How Do I Get Alerts for High-Risk Shopify Orders? (First-Time + High Value)
Set up automatic alerts for risky orders before you ship. Learn how to flag first-time customers placing high-value orders and route them to the right person for verification.
Quick answer: High-risk orders combine multiple red flags—most commonly, a first-time customer placing an unusually large order. Set up alerts that check customer purchase history (via Shopify's Customer API or
customers/purchasing_summarywebhook) and trigger when a new customer's order exceeds your threshold. Route these to a manager or verification team before fulfillment.
Not all orders deserve the same level of trust. A $500 order from a customer who's bought from you 12 times is very different from a $500 order from someone you've never seen before.
The second one needs attention before you ship.
What Makes an Order "High-Risk"?
High-risk doesn't mean fraudulent. It means the order has characteristics that warrant verification before you invest in fulfillment.
Common high-risk signals:
| Signal | Why It Matters |
|---|---|
| First-time customer | No purchase history to establish trust |
| Order value above average | Higher financial exposure if something goes wrong |
| COD payment method | Customer hasn't committed financially |
| Mismatched billing/shipping | Common in fraud, but also legitimate gifts |
| High-risk shipping region | Some areas have higher RTO or fraud rates |
| Rush shipping selected | Fraudsters often want fast delivery |
Any single signal might be fine. But first-time customer + high value catches the most actionable cases without overwhelming your team with false positives.
Why First-Time + High Value Is the Best Filter
This combination works because it's:
Specific enough to be actionable. You're not flagging every new customer or every large order—just the intersection.
Easy to verify. A quick call or WhatsApp message confirms the order is legitimate. Most real customers appreciate the personal touch.
Low false-positive rate. Repeat customers with history don't trigger it. Normal-sized orders from new customers don't trigger it.
Available in Shopify data. Order value comes in the webhook. Customer purchase history requires an additional lookup—but Shopify provides this via the Customer API or customers/purchasing_summary webhook.
The math that matters
If you process 100 orders daily:
- ~30% might be first-time customers (30 orders)
- ~5% might be high-value (5 orders)
- ~1-2% will be both (1-2 orders)
Verifying 1-2 orders daily is manageable. Verifying 30 is not.
What Data Does Shopify Provide?
The orders/create webhook includes order details and basic customer info:
{
"total_price": "485.00",
"customer": {
"id": 115310627314723954,
"verified_email": true,
"created_at": "2026-02-03T10:30:00Z"
}
}Important: As of Shopify API version 2025-01, orders_count is no longer included in the customer object within order webhooks. To get purchase history, you need one of these approaches:
Option 1: Customer API lookup
When an order arrives, use the customer ID to fetch their full profile:
GET /admin/api/2025-01/customers/{customer_id}.json
This returns orders_count, total_spent, and other history fields.
Option 2: customers/purchasing_summary webhook
Subscribe to the customers/purchasing_summary webhook topic. When a customer's purchase data changes, you receive:
{
"customerId": "gid://shopify/Customer/115310627314723954",
"numberOfOrders": 1,
"amountSpent": {
"amount": "485.00",
"currencyCode": "USD"
}
}This gives you numberOfOrders (equivalent to the old orders_count) without an extra API call—but requires correlating with the order webhook.
Key fields for high-risk detection
| Field | Source | Purpose |
|---|---|---|
total_price | Order webhook | Check order value threshold |
numberOfOrders | Purchasing summary webhook or Customer API | Identify first-time customers |
customer.created_at | Order webhook | Flag same-day account creation |
verified_email | Order webhook | Additional trust signal |
Setting Up High-Risk Alerts
Define your thresholds
Step 1: Find your average order value
In Shopify Analytics, check your AOV over the last 90 days. Let's say it's $75.
Step 2: Set your high-value threshold
A common rule is 3-5x your AOV. For a $75 AOV:
- Conservative: $225 (3x)
- Standard: $300 (4x)
- Aggressive: $375 (5x)
Start conservative. You can always raise the threshold if you get too many alerts.
Step 3: Define "first-time"
A first-time customer has numberOfOrders of 0 or 1 (depending on whether the current order is already counted). Your notification app should look this up via the Customer API or purchasing summary webhook.
The alert rule
IF customer numberOfOrders <= 1
AND order total_price > $225
THEN notify verification team
Two conditions, one alert. The app handles the data lookup behind the scenes.
What Should the Alert Include?
Your verification team needs context to act quickly:
High-Risk Order Alert
Order #6721 needs verification
First-time customer
Order value: $485.00 (6.5x your AOV)
Customer: James Wilson
Email: j.wilson@email.com
Phone: (555) 123-4567
Ship to:
892 Pine Street
Denver, CO 80202
Items:
- Premium Wireless Headphones × 2
- Leather Carrying Case × 1
Payment: Credit Card (Paid)
Action needed: Verify before fulfilling
Include the phone number prominently—that's how they'll verify.
How to Verify High-Risk Orders
Verification doesn't need to be complicated:
Option 1: Quick phone call (best)
"Hi, this is [Name] from [Store]. We received your order for $485 and wanted to confirm everything looks correct before we ship. Is this a good shipping address?"
Most legitimate customers appreciate this. Fraudsters often don't answer or give inconsistent information.
Option 2: WhatsApp message
Hi James! Thanks for your order from [Store].
Before we ship your Premium Wireless Headphones, we just wanted to confirm the shipping address:
892 Pine Street
Denver, CO 80202
Is this correct? Reply YES to confirm, or let us know the right address.
No response within a reasonable time? Follow up or hold the order.
Option 3: Email confirmation
Slower and lower response rates, but works for some customers. Include a clear call-to-action and deadline.
What Happens After Verification?
If confirmed: Add a tag like verified or high-value-confirmed and proceed with fulfillment. The tag prevents re-alerting and creates an audit trail.
If no response: Follow up once. If still no response after 24-48 hours, consider canceling with a polite message explaining you couldn't confirm delivery details.
If suspicious: Trust your instincts. Refund and cancel is better than shipping to a fraudster. Document why in the order notes.
Combining With Other Risk Signals
First-time + high-value is your primary filter. Add secondary signals for higher accuracy:
Layered rules example
Tier 1 alert (verification required):
- First-time customer AND order > $300
Tier 2 alert (extra scrutiny):
- First-time customer AND order > $300 AND COD payment
- First-time customer AND order > $300 AND shipping ≠ billing
Tier 3 alert (manager review):
- First-time customer AND order > $500 AND COD AND high-risk region
Each tier can route to different people or require different verification steps.
Common Mistakes to Avoid
Mistake 1: Setting thresholds too low
If every third order triggers an alert, your team will start ignoring them. Better to miss some edge cases than create alert fatigue.
Mistake 2: Automatic cancellation
Don't auto-cancel high-risk orders. You'll reject legitimate customers who just happen to be new and buying a lot. Always verify first.
Mistake 3: No escalation path
What if the verification team can't reach the customer? Define what happens next. Who makes the cancel/ship decision? After how long?
Mistake 4: Not tracking outcomes
Keep notes on verified orders. Did they turn out to be legitimate? Did any slip through as fraud? Use this data to tune your thresholds.
High-Risk Alerts for COD Orders
COD orders have additional risk—the customer hasn't paid yet. For COD, consider:
Lower thresholds: Your high-value trigger might be 2x AOV instead of 3-4x.
Additional verification step: Require confirmation of the order AND intent to pay on delivery.
Address verification: COD fraud often uses addresses where no one will be home.
IF customer numberOfOrders <= 1
AND order total_price > $150
AND payment_method = "COD"
THEN notify COD verification team
This catches risky COD orders at a lower threshold than prepaid orders.
How Staff Ping Handles High-Risk Alerts
Staff Ping automatically looks up customer purchase history when an order arrives. You don't need to worry about API calls or webhook correlation—Staff Ping handles the data enrichment behind the scenes.
Example configuration:
- Create rule: First-time customer (0-1 previous orders) + Order value > $300 → Notify verification team
- Create rule: Above criteria + COD payment → Also notify manager
- Add phone numbers for verification team and manager
When a matching order comes in, Staff Ping checks the customer's history, evaluates your rules, and sends WhatsApp alerts to the right people—with all the context they need to verify.
Staff Ping sends WhatsApp alerts to your team when Shopify orders need attention.
We're currently in early access. Join the waitlist to get notified when we launch.
Summary
To set up high-risk order alerts:
- Use first-time + high-value as your primary filter—it catches the most actionable cases
- Set thresholds at 3-5x your AOV for high-value, 0-1 previous orders for first-time
- Include customer contact info in alerts so verification is one tap away
- Verify, don't auto-cancel — a quick call confirms legitimate orders
- Layer additional signals (COD, address mismatch, region) for higher accuracy
- Track outcomes and adjust thresholds based on real results
The goal isn't to block orders—it's to verify the risky ones before you invest in fulfillment. A 60-second call can save days of dealing with chargebacks or undelivered packages.