News Summary: Shopify Bot Attack Leaves Indie Authors With Financial Losses

News Summary: Shopify Bot Attack Leaves Indie Authors with Financial Losses

At the end of May this year, a number of writers were subject to what appears to be a coordinated Shopify bot attack on their stores, resulting in many hundreds of fraudulent orders being placed. Several of these authors were ALLi members who got in touch with their experiences so that we could raise awareness.

ALLi News Editor Dan Holloway

Experiencing an event like this is obviously highly traumatic, but the issue that the writers who have been in touch with ALLi wanted to be raised is how Shopify subsequently dealt with the efforts to clean up after the attack, and the financial consequences this has left for those writers affected.

In this piece, I want to outline what happened, how Shopify responded, and highlight things other authors need to be aware of.

A Coordinated Attack and Mixed Responses

The event itself involved multiple authors’ Shopify stores being targeted, on May 27, with hundreds (in one case we know of, more than 2,000) of fraudulent attempts to buy ebooks. Shopify’s bot protection security seems to have blocked a substantial proportion of these, but hundreds still got through.

Authors responded by refunding the payments that got through. They did this both manually and using Shopify’s automated refund system. But the process left authors out of pocket for the original transaction fees. (In at least one instance, Shopify offered a goodwill gesture of a Shopify credit for this amount, but that had not materialized by the time the author contacted ALLi.) And in some cases, authors were also liable for chargeback fees of $15 per instance because of the length of time it took Shopify to process the refunds.

I have been sent transcripts of customer service conversations, and these highlight several points. First, Shopify seems to be aware that there was a large-scale fraudulent attack on its checkout system. Second, while Shopify does not refund transaction fees for regular refunds, customer service representatives stated that where there is known fraud, store owners would not bear the costs of transaction fees. (Shopify’s documentation, however, suggests that this is not the case and that credit card fees for fraudulent activity will not be refunded. What Shopify recommends is that store owners activate manual handling of orders so that an order will not go through until it has been approved by the store owner.) Third, Shopify and its representatives struggled to maintain a consistent understanding of sellers’ cases and a consistent application of their own stated policy.

Risks for Indie Authors

There are further aspects to this, such as the fact that this seems to have been linked to fraudulent email signups, causing difficulty for those with mailing list signup limits.

For clarification, Shopify’s most stringent anti-bot protection is only available to those with Shopify Plus accounts, which may not apply to a lot of indie authors, further exposing indies to financial risk. As one of the writers who contacted ALLi put it, they thought that by using a large, respectable platform like Shopify, they would be protected from financial risk in relation to exactly this kind of incident. They were disappointed to discover that seems not to be the case.

What are the key takeaways from this? First, to put in place all the anti-bot protection you can on the plan you have. Second, to do what the authors who contacted us did: refund fraudulent transactions straightaway and get in touch with Shopify’s support immediately. But it is also valuable to raise the issue in author forums, as these authors did. Doing that enabled them to establish that this was a coordinated attack—information they were then able to share with Shopify.

Shopify was contacted for comment but did not respond.

Thoughts or further questions on this post or any self-publishing issue?

Question mark in light bulbsIf you’re an ALLi member, head over to the SelfPubConnect forum for support from our experienced community of indie authors, advisors, and our own ALLi team. Simply create an account (if you haven’t already) to request to join the forum and get going.

Non-members looking for more information can search our extensive archive of blog posts and podcast episodes packed with tips and advice at ALLi's Self-Publishing Advice Center.

Author: Dan Holloway

Dan Holloway is a novelist, poet and spoken word artist. He is the MC of the performance arts show The New Libertines, which has appeared at festivals and fringes from Manchester to Stoke Newington. In 2010 he was the winner of the 100th episode of the international spoken prose event Literary Death Match, and earlier this year he competed at the National Poetry Slam final at the Royal Albert Hall. His latest collection, The Transparency of Sutures, is available for Kindle at http://www.amazon.co.uk/Transparency-Sutures-Dan-Holloway-ebook/dp/B01A6YAA40

Share

This Post Has One Comment

  1. This is still going on. I was hit with 50+ fraudulent purchases in July, and after that mess I now only have free books on my site. I will also not be renewing with Shopify and will close my store before I get charged my annual store fee again.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest advice, news, ratings, tools and trends.

Audiobook Habits Shift

News Podcast: Audiobook Habits Shift, OverDrive Challenges OpenAI, and Study Shows Poetry Can Break AI Guardrails

On this episode of the Self-Publishing with ALLi podcast, Dan Holloway looks at a new study of American media habits that reveals strong daily audiobook listening—despite slowing growth driven by low uptake among readers over fifty. He also reports on OverDrive’s trademark lawsuit against OpenAI over the name Sora, and shares findings from a research paper showing that poetic prompts can bypass AI guardrails far more effectively than standard requests.
Read more
Poetry Can Bypass AI

News Summary: New Study Shows Poetry Can Bypass AI Guardrails; Character AI Shifts Its Teen Strategy

Authoritarian governments—and commentators on Lord Byron alike—have long suspected poets might be the most dangerous people in society. Indeed, one of my favorite novels, Bolaño’s doorstop The Savage Detectives, has this fear at its heart. A new study has discovered there might be something in that after all. The paper, catchily titled “Adversarial Poetry as a Universal Single-Turn Jailbreak in Large Language Models (LLMs),” can essentially be summed up by saying, “AI will teach you how to do naughty things if you ask it in poetry.”
Read more
Ghostwritten Fiction

Audio Interview: The Hidden Craft of Ghostwritten Fiction with Matty Dalrymple and Jon McGoran

In this episode of the Self-Publishing with ALLi podcast, Matty Dalrymple talks with author and ghostwriter Jon McGoran about the craft and business of ghostwriting fiction. They discuss how Jon got started through an agency, the difference between fiction and nonfiction ghostwriting, the challenges of working in someone else’s creative world, and how clear contracts and good collaboration can make ghostwriting a steady income stream for authors.
Read more
View all articles
Back To Top
×Close search
Search
Loading...