Fraud Prevention on Shopify: When to Use Which Tool

Most Shopify merchants choose a fraud tool the same way they choose a theme. They read a comparison article, they look at a few star ratings, they pick the one with the most ambassadors in the Shopify Discord, and they move on. Then six or eighteen months later they discover they are paying one percent of approved revenue to a guarantee provider that is preventing roughly nothing a free native rule could not have caught, or the opposite, they are eating chargebacks and watching their processor send warning letters because they never graduated past the built in risk indicator.

The real question is never which tool is best. It is which tool pays off at your specific combination of average order value, chargeback rate, and monthly volume. This article walks through the actual math, the category premiums nobody mentions, and the single cost most merchants never measure, then lays out where each of the main options earns its keep.

What Shopify Gives You for Free, and Where It Quietly Stops Being Enough

Every Shopify plan ships with native fraud analysis. It looks at a handful of signals the platform already knows about each order, things like whether the billing address verification passed, whether the card verification value matched, whether the IP is from a proxy or a country mismatched with the shipping address, the age of the customer email, the number of card attempts on the session, and whether the customer has any previous orders on the store. It outputs a simple low, medium, or high indicator with a short human readable explanation.

It is genuinely useful. For a store doing forty dollar average orders in a low fraud category like coffee or candles, with a fraud chargeback rate well under half a percent, native analysis plus a Shopify Flow rule that auto cancels anything flagged high risk and holds medium risk for manual review will outperform any paid tool on pure cost. A few hundred dollars a month in fraud is cheaper than a one percent fee on three hundred thousand dollars of approved revenue. The merchants who should never upgrade are the ones selling low margin, low AOV, high volume items where manual review is tractable and the occasional fraud loss is absorbed by volume.

Where native stops being enough is less obvious than merchants think. It is not when you start getting the occasional chargeback. It is when one of three things happens. First, your fraud chargeback rate starts creeping toward the Visa and Mastercard monitoring thresholds, because at that point the fee you pay for guarantee coverage stops being about recovering losses and starts being about keeping your processing rights. Second, your AOV crosses roughly one hundred and fifty dollars, because at that price point the cost of even one false decline, a good customer you turned away, starts outweighing the cost of several fraud losses. Third, your order volume exceeds what manual review can reasonably handle without a dedicated hire, at which point the labor cost you are hiding inside an operations salary begins to outrun the fee a guarantee tool would charge.

If none of those three are true, keep your money.

The Chargeback Guarantee Math Nobody Writes Down Honestly

Signifyd, NoFraud, Riskified, and Forter all sell the same core promise. They look at the order, they approve it or decline it, and if they approve it and it charges back as fraud, they reimburse you for the loss and the fee. That guarantee is what you are paying for. The catch is that the fee, typically between point six percent and one and a quarter percent of approved gross merchandise value depending on the provider and your negotiated rate, is charged on every approved order, not just the fraudulent ones.

So the math is simple. The guarantee tool pays off when the chargeback loss it prevents, plus the false decline recovery, plus the manual review labor it eliminates, together exceed the fee you pay on every approved order. Let us make that concrete with realistic numbers.

A store doing two thousand orders a month at a forty dollar AOV is pushing eighty thousand dollars through the system. At a point four percent fraud chargeback rate it is losing around three hundred and twenty dollars a month to fraud, plus maybe a hundred and fifty in operations labor on manual review of flagged orders. Total fraud cost: roughly four seventy a month. A one percent guarantee fee on that eighty thousand is eight hundred dollars. The guarantee tool costs more than the problem it solves. This is the single most common mistake WitsCode sees when we audit a merchant's tool stack. They signed up for a fraud platform because the sales pitch sounded reasonable, and they are paying almost twice their actual fraud exposure to prevent it.

Move that same store up to a one hundred and twenty dollar AOV and suddenly the math inverts. Two thousand orders at one hundred and twenty dollars is two hundred and forty thousand in monthly volume. The same point four percent chargeback rate is now costing nine hundred and sixty dollars. Manual review labor climbs as the number of medium risk flags grows. And here is where the cost nobody counts shows up. At a higher AOV, false declines become expensive. If native fraud rules or your own manual reviewer mistakenly cancel one percent of legitimate orders, that is twenty four legitimate customers a month you refused at one hundred and twenty dollars each. Even at a thirty percent margin that is roughly eight hundred dollars a month in lost contribution, and industry surveys from LexisNexis and from the guarantee providers themselves consistently show that false decline losses run between two and five times the raw chargeback loss for merchants above one hundred and fifty dollars AOV. Total real fraud cost on that one hundred and twenty dollar AOV store is probably north of three thousand dollars a month. A guarantee tool at two thousand four hundred dollars a month is now saving you money, and the savings grow as volume scales.

Take it one more step. A store doing one thousand orders at three hundred dollars AOV is at three hundred thousand a month. Chargeback losses alone might run twelve hundred. False decline losses at this price point routinely run three to four thousand because every canceled legitimate order hurts. A one percent guarantee fee of three thousand dollars not only recovers direct losses, it recovers the false declines by dramatically raising the approval rate, and it eliminates manual review labor almost entirely. At this tier the question is not whether to use a guarantee tool, it is which one.

False Declines, the Cost Nobody Measures

This is the single biggest gap in how merchants evaluate fraud tools, and it is worth its own section. A chargeback is visible. It shows up in your gateway, it triggers an email, it gets logged in a dashboard, accountants find it. A false decline is invisible. You never see the order, because it never happens. The customer got a declined message, or your rule engine canceled them silently, or your reviewer flagged them out of caution, and they either abandoned or went to a competitor.

The best proxy we use at WitsCode when auditing a merchant is to pull the canceled and voided order log for the last ninety days, segment by cancellation reason, and look at what percentage of orders canceled as fraud or flagged risk actually had clean signals, meaning billing address verification passed, card verification matched, customer email age was longer than a year, and shipping and billing matched. In nearly every audit on a merchant using manual review at higher AOVs, between one and three percent of legitimate orders are being canceled incorrectly. That number alone, multiplied by AOV and margin, is frequently larger than the fraud loss the merchant is worried about.

A guarantee tool with a good commerce graph, meaning a tool that has seen a lot of similar orders across a lot of merchants, will approve customers your native rules would refuse, because it has external context your store does not. That approval rate lift is usually between one and three percentage points. On a three hundred thousand dollar monthly volume, two percent more approvals is six thousand dollars in recovered revenue, and even at a thirty percent contribution margin it covers the fee twice over. This is why the simplistic "does it stop more fraud than it costs" question is the wrong frame. The real question is "does it recover more revenue than it costs," and false declines are most of that number.

Signifyd, NoFraud, and Riskified, Honestly

Signifyd is the default for most mid market and enterprise Shopify merchants because its commerce graph is the largest, meaning it has seen more orders across more merchants than its competitors, so its approval rate on legitimate but marginal orders tends to be highest. It prices in the point seven five to one point two five percent range for SMB and mid market plans, lower with volume. It covers the standard chargeback cases, and higher tiers cover item not received disputes and do representment. Its weakness is that for high risk verticals the surcharges or outright declines can be harsh, and the contract minimums on the enterprise tier are not small.

NoFraud is the value pick for SMB and lower mid market merchants. It prices lower than Signifyd on comparable approval rates, typically point seven five to one percent on guaranteed orders, sometimes with a flat monthly plus per order structure for smaller stores. Its decision speed is strong and its live agent review for marginal cases is a real differentiator for merchants who hate either manual queues or false declines. Reimbursement cycles are fast. For a store between two hundred thousand and two million a year in Shopify volume, NoFraud is where we start the conversation.

Riskified is enterprise territory. Minimum effective commitments usually start around ten thousand dollars a month, and the sales cycle reflects that. If your store is doing fifty million or more a year in GMV, Riskified or Forter negotiate well under one percent and often under point seven, and they include policy abuse and return fraud modules that smaller tools do not match. If you are not that size, you will not get that pricing.

Kount and Sift are in a different quadrant. They are risk scoring platforms, not guarantees. You get the ML and the device fingerprinting, and you write the policy, and you handle chargebacks yourself. They work well for merchants with engineering resource and an ops team that wants control, and they work poorly for founders who wanted a guarantee and did not read the fine print.

High Risk Categories and the Hidden Premiums

If you sell in a category guarantee providers consider elevated risk, the economics shift. CBD and hemp, vape, firearms accessories, precious metals and high ticket jewelry, digital goods delivered instantly, nutraceuticals and weight loss, electronics resale and gift card adjacent categories all fall on this list in some combination at different providers. Coverage looks like one of three things. The provider declines to underwrite the category at all, meaning you are on your own. The provider charges a surcharge, often an extra half to one and a half percentage points on top of the base fee, which can push the effective rate above two percent and quickly ruin the math we ran above. Or the provider caps the guarantee per order, meaning a three thousand dollar jewelry order is only covered up to two thousand.

Merchants in these categories almost never should run a single tool. The pattern that works is to blend. Use Signifyd or NoFraud for the clearly covered SKUs at whatever approval lift they deliver. Use a risk scoring tool like Kount or Sift, or a rule engine layered on top of Shopify native, for the flagged SKUs, and maintain a smaller manual review queue for the highest risk orders. This is the single most common place where hiring a fraud strategy consultant pays for itself inside one month, because the provider sales teams will never volunteer that a blended approach beats their single solution.

How We Decide at WitsCode

When we audit a Shopify merchant's fraud stack, we start with three numbers pulled from the last ninety days. The actual fraud chargeback rate, meaning fraud coded disputes divided by approved transactions, not the overall dispute rate. The real cancellation audit, meaning what percentage of canceled orders had clean verification signals, which is our false decline proxy. And the real blended cost of the current tool, meaning the fee plus the chargebacks not covered plus any surcharge for high risk SKUs, expressed as a percent of approved GMV.

Then we run the same math we just walked through. If the merchant is paying one percent but their total real fraud cost under native would be under half a percent, they are overpaying and we renegotiate or downgrade. If the merchant is on native but their real blended cost is over one point two percent once false declines are counted, they need a guarantee tool and we choose based on AOV, category, and growth trajectory. If the merchant is approaching Visa or Mastercard chargeback thresholds, the conversation changes entirely and speed matters more than price.

The consultation pays for itself in the overwhelming majority of engagements because the typical merchant is either paying roughly double what they need, or leaking ten times their tool fee in unseen false declines. Neither mistake is the merchant's fault. The comparison content on this topic is almost entirely written by the vendors themselves or by affiliates of the vendors, and the numbers that would embarrass any single tool are missing from every public article. You can read ten Signifyd reviews and never see a case where native was cheaper, and you can read ten native fraud filter articles and never see a case where the false decline losses were ruining the store.

When to Get a Second Opinion

If you are about to sign a fraud contract, if you are inside a renewal window, if your chargeback rate has climbed above point five percent, if your AOV has shifted materially in either direction in the last year, or if you have added a high risk SKU category to a previously clean catalog, your current configuration is almost certainly wrong. The math is specific enough that a one hour audit against your last ninety days of Shopify data will tell you with confidence whether you are underpaying, overpaying, or mis covered.

WitsCode offers a free fraud strategy consultation for Shopify merchants doing over one hundred thousand dollars a month. >> We pull your chargeback data, your cancellation data, and your current fee structure, and we tell you whether to stay, switch, renegotiate, or blend. Most consultations surface a two to six thousand dollar a month swing for mid market merchants, and the same call answers the question this article opened with: which tool actually pays off at your specific AOV, chargeback rate, and volume.

The right fraud tool is the one that costs you less than the problem it solves and nothing more. Knowing which one that is takes ninety days of your own data and thirty minutes of honest math, and the sooner you run it, the sooner you stop paying to solve a problem you do not have, or paying to ignore one you do.