Table Of Contents
WooCommerce Anti-Fraud checks for possible fraud whenever an order is placed. The outcome of this check is the output of Risk Advise and Risk Scores.
- Download the .zip file from your WooCommerce account.
- Go to: WordPress Admin > Plugins > Add New and Upload Plugin with the file you downloaded with Choose File.
- Install Now and Activate the extensions.
Setup and Configuration for Woocommerce Anti-Fraud
In Anti-Fraud Settings, you can set these automated actions based on Risk Score:
- Cancel order
- Put an order on hold
- Send the administrator an email notification (but don’t change with the order status)
The automated action section also allows for a list of email addresses that are whitelisted from these automated actions. Enter one email address per line. Save changes.
WooCommerce Anti-Fraud checks for possible fraud whenever an order is placed. The outcome of this check is the output of Risk Advise and Risk Score.
For Risk Advice:
- Low Risk – A Risk score lower than 25.
- Medium Risk – A Risk score between 25 and 75.
- High Risk – A Risk score higher than 75.
Risk Advise, Risk Score and a list of failed rules are added to the order edit display.
The Fraud Risk meta box
Risk Advice is also shown in the order overview screen as a coloured shield, and the shield colour is based on the level of Risk Advise.
How are Fraud Advice and Fraud Score calculated?
We created a set of rules that vary from simple checking if the shipping address matches the billing address to advanced rules such as proxy detection. We calculate a score based on the number of rules the order fails, then display Fraud Advise based on this score.
Configuring the plugin’s settings
By navigating to WooCommerce > Settings and clicking the Anti-Fraud tab, you can configure how the plugin reacts to different risk scores.
- Admin Email Settings – Leave this on if you want WordPress to send you emails regarding the outcome of anti-fraud checks.
- Cancel score – This field allows you to determine when orders are automatically cancelled according to the score of their anti-fraud check. Orders with a risk score equal to or higher than the value entered will automatically be cancelled. By writing “0” in the field, this feature will be disabled and no orders will automatically be cancelled.
- On-hold score – This field is used to determine when an order is automatically put on hold. When an order’s risk score equals or exceeds this value, it will be placed on hold to be reviewed. By writing “0” in the field, this feature will be disabled and no orders will automatically be put on hold.
- Email notification score – Risk scores that meet or exceed this value will cause an email to be sent to your address.
- Medium and high-risk thresholds – This field allows you to change what the plugin classifies as a medium-level risk or a high-level risk.
- Enable first-order check – When enabled, the plugin will include a warning if the order placed is a user’s first order. The risk score will also be affected according to the rule’s risk weight.
- Enable international order check – This setting checks if an order has been placed internationally. If it is, a warning is displayed and the risk score will be affected according to the rule’s weight.
- Enable IP geolocation check – When enabled, the plugin will look up the IP address of customers to determine their location. This information can help you detect illegitimate orders (eg. the IP location is in a different country to the shipping address).
- Enable suspicious domains to check – By entering email domains (eg gmail.com, yahoo.com) into the “Suspicious Domains” field, the plugin can warn you when an order is placed using one of these addresses.
- Enable unsafe countries to check – Countries marked on this list are considered suspicious by the plugin. You can select multiple countries by holding CTRL (Windows) or ⌘ (Mac) when you are clicking them.
- Enable order amount check – Unusually large orders are a common sign of fake transactions. By enabling this setting, you will be warned when an order is placed that exceeds the cost in the “Amount limit” box.
- Check for attempt count – Enable this setting to check for multiple orders placed over short time spans (eg. 3 orders over 24 hours.
- IP multiple details check – When enabled, this setting will check if multiple orders have been placed over the same IP address. This is helpful for detecting users who are attempting to purchase with several different emails.
- Enable PayPal verification – When this setting is active, all PayPal payments will require verification. A verified PayPal email address is linked with more legitimate, low-risk orders. If verification fails, the order is put on hold.
- Prevent downloads if verification fails – For WooCommerce stores which have digital downloads, this setting can be used to restrict access to the downloadable file(s) until the PayPal email is verified.
- Time spend before further attempts – This setting adjusts how many days are allowed to pass before another email is sent.
- Email body – This field allows you to customize the message that is sent to customers who need to verify their PayPal accounts.