Skip to main content
Solved

Attempted Fraudulent Purchases Trigger Abandoned Cart Flow


Forum|alt.badge.img

Hello! Attempted fraudulent purchases on our site are triggering our Abandoned Cart Flow, which is creating profiles that are pushing us over our plan limit. There is a specific low-value product on our site that fraudsters have been targeting to gauge weakness in our fraud detection program. When I scroll through the list of profiles on our Klaviyo account, there are now thousands of profiles that have been created with randomized, non-viable gmail.com and yahoo.com and hotmail.com addresses. How can I prevent these profiles from being created?

Best answer by Mich expert

Preventing Fraudulent Profiles from Triggering Abandoned Cart Flow

Hi ​@julieccs ,

This is a common challenge, and there are several steps you can take to prevent fraudulent profiles from being created in Klaviyo and triggering your Abandoned Cart Flow. Here’s a structured approach to mitigate the issue:

1. Use Double Opt-In for Email Collection

By enabling double opt-in, only users who verify their email addresses will be added to your list. This will prevent fake or randomized email addresses from making it into your system.

  • Go to Lists & Segments > Select your list > Settings > Enable Double Opt-In.

2. Add Email Verification at Checkout

If your e-commerce platform supports it, consider implementing email verification or CAPTCHA at checkout to prevent bots from submitting fake addresses.

3. Create a Segment to Identify and Suppress Fake Profiles

Since fraudsters often use free email providers (e.g., @gmail.com, @yahoo.com, @hotmail.com) and randomized names, you can create a segment to filter suspicious profiles:

  • Go to Segments > Create New Segment
  • Use conditions like:
    • Email contains @gmail.com OR @yahoo.com OR @hotmail.com
    • Placed Order = 0
    • Created in the Last X Days (Adjust based on your observation)
  • Once identified, you can bulk suppress these profiles under Profiles > Suppressed Profiles to ensure they don’t count toward your plan limit.

4. Adjust Your Abandoned Cart Flow Filters

Modify the Trigger Filter in your Abandoned Cart Flow to prevent it from firing for suspicious users:

  • Checkout Started > Email does not contain random string patterns (e.g., “+” in Gmail addresses)
  • Checkout Started > Email does not match past customer behavior

5. Implement Fraud Detection Tools

Consider using fraud prevention tools like Signifyd, NoFraud, or Shopify’s built-in fraud analysis to block high-risk transactions before they reach Klaviyo.

6. Regularly Clean Your Profile Database

Since these fraudulent profiles have already accumulated, you may want to:

  • Export and bulk delete them from Klaviyo.
  • Set up automated suppression rules for future detection.

Let me know if you need further guidance on setting up these solutions. Hope this helps!

Best,
Mich
Klaviyo Community Expert

View original
Did this topic or the replies in the thread help you find an answer to your question?

3 replies

Mich expert
Problem Solver IV
Forum|alt.badge.img+11
  • Problem Solver IV
  • 64 replies
  • Answer
  • February 5, 2025

Preventing Fraudulent Profiles from Triggering Abandoned Cart Flow

Hi ​@julieccs ,

This is a common challenge, and there are several steps you can take to prevent fraudulent profiles from being created in Klaviyo and triggering your Abandoned Cart Flow. Here’s a structured approach to mitigate the issue:

1. Use Double Opt-In for Email Collection

By enabling double opt-in, only users who verify their email addresses will be added to your list. This will prevent fake or randomized email addresses from making it into your system.

  • Go to Lists & Segments > Select your list > Settings > Enable Double Opt-In.

2. Add Email Verification at Checkout

If your e-commerce platform supports it, consider implementing email verification or CAPTCHA at checkout to prevent bots from submitting fake addresses.

3. Create a Segment to Identify and Suppress Fake Profiles

Since fraudsters often use free email providers (e.g., @gmail.com, @yahoo.com, @hotmail.com) and randomized names, you can create a segment to filter suspicious profiles:

  • Go to Segments > Create New Segment
  • Use conditions like:
    • Email contains @gmail.com OR @yahoo.com OR @hotmail.com
    • Placed Order = 0
    • Created in the Last X Days (Adjust based on your observation)
  • Once identified, you can bulk suppress these profiles under Profiles > Suppressed Profiles to ensure they don’t count toward your plan limit.

4. Adjust Your Abandoned Cart Flow Filters

Modify the Trigger Filter in your Abandoned Cart Flow to prevent it from firing for suspicious users:

  • Checkout Started > Email does not contain random string patterns (e.g., “+” in Gmail addresses)
  • Checkout Started > Email does not match past customer behavior

5. Implement Fraud Detection Tools

Consider using fraud prevention tools like Signifyd, NoFraud, or Shopify’s built-in fraud analysis to block high-risk transactions before they reach Klaviyo.

6. Regularly Clean Your Profile Database

Since these fraudulent profiles have already accumulated, you may want to:

  • Export and bulk delete them from Klaviyo.
  • Set up automated suppression rules for future detection.

Let me know if you need further guidance on setting up these solutions. Hope this helps!

Best,
Mich
Klaviyo Community Expert


MANSIR2094
Problem Solver IV
Forum|alt.badge.img+13
  • Problem Solver IV
  • 174 replies
  • February 5, 2025

Hello ​@julieccs , The issue arises because Klaviyo automatically creates profiles when an email is captured during the abandoned cart process, even if the purchase attempt is fraudulent. To prevent these invalid profiles from being created, first, implement server-side validation to block suspicious email addresses before they are submitted. You can also use a reCAPTCHA or honeypot field on checkout and cart pages to filter out bots. Additionally, setting up fraud rules in BigCommerce, such as blocking specific IP addresses or limiting multiple failed transactions, can help minimize such attempts. Within Klaviyo, consider adding a flow filter to exclude emails that match common randomization patterns or disposable domains. Reviewing recent suspicious profiles and identifying common patterns in email structure, IP addresses, or behaviors can help refine filtering criteria. Lastly, enabling double opt-in for email capture ensures only legitimate users are added to your list. Let me know if you need further assistance implementing these measures.


Byrne C
Community Manager
Forum|alt.badge.img+10
  • Community Manager
  • 72 replies
  • February 6, 2025

Hi ​@julieccs,

I just wanted to add on to the advice posted above! Both of the above commenters offer good suggestions, and I wanted to speak on how to remove these profiles once they do enter your account.

You’ll want to make a segment that captures all these individuals, and then suppress them. Suppressing these profiles will ensure that they do not increase your active profile count, thus not increasing your plan. Do all of these profiles share common properties, or have they taken similar actions? If their emails share similarities, or if they’ve all started a checkout, and are from the same location, you can use these properties/events to gather them all into one segment. From there, you can suppress these profiles. After doing so, leave the segment active, just in case more of these profiles enter your account - then you can suppress those new ones too.

Let me know if I can clarify anything, or answer additional questions!

-Byrne