Skip to main content
Question

How can I block Credit Card Testing bots on shopify creating active profiles

  • May 26, 2026
  • 2 replies
  • 10 views
D
Contributor I
Forum|alt.badge.img

I was wondering if anyone else has experienced this. I use Shopify for my website and for the last few weeks I’ve had an increasing amount of credit‑card testing bots hitting my checkout.

Shopify support say they’ve done everything they can on their side to block the bot traffic (and the attempts no longer appear in my Abandoned Checkouts), but the issue I’m having is that the bots are still triggering Klaviyo to create new profiles. These aren’t sign‑ups — just “active profiles” created when the checkout page loads. The bots don’t visit any other page on my site.

This is pushing my active profile count up, and I’m having to manually suppress these profiles daily using an implicit‑profile segment.

Is there any way to prevent these profiles being created in the first place, or to filter this kind of checkout‑only bot traffic before it counts as an active profile?

Thanks for any help or insight.

 

2 replies

ArpitBanjara
Principal User II
Forum|alt.badge.img+37
  • ArpitBanjara
  • Principal User II
  • May 26, 2026

Hey ​@DotKDesign 

I would suggest using Cloudflare.

so what is happening is that every time someone enters their email address on the Shopify checkout page, Shopify fires a "Checkout Started" event to Klaviyo and creates a profile., regardless of whether that person signed up for marketing. So even though Shopify has stopped these bots from appearing in your Abandoned Checkouts,, if those bots are still touching your checkout page at all, their email addresses are still making it into Klaviyo. Double opt-in doesn't help here either, because this isn't a subscription event.

The issue is that you can't prevent Klaviyo from creating profiles when Shopify sends it data. so it is worth looking at a WAF (Web Application Firewall) solution like Cloudflare in front of your store., Cloudflare's bot management rules will stop bot traffic before it ever reaches Shopify. Some also recommend using Armex app, but i dont have experience with this app. 

Also on the klaviyo side, you can create a segment such that it catches bot profiles more efficiently and there is low risk of catching real customers. The segment logic i would recommend :

Checkout Started at least 1 time over all time, AND

Placed Order zero times over all time, AND

Active on Site zero times over all time, AND

Opened Email zero times over all time, AND

Profile created is within the last 30 days (optional)

Once a profiles are bulk suppressed, it won't count toward your billing plan's active profile count. so yes you will have to do this manually.

I hope this helps and thank you for sharing your question here in the community.

Cheers,

Arpit

Arpit Banjara - Lead Email Marketing Specialist at Flowium
    D
    Contributor I
    Forum|alt.badge.img
    • DotKDesign
    • Author
    • Contributor I
    • May 26, 2026

    Thanks so much Arpit.  I’ll have a look and definitely try that.

    Terms & ConditionsAccessibility statement

    Links & Resources

    Platforms

    Partners

    Useful Things

    About

    • Terms and Privacy |
      © 2024 Klaviyo All rights reserved. Klaviyo and the Klaviyo logo are trademarks or registered trademarks of Klaviyo, Inc. or its affiliates.