Back to Blog
shopifyfraud-preventionchargebacksrulessecurity

Shopify Fraud 101: 7 Signals to Block *Before* Checkout

Practical rules you can deploy today to stop bad traffic early without punishing real customers.

Fraud Guard Team
September 8, 2025
7 min read
Shopify Fraud 101: 7 Signals to Block *Before* Checkout

Why Pre-Checkout Blocking is Your Cheapest Defense

Traditional fraud prevention happens at the payment gateway. By then, fraudsters have already:

  • Consumed your server resources
  • Skewed your analytics with fake traffic
  • Created abandoned carts that hurt your conversion metrics
  • Potentially exposed your checkout process to vulnerabilities

Pre-checkout blocking flips this model. Instead of analyzing transactions, you analyze visitors and redirect suspicious ones before they can interact with your store meaningfully.

The benefits compound quickly:

  • Lower processing costs: No payment gateway fees for blocked attempts
  • Cleaner analytics: Remove bot traffic from your conversion funnels
  • Better user experience: Legitimate customers face fewer friction-heavy security checks
  • Reduced server load: Block traffic before it hits your product pages and checkout

7 High-Impact Signals to Block Before Checkout

1. IP/CIDR Range Blocking

What it catches: Known bad IP addresses and entire suspicious network blocks.

The most straightforward approach is maintaining lists of problematic IP addresses and CIDR ranges. This includes:

  • Datacenter IPs: Many fraudsters operate from cloud servers rather than residential connections
  • Known proxy services: Commercial proxy and VPN providers frequently used for fraud
  • Previously flagged IPs: Addresses that have attempted fraud on your store before

Implementation tip: Start with datacenter and hosting provider IP ranges. Services like AWS, Google Cloud, and DigitalOcean publish their IP ranges, block these unless you specifically need to serve business customers who might use corporate VPNs.

2. Impossible Geolocation vs. Shipping Patterns

What it catches: Visitors whose location doesn't match realistic shipping scenarios.

This is subtler than simple country blocking. Look for patterns like:

  • IP geolocation in Country A, but immediate browsing of products that only ship to Country B
  • Rapid geographic switching (multiple countries in minutes)
  • High-risk country + premium shipping to different country combinations

Real-world example: A visitor with a Nigerian IP address immediately browsing iPhone cases with overnight shipping to a freight forwarder in Delaware. Individually, these aren't suspicious together, they form a pattern worth blocking.

3. Device Fingerprint Analysis

What it catches: Headless browsers, automation tools, and spoofed devices.

Device fingerprinting examines browser characteristics like:

  • Screen resolution and color depth
  • Installed fonts and plugins
  • Canvas rendering signatures
  • WebGL renderer details
  • Audio context fingerprints

The key insight: Real users have consistent fingerprints with realistic hardware combinations. Automated tools often have suspiciously clean or inconsistent fingerprints.

Warning: Device fingerprinting can impact legitimate users on privacy-focused browsers. Always provide an appeal process.

4. ASN/Proxy/TOR Detection

What it catches: Traffic from hosting providers, VPN services, and anonymization networks.

Every IP address belongs to an Autonomous System Number (ASN) essentially, the organization that controls that block of IP addresses. High-risk ASNs include:

  • Cloud hosting providers: AWS, DigitalOcean, Vultr, etc.
  • VPN services: NordVPN, ExpressVPN, ProtonVPN, etc.
  • TOR exit nodes: The final hop in TOR anonymization chains

Balance is crucial: Many legitimate users use VPNs for privacy. Consider allowing VPN traffic but applying additional scrutiny rather than outright blocks.

5. Velocity Across Sessions

What it catches: Coordinated attacks and bot campaigns.

Velocity rules monitor unusual patterns of activity:

  • Cart velocity: Multiple carts created from similar IPs in short timeframes
  • Account creation velocity: Bulk account creation patterns
  • Browse velocity: Unnaturally fast page navigation suggesting automation
  • Search velocity: Rapid-fire product searches typical of inventory scrapers

Implementation strategy: Set velocity thresholds based on your normal traffic patterns. A small boutique might flag 3+ carts per IP per hour, while a major retailer might allow much higher thresholds.

6. BIN Country Mismatch Analysis

What it catches: Stolen credit cards being used from unexpected locations.

This requires some checkout integration, but it's powerful: Compare the country of the credit card's Bank Identification Number (BIN) with the visitor's IP geolocation.

Large mismatches, especially from high-risk countries often indicate stolen card usage.

Example pattern: Visitor IP in Eastern Europe + Credit card BIN from U.S. bank + Shipping address in Southeast Asia = Very high fraud probability

7. Known Abusers List Management

What it catches: Previously identified fraudsters attempting return visits.

Maintain dynamic lists of:

  • Device fingerprints from previous fraud attempts
  • IP addresses associated with chargebacks
  • Suspicious email patterns (domains, formats) from known bad actors

Pro tip: Set expiration dates on your block lists. IP addresses can legitimately change hands, and you don't want to permanently block customers who've moved or changed ISPs.

Shopify Implementation: App Embed, Pixel, and Redirect Strategy

Implementing these rules effectively on Shopify requires understanding three key technologies:

App Embed Integration

Use Shopify's App Embed feature to inject your fraud detection script into every page load. This ensures coverage without requiring theme modifications.

Smart Redirect Handling

Instead of showing harsh error messages, redirect suspicious visitors to a branded blocked page that maintains your store's look and feel while clearly explaining the block.

Rollout Plan: Start Safe, Scale Smart

Phase 1: Log-Only Mode (Week 1-2)

Implement all detection rules but only log results, don't block anyone yet. This gives you baseline data about your traffic patterns and helps identify potential false positives.

Phase 2: High-Confidence Blocks (Week 3-4)

Start blocking only the highest-confidence signals:

  • Known datacenter IPs
  • TOR exit nodes
  • Previously flagged fraudster fingerprints

Phase 3: Gradual Expansion (Week 5+)

Slowly add more detection rules while monitoring false positive rates:

  • Geographic mismatches
  • Velocity violations
  • Device fingerprint anomalies

Monitor False Positives Religiously

Set up alerts for:

  • Unusual drops in conversion rates
  • Increases in customer service contacts about access issues
  • Geographic regions with unexpected traffic drops

Key Metrics to Monitor and Optimize

Primary Success Metrics

  • Block rate: Percentage of visitors blocked
  • Fraud prevention amount: Estimated dollar value of prevented fraudulent orders
  • Chargeback reduction: Month-over-month chargeback rate improvements

Performance and Health Metrics

  • False positive rate: Legitimate customers incorrectly blocked (keep under 1%)
  • Appeal success rate: How many blocked visitors successfully appeal
  • Page load impact: Ensure fraud detection doesn't slow your store

Advanced ROI Tracking

ROI can be estimated by comparing what you spend on fraud prevention with the savings from reduced chargebacks and avoided fraudulent orders.

For example, if your chargebacks drop by 50% and each chargeback typically costs you $100 in fees and losses, multiplying that savings by the number of prevented chargebacks gives a simple ROI estimate.

Conclusion: Building Your Pre-Checkout Defense

Pre-checkout fraud blocking represents a fundamental shift from reactive to proactive fraud prevention. By implementing these seven signals systematically, you can stop the majority of fraudulent visitors before they ever reach your checkout saving money, improving metrics, and protecting your business.

The key to success is starting conservatively and scaling based on data. Begin with high-confidence signals like datacenter IP blocking, monitor your results carefully, and gradually expand your rule set as you gain confidence in your detection accuracy.

Remember: the goal isn't to block every possible threat. It's to efficiently stop the most damaging fraud while maintaining an excellent experience for legitimate customers.

Ready to implement these strategies? Consider tools like Fraud Guard that handle the technical complexity while giving you granular control over your blocking rules. With the right approach, you can reduce chargebacks by 85% or more while actually improving your customer experience.

Want more fraud prevention insights? Subscribe to our newsletter for weekly tips on protecting your Shopify store.

Share this article:

Related Articles