Why am I Getting Fake WooCommerce Orders and How Can it Be Stopped? Comments Off on Why am I Getting Fake WooCommerce Orders and How Can it Be Stopped?

One of our clients recently contacted us to ask about getting what appeared to be numerous fake orders, from their WooCommerce store. Fortunately, their payment gateway flagged all of those as suspicious and blocked the credit cards from being processed.

That said, it is an unfortunate reality that when you operate any online store, particularly a WooCommerce store, fake orders have become a common occurrence. In fact, it’s kind of like termites, it’s not a question of if, but when you will get hit with fake orders submitted to your WooCommerce store.

Of course, as an eCommerce business owner, few things can be as frustrating as receiving fake orders through your WooCommerce store. That is because these fake orders are characterized by fraudulent credit card transactions that not only clutter your order management system, but also waste your time and resources.

Thus, I thought I might write an article to help others better understand why this occurs and what can be done about it.

What Are Fake WooCommerce Orders?

Fake WooCommerce orders are typically those that have been created by bots or malicious visitors to your online store, who are attempting to carry out credit card testing, test your system’s vulnerability, conduct phishing attacks, or simply waste your resources. These orders often contain fake names, addresses, and payment information and while they usually do not go through successful payment processes, they can still affect your business operations.

Common Reasons for Fake Orders

Credit Card Testing

Credit card testing occurs when cybercriminals and hackers test stolen credit card information to determine which card numbers are active and can be used for unauthorized purchases. This practice typically involves making small transactions on low-risk platforms or merchants to avoid detection. If a card successfully goes through for a small purchase, the hacker may then use that card information for larger transactions, often leading to significant financial losses for the victim.

Bots and Spiders

Many automated software programs are designed to crawl websites for various purposes, including testing website security. These bots can easily fill out forms, including your WooCommerce checkout.

Phishing Attempts

Some malicious visitors or hackers attempt to collect sensitive information. By trying numerous orders, they hope to find enough information for illicit gains.

Spam and Malicious Activities

Orders may also originate from spammers who seek to exploit your store to promote their scams or unwanted products, leading to an influx of fake transactions.

Testing Payments and Vulnerabilities

Hackers may use fake orders as a means to test your payment gateway and other security measures without actually intending to purchase anything.

How to Stop Fake WooCommerce Orders

Fortunately, there are several ways you can reduce or eliminate the occurrence of fake orders on your WooCommerce website

Use Captcha on Checkout Pages

Implementing Captcha can significantly reduce the number of automated bot-generated fake orders. By requiring users to complete a Captcha challenge, you can thwart the use of automated bots to place fake orders. This is in fact what we did for our client.

Require Users to Create an Account

Requiring users to first create an account before they can checkout can be an effective way to reduce the likelihood of getting fake orders.

To do this, just go to the WooCommerce Settings then click on “Account and Privacy”. Next, simply make sure the box next to the “Allow customers to place orders without an account” option is unchecked.

Enable Email Verification

It is a good idea to require that your customers confirm their email addresses before their orders are processed. In this way, you can ensure that only valid email addresses are used, thus helping to deter those who might try submitting fake orders.

Implement Order Limits

You can also set limits on orders from the same IP address or billing address within a specified time frame. This can help identify and block users from placing multiple fake orders closely together.

Use an Anti-Fraud Plugin

There are many WordPress plugins designed to combat fraudulent orders. Solutions include WooCommerce Fraud Prevention or Anti-Fraud, which can help find and block suspicious orders based on predefined criteria, such as geolocation, payment patterns, or order history.

Require Strong Passwords

Seems obvious, but if users are required to create an account before making purchases, enforce strong password policies. This step will help prevent unauthorized users from accessing your site easily.

Utilize Address Verification Services

Use Address Verification Systems (AVS) to check if the billing address provided matches the address on file with the credit card company. This verification can help detect and block fraudulent orders beforehand.

Regularly Update WooCommerce and Other Plugins

Ensure that your WordPress website’s WooCommerce installation and all other associated plugins are updated regularly. Plugin developers usually release updates on an ongoing basis, to enhance security and fix vulnerabilities. As such, it is important to keep all plugins up-to-date.

If you are receiving fake WooCommerce orders and would like to learn more about how to stop them, contact our web design team at Prominent Web Design in Scottsdale, today.