One of our clients recently contacted us to ask why they are seemingly getting numerous fake WooCommerce orders, from their online store. Fortunately, Stripe, their payment gateway, flagged all of those as suspicious or potentially fraudulent, and therefore blocked the credit cards from being processed.
That said, it is an unfortunate reality that when you operate any online store, particularly a WooCommerce store, fake orders have become a common occurrence. In fact, it’s kind of like termites, it’s not a question of if, but when you will get hit with fake orders submitted to your WooCommerce store.
Of course, as an eCommerce business owner, few things can be as frustrating as receiving fake or fraudulent orders through your WooCommerce store. That is because these fake orders are characterized by fraudulent credit card transactions that not only clutter your order management system, but also waste your time and resources.
Thus, I thought I might write an article to help others better understand why this occurs and what can be done about it.
Just What Exactly Are Fake WooCommerce Orders?
Fake WooCommerce orders are typically those that have been created by bots or malicious visitors to your online store, who are attempting to carry out credit card testing, test your system’s vulnerability, conduct phishing attacks, or simply waste your resources. These orders often contain fake names, addresses and payment information. Thus while most of these fraudulent attempts may not end up getting successfully processed, they can still negatively impact the efficiency of your business.
Common Reasons Why People Submit Fake WooCommerce Orders
Credit Card Testing
Credit card testing occurs when cybercriminals and hackers test stolen credit card information to determine which card numbers are active and can be used for unauthorized purchases. This practice typically involves making small transactions on low-risk platforms or merchants to avoid detection. If a card successfully goes through for a small purchase, the hacker may then use that card information for larger transactions, often leading to significant financial losses for the victim.
Bots and Spiders
Many automated software programs are designed to crawl websites for various purposes, including testing website security. These bots can easily fill out forms, including your WooCommerce checkout.
Phishing Attempts
Some malicious visitors or hackers attempt to collect sensitive information. By trying numerous orders, they hope to find enough information for illicit gains.
Spam and Malicious Activities
Orders may also originate from spammers who seek to exploit your store to promote their scams or unwanted products, leading to an influx of fake transactions.
Testing Payments and Vulnerabilities
Hackers may use fake orders as a means to test your payment gateway and other security measures without actually intending to purchase anything.
How Can You Stop or Prevent Fake WooCommerce Orders?
Fortunately, there are several ways you can reduce or eliminate the occurrence of fake orders on your WooCommerce website
Use Captcha on Checkout Pages
Implementing Captcha can significantly reduce the number of automated bot-generated fake orders. By requiring users to complete a Captcha challenge, you can thwart the use of automated bots to place fake orders. This is in fact what we did for our client.
Require Users to Create an Account
Requiring users to first create an account before they can checkout can be an effective way to reduce the likelihood of getting fake orders.
To do this, just go to the WooCommerce Settings then click on “Account and Privacy”. Next, simply make sure the box next to the “Allow customers to place orders without an account” option is unchecked.
Enable Email Verification
It is a good idea to require that your customers confirm their email addresses before their orders are processed. In this way, you can ensure that only valid email addresses are used, thus helping to deter those who might try submitting fake orders.
Implement Order Limits
You can also set limits on orders from the same IP address or billing address within a specified time frame. This can help identify and block users from placing multiple fake orders closely together.
Use an Anti-Fraud Plugin
There are many WordPress plugins designed to combat fraudulent orders. Solutions include WooCommerce Fraud Prevention or Anti-Fraud, which can help find and block suspicious orders based on predefined criteria, such as geolocation, payment patterns, or order history.
Require Strong Passwords
Seems obvious, but if users are required to create an account before making purchases, enforce strong password policies. This step will help prevent unauthorized users from accessing your site easily.
Utilize Address Verification Services
Use Address Verification Systems (AVS) to check if the billing address provided matches the address on file with the credit card company. This verification can help detect and block fraudulent orders beforehand.
Regularly Update WooCommerce and Other Plugins
Ensure that your WordPress website’s WooCommerce installation and all other associated plugins are updated regularly. Plugin developers usually release updates on an ongoing basis, to enhance security and fix vulnerabilities. As such, it is important to keep all plugins up-to-date.