Utilizing our Shopify app, we offer numerous fraud screening and fulfillment workflow automations to suit every type of eCommerce setup. These workflows include:
Auto-Cancel: Automatically Cancel & Refund Failed Orders
Merchants that push orders to fulfillment (vs a 3PL that automatically imports orders for fulfillment) often implement the basic auto-cancel setup. When the auto-cancel setting is enabled in the NoFraud portal, orders that NoFraud Fails are instantly canceled, refunded and restocked. You can easily turn this feature on by going to the Settings > Advanced in the NoFraud portal and enabling the settings below.
Authorize/Capture Workflow
Merchants that use a 3rd Party Logistics (3PL) or fulfillment system that automatically fulfills orders with a status of “Paid” will often use the Auth/Capture workflow to ensure orders identified as fraud as well as orders under review are not automatically fulfilled. By setting your Shopify payment settings to Manual capture mode, NoFraud is then able to screen orders while the payment status is still (only) Authorized. Only once NoFraud has screened the order and confirmed it is safe to ship (Pass), is the decision results sent back to Shopify via webhook, the payment is captured, and the Shopify order status updated to Paid.
Likewise, with this setting enabled, orders that receive a Review decision are held with a payment status of Authorized and the status only updates to Paid if the order is deemed safe to ship and payment is captured. A nofraud_updated_pass tag will be added to the order in Shopify once the review is completed and the order is Passed. If the order is deemed fraudulent (Fail), the payment status will remain Authorized, unless the Auto-cancel feature is enabled. This will void the payment authorization and the Shopify payment status will update to Voided. Orders under review that later result in a Fail will have a nofraud_updated_fail tag added.
How To Enable Auth/Capture Workflow:
-
- Turn on the Authorize/Capture setting by navigating to the NoFraud Portal > Settings > Advanced:
- In Shopify, select the Payment section of your settings bar. To the right, you will see automatic capture enabled. Select Manage and change the selection to manual capture and hit save.
- Ensure that your order fulfillment process is configured to only ship orders with the Paid status. This step is critical to ensure that your business does not ship any orders that NoFraud failed to capture payment.
- Turn on the Authorize/Capture setting by navigating to the NoFraud Portal > Settings > Advanced:
Using Shopify Flow To Create Custom Workflows:
To fully customize your NoFraud + Shopify user experience, you can utilize Shopify Flow (or similar) to create workflows for scenarios not covered by NoFraud's settings:
For example, if you have both the Authorize/Capture and the Exclude Non-Credit Card workflows enabled, by default, payment will not be captured on orders placed with alternate payment methods (e.g., PayPal, Amazon Pay etc.). To ensure non-credit card orders are paid for (i.e. payment is captured), we recommend the creating a custom Shopify workflow:
Shopify Plus merchants: Utilize Shopify Flow to capture payment on orders NoFraud skips.
Non-Shopify Plus merchants: We recommend the app called Mesa, which is similar to Shopify Flow.
Visual Representation of the Authorize/Capture Workflow:
Automation Using Order Tags
Merchants using a third-party checkout (e.g. Cashier, Recharge, Carthook, Zipify OCU, Intercart etc.) cannot use the Auth/Capture workflow as it is specific to Shopify checkout. It is recommended to use the order tags NoFraud sends to Shopify for automation (or via Shopify's API):
How To Use Order Tags To Automate Fulfillment:
Every order that NoFraud screens is tagged with one of the tags listed here. You can view those tags on every Shopify order.
To set up the automation, you want to work with your 3PL to only import orders tagged in Shopify as safe to ship. We recommend only importing orders with the following ("safe") NoFraud tags:
- nofraud_pass
- nofraud_updated_pass
- nofraud_skip
- nofraud_error
You can view a full list of tags here.
ShipStation Automation
Shopify merchants utilizing ShipStation can automate order fulfillment based on the NoFraud decision by implementing either of these simple options:
- Enable Auth/Capture + only fulfill paid orders: First, you need to enable to the Auth/Capture workflow in the NoFraud portal. Next, in your ShipStation settings, ensure that only Paid orders are fulfilled. Once configured, this will ensure that payment is only captured on Pass orders and ShipStation is only fulfilling Paid orders (i.e. only Pass orders are being fulfilled).
- Import NoFraud decisions directly to ShipStation: First, you need to enable to the Auth/Capture workflow in the NoFraud portal. Next, In the ShipStation portal, go to Store Setup > Store Settings > Edit Shopify Settings. In the Custom Field Mapping section, select Fraud Risk in Custom Field 1. Lastly, contact ShipStation Support and request that payment status mapping be enabled for your account.
Automation Using Shopify's Risk API
The NoFraud Shopify app will create an order risk associated with each order via a POST request to Shopify's /risk API endpoint, seen here: https://shopify.dev/docs/admin-api/rest/reference/orders/order-risk#create-2020-04
When viewing the risk for a particular order for which NoFraud has added a risk object, the order will show two risk objects (assuming no other risks were created besides Shopify's), so the data would look like this:
{ "risk": { "message": "Shopify Risk", "recommendation": "cancel", "score": 1.0, "source": "Internal", "cause_cancel": true, "display": true }, "risk": { "message": "NoFraud resulted in a decision of fail", "recommendation": "cancel", "score": 1.0, "source": "External", "cause_cancel": true, "display": true } }
The two risk objects can be differentiated by looking at the "source" field, which would be "Internal" for Shopify's risk, and "External" for NoFraud's.
To identify NoFraud's decision for the order, you can use either the "recommendation" or "score" fields. NoFraud will assign values to these two fields based on our fraud decision accordingly:
For orders receiving an initial decision of "pass":
{ "recommendation": "accept", "score": "0.0" }
For orders receiving an initial decision of "fail":
{ "recommendation": "cancel", "score": "1.0" }
For orders receiving an initial decision of "review":
{ "recommendation": "investigate", "score": "0.5" }