Top Fraud Prevention Strategies for Woocommerce

After releasing our WordPress WooCommerce plugin, we noticed an increase in signups for shops starting out on their fraud prevention journey. For those unfamiliar with Woocommerce, it can essentially turn any WordPress site into an eCommerce store like Shopify. Many small shops on a budget turn to WooCommerce due to its flexibility and freeness factor. These stores required a different solution than most enterprise clients. As fraud affects all sizes, significantly smaller businesses, we needed to make sure there were some solutions available that would work with our plugin. The first question during onboarding usually determines which Trust Swiftly verification methods (15+) to use. This answer can vary significantly if the store already uses some fraud identification tool like the ones mentioned below. Since Trust Swiftly goes hand in hand with a fraud detection tool, we looked at the options for WooCommerce. Ultimately, we hope to find a plugin or service that we can integrate with so only risky score and rule set orders are sent to Trust Swiftly, as this is the best approach to fraud. At the moment the same goal can be achieved through custom development or manual routing.

Unfortunately, most of the guides on top WooCommerce fraud plugins or other blogs were inadequate for clients dealing with a lot of fraud. They were either heavily outdated compared to current fraud trends or suggested solutions that would result in more loss of revenue if implemented. Even if you used some of them, we predict they would operate poorly in high-risk environments. To save you some time, we didn't find a solution we can recommend 100% but filtered down the list a little to help you in your journey. We can help build a custom plan for you if you have a specific business fraud case.

Woocommerce Fraud

First, we will start with the low-budget options we found. Others we found were not worth mentioning, as they used static information and blocklists:

WooCommerce Anti-Fraud

Usually, this plugin is recommended by others but looking into it, the options could be better. Any solution where you are stuck in an interface on Woocommerce will miss important information. Most of them use static rules to block or review payments, but at least this plugin outsources some logic to MaxMind. Maxmind is a decent anti-fraud solution that has been around for a long time. They also cater to small businesses with their prices / pay-as-you-go structure. However, you won't be getting the best predictions and scores from this tool. MaxMind and this plugin do not give all the different reasons for the fraud, and the interface is difficult to identify patterns. MaxMind also relies heavily on IP reputations which they are usually best at for discerning geolocation and other attributes. However, if you are dealing with advanced bad actors, Ips are the least of their concerns, and they will be able to place an order with perfect browser and IP signals.

FraudLabs Pro Woocommerce -

This plugin is offered by a company that focuses on fraud prevention. They incorporate more signals and have a tighter integration with their own platform. It looks like the first plugin but uses the backend's FraudLabs Pro APIs. The pricing is generous with their free tier but again, they fall into the same trap as MaxMind using outdated fraud signals. They rely on known signals such as IP, velocity, geolocation, and more. Most fraudsters have a toolbox ready to bypass those checks easily, resulting in them getting a good score. Also, their blacklist record is another differentiating feature, but you need to be careful with those, as we have seen too many cases of false positives. They even offer some basic verifications like SMS same as Trust Swiftly, but their main focus appears to be on the fraud factors. Overall, a decent solution but nothing that would stop many cases in high-risk environments like digital gaming goods.

IPQualityScore Fraud Detection -

This plugin was hard to find, but the brand name is known as it has been around for a while and is suitable for small businesses. They have many different APIs, all to prevent fraud. This can be overwhelming, similar to all the other verification methods Trust Swiftly has too. The problem is this solution breaks out simple checks into detailed options. The IP goes into a proxy, VPN, bot, and more. These are all usually useless if you are dealing with high fraud rates. There are many cases where VPNs are completely fine in the gaming industry, and we do not recommend blanket approaches of blocking orders. The plugin has some options specifically for Woocommerce, which is part of their added integrations. This would be an excellent first line of defense for a store looking for basic information. Nowadays there are plenty of free apps and data sources that can obtain the same information provided by this tool if you are looking to do this yourself. The heavy reliance on Ips is a common mistake we keep seeing with the first 3 plugins. Device fingerprinting is also futile too for many cases. Changing all your information is too easy now with a few tools like Sphere, AdsPower and GoLogin Even the top fingerprinting tools like are no match to all the countermeasure tools fraudsters have to dispose of. So, we don't fault IPQualityScore for trying to offer basic fingerprinting, as it should work for maybe 50% of fraud attempts.

Subno -

This plugin is one of the originals to work with Woocommerce. If anyone is familiar with Woocommerce in the early days, you will know there were little to no fraud prevention tools. Subuno still appears to be running with a rules-based engine but has now added more options. They have smartly expanded to integrate with many other apps and fraud tools. Some of this is generating risk scores, but we doubt they are going to be as robust as the higher end solutions. They do the leg work on integrating these APIs but have little information on all of it. Unfortunately, it is hard to find what they are up to these days, so you may be stuck with a dated solution.

Now we will look at the medium and high-budget solutions for small businesses. If your revenue is less than $50,000 a month these ones usually do not make sense at all. Especially nowadays many payment providers are building in fraud prevention. i.e. Stripe Radar is very robust but only helps for after payment fraud detection. You will want to stop some fraud upfront too. Even PayPal has dramatically improved their fraud detection, and you will mostly be experiencing friendly fraud disputes instead of actual stolen cards / accounts these days.

Furthermore, options like 3D secure stop many more cases of fraud due to increased adoption in the past few years. This is a catch-22 problem as some fraud prevention techniques have improved so well that it reduces the need for other vendors. The tools that are innovating seem to be doing fine, as there is still a need to prevent skilled fraudsters.

We will only review a few options that might be within reach for small businesses. There are many more enterprise options, but if you are using Woocommerce or smaller than $300k in revenue a month, they might not reply.

Sift -

Sift has been around for a while now and originally had a plugin for WooCommerce here However, looking at some reviews and questions they have shifted their interest away from the SMB market. Their pricing structure does not work for many, and third parties developed the plugin with years of no updates. At last check, $1,000 a month was required for them to talk to you. Even feedback from our customers on Sift have all made concerns around their pricing and rapid increases in cost. They have significant fees and haven't seemed to innovate too much in the market lately besides updating their branding. Aside from this point, if you do use Sift, it is a very robust solution if you can get around its costs.

Their acquisition of Keyless also brings little value to eCommerce stores as the adoption of nonnative device biometric solutions is having a difficult time. They also bought a chargeback management solution, which is usually not needed for stores with less than 50 disputes a month. The killer feature of Sift is its dashboard and views of payments across its system. If you want a 360 view of a user and all the different factors that went into a risk score, then Sift has this for you. Their network feature also helps you tap into the intelligence of all their enterprise customers. The last thing to keep in mind is you most likely will need custom development to integrate Sift in WordPress. The plugin is outdated and does not take advantage of new Sifts features like workflows.

Seon is a close competitor with Sift and has most of the same features, if not more, on the fraud detection front. They are newer than Sift but well established at this point with good experience in multiple industries of fraud especially digital goods. Seon appears to be innovating more with new fraud detection techniques and a better pricing structure upfront. The only downside with their pricing is it seems to add up when using multiple APIs i.e. email, bin, ip etc. Sift has an easier-to-track structure where you pay for one type and it gives you all the data about the payment. Again, there is no out-of-the-box plugin, but if you are spending money on any of these fraud tools, you need to do a custom integration. A simple plugin would never be able to cover all your use cases, and integrating this with a developer will give you more opportunities to detect and prevent fraud on your site. You then can adaptively approve, review, and decline users and payments throughout your site.

AWS Fraud detector -

AWS is the last option we have reviewed and is a possible fit for some small businesses. The scoring you get is comparable to other tools like Sift and Seon. However, you don't get the minutia of all the factors that went into the decision. This sometimes doesn't matter as long as you trust AWS to provide accurate scoring, which they usually do it won't matter. They also have a rules engine that you can easily update logic on outcomes of orders. The best factor is the added intelligence AWS uses on the background from the ML models of Amazon has such a significant presence across the web and usage on eCommerce that this helps build an accurate score. The pricing is very generous, too, with a free tier and low cost per transaction scorings.

Now, the downside is you are in for a much more difficult integration and setup. Next, you need a healthy dataset of good and bad orders to train their models, so it's not something that works well if you are starting off. The documentation is nowhere near understandable as tools like Sift and Seon. You must deploy and set up many more settings than a simple plugin install. You will need a skilled developer who understands all the setup and configuration of creating your fraud detectors and variables. There is also no admin dashboard to easily track different users and journeys on your site. AWS Fraud Detector would be an excellent solution for a business with strong technical implementation expertise. If you want to implement AWS Fraud Detector without all the extra hassle, you can contact us and use our prebuilt integration on Trust Swiftly. This will save you the time to go live with the benefit of seeing AWS's fraud scoring about your users.

To sum up, there currently is no easy solution for Woocommerce and anti-fraud. There are many options on the market, but not one caters to the ecosystem with a plug-and-play robust solution. For an optimal approach to fraud and your budget, you might be able to start with basic techniques like the lower budget tools or even using more fraud settings from your payment provider. If you still face a lot of fraud, you will need a combination of Trust Swiftly with more complex fraud detection tools. (Sign Up for Free) Identifying fraud is one part of the battle, while putting the potential bad actors through a gauntlet of verifications is another strategy. Lastly, keep in mind fraud is an evolving landscape, and the information you find online might be outdated sooner rather than later.