Fraud Orders
The Fraud Orders tab shows Shopify orders flagged as potentially fraudulent, with risk scoring and the ability to block associated IP addresses. Access it from Analytics > Fraud Orders in your dashboard, or from the Fraud Orders link in the navigation menu.
How Fraud Orders Are Detected
Kedra Shield receives fraud data directly from Shopify. When Shopify’s built-in fraud analysis flags an order with risk indicators, the data is sent to Kedra Shield automatically via webhook.
Only orders with a risk score above zero are stored and displayed. Low-risk orders with no fraud indicators are not shown.
Risk Score Calculation
Each order receives a calculated risk score (0-100%) based on Shopify’s fraud assessment:
- Recommendation weight: Shopify provides a recommendation (Cancel, Investigate, or Accept) that heavily influences the score.
- Risk assessment count: The number of high-risk and medium-risk assessments from Shopify’s fraud analysis contributes to the score.
Risk Levels
| Risk Level | Score Range | Badge Color |
|---|---|---|
| Critical | 70% and above | Red |
| High | 50-69% | Orange |
| Medium | 30-49% | Yellow |
| Low | Below 30% | Blue |
Fraud Orders Table
Orders are displayed in a table with the following columns:
| Column | Description |
|---|---|
| Order | Order name (e.g., #1234), linked to the order in Shopify admin |
| Risk Level | Color-coded badge (Low, Medium, High, Critical) |
| Recommendation | Shopify’s recommendation: Accept, Investigate, or Cancel |
| Score | Numeric risk score |
| IP Address | The customer’s IP address at the time of the order |
| Created | When the order was placed |
| Actions | ”Block IP” button to block the associated IP address |
| Details | Button to open the order risk details modal |
The table is sorted by newest first, 10 rows per page, with live updates enabled.
Order Risk Details Modal
Clicking Details opens a modal with full risk information:
Risk Analysis
- Risk Factors — Negative indicators from Shopify’s fraud assessment, shown with red critical styling.
- Positive Signals — Positive indicators (e.g., verified billing address), shown with green success styling.
- Additional Information — Neutral or informational factors, shown in a collapsible section with “Show X more” to expand.
Order Details
- Risk score with level badge.
- IP address with Block IP button.
- Customer email (if available).
- Total order price (if available).
- Payment status badge (e.g., Pending, Paid).
Blocking Fraud IPs
Manual Blocking
Click the Block IP button on any fraud order (in the table or the details modal) to immediately block that IP address. The button changes to Blocked once the IP has been added.
The IP block is created as a blacklist entry with the source marked as “fraud_order” and a description noting the order number and risk score.
This action is available on all plans, including Free.
Auto-Block Fraud IPs (Pro Only)
Pro plan users can enable automatic IP blocking for high-risk fraud orders.
Settings (shown above the fraud orders table):
- Auto-Block Fraud IPs toggle — “Automatically block IPs from high-risk fraud orders.” Disabled and locked on the Free plan with an upgrade prompt.
- Threshold Settings (visible when auto-block is enabled) — A slider to set the risk score threshold, ranging from 30% to 100%. Default: 70%.
When auto-block is enabled, any incoming fraud order with a risk score at or above the threshold will have its IP address automatically added to the IP blocker blacklist. The block is synced to your store’s security configuration within 15 minutes.
Free vs Pro
| Feature | Free | Pro |
|---|---|---|
| View fraud orders | Yes | Yes |
| Manually block IPs from fraud orders | Yes | Yes |
| Auto-Block Fraud IPs | No | Yes |
| Configurable risk threshold | No | Yes |
Data Retention
Fraud order records are retained for 60 days, after which they are automatically cleaned up.
Next Steps
- Visitor Analytics — View all visitor traffic and statistics.
- Blocked Visitors — View blocked traffic details.
- Weekly Security Report — Receive weekly email summaries.