risk middle — where most avoidable losses actually happen.
- It doesn't explain its reasoning in terms you can act on, so borderline calls come down to a guess.
- It doesn't catch velocity patterns — many orders from one IP, or one address used by several customers — that signal card-testing and fraud rings.
- It doesn't give you a way to verify a customer or block a domain.
Where FraudFlag is different
FraudFlag is purpose-built to cover that gap. Instead of a single high/low label, it scores every order and tells you what to do:
- Every order scored and explained. A 0–100 risk score, three plain-English reasons, and one clear recommendation — including the medium-risk orders Shopify glosses over.
- Velocity detection. Flags more than three orders from one IP in an hour, or one shipping address used by several different emails in a day.
- Your rules. Set your own risk threshold and block entire email domains, not just single addresses.
- Customer verification. Email a one-click confirmation link on high-risk orders; confirmed orders are approved automatically.
- Chargeback evidence. Download a print-ready document of the risk assessment to contest disputes.
- Automation. Fire a Shopify Flow trigger on every scored order so your own workflows can tag, hold, or route it.
The honest bottom line
If you get a handful of orders a month and never see disputes, Shopify's built-in recommendation is probably fine. The moment fraud starts costing you money, or you find yourself manually second-guessing orders, a tool that scores and explains every order — and lets you act on it — saves both losses and time. FraudFlag reads Shopify's own signal too, so you're adding coverage, not replacing it.
Frequently asked questions
Does FraudFlag replace Shopify's fraud analysis?
It complements it. FraudFlag reads Shopify's own fraud signal and factors it into a fuller score, then adds the explanation, the medium-risk coverage, velocity checks, and the actions (verification, evidence, domain blocking) Shopify doesn't provide.
Do I need a paid fraud app if I'm a small store?
If you get very few orders and rarely see disputes, Shopify's built-in recommendation may be enough. Once fraud or chargebacks start costing you real money — or you're spending time manually reviewing orders — a dedicated tool pays for itself quickly.