From the tab Rule Settings you will be able to set up and activate all the anti-fraud rules that will be applied according to your configuration.
From these settings, you can assign weight to each rule, which is the value that contributes to the risk level of an order. To read more about how the Rule weight works, you can refer to this page.

The available rules are:
- First order check
- International order check
- IP geolocation check
- Billing and Shipping address check
- Proxy check
- Suspicious email domain check
- Unsafe country check
- Order exceeding average amount check
- Orders exceeding specified amount check
- Orders not reaching specified amount check
- Check for attempt count
- Multiple details check
You can find below how each type of rule works:
First order check
Activate this rule if you want to mark an order as potentially unsafe if it is the first order placed by a user in the shop.

International order check
Activate this rule if you want to mark an order as potentially unsafe if the billing address does not match with the country set for the shop.

IP geolocation check
Activate this rule if you want to check if the user’s IP matches the billing address. If not, the check will be considered failed. You must also enter the MaxMind License Key in the dedicated field.

Billing and Shipping address check
Activate this rule if you want to mark an order as potentially unsafe if shipping and billing addresses differ from each other.

Proxy check
Activate this rule if you want to mark an order as potentially unsafe if the IP from which the order comes has used a proxy server. You must also enter the Proxycheck.io API Key in the dedicated field.

Suspicious email domain check
Activate this rule to check users’ email addresses and verify if they belong to one of the specified unsafe domains. Any of the default unsafe domains can be manually removed, but you can also add any new ones.

Unsafe country check
Enable this option and specify the unsafe countries in the ‘Define unsafe countries’ field. The system will check the country entered by the user in the invoice data.
If it matches one of the unsafe countries you’ve defined, the corresponding fraud risk percentage will be applied to the order.

Order exceeding average amount check
Activate this rule to track orders that exceed your shop’s average order amount, and set a value in the ‘Average multiplier’ field.
For example, setting the value to 2 will flag orders that are twice the average spend as higher risk.

Orders exceeding specified amount check
Activate this rule to flag orders that exceed a certain amount as potential fraud.
For example, you have a shop with very cheap products and the maximum order amount that a “normal customer” usually places is about $20. Based on that, you decide to set the threshold to $35.
If a customer visits your shop and places an order of $50, it will be marked as suspicious.

Orders not reaching specified amount check
Activate this rule to flag as potential fraud single orders that do not reach a specified amount limit.
For example, if you have a shop with expensive products and the minimum order amount that a “normal customer” usually places is about $2000. Based on that, you decide to set the threshold to $1000.
If a customer visits your shop and places an order of $800, it will be marked as suspicious.

Check for attempt count
This rule allows you to set the maximum number of orders from the same IP address in a given time frame (hours). Any additional order in the same time frame will be considered risky and will make the rule check fail.
In the image below we set the number of orders to be a maximum of 2 in one hour. So, starting from 3 orders in one hour, this rule check will fail.

Multiple details check
Activate this rule to flag billing details linked to an IP address used for previous orders. If the billing information differs from previous orders made with the same IP, the fraud risk level will increase.
The check will be done based on the time span (in days) you set. For example, we have set a time span of 7 days, so the plugin will check all orders made in the last 7 days that have the same IP as the order being currently placed.
