How to Auto-Cancel High-Risk Orders on Shopify (2026)

Shopify shows you a fraud risk indicator on every order — Low, Medium, or High. But it does not act on it. Every flagged High-risk order sits in your queue waiting for you to decide whether to cancel.

That is fine if you ship five orders a week. At fifty orders a day, it is the bottleneck that costs you money on every chargeback. The fix is auto-cancellation rules that fire the moment a high-risk order lands.

This guide walks through setting up auto-cancel on Shopify, what signals to use, and the pitfalls to avoid.

How Shopify's fraud risk score works

Behind the scenes, Shopify calculates a score from 0.0 to 1.0 per order based on:

• IP geolocation vs billing/shipping address mismatch
• Email domain reputation
• AVS / CVV result
• Device fingerprint
• Previous chargebacks on this customer
• Shopify Payments network signals (when applicable)

The score becomes a bucket:

Shopify never auto-cancels. That is where Shieldy comes in.

Setting up auto-cancel in Shieldy

1. Install Shieldy Fraud Filter.
2. Open Fraud Order Filter.
3. Toggle Auto-block fraud orders on.
4. Set Fraud order score starts at to your threshold. Default is 0.7 (high risk only). Lower to 0.5 if your chargeback rate is high.
5. Choose action: Cancel order, Mark order as Fraud, or both.
6. Optional: restock inventory automatically (recommended).
7. Optional: send customer a notification email with a configurable template.
8. Save.

Within seconds, any matching order is cancelled and restocked. The customer sees a "Your order was cancelled" email from Shopify; you see the cancellation reason in the order timeline.

What threshold should you use?

The right threshold depends on your chargeback tolerance:

Start conservative (0.75) and lower it as you gather data. False positives are 3-8 % at 0.75 and rise to 12-18 % at 0.5.

Layered protection: pair auto-cancel with pre-checkout rules

Auto-cancel is reactive. It stops fulfillment but does not stop the order from existing — meaning:

• Your payment processor still charges fees.
• Stripe/Shopify Payments counts the cancelled-as-fraud rate against you.
• The cancellation triggers a refund flow that costs your team time.

For better results, layer in pre-checkout blocks:

• Block VPN/Proxy at checkout — stops masked fraudsters before they pay.
• Block specific email patterns (*@tempmail.com, *@guerrillamail.com).
• Block specific phone prefixes from known bad regions.
• Block ZIP codes you do not ship to.

These are in Shieldy's Block Checkout module (Enterprise plan and above).

Auto-cancel and Shop Pay / Shopify Payments

Stripe and Shopify Payments track your "fraud cancellation rate" — too many auto-cancels can trigger account review. To avoid this:

• Keep auto-cancel threshold at 0.7+ (only true high risk).
• Use the manual review queue for 0.5-0.7 orders, not auto-cancel.
• Match cancellation reason to "Fraudulent" so processors understand the pattern.
• Cancel before capture when possible (configure in Shopify Payments to manual-capture for High-risk).

How auto-cancel pairs with VPN detection

The single biggest predictor of fraud-order outcomes is whether the buyer used a VPN or proxy. Industry data shows VPN-flagged orders chargeback at 3-5x the rate of non-VPN orders.

Shieldy combines both signals:

1. VPN/Proxy/Tor detection adds 0.2-0.4 to the risk score automatically.
2. With auto-cancel threshold at 0.7, any order with VPN traffic + medium other risk gets cancelled.

Enable VPN detection in Bot Killer → Auto-block VPN/Proxy (Premium plan).

Edge cases to handle

Returning customers from unusual locations. Loyal buyers traveling for work may trigger high risk. Add a whitelist for customer.id of your VIP segment.

Gift orders. Different billing and shipping addresses always raise the score. Tag gift orders during checkout (custom field) and exempt them.

Subscription renewals. Recurring charges sometimes spike risk if the saved card hits a different processor route. Whitelist subscription orders by tag.

B2B / wholesale. Corporate buyers from one country shipping to another are common. Tag B2B customers and exempt them by tag.

Shieldy supports all four exemption patterns in the Enterprise plan.

What happens to inventory and refunds

When auto-cancel fires:

1. Order status → Cancelled
2. Cancellation reason → Fraudulent (or custom)
3. Inventory → Restocked (configurable)
4. Payment → Voided if not yet captured, Refunded if captured
5. Customer notification → Sent with your template
6. Internal log → Available in Shieldy dashboard with the full risk reasoning

You can also send a Slack/email notification to your fraud-ops team whenever an order is auto-cancelled — useful for spot-checking the first 30 days.

What about Shopify Flow?

Shopify Flow can also auto-cancel orders, but it has limitations:

• Flow's "Order risk level" trigger only fires on the High bucket, not arbitrary thresholds.
• No support for VPN/Proxy/IP-based signals.
• No checkout-level blocking.
• No spy-extension or bot detection.

Shieldy adds all of these on top of Shopify's native risk score. If you already use Flow, the two work together — Shieldy auto-cancels with richer signals, Flow handles downstream notifications.

Frequently asked questions

Will auto-cancel hurt my conversion rate?

A small dip is normal (1-3 %) but these were lost-cause orders. Net revenue improves due to fewer chargebacks and refunds.

Can I auto-cancel based on order subtotal?

Yes. Shieldy's Enterprise plan adds Auto-block order based on subtotal conditions — e.g. block all orders under $5 (card-testing pattern).

Does it work with Shop Pay?

Yes. Auto-cancel runs after Shopify Payments captures, so it works with Shop Pay, Apple Pay, Google Pay, and credit cards.

What if I want to review high-risk orders manually first?

Set auto-cancel threshold to 0.9 (extreme high risk only) and use the Manual review action for everything below — you get notified but the order stays open.

How fast does auto-cancel run?

Under 5 seconds after order creation. Customer never sees a "Processing" stage.

Where do I see the cancellation reasoning?

Open the order in Shieldy's Fraud Order Filter dashboard — every signal that contributed to the score is shown (IP risk, geo mismatch, email reputation, etc.).

Wrapping up

Auto-cancel is the single fastest way to cut chargebacks. The free plan ships with standard fraud-order analysis; the Premium plan at $4.99/mo adds the auto-block toggle and risk-score threshold. For card-testing protection, checkout-level blocks, and full automation, the Enterprise plan at $8.99/mo covers everything.

Install Shieldy free on the Shopify App Store → · Compare plans →