Shopify payment fraud protection blocks legit credit cards since cloudeflare is running

Hi, i am using shopify and experience strange behavior of shopify fraud protection since i activated claudflare services. fraud protection claims ip adress 6702km away from shippers address and or cvv not provided. i checked with legit credit cards and some work others dont , but cant find a solution to this problem. if this persists i have to leave Cloudflare soon , since loosing money…

After searching, it doesn’t look like Shopify obtains the real visitor’s IP address from the Cloudflare Cf-Connecting-IP header.

This is probably something you should contact Shopify support about - link the following URL and see if they have any suggestions.

Hi, Shopify is of no help, I insisted twice about the cf- connecting IP header, but they would refer back to either Cloudflare or the pay engine of the credit aquifer. However the fraud analysis is done on Shopify side, I created now a page rule with caching off for the cart pages and geo ip location on / off. While I was able to pay with my own credit cards , Shopify still shows the Cloudflare IP on their fraud analysis both ways. What strikes me is that Shopifys live visitors tool shops the correct location of the buyer. … so I am still stuck , because I don’t know for sure if other buyers can shop.

I am not familiar with Shopify. Is that a service that runs on your website or do you utilise their servers? If it is the latter, why would you hide them behind Cloudflare? I can understand their point though.

Hi Shopify is an ecommerce system for small business.

While their static content is already cached via Akamai CDN I noticed that switching to Cloudflare the page load time decreased 75% and therefore I have a much better load time and performance. Only recently I realized that sometimes their automated fraud protection for credit card payments does show the Cloudflare IP instead of the correct IP. …

However Shopify’s own live visitor report shows the correct visitors IP and location, So I just can’t make out why they can’t parse the correct IP to prevent buyers from shopping.

This is only the problem since I added Cloudflare.

I have switched of caching for the cart page and purged the cached and hope this helps. Not sure…

Thats something they should address however.

Well, that should always happen, not only sometimes.

Does that happen when the visitor visits their site directly without going through the host you specified?

There is nothing to parse. What they are doing is correct, they must not rely on some HTTP headers for that.

Sure, you are basically tunnelling all your customers through Cloudflare and hence Cloudflare’s addresses show up.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.