WooCommerce Fraud Prevention with IP Intelligence
The Real Cost of Ecommerce Fraud
Chargebacks cost more than the transaction value. For most merchants the total cost of a disputed order — including the chargeback fee, administrative time, product loss, and payment processor penalties — runs to 2–3× the original order amount. At scale, even a 0.5% fraud rate can wipe out a category's margin entirely.
The challenge is that fraud prevention has traditionally required either expensive third-party fraud platforms with per-transaction fees, or brittle rule engines that require constant manual tuning. IP intelligence provides a fast, low-cost signal that dramatically increases detection accuracy without adding checkout friction for legitimate customers.
What IP Signals Reveal at Checkout
The IP address a customer checks out from carries more information than most merchants realise:
Datacenter IP = likely automated or bot traffic. Legitimate shoppers browse from home ISPs or mobile data. When an order comes from an AWS or Hetzner IP range, it is almost certainly a bot or a fraudster using a VPS to place the order. Genuine customers don't check out from EC2 instances.
Proxy or VPN at checkout dramatically increases the probability of fraud. Fraudsters use proxies to bypass IP-based velocity rules and to mask their real country. A first-time customer placing a high-value order through a known proxy service deserves extra scrutiny.
Billing country vs. IP country mismatch is one of the most reliable fraud signals in ecommerce. A card billed to a US address checking out from an Eastern European datacenter IP is a classic fraud pattern. Mismatch on its own isn't conclusive — travellers and expats are legitimate edge cases — but combined with other signals it becomes highly predictive.
High risk score on a new account placing a large order is a strong compound signal. A fresh account with no order history, using a high-risk IP, on an expedited shipping option, deserves a hold.
How the Predax WooCommerce Plugin Works
The Predax WooCommerce plugin hooks into woocommerce_checkout_process and woocommerce_thankyou to check the customer's IP before and after order placement.
Installation:
- Download the zip from your Predax dashboard under Integrations.
- In WP Admin → Plugins → Add New → Upload Plugin, select the zip and activate.
- Navigate to WooCommerce → Settings → Predax.
- Paste your API key, set your risk threshold, and choose an enforcement mode.
Enforcement modes:
| Mode | Behaviour |
|---|---|
| Monitor | Orders are tagged and logged but never blocked. Use this to build a baseline before enforcing. |
| Hold | Orders above the threshold are placed on hold for manual review. Customers see "Your order is being reviewed." |
| Block | Orders above the threshold are rejected at checkout with a configurable error message. |
Recommended starting configuration for new stores:
- Enforcement mode: Hold
- Risk threshold: 70
- Billing country mismatch: Flag
- Datacenter IP action: Block
- Velocity rule: 3 orders per email per 24 hours
Order Hold and Velocity Rules
The hold mode is the safest starting point. It lets you review suspicious orders manually while you tune thresholds, and it gives legitimate customers a path forward (they can contact support) rather than a hard rejection.
Velocity rules catch a different fraud pattern: card testing. Fraudsters test stolen card details by placing small orders in rapid succession. Setting a limit of 3 orders per email address per 24-hour window, or 5 orders per IP per hour, blocks most card testing attacks without touching legitimate customers.
A Real Fraud Signal Stack
Consider this order profile:
- IP:
162.247.74.11(Tor exit node, risk score 94) - Country from IP: United States (Tor exit, actual origin unknown)
- Billing address country: United Kingdom
- Customer account age: 4 minutes
- Order value: £340 (electronics)
- Shipping: next-day express
Every single signal here is red. The IP is a known Tor exit node. The billing address is inconsistent with the detected country. The account was created moments ago. The order is high value with fast shipping — classic fraud ordering pattern (get the goods before the chargeback lands). With Predax in Hold mode at threshold 65, this order would never reach your fulfilment queue unreviewed.
Tuning for Your Store
Start with Monitor mode for two weeks and review the flagged orders. You'll quickly develop a feel for your legitimate customer base's IP distribution. Then move to Hold at a conservative threshold (75–80). Only move to Block once you've confirmed that your false positive rate is acceptable — typically after one to two months of Hold-mode data.
Related guides
- Chargeback prevention playbook — the wider fraud-loss picture beyond WooCommerce.
- Account takeover prevention — fraudulent orders often come from compromised accounts; close the login door too.
- How IP risk scoring works — what's behind the risk score the plugin uses to hold orders.
- Stop fake signups — same principles, applied at registration instead of checkout.
Run a WooCommerce store? Install the Predax WooCommerce plugin and pick a plan sized to your daily order volume.
