Understanding Fraud Risk Scores on Your Shopify Store

You get an order for $347 from a first-time customer. The billing address is in Texas, the shipping address is in Florida. The email address looks like a random string of letters at gmail.com. Your gut says something is wrong.

But then again:

• Maybe it is a parent buying a gift for their college kid
• Maybe the customer just moved and has not updated their card yet
• Maybe they created a throwaway email because they do not want marketing emails

You cannot call every customer to verify. You cannot hold every order that looks slightly unusual — you would never ship anything. And you definitely cannot just approve everything and hope for the best, because one chargeback on a $347 order costs you the product, the shipping, the payment, plus a $15–$100 chargeback fee on top.

This is the daily dilemma that risk scores solve. Instead of relying on your gut feeling — which is sometimes right and sometimes wrong — a risk score gives you a number based on actual data. It looks at dozens of signals about the order, the customer, and their device, and tells you how likely it is to be fraud.

No more guessing. No more losing sleep over whether to ship or cancel.

A risk score is a number from 0 to 100 that tells you how likely an order or visitor is to be fraudulent. Think of it like a thermometer for fraud:

• 0 to 33 — Low Risk (Green): This order looks clean. The billing and shipping details match up, the device has no fraud history, and nothing unusual is happening. These orders are almost always safe to fulfill.
• 34 to 66 — Medium Risk (Yellow): Something is a little off. Maybe the visitor is using a VPN, or the billing country does not match the card country. Worth a quick look, but not necessarily fraud. Many medium-risk orders turn out to be legitimate.
• 67 to 100 — High Risk (Red): Multiple red flags are present. This order has a high chance of being fraudulent. You should review it carefully before fulfilling, and in many cases, cancel and refund it.

The score is not based on any single factor. It combines many signals together:

• Multiple card attempts: If someone tried 3 different credit cards before one worked, that adds to the score. Regular customers do not carry around 3 cards with different numbers to try.
• Billing and shipping mismatch: A card registered in Chicago but shipping to Miami raises the score. Not always fraud — but a real signal.
• Known fraud device: If the Visitor ID (device fingerprint) has been linked to fraud before — on your store or others — the score goes up significantly.
• VPN or proxy usage: The visitor is hiding their real location. Not always bad (some people use VPNs for privacy), but it adds to the overall picture.
• Unusual location: An order placed at 3 AM from a country you have never shipped to before adds to the score.
• Email address quality: A disposable or recently created email address is a minor flag. A verified email with history is a positive signal.

No single factor decides the score. It is the combination that matters. A VPN alone might add 10 points. A VPN plus a card mismatch plus a known fraud device might push it to 85.

When you open Browsify's fraud analytics, here is what you see and what it all means:

Flagged Visitors: These are visitors whose behavior or device signals triggered one or more risk factors. Each flagged visitor shows their Visitor ID (device fingerprint), their risk score, and a list of the specific factors that raised the score.

Risk Factors (what they mean in plain English):

• "5 card attempts" — This person tried 5 different credit card numbers. They are almost certainly testing stolen cards to see which ones work.
• "Card country mismatch" — The credit card was issued in one country but the visitor is browsing from another country. This happens legitimately sometimes, but it is one of the strongest fraud signals.
• "VPN detected" — The visitor is using a VPN to hide their real location. About 30% of internet users use VPNs, so this alone does not mean fraud — but combined with other flags, it matters.
• "Known fraud device" — This exact device fingerprint has been associated with fraud before. This is one of the most reliable signals.
• "Proxy / TOR detected" — The visitor is using a proxy server or the TOR network to mask their identity. TOR usage on a shopping site is almost always suspicious.
• "Multiple accounts" — The same device has placed orders under different email addresses or customer accounts.

Country Breakdown: Shows you where your visitors are coming from. If you only ship to the US but 40% of your flagged visitors are from overseas, you know where to tighten your rules.

Timeline View: Shows when flagged activity is happening. Fraud often clusters at specific times — like 2 AM to 5 AM in your timezone, when human staff are unlikely to be watching.

A high-risk score does not automatically mean fraud, and a low-risk score does not guarantee a clean order. Here is a practical decision framework:

High Risk (67–100): Review before fulfilling.

• Check the specific risk factors. "Known fraud device" plus "3 card attempts" is very different from "VPN detected" plus "new customer."
• Look at the shipping address. Does it match the billing? Is it a freight forwarder or P.O. box?
• Check the email. Does it look like a real person's email, or random characters?
• If the order value is above $100, consider sending a quick verification email: "Hi, we are preparing your order for shipment. Can you confirm your shipping address?" Fraudsters rarely respond.
• If multiple strong red flags are present, cancel and refund. The $15 chargeback fee you avoid is worth more than the sale you lose.

Medium Risk (34–66): Quick check, then decide.

• Glance at the risk factors. If it is just "VPN detected" or "billing/shipping mismatch," it is probably fine.
• If you see "multiple card attempts" plus anything else, treat it like high risk.
• For orders under $50, the cost of a chargeback may be less than the cost of lost customer goodwill from cancelling a real order.

Low Risk (0–33): Fulfill normally.

• These orders have no significant red flags. Ship them with confidence.
• If a low-risk order later results in a chargeback, do not change your entire approach. Even the best systems are not 100%.

Browsify's default auto-block threshold is set to 80 out of 100. This works well for most stores, but you might want to adjust it based on what you sell:

If you sell high-value items ($200+):

• Consider lowering your threshold to 60 or 70
• A single chargeback on a $500 item costs you $500 + the product + the chargeback fee. It is worth blocking a few extra borderline visitors to avoid that hit.
• You can set the threshold to "flag for review" at 60 and "auto-block" at 75, giving yourself a manual review zone for medium-risk orders.

If you sell low-value items ($10–$30) with thin margins:

• You can keep the threshold at 80 or even raise it to 85
• The cost of a single chargeback on a $15 item is painful but survivable. The cost of blocking too many real customers is worse for your overall revenue.

If you sell digital goods or gift cards:

• Lower your threshold to 50 or 60. Digital goods are the number one target for fraud because there is no shipping delay — the fraudster gets instant value.
• Consider requiring additional verification for all medium-risk orders involving digital products.

How to adjust: Go to your Browsify dashboard, click Settings, then Fraud Rules. You will see a slider for your auto-block threshold. Move it to your desired level. You can also set separate thresholds for different actions — for example, auto-block at 80 but flag for review at 60. Changes take effect immediately.