Shopify users should be happy to know that there is a risk assessment tool built into their retail platform. What is a risk assessment tool? In Shopify’s case, it is a tool that automatically analyzes all electronic transactions and rates them for potential fraud. If there is any cause for concern, the platform flags the transaction in question and alerts the store owner.
All Shopify plans come with risk analysis. The basic plan comes with basic risk analysis; more advanced analysis is included in Shopify’s pricier plans. If you want to know more about them, check out the Shopify documentation or their main website and look at a plan comparison.
How Risk Analysis Works
Basic risk analysis in Shopify focuses on looking at three criteria related to electronic transactions. As previously stated, if any of these criteria raises a red flag the transaction will not be processed until the store owner approves it. Those three criteria are:
- Customer address
- Credit card security code
- Customer IP address.
Let us look at each of these three things in a little more detail. As you read, keep in mind that no security system is 100% flawless. Shopify’s risk analysis tool is designed simply to give store owners a little help in identifying potentially fraudulent transactions.
1. Customer Address
Shopify uses an address verification system to compare the billing address and zip code entered by the customer with the information in the credit card issuer’s database. If all the information matches, customer address is not flagged for further investigation. If the information conflicts, there could be a problem.
2. Credit Card Security Code
On the back of modern credit cards is something known as the CVV (card verification value) code. It is a three-digit number unique to that card. Because retailers are prohibited by law from storing CVV information, the only way they can obtain it is from the current user him/herself. A scammer would have no way of knowing a code without physically possessing the card linked to it. Therefore, if the code provided by the customer does not match the card issuer’s database the transaction is flagged.
3. Customer IP Address
Lastly, the Shopify platform analyzes each customer’s IP address and compares its physical location to the billing address in the card issuer’s database. The IP address can reveal, for example, if a card belonging to a Canadian customer is being used in Russia. There are also cases in which specific IP addresses have already been recognized as fraudulent and are therefore blocked. Suspicious IP addresses are the primary reason for flagging transactions.
A transaction that fails risk analysis can be dealt with in one of two ways in Shopify. It can be flagged with an alert, thus allowing the store owner to verify it manually before completing the order. It can also be automatically blocked. Blocking would create an abandoned checkout that the store owner would have to manually clear.