How to Set Up Automatic Fraud Blocking on Your Shopify Store

When you had 10 orders a day, you could check each one by hand. But your store is growing, and now there are 50, 80, maybe 100 orders coming in daily. You cannot personally review every single one — and the moment you stop checking, a fraudulent order slips through and costs you $200 in chargebacks. This guide shows you how to set up automatic fraud blocking so your store stays protected around the clock, without you having to stare at a screen all weekend.

You Can't Manually Review Every Order Forever

When your store was doing 10 orders a day, checking each one took maybe 20 minutes. You could glance at the shipping address, make sure the email looked real, and move on. It felt manageable.

Then your store grew. Now you are doing 50, 80, or 100 orders a day. Suddenly that 20-minute routine is a three-hour job. And it is not just the time — it is the inconsistency. At 9 AM on a Monday, you are sharp. You catch the order shipping to a freight forwarder with a Gmail address created yesterday. But at 11 PM on a Friday? After a long week? You approve it without thinking.

Here is what happens next: you take a weekend off. You do not check orders for two days. On Monday morning, you wake up to three chargebacks totaling $847.

  • Manual review does not scale. If your store is growing, your fraud review process needs to grow with it.
  • Inconsistency is the real killer. The orders that slip through are almost always the ones you reviewed when you were tired, distracted, or in a rush.
  • You deserve a weekend. Your fraud protection should not depend on you personally being awake and alert 24/7.
The store owners who get hurt the most are not the ones who ignore fraud — they are the ones who try to handle it manually and eventually miss something at the worst possible moment.

Block vs. Redirect: Which Should You Use?

Before you set up your automation, you need to understand the two main actions Browsify can take when it detects a suspicious visitor: blocking and redirecting.

Blocking means the visitor sees an "access denied" page. They cannot browse your store, add items to cart, or check out. The door is shut. Use it when:

  • You have confirmed someone is a fraudster (they chargebacked a previous order)
  • The visitor's risk score is extremely high — say, 95 out of 100
  • The visitor has been flagged by your block list based on their Visitor ID

Redirecting means the visitor gets sent to a different URL — maybe a verification page or a "contact us to complete your order" page. Use it when:

  • The visitor is borderline — suspicious but not definitely fraudulent
  • You want to give real customers a way to prove themselves
  • You are testing new rules and want to see who gets caught before fully blocking them

Think of it this way: blocking is a locked door, redirecting is a detour. Use the locked door for known bad actors. Use the detour for "maybe" cases.

Setting Up Auto-Block for High-Risk Visitors

This is about stopping bad visitors before they even get to your checkout:

  1. Go to your Browsify dashboard and open the "Auto-Block" settings page.
  2. Turn on "Auto-Block Visitors." This tells Browsify to automatically take action on visitors whose risk score exceeds your threshold.
  3. Set your risk threshold. The default is 80 out of 100 — a good starting point. A visitor scoring 80+ has multiple fraud signals like using a known fraud VPN, matching a device fingerprint linked to chargebacks, or showing bot-like behavior.
  4. Choose your action: Block or Redirect. For your first setup, we recommend Block. You can switch to Redirect later if you want to give borderline visitors a second chance.
  5. Save and you are done. Every visitor to your store is now scored in real time. Anyone above your threshold is automatically blocked before they can add a single item to their cart.

What this looks like in practice: a fraudster who chargebacked your store last month comes back with a new email, a new IP (VPN), and a fresh browser session. They land on your homepage and — because Browsify recognizes their device fingerprint — they immediately see an "access denied" page. They never reach your products. You never see their order. You never have to deal with them at all.

Setting Up Auto-Block for Fraud Orders

Visitor blocking catches the obvious cases, but some fraudsters slip past the visitor-level check. Maybe their risk score is 72 — below your visitor threshold — but the order itself has red flags. That is where order-level auto-blocking comes in.

Instead of evaluating the person browsing, it evaluates the order after it is placed. Browsify looks at signals like:

  • Mismatched billing and shipping addresses — the card says Chicago, the package goes to Miami
  • High-value first order — someone who has never bought from you before places a $600 order
  • Multiple failed payment attempts — they tried three different cards before one worked
  • Known fraud indicators — disposable email, VoIP phone number, recently created account

How to set it up:

  1. In your Browsify dashboard, go to "Order Protection" settings.
  2. Turn on "Auto-Cancel High-Risk Orders."
  3. Set your order risk threshold. We recommend starting at 85 — slightly higher than your visitor threshold because cancelling a placed order is more disruptive than blocking a browsing session.
  4. Choose what happens: "Cancel and refund" immediately reverses the charge. "Hold for review" pauses fulfillment and sends you an alert.

The key benefit: even if a fraudulent order makes it through checkout, it gets caught before you ship anything. No product leaves your warehouse. No chargeback happens.

Fine-Tuning Your Rules Without Blocking Real Customers

The biggest fear about automatic blocking: "What if I block a real customer?" Here is how to make sure that does not happen.

Start high, then lower gradually. Set your visitor threshold to 90+ for the first week. At this level, you are only catching visitors with extremely strong fraud signals. The chance of a real customer scoring 90 is nearly zero.

Monitor your block logs daily for the first week. Browsify shows you exactly who was blocked and why. After a week of seeing only obvious fraud, lower your threshold to 85. After another week, try 80.

Use the whitelist for mistakes. If a real customer contacts you saying they cannot access your store:

  • Look up their Visitor ID in your Browsify dashboard
  • Check why they were blocked (what signals triggered it)
  • If they are legitimate, add their Visitor ID to your whitelist — they will never be blocked again
  • You can also whitelist specific IP addresses for business customers or partners

The goal is not zero manual review. The goal is to automate the obvious decisions — clear fraud you would always block, and clear legitimate orders you would always approve. That eliminates 90% of your manual work. The remaining 10% — borderline cases — still get flagged for your quick review, but now you are looking at 5 orders instead of 50.

Most Browsify merchants report that after two weeks of fine-tuning, they spend less than 10 minutes a day on fraud review.

Set Up Fraud Blocking That Works While You Sleep

Browsify's automatic fraud blocking protects your Shopify store 24/7 — catching fraudulent visitors and orders around the clock so you can focus on growing your business.

Install Browsify Free on Shopify

Related Guides

Understanding Fraud Risk Scores on Shopify

Learn how fraud risk scores work and what the numbers actually mean for your store.

Read guide →

How to Stop Fake Orders on Shopify

Stop fake orders at the source with Visitor ID fingerprinting and real-time fraud scoring.

Read guide →

What Is Visitor ID & Why IP Blocking Isn't Enough

Understand how Visitor ID tracks fraudsters across sessions, IPs, and devices.

Read guide →