The 8 Fraud Metrics Every Shopify Merchant Should Track

Most Shopify stores track fraud metrics poorly or not at all. Default Shopify reports surface a handful of numbers (chargeback count, refund volume, risk-flagged orders) without the context that turns numbers into decisions. The result: fraud-prevention effort operates without feedback. You can't tell which controls are working, which are over-firing, or which are missing the patterns that are actually costing you money.

This guide walks through eight metrics that, tracked together over time, give you a working picture of fraud-prevention health. None is hard to compute. The work is picking the right ones, defining them consistently, and reviewing on a regular cadence.

Metric 1: Chargeback ratio

The most important single number for any store accepting card payments.

• Definition: Total chargebacks ÷ total transactions, over a defined period (usually 30 days)
• Why it matters: Payment processors monitor and tier risk policies accordingly. Visa flags merchants above 0.9%. In monitoring programs, processing costs go up and options narrow.
• Target: Below 0.5% safe. 0.7% processor attention. 0.9% monitoring territory.
• Common mistakes: Calculating across too short a window (chargeback timing creates noise). Including dispute-reversed-in-merchant-favor as wins (chargeback counted against ratio regardless of representment outcome).
• Cadence: Weekly tracking, monthly reporting. Trend matters more than any single reading.

Metric 2: Fraud-loss dollar value

The actual money-walked-out-the-door cost, including all components.

• Definition: Sum of chargeback dispute amounts + dispute fees + cancelled-fraud-order operational costs + COD non-acceptance costs + promo-abuse losses, over a defined period
• Why it matters: Ratio metrics tell you whether you're trending toward processor concern; dollar metrics tell you whether the fraud problem is meaningful relative to your business. $50K/month store with 1% chargebacks loses $500/month; $5M/month store with same ratio loses $50K.
• Target: No universal benchmark — scales with your store. Right question is whether loss is shrinking as prevention investment grows.
• Common mistakes: Only counting chargebacks (missing COD non-acceptance, promo abuse, refund fraud). Not including operational time cost. Not including CAC of fraud orders.
• Cadence: Monthly. Trend over six months.

Metric 3: Fraud rate by order source

Where fraud is concentrating — by acquisition channel.

• Definition: Fraud rate (orders or dollar value) broken down by traffic source — organic, paid social, paid search, email, direct, referral
• Why it matters: Different channels have different fraud risks. Paid social often highest, organic typically lowest. If paid-social fraud is 5x organic, your CAC math on paid social is wrong — paying acquisition for fraud you'll absorb later.
• Target: Compare channels against each other; outliers warrant investigation.
• Common mistakes: Attribution issues that lump fraud onto wrong channel. Looking at fraud count rather than rate (high-volume channels show high counts even if rates are low).
• Cadence: Monthly. Particularly important during paid-campaign expansions.

Metric 4: False-positive rate

How often your fraud controls catch legitimate customers.

• Definition: Of orders blocked or cancelled by fraud rules, what percentage were actually legitimate? Confirmed by customer outreach, manual review, or absence of dispute history.
• Why it matters: The cost side of fraud prevention. If your false-positive rate is too high, prevention is destroying more value than it preserves.
• Target: Below 40-50% on auto-cancel rules; below 20% on aggressive rules. Higher suggests over-blocking.
• Common mistakes: Not measuring at all (the most common mistake). Considering only customers who reach out — many silently abandon, so measured rate underestimates actual.
• Cadence: Quarterly. Tune rules based on data.

Metric 5: Manual review queue health

How well your review workflow handles flagged orders.

• Definition: Average time-to-resolution for flagged orders, plus oldest unresolved order, plus queue depth.
• Why it matters: A manual review queue that grows faster than it drains is a bottleneck that delays legitimate fulfillment and frustrates customers. Queue health tells you whether review capacity matches detection volume.
• Target: Time-to-resolution under 4 hours during business hours; queue depth roughly constant over time.
• Common mistakes: Tracking only volume, not timing. Treating spikes as anomalies rather than monitoring for sustained growth.
• Cadence: Daily monitoring; weekly review of trends.

Metric 6: Revenue protected vs conversion loss

A balanced view of fraud-prevention impact.

• Definition: Dollar value of fraud orders prevented (orders blocked that would have been chargebacks/non-acceptances/abuse) versus dollar value of legitimate orders blocked (false positives × their would-have-been revenue).
• Why it matters: Fraud prevention is a net optimization problem, not a security problem. The number that matters is the difference between value protected and value lost.
• Target: Net positive with reasonable margin. If numbers are close, you might be over-investing in prevention.
• Common mistakes: Reporting only "revenue protected" (which always looks good) without "conversion loss." Estimating conversion loss too narrowly (only counting customers who reached out).
• Cadence: Quarterly. Two numbers together tell the story; either alone misleads.

Metric 7: COD non-acceptance rate (if applicable)

For COD-market stores, the single most important operational metric.

• Definition: Percentage of COD orders that don't get accepted at delivery (returned, refused, address-not-found)
• Why it matters: Pure operational cost with no offsetting revenue. Margin-killer at scale.
• Target: Below 8% excellent. Below 12% acceptable. Above 15% concerning. Above 20% requires immediate action.
• Common mistakes: Not tracking by region (loss concentrates in specific districts, but average hides this). Not tracking by customer-history segment (new customers worse than returning).
• Cadence: Weekly tracking, monthly reporting by region and segment.

Metric 8: Promo-code abuse rate

For stores running discount campaigns, the metric that catches campaign waste.

• Definition: For each promotional campaign, the percentage of redemptions that look fraudulent (bot-driven, coordinated, repeat-account-redemption) versus organic.
• Why it matters: Marketing campaign budgets are real money. Campaigns where most redemptions are abuse are net-negative investments.
• Target: Above 80% legitimate redemption is healthy. Below 50% suggests serious abuse worth investigating.
• Common mistakes: Not measuring at all. Detecting abuse only after campaign ends rather than during.
• Cadence: Real-time monitoring during campaigns; retrospective analysis after.

Putting the metrics together

These eight aren't meant to be reviewed all at once or all by one person. Different teams own different ones:

Finance / leadership: Fraud-loss dollar value, chargeback ratio, revenue-protected vs conversion-loss. Summary view of "how is fraud affecting the business."

Fraud-operations: Manual review queue health, false-positive rate, COD non-acceptance rate. Operational view of "how is the prevention system performing."

Marketing: Fraud rate by order source, promo-code abuse rate. Channel-investment view of "is our marketing spending efficient."

Customer service: False-positive rate, manual review queue health (specifically the customer-outreach side). Customer-experience view.

A monthly cross-functional review where each team brings their metric updates surfaces patterns no single team would see alone.

The cadence that matters

Different metrics deserve different review cadences:

Daily: Manual review queue depth, oldest unresolved flagged order, chargeback alerts.

Weekly: Chargeback count and rate trend, fraud-loss dollar trend, COD non-acceptance rate.

Monthly: Full metric review across all eight. Trend analysis. Rule tuning decisions.

Quarterly: Revenue-protected vs conversion-loss. False-positive rate assessment. Strategic-level decisions on prevention investment.

The cadence is what turns metrics from "we have a dashboard" into "we manage fraud with data."

What to do with the metrics

The point of measuring is to act. Common patterns:

Each metric's movement should trigger a specific decision. If a metric moves and you don't act, you're not really tracking it — you're just generating dashboards.

How Shieldy surfaces these metrics

Shieldy Fraud Filter's analytics dashboard surfaces these directly:

• Chargeback ratio with 90-day trend
• Fraud-loss dollar value by category (chargebacks, COD, promo, operational)
• Fraud rate by order source (with UTM-tag integration)
• False-positive rate per rule
• Manual review queue health
• Revenue protected vs conversion loss
• COD non-acceptance by region (for COD-enabled stores)
• Promo abuse alerts during active campaigns

Reports exportable to CSV for finance/audit teams. API access for stores building custom BI dashboards.

A practical first-month setup

For a store starting from no fraud-metric tracking:

1. Build a simple monthly dashboard with these 8 metrics (or whichever apply)
2. Define each metric explicitly — what's included, excluded
3. Pull 12 months of historical data to establish baseline
4. Set up automated extraction so dashboard refreshes monthly
5. Schedule the monthly review meeting before the dashboard exists, so it actually happens
6. After 90 days, refine the metric set based on what you actually used

A practical close

The right fraud metrics tell you whether to do more, do less, or change what you're doing. The wrong metrics just provide a number on a slide.

These eight, tracked at the right cadence with explicit decision-making attached, are the working set for most Shopify stores. Start with the ones that apply to your business; layer in others as you mature.

Shieldy's dashboard surfaces them by default. The discipline of monthly review is yours.