Fraudulent Shopify orders almost always leave fingerprints. No single one proves fraud — honest customers trip these too — but when several stack up on the same order, the risk climbs fast. Here are the twelve signals worth watching, and what each one actually tells you.
The twelve signals
- Mismatched billing and shipping countries. One of the strongest indicators — a card billed in one country shipping to another deserves a closer look.
- Free email provider. Gmail or Outlook alone means nothing, but disposable free email is the fraudster's default because it's anonymous and infinite.
- High-value first order. A brand-new customer spending big on their first purchase has no history to reassure you.
- Velocity — same IP. More than three orders from one IP address within an hour is a classic card-testing pattern.
- Velocity — same address, different customers. One shipping address used by several different emails in a day points to a reshipping ring.
- Forwarding or reshipping address. Freight forwarders are a common route for moving fraudulently purchased goods abroad.
- Brand-new customer account. An account created minutes before the order gives a fraudster a fresh, clean identity.
- No phone number. Missing contact details make it harder to reach a real customer and easier to stay anonymous.
- Rush shipping on a high-value order. Fraudsters want the goods before the card is reported — expedited shipping on an expensive order is a tell.
- International shipping. Not risky by itself, but it raises the stakes when it stacks with other signals.
- Blocked domain. An email domain that has burned you before should flag instantly on the next attempt.
- Shopify's own fraud flag. When Shopify's built-in analysis raises a concern, it belongs in the overall picture too.
How to use them
Reading these one by one on every order isn't realistic, and reacting to any single flag leads to cancelling good sales. The right move is to weigh them together into one risk level, review only the orders that score high, and verify the borderline ones before you ship.
Let scoring do the weighing
FraudFlag checks all twelve of these signals — plus your own blocked domains — on every Shopify order automatically, combines them into a 0–100 score, and surfaces the three that matter most with a clear recommendation. Instead of memorising red flags, you get an answer.
Frequently asked questions
Does one fraud signal mean an order is fraudulent?
No. Any single signal has innocent explanations — plenty of honest customers use Gmail or ship gifts abroad. Fraud shows up as a stack of signals together, which is why scoring weighs them into one risk level instead of reacting to any one flag.
What is a velocity check?
A velocity check looks at how fast orders arrive that share something — the same IP address or the same shipping address — in a short window. Bursts like more than three orders from one IP in an hour are a strong sign of card-testing or an organised fraud ring.