The Unofficial Shopify Podcast

The 3 Red Flags That Mean It's Fraud

Episode Summary

His First Shopify Sale Was a $5K Scam

Episode Notes

"I shipped the bike and a couple of weeks later, the real credit card holder got a statement, said I didn't place that order, filed a chargeback, and then the money was gone."

Also on YouTube: https://youtu.be/6k4iyfvjuTA

John Murphy's first-ever Shopify sale was a total scam. Two weeks into launching, he wired a $5,000 e-bike to a guy putting on an old man's voice over the phone. That single chargeback kicked off an eight-year obsession with not getting burned again. He grew eBike Generation into a $3M store and pieced together a fraud detection stack that didn't eat his razor-thin drop shipping margins. Now he runs FRIQ Labs, productizing the system he built for himself.

We covered the trifecta of red flags that almost always mean fraud, why you should never auto-capture payments on Shopify, and how being curious about a single weird order can save you thousands.

SPONSORS

Swym - Wishlists, Back in Stock alerts, & more
getswym.com/kurt

Zipify - Build high-converting sales funnels
zipify.com/KURT

Promo Party - We built an app!
https://promoparty.app/

LINKS

• FRIQ Labs: https://friqlabs.com
• Drop Ship Breakthrough: https://dropshipbreakthrough.com
• Ben Knegendorf's episode: https://unofficialshopifypodcast.com/episodes/ben-knegendorf-dropships-FLGufeLE
• Ekata: https://ekata.com
• Shopify Protect: https://shopify.com/protect

WORK WITH KURT

Apply for Shopify Help
ethercycle.com/apply

See Our Results
ethercycle.com/work

Free Newsletter
kurtelster.com

The Unofficial Shopify Podcast is hosted by Kurt Elster and explores the stories behind successful Shopify stores. Get actionable insights, practical strategies, and proven tactics from entrepreneurs who've built thriving ecommerce businesses.

Episode Transcription

Kurt Elster • 00:00.001
This episode is brought to you in part by Swym. Here's the thing about wishlist apps. Most of them just sit there. A customer saves a product, and then nothing happens. Swym actually activates that data. When someone wish lists a product, you could trigger price drop or back-in-stock alerts and feed that intent directly into Klaviyo or your CRM. You're not guessing what people want because they've told you. Plus, customers can share wish lists for gifts and your team can view them to offer personalized service online or in store. And unlike card abandonment, wishlist data is permission-based. These are people raising their hands saying, hey, I want this. Just not right now. Swym 's been around for over a decade. It powers 45,000 stores and installs in about five minutes. You can try it for free today at getswim. com slash Kurt. That's G-E-T -S-W-Y -M. com slash Kurt. Well we're talking fraud today. Alright. Let me read to you some headlines from the Shopify subreddit, r slash Shopify. And just I searched fraud and I searched chargeback. Six days ago, the dumbest chargeback I've ever seen. A month ago, chargeback processes BS. Two months, have you ever won a chargeback? Is anyone else getting an insane amount of chargebacks? Am I the only one not getting chargebacks at fraudulent order? Chargeback fraud. Just got my first chargeback. Chargeback opened. Anyone else feel like chargebacks are it just keeps going like that. Alright, let's just search fraud for fun. Yeah. Multiple fraud orders. Fraud isn't the real problem. Banks are. I owe Shopify three grand because of their fraud system. It It just keeps going, right? It is a fact of life. If you sell in retail, retail, brick and mortar, online marketplaces, it does not matter. You will deal with fraud. It is inevitable, it is a matter of time until you experience credit card fraud, friendly fraud, chargebacks, you name it. And our guest today has been a merchant and is now Developing a solution for risk identification in fraud. I had a really interesting conversation with him privately about it. I said, man, we got to do a podcast about this. And you know, we years ago we we worked on uh his website, eBike Gen. So we're joined again today by John Murphy, who formerly eBike Gen. uh some other businesses and now freak labs which does uh fraud identification I believe we'll find out. John, welcome back to the show. Uh is it true in my research notes it says Your first ever sale online was fraudulent.

John Murphy • 02:55.900
Yes, yes, that is true, yes. Um two weeks into launching my store I got my very first order. I heard that Sha Ching for the very first time and I got very excited. I was actually at the VEX with my dog. Yeah, that's the one. And the phone rang and there was a guy talking on the phone said he just placed the order and he just wanted to make sure that um I was gonna ship it really quick and I was I was kind of at that stage I was my very first order. I wasn't even sure how to get my supplier to fulfill the order. I figured I'd figure it out as I go along. So I was really kind of flustered. And it was only afterwards that I if I'd have got if if it wasn't my first order, I probably would have saw some of the some of the issues. And I remember talking to the guy, he said his name was Jose, and he was putting on an old man's voice Um and it was just I was I was new and I was just

Kurt Elster • 03:49.200
To try and disarm you.

John Murphy • 03:50.560
Yeah, he like because he placed the order and then uh he was then he immediately called me just to make sure that I was gonna get it shipped and stuff And I was just I just wanted to make sure that the order went through because then for me that meant um proof of validation validation, proof of concept. It was my first order after two weeks only, so it was gonna work. And I just I didn't I didn't I didn't know what to look for in terms of fraud and yes I shipped the bike and then a couple of weeks later the the real credit card holder got a statement that said I didn't place that order filed a charge back and then the money was gone

Kurt Elster • 04:25.360
And this was 2017, nine years ago.

John Murphy • 04:28.400
Yeah, Jul July wow, nine years ago, yeah. Wow. Yeah, uh yeah, July, 19th.

Kurt Elster • 04:33.660
I don't think at that time I don't think Shopify had like the the order risk identification or if they did, it was not like what it is now. And so that in Shopify world at the standard process is We set payment capture to manual. Then you Shopify Flow. This is how I do it anyway. Then you Shopify Flow where so when order new order when order risk analyzed. If it's low, Capture the payment, fulfill the order. If it's medium or high, hold for review, flag for review, or you know, you could just cancel it if you want. Um, you know, however you want to handle it. But it let's let's discuss it. You know, this is open-ended. You've you've kind of become uh an expert at identifying credit card fraud. Give me the high-level overview here.

John Murphy • 05:15.160
Yeah, I well I kinda had to because um with e-bike generation um

Kurt Elster • 05:20.280
That was your your previous store was e bike gen and that was doing it Three million a year?

John Murphy • 05:24.860
Yeah, it was averaging three million a year, yeah. And when it when it was doing when I when I was at that type of revenue, um I had, you know, after I after I got burnt, I then went and seeked out um solutions to make sure that it didn't happen again. And there are there are good solutions out there, but it really depends on you know the type of revenue you're doing and the type of terms you have. And I I had started um in the in the Shopify communities, all the rage was um Signified was like like the go-to guys. Uh and uh they were taking one percent of every sale.

Kurt Elster • 05:59.800
I mean good business to be in where you could just get your hands into every transaction. Yeah. Like, man, I'd like to have one of those.

John Murphy • 06:06.400
Especially if like nine times out of ten there's nothing to look at, but you're they're still getting paid. So it's uh it's a good business to be in. Um but for me it was peace of mind because I was afraid. You know, I was afraid of getting burnt again. But as sales ramped up, 1% on every order quickly became three to four thousand dollars a month in fees. Um I went from I moved from Signified to Clear Sale because ClearSale were newer and they were reaching out to all the signified customers and saying we can do better than 1%. So they gave me a slightly better percentage. So I moved to clear sale just to reduce overhead. But it was still just it was still too expensive. It was still like two grand a month, uh two or three grand a month um even with the reduced fees. And I wasn't in a like a high risk category. I I was selling very expensive e-bikes, like in the four to seven K range. So even one was a big problem for me because the you know the the deficit for me could could you know ruin my month. Um so I still needed to find a different solution so I ended up bringing it the the I bring it in-house. So I had to just find a solution where we could figure it out ourselves and then handle it internally. And

Kurt Elster • 07:22.120
you know, the problem like the fraud is you're not just out the money, you know, you're you also lose the processing fees and you lose the product. And so industry average, it's more like you lose $4. 50 on every dollar you lose to a fraudulent order. And so like the the costs here are exceptionally high. Like and also it just it feels awful. It is a terrible feeling. to realize like, oh, I got excited about an order and I shipped it quickly because that's what I'm supposed to do and I was being taken advantage of and didn't know it. It's just a gross feeling. Yeah. But it's also, you know, it's the reality. And there is also exists in the Wii universe.

John Murphy • 08:03.000
And even there are more like secondary and third level negative impacts of being fraud it because if somebody on the dark web buys credit card details and then uses them and they're successful they go back onto those forums and then they they share that you that they were successful on your store And you end up on an easy playlist for a long time. So if you get scammed once and you don't catch it immediately What happens is they go, yep, we got it, it worked. The um sucker took took it, shipped the product, and then all of a sudden you've got a lot of very similar orders. And if if you didn't catch it for weeks because the original guy didn't check his credit card statement and didn't flag a chargeback immediately You could be four or five scams deep before you realize the first one was a scam. So it can bury you. You know, it can it it can be a real problem. And you have to be super vigilant then for months afterwards because people are seeing your your your store on a list and they're just chancing it with the details that they have. So it's um it can be it can be one, it could be ten If you're not if you don't catch that first one very quickly or avoid it altogether.

Kurt Elster • 09:11.840
Man. And you know, as w we know from other research, like it's people in uh telegram chats uh yeah the other places online where they just openly discuss, hey, here's how you commit credit card fraud. They'll even sell it as a service where, you know, hey, you want this expensive product. We can get it for ya. And you know, then they pay like pennies on the dollar for it. And yeah, everybody they know what what's happening, but It it it's a pervasive problem. So you you know you experienced it as your first transaction, then you start doing the tool gauntlet. Like you run through all the different tools and yeah, they all all of them work in different ways. And then you got, you found a different tool. Ikata. I had not heard of this. This one sounds like more sophisticated

John Murphy • 09:59.560
Yeah, so Ikata 's good because basically the if you you can you you can license the software that banks use to to see the information, like to to under to try to to try to piece together what's going on in a transaction you you pay uh you pay for the licensing fee, you pay monthly, and then you do your own research and you use the tool and you enter your customers details and then you you you interpret them the the results and then you you make a decision. Uh I was I was one of the very first beta users for Ikata when it came out. And I was the first Shopify store to test their API. It didn't actually work and they pulled it. But I was there, so I was there at the beginning and then Ikatao was sold to MasterCard. uh in twenty twenty one. So MasterCard now own Ikata and it's it's a bigger it's a bit of a m it's more like an enterprise tool now. So they don't take you know they don't they don't they don't they don't really look after the small let's say like the Shopify merchant. They're looking for people with like tens of thousands of transactions and stuff like that. So it's not exactly what it used to be, but the the software works works very well. Uh I started when I when I gave up Signified and clear sale, uh they were guaranteeing something, right? So if they if they approved an order and it turned out to be fraud, and I had accepted it based on their verdict, they would uh in in in most cases refund me. Now there there is also some fine print in there as well because They don't just blindly give you back your money. But there is that kind of a additional safety now. With ICATA, that's not the case. You license access to the information using the tool But then the decision is on you. But I was fine with that because we didn't have a lot of fraud. So I wanted access to the information and then we could just bring it in house. Um And we started using that for a while, um, which we which was good. It still didn't have all like we still then needed to go off Ikata and then try to get confirmation in other places like uh who lives at the address, uh who who who owns the phone number. That because not all of that information was always readily available. So we it was we pieced together different things. Uh and ICATA was the uh was was the tool that had a lot of the information and then we just started using like premium white pages in some cases to do some extra research. So we were we were patching some different tools together on top of EKTA to make Work. And we would do that in house.

Kurt Elster • 12:36.300
Well, all right. So we've got Shopify's risk analysis tool that just goes low, medium, high. Why was that not good enough?

John Murphy • 12:42.040
What a Shopify looks at was like how many attempts were made to get the information to enter the information correctly on the website at checkout, right? It'll say three attempts made or the the CVV number was incorrect or correct, or it'll say uh one attempt was made, meaning The credit card worked first time, right? But if somebody bought those credit card details online, uh the details are correct. They're just not the owner of the credit card entering them in. So that's already it's already like a pass Um but you don't get information on like who you know who who owns that number. Is it a Verner phone number? Is it uh is it a VoIP number? Is the email has the email aged twelve years or did they create it a half an hour before placing the order? You don't have those type of insights. So uh And you can get that stuff? I can, yes. My toolk. It's all legal. Don't worry. It's legal. It's just it's hard to get and it's hard to package into like one one thing. But yeah, um that's I that's that's what we've built. a free clubs.

Kurt Elster • 13:48.560
I've seen so much online fraud that if it for me, my recommendation would be like if it order is anything other than the slightest an anything other than totally okay, meaning like it's risk low and there's nothing weird about it. I just I wouldn't ship it. It's just not worth it. Um of course it depends on you know what cost of goods sold is.

John Murphy • 14:08.519
In in my case, why I was selling, I was drop shipping high ticket, so Every order counted because what if I sold a bike for $5,000 but my cost was four and I refuse it because there's a vague indiscretion about maybe the IP Am I leaving? Maybe I am and maybe I'm not. But it's the fact that you don't know for sure. So people are willing to to roll the dice and hope it's not. Because that could make a difference at the end of the month, right? A couple of those orders. So the problem is is that if uh if Shopify says medium and for good reason because they detect a VPN or like uh the IP is hidden by an anonymous IP, that could trigger like a medium flag, but there are plausible reasons for that. For example, this morning I was using a VPN to check something. Um and the tool I was accessing then said, you know, enter your username and password because it didn't recognize me. So but because I had a New York IP address just for that exercise I was doing. But um there are Apple users that use uh that have the uh anonymous private relay settings right they have the iCloud relay uh set up as default so they're they're But that w that triggers a that triggers at least a medium because that's an an an anonymous IP because you can't get the location. But that's a plausible explanation for it. But if you don't have context, you're just you know it's a medium but you don't know why it's a medium. And you don't know what triggered the medium or high. But having the context, you could say, okay, Shopify says medium, but I see there an Apple device user and it's going through the iCloud proxy relay. Which is explainable. Everything else checks out. So it's not one of multiple red flags. It's one outlier, but everything else is fine. So you can make a more informed decision that way. If you have the context

Kurt Elster • 15:59.880
This episode is sponsored in part by Zippify. Here's a stat that should keep you up at night. 80% of the people who buy from your store will never come back. They're gone. You get one shot with these customers. One chance to recover what you spent acquiring them and maybe turn a profit. That's why upsells matter so much. The problem is most upsell apps only trigger after checkout, post-purchase only, which means you're ignoring every other step of the funnel. Product pages, cart, checkout, all of it, just leaking money. Zipify's one-click upsell fixes this. OCU lets you place offers before, during, and after the sale, so you're capturing revenue from the moment someone lands on your site to the moment they leave. That's how it's generated over a billion dollars in extra revenue for Shopify merchants. It pays for itself, so there's zero risk. Thirteen thousand merchants are already using it. Brands like Victoria Beckham, Lumi, even Cheechin Chong. You could try it free for 30 days at zipify. com slash Kurt, that's zi-i-p-ify. com slash k-urt. So what why jump to build your own solution? And it sounds like there are other good solutions out there. What's you know, what made you want to roll your own? Um so I I uh

John Murphy • 17:16.680
so when I was selling e-bikes and drop shipping and the margins are razor thin, I was always trying to figure out how do I reduce my cost. And my my team had already been trained on what uh like Ikata would give some information and then we'd have to dig deeper maybe in some other other sec uh like second and third tools and my my team became very good at recognizing what a red flag was or why or the context of what the meanings were. So we didn't really need to rely on somebody else to tell us whether it was low, medium, or high. We just needed the the raw data so we could so we could get it ourselves. And we built I you know I built a tool that the actual tech stack is now expensive. Um but like for example if if if if I have my own tool internally Uh if I I'm not going to increase my prices. My my overhead doesn't go up just because I hit a certain threshold of number of searches that month or whatever. I'm in complete control. And if we were rolling the dice based on the information that we were gathering, I may as well, you know, get gather my own information and roll the dice that way. Um so it started off as how do I reduce my costs? Like uh my my margins after shipping were sometimes 8% margins. You know, sometimes there were 20% margins depending on the bike, depending on the shipping. So I couldn't, you know, I couldn't afford the luxury of just going, I'm just gonna bury that cost. I'll pay pay for peace of mind. So I was it was just how do I how do I do get better information and all in one place because we were paying for Ikata but then we're paying for like white pages premium and uh Some of these like, you know, uh public record kind of databases things and it all it all adds up. So I was paying for like multiple subscriptions. every month to just get one core decision. So I built a tool that just gathers all of it.

Kurt Elster • 19:15.420
I get the in the initial call is made by our signals from our traditional fraud service, Ikata. And like that is a very API-based service, you know, enterprisey. And it comes back with it doesn't make the call for you, but it comes back with the info. And then you're going to classify it as as pass fail. And if it's failed, then it goes through an additional verification steps where we try and like verify who, you know, does name, email, phone, and address all match according to publicly available information.

John Murphy • 19:47.000
Yeah, well so with our it would just give you if if it's if it uh it will give you information maybe uh some public record information uh but it it's not always there and not always updated because there it's all it's all third party information. But what what it does is it gives you kind of like raw raw information. It doesn't give you the context of why it's you know whether that's it whether like uh for example they're like they could say something along the lines of uh VPN yes or no right but Assuming all VPNs are bad, I know what to do if it says VPN yes, but that's not the case. So you do have to try to just Invest it's more of an investigation rather than a like yes-no triggers. So

Kurt Elster • 20:40.340
So they come back with your transaction risk. Like essentially with like phase one, we determine transaction risk. Which seems to be what you know all services do. And then you decide what you want to do from there. In this case, and he kind of does digital identity stuff. Um But it sounds like it, you know, not quite up to date or not quite as good as if you then just went and did additional research. Well, you you still I've never used White Pages Premium. You're the first person to ever bring up White Pages Premium as an anti-fraud tool.

John Murphy • 21:06.880
It's kind of interesting No, and it is, it is, it is a little dated as well, but uh uh there's a lot of information in there, you know. Um but uh like that that was that's just one of those many tools that I would have to go and and use as additional either confirmation or uh like if if Ikata comes back with like no information available or something like that, I would then go have to go and look for that information elsewhere and find it. And I rem and White Pages was one of those things it was like twenty dollars a month or something. And you could search by phone number, you could search by like reverse address search type of things. And then there are other websites now as well, like um it's being verified. com or something like that. And then there's another like there's lots of these like reverse phone number ones like spokio. com and you can see who the who owned the phone number um and that kind of information So with Ikata you can get a lot of information and sometimes it's enough to make a determination or sometimes you have to then go and use these other tools to try and piece together the uh How confident you are whether it's a whether it's a good call or not.

Kurt Elster • 22:11.539
Then once you've compiled this, there's it this is the human step? Are there humans involved in this decision process? If

John Murphy • 22:17.019
so when I was using Ikata, we were the ones looking at the information and then just making a call, basically. Um so we were like my team were used to, you know, understanding the the the the information that we were looking at and then coming coming to a like a real world scenario conclusion. Like is this plausible? Is it a VPN? How long has the email been like how long ago was the email created? Has it been seen online? Uh is the, you know is the the the IP and known um unknown hope for fraud that kind of thing and with all that information then we're just making a judgment call. Uh so when I when I decided to, you know, b bring it in house and just uh go and source the raw data and and build a tool for ourselves. Like Ikata, just with all of the additional information, we knew we already knew what to look for, so we were able to understand what that information was so um but when i when i sold the byte generation i you know i wasn't using that tool anymore because i didn't i didn't immediately go into another business another e-commerce store I I dabbled in a couple of different businesses, so that's all was just kind of just there. Um and I've been doing uh I've been doing coaching. I've been coaching with a dropship. So I'm in a I'm the resident coach for a high-ticket dropshipping community. So I see a lot of the things that uh they need help with at the beginning of March. Uh one of the one of the ladies in there messaged in in the in the private Slack and she was like, oh my god help I've just just had a I've just had a chargeback for $4,000. So what and she was like, what do I do? And I said, well, was it fraud or was it friendly fraud? You know, or did you did you piss the guy off or something? And she says, um, actually, I don't know. I said, okay, so um do you have clear sale? She said no. So what did Shopify say? And she said, Shopify said it was medium. Um well I don't know what that like medium for what So I said, okay, look, send me over if you don't mind, DM me all of the customer information, and I'll run it through my tool and see what it comes, what it comes back with. And it was just red flags everywhere. So it was it was clearly fraud. The email had been created the day before. Um the the it was a it was a Google Voice number. Uh like or not a Google Voice, it was a it was a VoIP number And it wasn't it we not and not associated to anybody. Uh the shipping address, the resident was somebody else completely in a different state. It was just red flags everywhere. But she didn't have she wasn't privy to that information. So she just rolled the dice and she was in her it was one of her like first sales. She's not getting regular sales. She's getting it a few sales a month. So every sale counted. So she was willing to take the sale rather than turn it away. And the credit card holder saw something in a statement and file a chargeback. And then she subsequently then started getting a bunch of very similar orders that she had to cancel all of it.

Kurt Elster • 25:13.900
Ah. So that's always you get the first one. This is the pattern we've seen is like the first one happens and you sell it and then the floodgates open. Yeah. You know, and it Sometimes it doesn't matter what you sell, it's just like, hey, we're testing and warming up credit cards. Um, and other times it's you you you get taken for a ride. Yeah. And it always hurts to see.

John Murphy • 25:35.960
Yeah, and and it was it was it was in that moment when I said, you know well bas basically what I did was I ran horror sale through my system. And then I I just sent her a report and I said, look, the bad news is, you know, this isn't friendly fraud. You can't contest this. It was a legitimate fraud. And here are all the red here are all the red flags. So unfortunately you're screwed. Um and then when I sent it to her, she was like, Oh my god, I wish I'd I wish I had this before. Before I, you know, shipped the product and I talked I think there's a business in there. Um so basically then I got

Kurt Elster • 26:08.760
So you took your own you it went like hey I'm not happy with the existing solution Let's build our own. And then, you know, over subsequent years evolve that.

John Murphy • 26:17.539
Yeah.

Kurt Elster • 26:18.019
And then through this uh community through dropship breakthrough, you're connected with other folks, recognize the same problem, go to help them out and realize, oh This could be beneficial to other people.

John Murphy • 26:29.560
Yeah, yeah, and and really like the and then the the adjusting it to then be able to connect to multiple Shopify stores was It was actually really easy. I went onto ChatGPT and said, I have this problem. How do I do it? I was like, okay. Click here, click here, click there. And uh now I can connect any Shopify store to the system and we start getting their orders immediately. So it's uh So we now I'm helping multiple stores and uh it's great.

Kurt Elster • 26:57.780
Now we're we're doing some vibe coding

John Murphy • 27:00.760
Yeah, well uh yeah so it's uh I guess the the the system looks like uh Shopify webhook through make make. com. Make. com pulls the information

Kurt Elster • 27:12.440
People should not sleep on make. Make is better than Zapier. I think it's better and easier than NADN. NADN's good, but I think I like Make a little better.

John Murphy • 27:19.720
I I like make because I I mean I experimented with it a few months ago because I was doing I was experimenting with something else and I got I got it to work and um and I thought okay well I don't want to go learn a new tool I'll just I'll just use make again and it works. It populates everything to Airtable We have then our tool, which is uh like a like an internal website that we use to do all the to do research. Populates the tool automatically from your table. So it's it's it's a it's a nice tool and with make it it means I can connect all of my all of the Shopify stores directly into my system. So myself and and the other analysts see the orders as soon as they come in So it's uh it's working.

Kurt Elster • 28:02.680
Yeah, I taught at a conference recently, I talked to a guy who had a uh a a pharmaceutical online store. It was not on Shopify, um, but they were selling uh weight loss, weight loss drugs, prescription. And in talking to him, man, so uh a unbelievable revenue, but also so much of it was powered by make automations, like make. com scales. It is good. Just i for anyone who might be listening to go and like, well that sounds sus. Oh absolutely not. Makes great.

John Murphy • 28:32.299
Yeah, no, makes it

Kurt Elster • 28:33.500
make it.

John Murphy • 28:33.899
Yeah, and the limits they have like have got like the bandwidth that it allows even on like a small a small like a small business um subscription, like the minimums are huge. Like it's I I'm not going to outgrow make. So it's it's uh it's it's a good solution. So

Kurt Elster • 28:52.980
all right, you've got the service relatively new. Do we have any customers?

John Murphy • 28:58.419
Yes, and I got my first customer's true dropship breakthrough. So I was because I'm because I'm already known and trusted in there, because I've I help I've been helping guys for years. And I have had my own store. Everybody knew my own store. So they saw what it wasn't just some oh guess I you know I started a new business. It was like They know they they already know and trust me, so that was my first, I guess, your friends and family network kind of scenario with uh in the dream in the

Kurt Elster • 29:25.480
start friends and family. And then word of mouth is next. Yeah. You know, as they have good experiences and they talk to other people in their networks. And then, you know, all right, word of mouth. And then it it snowballs from there and you'll get like a better sense of You know, what works, how they talk about it, where what channels they're in. Um, it's fun to watch. But yeah, it's like that initial step of okay, how do I go zero to ten? Okay, I got 10 customers. Great. Now how I go 10 to 50. I got 50? And like, why having done this a few times now, at you know, 50 is where you start to go, all right. There's something here and we're starting to get a s like we're starting to get a better sense of like how people are using this, etc. Um and then you know on from there, then you you just get progressively more comfortable. Uh so I want to and so this is live now could just before we I want to go into tact your tactical advice on avoiding fraud. But before we do that, I want you to tell us how we learn more, how we sign up for this.

John Murphy • 30:22.179
Yeah, well, so uh freak labs is uh fr -i-qlabs. com and

Kurt Elster • 30:29.460
freak sounds better, but frick. I like frick Freak. Well. So it's freak's what you yell when the fraud happens. Oh frick.

John Murphy • 30:36.640
Freak, yeah. Like uh so frick is I I like freak because I live in Italy and it would be pronounced freak in Italian and Freak Labs has a Um but so it would be fraudriskiq labs. com. And uh so when I was using it internally, uh we didn't have a name for it. It was just our tool, you know. Um but um so so that that so the the name and website is is the is the is the new concept. Um so freeclabs. com and they people can sign up there or they can reach out to me and you know get hop on a 15-minute call to ask questions, see if it's a good fit. Um so that's how they can that's how they can uh reach out.

Kurt Elster • 31:18.880
I was hoping you would check out our new app, Promo Party Pro. It is what I want to be the single best, easiest way to run a free gift with purchase promo on Shopify. We just put it live in the app store. We've got less than 50 users. We want your feedback. So if you need to run a free gift with purchase promo in the near future, install it, try it. There's a live chat. I check that all the time. And so if you have any issues at all, you know, or any suggestions on how we can make it even easier to use, let us know. We're happy to help. If you want to try it, search promo party in the app store. Promo PartyPro's the app. Give it a shot. It's got a free trial. Thanks. And all right, I want to get into just with your experience, I want to get into your advice on What people could do today to avoid fraud in their store. Um, you know, it it give me one or two tips just like, all right, here's something everybody should do in avoiding fraud with a Shopify store.

John Murphy • 32:17.280
Yeah, well, um I I wouldn't have um I wouldn't have auto capture on. Now obviously that's not always possible depending on the size of your store and how many units you sell. Today.

Kurt Elster • 32:28.360
And settings payments, we could decide when the order happens, it's authorized, and then the payment is captured. Do we want payment to be captured always immediately? Or do we want to leave it on manual and then either an automation does it or a person does it?

John Murphy • 32:42.500
I so we ha you have seven days to to manually capture a payment, so you've got plenty of time to look at the order. Um so I I normally recommend manually capturing orders after you've You've taken a good look at it. Um couple of reasons because like if you set it to like medium or high auto cancel, there are good valid reasons why they could be plausible explanations for those false red flags And also if

Kurt Elster • 33:09.039
no one wants to give up legit orders and no one wants to cancel an order on someone who's like, hey, I just wanted to buy that.

John Murphy • 33:14.559
Yeah, yeah. And even just just yesterday, somebody from Dropship Breakthrough was in Slack and they said, hey So I just found out that ClearSale auto cancelled one of my orders and it was for thousands of dollars. Um so now I have to go back to the customer and ask them how to, you know, to to place the order again. How do I how do I turn that off? And it turns out there's a setting inside of ClearSale, whereas if you If it's marked as high risk, clear sale automatically cancels the order on you. See like they took the, you know, they take the decision for you. So she didn't realize that was turned on and she, you know, lost the sale. Now she has to try and get convinced the customer that, you know, our fraud department, you know, accidentally you know, red flag tree with a kind of picture blue. But she said it it was a completely legitimate order and that she needed the customer to then place the order again. shouldn't have happened and then she had to go figure out how to turn off those settings. So I like the manual.

Kurt Elster • 34:07.960
That one's a false positive.

John Murphy • 34:09.240
Yeah.

Kurt Elster • 34:09.639
And for sure false positives happen. What are the f give me uh one to three red flags that should make you always cancel an order?

John Murphy • 34:19.280
So um I would say it's usually when it they all happen together. So The l each red flag is justifiable in every day, right? So if it's usually the the the it's like the trifecta, let's say when When it seems to be a combination of them all happening on the same order, that's when it's a red flag. So generally, if a phone number doesn't come back to the person or at least the family member Um that's a red flag because people are not going to put the the billpayers actual phone number on the order. Because you know somebody they could get SMSs or notifications or a call about the order that they didn't place on their credit card. So there'll usually be like a burner number. And that's usually a that's usually a big red flag. Um and then if the email, if if there's like a Gmail account that was literally just done, just created that day, and this was the first time it's been used online. That's also a red flag.

Kurt Elster • 35:24.240
Yeah, how do you check? Like I know you could it's easy to see like who owns a phone number. So you can tell it's like, oh this is owned by T-Mobile. Alright fine. Um like play if I Google the phone number, there's plenty of services that'll be like this is the carrier that owns this. And so I could tell if it's void.

John Murphy • 35:38.080
Unfortunately, only my tool and the kata. Can get that information. I don't know of another service that you could just sign up for like Spokyo or one of these places. Uh one of these websites that actually tell you. when an email was created. I haven't found another I haven't found another tool that does that.

Kurt Elster • 35:56.160
Yeah, that's the one I'm like, wow, that's interesting. That's it. Obviously it's like if the email exists online.

John Murphy • 36:01.520
Yeah.

Kurt Elster • 36:02.140
in Google, like you could Google it, you know, just put it in quotes, see what comes back. And if it exists, you know, yeah years ago, okay. Like you know that one is probably real unless it it's a hacked account uh or it's friendly fraud. But that like if nothing comes up Well, that just means they may not be very active online. It doesn't mean it was just created.

John Murphy • 36:19.660
Yeah, or they don't they don't post it publicly. It's not on a Facebook profile. It's just private. And most of them aren't. Like if you Google an email. If it's on an about us page because it's a business email or something like that, you know, you can't find it. Or sometimes you might find like an Instagram page. with the email account public. Um but a lot of time it that information isn't online if you Google it like a Gmail account. It's often not there. With my uh Freak Labs tool that we use internally, we can see the day that the email was first seen online and we give that information when we when we submit the report. So the client actually sees the the very first time that email was used online and if it was set and if it was first seen today that's a big red flag. So if the phone number uh is not doesn't isn't registered to the person that placed the order or at least the family member that's a red flag if the email is brand new that's a red flag but unfortunately most people don't have don't have aren't privy to that to that aspect um The shipping address and billing address, if they're not if they don't match, you know, that's uh that's something to look deeper into. Reverse, like you know, there are there are platforms like premium white pages or some of these um platforms like Spokio dot com or

Kurt Elster • 37:33.720
You know, I stuck my f my cell phone number into Spokio and it immediately came back and it like it was like, all right, you gotta buy this record for 95 cents and it claimed to have everything. But it did its proof show a screenshot of my damn house Like at the map, I'm like, oh yeah, that's definitely my address. And so I'm like, all right, let me just go ahead and opt out of this bad boy.

John Murphy • 37:51.420
Yeah, so I mean you can do that and you can also reverse address You can re um you know reverse search an address to see if it's registered to somebody, if there's any public records. Some states have really good public records online. Uh you can actually find who's

Kurt Elster • 38:07.579
Yeah Illinois does with house sales, it's a problem.

John Murphy • 38:10.059
Yeah. So I've I've used I've used a few of those sometimes Um

Kurt Elster • 38:14.420
I once had a a concerned uh email subscriber was like in your video I could see like the corner of your house number and you know googling it I was able to figure out your address immediately. And I was like, uh, well, you know, my neighbor's a cop and I own a gun. But in Illinois, like I own my house and I didn't buy it through an LLC, so in Illinois it's just public record. I don't get a choice there. Yeah. Well, that's neither here nor there.

John Murphy • 38:36.080
Yeah, so like somebody that has time to kill that or like a VA that that's doing this type of work, they they can go and piece together a lot of the information from different locations. different public records, public sites, other aggregate sites, and you can get like a good idea. The email, the email uh you know built uh for scene thing isn't generally available. But uh if the shipping address is different you can reverse address. the address to see who who actually lives there and if there's a connection. If it could be a family home, it could be it could be an office. Like just just yesterday I I ran a I ran a review for for a guy who was it was he was shipping it to his address to his work address. So billing address said one thing and billing was registered to the to customer's name that checked out but they were shipping it to somewhere else and that somewhere else wasn't a home and his name wasn't associated but the address was a um Volkswagen like used car dealership And I went to the website and I went to About Us and it was meet there was a meet the staff section. I went to the service department and this guy's name, his face, his business emails were all available on the about us. I was like, okay, he's shipping it to his to his work because that's where he spends most of his time during today. So uh you know, the the shipping address checked out. But the um the other aspects checked out as well. So

Kurt Elster • 39:56.400
So some of this fraud avoidance is really doing a little bit of uh internet sleuthing. You're you're a private investigator here.

John Murphy • 40:05.619
You have to yeah, you have to you have to be an investigator and you have to understand what all the signals mean. And there are a lot of false reds. Like my wife travels a lot. She's never home. I work from home a lot And my wife orders a lot of stuff online and always leaves my phone number because the courier is going to call me or call and say, okay, I'm on my way AU home because I have a package and we live in the middle of nowhere. So they're not going to come into the countryside If they know that there's nobody home. But if somebody was to check my phone number, John Murphy, an Irish name, and my wife is an Italian with a very Italian name, and Italian women don't necessarily take the husbands. name in marriage because they have to then get a whole new I you know social security numbers and stuff. It's complicated. So her name is one thing and my surname is completely different. And it's they're distinctly two different nationalities. Oh it's really obvious. So that would be a massive red flag. But it's plausible because that's just how how my wife shops online. So you have to recognize the red flags, but then try to understand. the the the context behind it and are they stacking up is it a brand new email is the phone number somebody else is the shipping address Compu somebody else altogether, it'll let not related. So it's usually a combination of all these things, but then it's okay, this is definitely a high risk order But one of those things isn't necessarily a high risk, but they will flag in systems like Signified, ClearSale, Shopify , because there's some legitimacy to it.

Kurt Elster • 41:33.520
As we're wrapping this up, let's say I've got a store. I'm doing 50k a month. So I'm like, I'm early, you know, but I'm not huge. I haven't hit a million a year yet. What should my fraud stack look like? You know, like I'm still I'm on a I'm on a DIY shoestring budget here. Give me the like the free cheap version and you know, a a tip that'll save me.

John Murphy • 41:54.980
I would I would do some back at a napkin mats and say, okay, clear sale and the signifoid signified uh is peace of mind and you lose one percent And in in a good scenario, they'll they will they will refund you if it turns out to have been fraud and they proved it. So that's a kind of a good I I pay I pay the fee, I can absorb it, and I don't need to think about it anymore. So that's kind of like the m safest peace of mind scenario that you can do. And then after a certain amount of revenue each month you'll that 1% will eventually become uh many hundreds, if not a few thousand a month. And that's when you start looking for another option. So like And one of those options would be free clouds, for example. Whereas we actually like if if somebody was today and go the Ikata route and pay a few hundred a few hundred dollars a month for the software and then they train somebody in to understand what you know the the context behind the the information so somebody becomes the fraud analyst in their in their organization that would be and like the an and the evolution of the process or you you they use a service like freak labs where We're the analysts and we give you a report identifying whether it's you know low risk, medium, or high risk with the context behind the medium and behind the red. And because I've built e-commerce stores since 2017 and and run this and my analyst is also has been using it from my previous store, uh we're well versed on what the next steps would be. So we also give instructions on Here's what we recommend because there's some as there's a concern about this one aspect, but here's how you could dispel that that specific axe aspect before shipping, and here's what our recommendation would be. So it's not just a green, orange, or red result. We give context and then recommendations in our report for each order. Um and we're more

Kurt Elster • 43:55.280
have you ever used um Shopify Protect? So Shopify's has a landing page for this, you know, Shopify. com slash protect. Uh fraud sucks, fight back. Activate your force field against fraud with Shop Pay's free built-in chargeback protection. And then there's a big asterisk at the end of that statement. Because of course there is. And do you have any experience with this? I don't.

John Murphy • 44:15.320
Never even heard of it. I guess it wasn't around when when I was when I was running E by Chen and It may be US only.

Kurt Elster • 44:21.820
Was eBike Gen based in the US?

John Murphy • 44:23.660
It was a US business, yeah. Yeah, it was uh yeah, I had I registered in Delaware. Yeah, so it was a US business.

Kurt Elster • 44:30.000
Yeah, the it's like we cover Shop by Protect covers total order cost they claim they cover chargeback costs. Fulfill without fear. I have not particularly played with this.

John Murphy • 44:41.280
Yeah, no, I've never heard of it. It could be new. Like shop shop paint itself isn't isn't very isn't very old. That hasn't been around for a very long time. So it's probably con

Kurt Elster • 44:52.560
Yeah this well and this is like it is part of that. Like you have to be using Shopify payments. Um it's gotta be a US based store. So yeah, lots of lots of options. I mean, I think at the very least, make sure you are not just blindly capturing orders always and fulfilling them because when the wrong person figures that out, they're gonna take advantage of it as a loophole Um and so like you need to be able to stop it. Uh the well, any like one single takeaway piece of advice thing you wish everyone would do.

John Murphy • 45:23.700
Well, uh I was I was doing some research on for some of the numbers and I saw that Bank of America released a report that said that uh 2025 global e-commerce fraud had exceeded $50 billion that year and by 2029 it will exceed 107 billion dollars a year. So do something, whether it's clear sale or signify it or Ikata and train uh train an analyst to read ikata or use a service like Freak Labs, do something. Don't blindly capture payments and ship. And uh just be curious about what's going on behind the order because just a little bit of more like curiosity about what's going on. could avoid massive repercussions. Uh because when when you get when you get one chargeback and you don't know for a couple of weeks But they know they got away with it. You could be you could be targeted big in a very short amount of time because everybody wants to strike while the iron's hot. So be vigilant and be curious about those orders and uh and you could avoid lots of pain.

Kurt Elster • 46:30.740
Be curious about those orders. I think that's good advice. I like that. Um you know when we have to find when researching info about a guest or prospective client, we call it uh look 'em ups. Like, hey, look 'em up. Go look 'em up. The sorry I borrowed from Righteous Gemstones. I really love that show. But yeah, we I like the idea of look-em-ups. And in the past, you know, with other clients, they've had unusual orders and sometimes they'll be like, hey Kurt, take a look at this, what do you think? And then you do a little bit of research and sometimes you discover like, oh my gosh, this it's like this customer is someone famous or someone really interesting. Or it turns out they're just like super into your brand and willing to blow disposable income on it. It's a you know like, hey, there's an opportunity there. Reach out to that person. Yeah. A few times when we were less suspicious of an order, we discovered it wasn't fraud. It was like the just the most perfect customer in the world. And so I appreciate your approach of like, hey, you know, don't just blindly cancel everything that doesn't fit the perfect safe risk profile. You know, go the extra step, do the research, look 'em up and try and try and figure it out. There's lots of options here. Lots of ways to go about this.

John Murphy • 47:32.280
A good example of this even is just two days ago. Uh one of my clients she sells uh porch swings, um, built by the Amish community. A fantastic product, really, really, really cool. And um she got a sale and because the shipping was the email was a business email, I went and uh I did some digging out outside of my tool, I went to the website and see who it was, and it turned out to be like a a garden exterior excavation company. And I thought, oh, that's interesting. If they bought one, maybe they've got a project. Maybe maybe they will have multiple projects, similar projects. So in my in my report, in my notes, I I said, hey, I I also noticed a side note that this guy renovates gardens for a living, so maybe it's a good contact to have because if he's not on your radar now, it could be a good contact to have. And store owners can get that kind of insight just by being curious as well. So it helps.

Kurt Elster • 48:24.780
Yeah, absolutely. All right, where to John Murphy, where do we go to learn more about you?

John Murphy • 48:29.500
Freaklabs. com. That's fr iqlabs. com. That's where I'm at now. And uh they can reach out to me and they can talk to me. They can f fix some time with me or they can sign up uh right there on the homepage.

Kurt Elster • 48:42.900
That's we will we will do that. Hey did you know you can Then we'll I'll stop the recording. Did you know you could buy Freak Labs F-R-E-A-K. com for a mere $10,000? Oh wow. I'm glad I didn't go looking for that one. Yeah. I know I every time I'm like, I got a brilliant brand name idea. I got a brilliant domain name idea. So I was like, all right, well, I don't ten thousand dollars like it.

John Murphy • 49:06.900
Yeah, I do. I do that at least daily. I'm checking. I wonder if the domain is available, and it never is.

Kurt Elster • 49:13.539
John Murphy, thank you so much.