How to Read a TrustLens Customer Profile (And What to Do With Each Risk Segment)
Plugin Guide ยท TrustLens
How to Read a TrustLens Customer Profile
TrustLens surfaces six customer segments. This guide explains what each segment actually means, how to read the signal breakdown on a profile, and what action โ if any โ makes sense at each level.
The historical sync finishes. The dashboard fills in. You filter the customer list to Risk and see forty names. Or you open a profile and see a score of 12, and the question immediately becomes: what do I actually do with this?
TrustLens gives you information. What you do with that information is a judgment call โ and it depends on which segment you are looking at, what the signals underneath the score actually say, and what your store’s policies allow. This guide walks through each segment in turn and explains the decision framework that fits it.
The segment thresholds and scoring mechanics below are verified against TrustLens version 1.2.3 at the time of writing. The default thresholds are configurable in Settings โ if your store has changed them, your segment boundaries will differ from the defaults shown here.
New to TrustLens? Start with the overview
If you are not yet familiar with how TrustLens works โ what the scoring engine does, what the eight detection modules track, and what the dashboard shows โ the complete TrustLens overview covers all of that in depth. This post picks up after you already have profiles in front of you.
Anatomy of a TrustLens Customer Profile
When you click a customer’s name in the TrustLens customer list, you land on their profile page. The profile has several distinct sections, and each one serves a different purpose when you are making a decision about a customer.
The header section
At the top of the profile: the customer’s email address (or name, if linked to a WordPress account), their current trust score displayed as a number, their segment badge, and status indicators for whether they are blocked or allowlisted. Action buttons sit in this row too โ Block Customer, Add to Allowlist, Recalculate, and Unblock or Remove from Allowlist depending on current status.
The score and segment are the summary. Everything below them is the explanation.
Key metrics
Below the header: a row of summary metrics โ total orders, total refunds, return rate (refunds as a percentage of orders), total refund value, number of coupons used, and cancellation count. These numbers put the score in proportion. A score of 22 on a customer with 3 orders means something different from a score of 22 on a customer with 80 orders.
Signal breakdown
The signal breakdown is where the score is explained. Each detection module that contributed to the score appears as a row: the module name, the adjustment it applied (positive or negative), and the reason text that explains why. This is the section that tells you what the score is made of โ which signals are driving the number and how much each one is contributing.
Linked accounts
If TrustLens has detected connections between this customer and other accounts, those connections appear here. Each linked account shows the customer’s segment, whether they are blocked, and โ critically โ which fingerprint types matched (shipping address, billing address, phone number, IP address, payment method, or device user agent). More overlapping fingerprint types means a stronger connection; a single shared IP is much weaker evidence than four or five overlapping types.
Event timeline
The full chronological log of every order, refund, coupon use, cancellation, and trust score update. This is where you confirm whether a pattern is genuine. The signal breakdown tells you what happened; the event timeline tells you when it happened and in what sequence.
Admin notes
At the bottom of the profile there is a collapsible admin notes section. If you investigate a customer and decide not to act but want to record your reasoning, write a note here. It is visible to anyone with admin access and persists across sessions โ useful when multiple team members share access to TrustLens.
Understanding the Score and What Moves It
Every TrustLens trust score starts at 50. Detection modules then apply positive or negative adjustments based on customer behavior, and the result is clamped to the 0โ100 range. The score you see is a snapshot of where the accumulated signals have landed.
What pushes the score up:
- Clean completed orders with no returns or cancellations (Order Pattern module)
- Low return rate and low full-refund ratio (Return Abuse module)
- Legitimate coupon use without refund patterns (Coupon Abuse module)
- Account age loyalty bonus: +5 for 90+ days, +10 for 180+ days, +15 for 365+ days (verified against the score calculator)
What pushes the score down:
- High return rate or high full-refund ratio โ the wardrobing signal fires when 90% or more of a customer’s refunds are full refunds (Return Abuse module)
- High cancellation rate (Order Pattern module)
- Repeat use of first-order coupons or coupon-then-refund pattern (Coupon Abuse module)
- Unusually high return rates in specific product categories (Category-Aware module)
- Links to high-risk or blocked accounts (Linked Accounts module)
- Chargebacks and disputes (Chargeback Tracking module)
- Shipping anomalies: address hopping, billing/shipping country mismatches, high address-change velocity (Shipping Address Anomalies module)
- Links to device fingerprints involved in card-testing attacks (Card-Testing Defense module)
The configurable minimum order threshold (default: 3 orders) means customers with fewer orders than this stay in the Normal segment regardless of signals โ the data is not yet reliable enough for confident classification. Signals accumulate; the segment just does not move until the threshold is met.
The Six Segments Explained
TrustLens maps every trust score to one of six named segments. The default thresholds (configurable in Settings) are:
| Segment | Default score range | What it signals |
|---|---|---|
| VIP | 90โ100 | Consistently clean history, often with account age bonus. Your most trustworthy buyers. |
| Trusted | 70โ89 | Reliable behavior, no meaningful risk signals. Growing toward VIP status. |
| Normal | 50โ69 | Standard or new customers without enough history yet. The default holding position. |
| Caution | 30โ49 | Some risk signals emerging. Worth monitoring. Early intervention is most effective here. |
| Risk | 10โ29 | Multiple risk signals across modules. A policy decision is warranted. |
| Critical | 0โ9 | Severe, consistent signals across multiple dimensions. Costs money at a pattern level. |
A score of exactly 90 is VIP. A score of 89 is Trusted. The boundary is the threshold value itself โ customers at or above the threshold land in the higher segment. If your store has changed the default thresholds, the ranges will shift accordingly.
VIP (Score 90โ100) โ Protect and Reward
A VIP customer has accumulated enough positive signals to score at or above 90. Typically: a long order history, clean return record, no coupon abuse flags, and the full account age bonus (+15 points for customers who have been ordering for a year or more). These customers have earned a high score over time โ it is not an artifact.
What to do
The most important action for VIP customers is protecting them from false positives. Add your most reliable VIP customers to the allowlist. An allowlisted customer’s score is locked at 100 โ no signal from any detection module can affect it. This means a VIP who has an unusual order (perhaps a genuinely defective product return, or an address change mid-move) will not slip into Caution because of one atypical event.
The allowlist is the right tool here, not an instruction to ignore the detection modules for everyone in this segment. Use it selectively โ for customers you know well enough to vouch for.
Beyond protection: VIP customers are the ones worth rewarding. If you run loyalty programs, exclusive early access to sales, or personalized offers, this is the segment to target. TrustLens identifies them; what you do with that identification is up to you.
Who to allowlist from the VIP segment
Not every VIP needs to be allowlisted โ most VIP customers will stay VIP naturally because they have genuinely clean behavior. Prioritize allowlisting customers where an unusual order could plausibly affect their score: high-volume business buyers, resellers with above-average return rates for legitimate product defects, or long-standing customers who have had occasional issues in the past that you have already resolved.
Trusted (Score 70โ89) โ No Action Needed
Trusted customers have reliable behavioral records and no meaningful risk signals. They have not yet accumulated the score needed for VIP status โ typically because they are newer customers who have not yet earned the full account age bonus, or because their order volume is smaller than your long-standing VIPs.
What to do
For most Trusted customers, the right action is no action at all. They are behaving well. The segment is doing its job by confirming that fact.
The one thing worth watching: Trusted customers who start accumulating return signals or cancellations may move toward Normal or Caution over time. This is normal โ it is the system working correctly. A customer who moves from Trusted to Caution has had something change in their behavior, and that change is worth noting.
If a Trusted customer contacts you about a dispute or an unusual order, the profile gives you quick context. Look at the event timeline to see whether the current situation is consistent with their historical behavior. A customer with 50 clean orders and one dispute is in a very different position from someone whose Trusted status came from only 5 orders and no dispute history yet.
Normal (Score 50โ69) โ Watch the Trend
Normal is the segment that holds two different kinds of customers: customers who genuinely have average behavior with no strong signals in either direction, and customers who do not yet have enough orders to be classified further.
Both land in Normal. Understanding which type you are looking at matters.
New customers in Normal
Customers below the minimum order threshold (default: 3 orders) stay in Normal regardless of what their signals say. This is intentional โ TrustLens does not want to classify new customers based on insufficient data. If you are looking at a customer with 1 or 2 orders and a Normal segment badge, the badge means “not enough data yet,” not “clean history.”
Established customers in Normal
A customer with 15 orders and a score of 58 is in Normal for a different reason: they have mixed signals that net out to the middle range. The signal breakdown will tell you what is going on. Some moderate penalty signals being offset by account age and clean order volume, for example, will produce a mid-range score.
What to do
For established Normal customers, the main thing to watch is the direction of movement. A customer who has been in Normal for two years and whose score is stable has genuinely average behavior. A customer whose score has dropped from 65 to 51 over the past six months is trending toward Caution. The trust score trend chart on the dashboard shows this movement at a store-wide level; the event timeline on an individual profile shows it per customer.
No enforcement action is warranted for the Normal segment. Monitoring is.
Caution (Score 30โ49) โ Review Before Acting
Caution is the segment where early intervention is most valuable โ and also where the most mistakes happen. It is easy to either over-react (blocking customers who have elevated signals for legitimate reasons) or under-react (ignoring signals that are about to get worse).
A score in the 30โ49 range means that the detection modules have registered meaningful risk signals, but not at a level that indicates consistent, deliberate abuse. Common causes:
- A return rate that is elevated but not dramatically so โ perhaps 25โ35% in a category with above-average returns
- One or two coupon-related signals without a clear pattern of abuse
- A link to one other account with a slightly lower score
- Early-stage order cancellation patterns that could be coincidence
What to do
Open the profile and read the signal breakdown. Then open the event timeline and look at the actual order and refund events. Ask yourself two questions:
- Is this a pattern, or is it a period? A run of returns in a single month could reflect a supplier quality issue or a change in your return policy โ not abuse. A consistent return rate across 18 months is a different story.
- Is this trending up or down? A Caution customer whose score has been stable at 42 for a year is a different concern from one whose score has dropped from 65 to 42 in the past 90 days.
For most Caution customers, the appropriate response is monitoring rather than action. Note the customer, check their profile monthly, and see whether the trajectory continues. Blocking a Caution customer outright is usually premature โ false positives in this range are common, and the cost of blocking a legitimate customer is real.
If you do decide some level of intervention is warranted, a graduated response fits better than blocking: hold orders from this customer for manual review before fulfillment, or (with TrustLens Pro) configure a notification so you are alerted when their next order comes in.
A common Caution scenario
A customer has 22 orders over three years and a score of 38. The signal breakdown shows a โ12 from the return module (return rate: 28%, moderately elevated) and a โ5 from the linked accounts module (one linked account with a score of 61, so in Normal). The event timeline shows the returns are spread across a variety of products over two years. This is the profile of a customer who returns more than average โ but there is no clear pattern of abuse, no concentration of returns in one category, no coupon signals, and the linked account is in Normal. The Caution badge is accurate: there is something worth watching, but not something worth acting on today.
Risk (Score 10โ29) โ Decide on a Policy Response
Risk customers have multiple risk signals across different detection modules. A score in the 10โ29 range typically reflects at least two or three modules each contributing meaningful penalties. This is the segment where you need to make a policy decision โ not necessarily block, but decide what level of friction or scrutiny this customer should face.
Reading the profile carefully
Open the signal breakdown and identify which modules are contributing. The most common combinations in the Risk segment:
- High return rate (Return Abuse) combined with elevated coupon use (Coupon Abuse)
- High return rate with linked accounts that are themselves in Caution or Risk
- Moderate return rate combined with multiple shipping address anomalies
- Coupon abuse signals (coupon-then-refund) combined with poor order completion rate
Then go to the event timeline and look at the actual events. Is the pattern recent and concentrated, or spread across a long history? A recent spike in returns might reflect a fulfillment issue on your end. A two-year pattern of using first-order coupons under different email addresses connected to the same shipping address is something else entirely.
What to do
Risk customers warrant a real decision rather than a monitoring note. Options in roughly escalating order of friction:
- Manual review before fulfillment. Flag orders from this customer for review before shipping. You fulfill if the order looks legitimate; you hold or cancel if the pattern looks like it is continuing. This is the least disruptive option and preserves revenue from customers who might be flagged incorrectly.
- Payment method restriction (TrustLens Pro). With Pro, you can configure payment method risk controls to hide specific gateways for Risk-segment customers. Steering high-risk customers toward lower-dispute payment methods reduces your exposure without blocking the sale.
- Soft block (Free). In the free version, you can manually add a customer to the block list. Blocked customers see a configurable message when they try to add to cart or check out. This is appropriate when the pattern is clear and the risk to your store from another transaction outweighs the revenue from the potential sale.
Before blocking a Risk customer, confirm: you have read the event timeline, the pattern is genuine and not a data artifact, and you have considered whether the customer would have legitimate recourse to dispute the block (for example, a customer whose elevated return rate came from genuinely defective products).
The post on why manual customer blocking falls short is worth reading before you decide on an approach โ it covers what enforcement actually looks like in practice and where the gaps are.
Critical (Score 0โ9) โ Act or Document
Critical is the bottom segment. A score of 0โ9 means the detection modules have accumulated severe, consistent penalties across multiple dimensions. In most stores, Critical customers represent a very small percentage of the customer base โ often 2โ5% โ but they tend to account for a disproportionate share of refund costs, chargeback exposure, and operational overhead.
Reading the profile
By the time a customer is in Critical, the signal breakdown is usually unambiguous: multiple modules contributing large negative adjustments, often including return abuse and linked accounts together. Open the event timeline and you will typically see a clear behavioral pattern โ not one unusual incident, but a consistent approach to your store over many transactions.
The one check to do before acting: confirm the pattern is real and not a data artifact. Check whether the customer has any orders that look like they came from a development or testing period. Check whether the linked accounts are genuinely connected or the result of a shared IP (a workplace, a university, a shared household connection). The signal breakdown shows you the what; the event timeline and the linked accounts section show you the evidence quality.
What to do
For most Critical customers whose signals are genuine, the appropriate response is one of two things:
- Block at checkout. Add them to the block list. Blocked Critical customers cannot add items to cart or proceed to checkout. The block applies to guest checkouts using the same email address. All blocked checkout attempts are logged to the event timeline.
- Document and hold. If you want to preserve the ability to review future orders manually before blocking, you can flag the customer and add an admin note explaining your analysis. This is appropriate when you have some doubt about the signals โ for example, when a Critical score is driven primarily by linked accounts that might be coincidental rather than coordinated.
Blocking a Critical customer is the most consequential action TrustLens surfaces, which is why it is not automatic in the free version. You make the call, with the full behavioral record in front of you. That is the design.
Have a block message ready before you start blocking
Before you block anyone, set the checkout block message under Settings โ General. The default message (“We are unable to process your order at this time. Please contact support for assistance.”) is deliberately neutral โ it does not explain the reason, which is intentional. Customize it to match your store’s voice if needed, but keep it non-explanatory and support-directed. You do not want to reveal your detection logic to the people you are trying to stop.
What You Can Do From a Profile
The customer profile page gives you the following actions directly:
| Action | What it does | When to use it |
|---|---|---|
| Block Customer | Prevents the customer from adding to cart or checking out. Applies to guest checkouts on the same email. Logs all blocked attempts. | Risk or Critical customers with confirmed genuine patterns. |
| Unblock | Lifts the checkout block. Score and signals remain as-is. | When a block was applied in error, or after a customer resolves the underlying issue. |
| Add to Allowlist | Locks the customer’s score at 100. No detection module signal can affect it. Protects VIPs from false positives. | VIP customers you know well. Legitimate business buyers or resellers whose patterns look risky but are valid. |
| Remove from Allowlist | Returns the customer to normal scoring. Score will recalculate on the next order event. | When an allowlisted customer’s circumstances change and you want to resume monitoring. |
| Recalculate | Triggers an immediate score recalculation for the customer based on current signals and settings. | After changing scoring thresholds in Settings, or when you want to confirm the current score reflects recent activity. |
| Admin notes | Freeform text field for recording your analysis or reasoning. Persists and is visible to all admin users. | After any investigation, particularly when you decide not to act but want to record why. |
Bulk versions of block, unblock, allowlist, and recalculate are available on the customer list via bulk actions โ useful when you want to act on a whole segment at once rather than one profile at a time.
Reading the Signal Breakdown Honestly
The signal breakdown is the most technically rich part of the profile, and it is also the part most prone to misreading. A few principles that help:
A large negative signal does not always mean abuse
The return module applies its largest penalties to customers with very high return rates and very high full-refund ratios. Both of those can be legitimate. A customer who received genuinely defective products in three consecutive orders and returned all of them has a high return rate and a high full-refund ratio โ but they may be exactly right to have returned everything. Look at the event timeline, not just the signal number.
Linked account signals vary in strength
A link to one account via a shared IP address is the weakest possible linked-accounts signal. Shared IPs are common โ workplaces, universities, shared residential connections. A link via five different fingerprint types (address, phone, IP, payment token, and device) is far stronger evidence of coordinated account use. The linked accounts section on the profile shows you the match types; use that to calibrate how much weight to give the signal.
The account age bonus can mask declining scores
A long-standing customer earns a loyalty bonus of up to +15 points. This is intentional โ it rewards reliable customers and provides a buffer against the occasional return or coupon use. But it also means a customer with a โ20 penalty from returns and a +15 loyalty bonus shows up with a higher score than their return behavior alone would suggest. The signal breakdown makes this transparent: both the +15 and the โ20 are visible. Make sure you are reading the full picture, not just the final number.
Scores update asynchronously
Score updates happen via Action Scheduler after order events complete โ not in real time during checkout. If a customer just placed a new order or a new refund was processed, it may take a few minutes for the score to reflect the latest activity. If you want to confirm the score is current, use the Recalculate button on the profile.
Segment decision framework
- VIP (90โ100): Protect these customers. Allowlist the ones you know well to prevent false positives. Consider whether they qualify for any loyalty rewards or exclusive access.
- Trusted (70โ89): No action needed. Monitor for score movement. Use the event timeline if a specific order or dispute needs context.
- Normal (50โ69): No enforcement action. If the customer has enough orders to be classified and their score is declining, watch the trend. New customers in this segment simply need more order history.
- Caution (30โ49): Read the profile before deciding anything. Distinguish patterns from periods. Monitor monthly. Graduated friction (manual order review) fits better than blocking at this stage.
- Risk (10โ29): A policy decision is warranted. Choose from manual review, payment method restriction (Pro), or blocking โ based on the strength of the evidence in the event timeline.
- Critical (0โ9): Confirm the signals are genuine, then act. Block if the pattern is clear. Document in admin notes if you need to investigate further. Have your block message configured before you start.
Common Questions
Does TrustLens automatically block customers when they reach Critical?
No. In the free version, TrustLens never automatically blocks a customer. A customer reaching Critical means their score has dropped to 0โ9 based on the accumulated signals โ but checkout enforcement must be explicitly enabled in Settings, and you must manually add each customer to the block list. Nothing happens automatically unless you set it up. With TrustLens Pro, automation rules can be configured to trigger actions when a customer’s segment changes โ but again, you configure what triggers what, and auto-blocking is not the default state.
What happens if I block a customer who is actually legitimate?
The block can be undone immediately using the Unblock button on the profile page. The customer’s score and signals remain as-is โ unblocking does not clear the signals that caused the low score. If the customer was flagged because of an unusual but legitimate behavioral pattern, add them to the allowlist after unblocking to prevent future enforcement. Document your reasoning in the admin notes field.
Can a Critical customer’s score improve over time?
Yes. Scores update with each new order event. If a customer in Critical places clean orders and stops triggering risk signals, positive signals accumulate and the score can rise. The account age bonus also increases over time. However, very large negative penalties (from a 70%+ return rate or a confirmed chargeback pattern) take sustained clean behavior to offset. The signal breakdown will show you what is contributing to the current number and what would need to change for the score to move.
Should I use the allowlist for every VIP customer?
Not necessarily. Allowlisting locks the score at 100 and disables all signal processing for that customer. For most VIP customers, their consistently clean behavior means the detection modules will simply keep producing positive signals โ so allowlisting is not needed to maintain a high score. Reserve the allowlist for customers where an unusual-but-legitimate pattern might otherwise trigger penalties: a reseller with above-average returns due to product defects they pass on to their customers, a business buyer with unusual order velocity, or a long-standing VIP who you know personally and can vouch for.
The signal breakdown shows a linked account I don’t recognize. What should I check?
First, look at how many fingerprint types are shared. A single shared IP address is weak evidence โ many customers share IP addresses through workplaces or networks. If the link is via multiple fingerprint types (shipping address plus phone number plus device fingerprint, for example), the connection is more reliable. Second, look at the linked account’s segment. A link to a Normal or Trusted account carries much less risk than a link to a Critical or blocked account. The risk propagation between linked accounts is proportional to how risky the linked accounts themselves are.
How does the chargeback history appear on a customer profile?
If you use Stripe or WooPayments, TrustLens ingests dispute history automatically and those events appear in the customer’s event timeline. You can also enter chargebacks manually from the order edit screen for other gateways. Chargeback events feed into the trust score through the Chargeback Tracking module, applying a significant penalty. On the profile, each chargeback event shows the date, the order, and the outcome if one has been recorded. For Pro users, a Dispute Evidence Report button generates a print-ready behavioral summary from the profile data โ useful for submitting to your payment processor alongside a dispute response. For more on how chargeback behavioral warning signs appear before disputes are filed, see the post on recognizing chargeback risk in WooCommerce customer behavior.
I just ran the historical sync and have 60 customers in Risk. Where do I start?
Sort the Risk customer list by trust score ascending (lowest score first) and work from the bottom up โ the lowest scores have the most signals stacked against them and are most worth your time. For each customer, open the profile and spend two minutes reading the event timeline. You will quickly find that a meaningful number of the Risk profiles are explainable by legitimate behavior, data from a testing period, or a single concentrated incident rather than a sustained pattern. Focus your action on the profiles where the timeline shows consistent, deliberate behavior across many orders over time. If you need setup guidance for what to do right after a sync, the TrustLens first-time setup guide covers that in detail.
