Predax Blog

Product updates, best practices, and deep dives into IP intelligence.

WooCommerce Fraud Prevention with IP Intelligence
Predax Team

WooCommerce Fraud Prevention with IP Intelligence

woocommercefraud-preventionecommercewordpress

The Real Cost of Ecommerce Fraud

Chargebacks cost more than the transaction value. For most merchants the total cost of a disputed order — including the chargeback fee, administrative time, product loss, and payment processor penalties — runs to 2–3× the original order amount. At scale, even a 0.5% fraud rate can wipe out a category's margin entirely.

The challenge is that fraud prevention has traditionally required either expensive third-party fraud platforms with per-transaction fees, or brittle rule engines that require constant manual tuning. IP intelligence provides a fast, low-cost signal that dramatically increases detection accuracy without adding checkout friction for legitimate customers.

What IP Signals Reveal at Checkout

The IP address a customer checks out from carries more information than most merchants realise:

Datacenter IP = likely automated or bot traffic. Legitimate shoppers browse from home ISPs or mobile data. When an order comes from an AWS or Hetzner IP range, it is almost certainly a bot or a fraudster using a VPS to place the order. Genuine customers don't check out from EC2 instances.

Proxy or VPN at checkout dramatically increases the probability of fraud. Fraudsters use proxies to bypass IP-based velocity rules and to mask their real country. A first-time customer placing a high-value order through a known proxy service deserves extra scrutiny.

Billing country vs. IP country mismatch is one of the most reliable fraud signals in ecommerce. A card billed to a US address checking out from an Eastern European datacenter IP is a classic fraud pattern. Mismatch on its own isn't conclusive — travellers and expats are legitimate edge cases — but combined with other signals it becomes highly predictive.

High risk score on a new account placing a large order is a strong compound signal. A fresh account with no order history, using a high-risk IP, on an expedited shipping option, deserves a hold.

A dashboard flagging high-risk WooCommerce orders for review
A dashboard flagging high-risk WooCommerce orders for review

How the Predax WooCommerce Plugin Works

The Predax WooCommerce plugin hooks into woocommerce_checkout_process and woocommerce_thankyou to check the customer's IP before and after order placement.

Installation:

  1. Download the zip from your Predax dashboard under Integrations.
  2. In WP Admin → Plugins → Add New → Upload Plugin, select the zip and activate.
  3. Navigate to WooCommerce → Settings → Predax.
  4. Paste your API key, set your risk threshold, and choose an enforcement mode.

Enforcement modes:

ModeBehaviour
MonitorOrders are tagged and logged but never blocked. Use this to build a baseline before enforcing.
HoldOrders above the threshold are placed on hold for manual review. Customers see "Your order is being reviewed."
BlockOrders above the threshold are rejected at checkout with a configurable error message.

Recommended starting configuration for new stores:

  • Enforcement mode: Hold
  • Risk threshold: 70
  • Billing country mismatch: Flag
  • Datacenter IP action: Block
  • Velocity rule: 3 orders per email per 24 hours

Order Hold and Velocity Rules

The hold mode is the safest starting point. It lets you review suspicious orders manually while you tune thresholds, and it gives legitimate customers a path forward (they can contact support) rather than a hard rejection.

Velocity rules catch a different fraud pattern: card testing. Fraudsters test stolen card details by placing small orders in rapid succession. Setting a limit of 3 orders per email address per 24-hour window, or 5 orders per IP per hour, blocks most card testing attacks without touching legitimate customers.

A Real Fraud Signal Stack

Consider this order profile:

  • IP: 162.247.74.11 (Tor exit node, risk score 94)
  • Country from IP: United States (Tor exit, actual origin unknown)
  • Billing address country: United Kingdom
  • Customer account age: 4 minutes
  • Order value: £340 (electronics)
  • Shipping: next-day express

Every single signal here is red. The IP is a known Tor exit node. The billing address is inconsistent with the detected country. The account was created moments ago. The order is high value with fast shipping — classic fraud ordering pattern (get the goods before the chargeback lands). With Predax in Hold mode at threshold 65, this order would never reach your fulfilment queue unreviewed.

Tuning for Your Store

Start with Monitor mode for two weeks and review the flagged orders. You'll quickly develop a feel for your legitimate customer base's IP distribution. Then move to Hold at a conservative threshold (75–80). Only move to Block once you've confirmed that your false positive rate is acceptable — typically after one to two months of Hold-mode data.

Ecommerce analytics dashboard showing fraud rate reduction over time
Ecommerce analytics dashboard showing fraud rate reduction over time

Related guides

Run a WooCommerce store? Install the Predax WooCommerce plugin and pick a plan sized to your daily order volume.