How TrustLens Scores a WooCommerce Customer: A Walk Through All 8 Detection Modules

The Scoring Foundation: How the Engine Works

TrustLens assigns every WooCommerce customer a trust score between 0 and 100. The engine is straightforward: every customer starts at a neutral 50, and the detection modules adjust that number up or down based on what they find in your store’s order data.

The final score is computed by summing the adjustments from all active modules, adding any loyalty bonus, and clamping the result to the 0–100 range. There is no weighting system between modules — each module contributes its adjustment directly to the total. A customer who earns +15 from order history but -40 from returns ends at 50 + 15 – 40 = 25.

Scores are recalculated asynchronously via Action Scheduler whenever a relevant event occurs — an order completes, a refund is processed, a dispute is filed. Nothing runs on the page-load path, so scoring never slows the storefront. If you want to understand the current score for a specific customer, open their profile in TrustLens and look at the signal impact bars; every module’s contribution is listed there.

The Minimum-Order Gate

Before any module runs, TrustLens checks whether the customer has enough orders to score confidently. The default threshold is 3 completed orders. Customers below this threshold hold a score of 50 and remain in the Normal segment — no penalties, no bonuses, no classification.

This gate exists to prevent false positives in the early weeks of running a store, or when analyzing customers who have only placed one or two orders. A first-time buyer who happened to return something should not immediately appear in your risk list. Once a customer crosses the threshold, all signals accumulated so far are factored in.

You can adjust the threshold in TrustLens Settings under the General tab. Raising it to 5 or 10 makes sense for stores with a high proportion of one-time buyers and plenty of volume. Lowering it to 1 makes sense for stores where repeat purchase data is slow to accumulate. The chargeback and shipping anomalies modules also respect this threshold independently — a single dispute on a brand-new account will not trigger a -30 chargeback penalty until the customer crosses the minimum.

Module 1: Return Abuse Detection

Return Abuse Detection is TrustLens’s oldest and most sensitive module. It tracks four dimensions of refund behavior: overall return rate, full-refund ratio, refund frequency, and total refund value. Each dimension can contribute a penalty independently, and they stack.

How return rate scoring works

The default scoring bands are configurable, but ship as follows:

• Return rate 25–39%: -10 points (elevated)
• Return rate 40–59% (high threshold): -25 points
• Return rate 60%+ (critical threshold): -40 points

You can adjust both the “high” threshold (default: 40%) and the “critical” threshold (default: 60%) in TrustLens Settings. If your product category has inherently high return rates — clothing and accessories commonly run 20–30% — you may want to raise both thresholds to avoid over-penalizing normal behavior in your context.

The wardrobing signal

If a customer has 3 or more total refunds and 90% or more of those refunds are full refunds rather than partials, TrustLens adds a -10 point wardrobing penalty. This pattern — buy, receive, return fully, repeat — is a classic indicator of customers who never intended to keep the product.

High refund value

Total refund value over $2,000 adds a further -10 points. Over $1,000 adds -5. These thresholds are not configurable in the current version but they stack with the rate and wardrobing signals.

The positive side

Return history can also help a score. A customer with 5+ completed orders and a return rate at or below 5% earns +10 points for an excellent return history. This is a meaningful upward signal — it actively rewards low-friction shoppers and counterbalances minor negatives from other modules.

Module 2: Order Pattern Analysis

The Order Pattern module is the primary source of upward pressure on trust scores. It tracks completed orders, net customer value, and cancellation patterns. Unlike most modules, it is more likely to add points than subtract them.

Rewarding clean order history

TrustLens counts “clean orders” — total completed orders minus total refunds. The rewards are:

• 3–4 clean orders: +5 points
• 5–9 clean orders: +10 points, with the count displayed in the signal reason
• 10+ clean orders: +15 points

A customer with 20 completed orders and 4 refunds has 16 clean orders, earning +15. A customer with 20 completed orders and 18 refunds has 2 clean orders, earning nothing from this module — and taking a large penalty from the Returns module on top of it.

High net customer value

Net value (total order value minus total refund value) over $1,000 adds +5 points. This signal rewards high-value customers who spend consistently and keep what they buy. It is separate from and stacks with the clean-order bonus.

Cancellation rate penalties

High cancellation rates subtract points, but only when both a minimum count and a rate threshold are met. A customer needs at least 3 cancelled orders before the rate signal activates. Then:

• Cancellation rate 30–49%: -10 points
• Cancellation rate 50%+: -15 points

Occasional cancellations on a large order history barely move the needle. The signal is designed to catch patterns where most attempts to purchase never convert — which can indicate checkout manipulation, inventory-locking behavior, or other concerning patterns.

Module 3: Coupon Abuse Detection

Coupon Abuse Detection tracks three overlapping patterns: the coupon-then-refund cycle, first-order coupon exploitation, and high coupon usage rates. These signals exist because discount abuse tends to be behavioral — it leaves traces across multiple orders that only become visible in aggregate.

The coupon-then-refund cycle

This is TrustLens’s strongest coupon signal. When a customer uses a coupon and then refunds the same order, TrustLens increments a counter. The scoring bands are:

• 1 coupon-then-refund: -5 points
• 2 coupon-then-refund: -15 points
• 3+ coupon-then-refund: -25 points (labelled as an abuse pattern)

A customer who has done this three times is clearly not a coincidence. The signal is designed to surface this pattern before it becomes a fourth or fifth time.

First-order coupon + refund compound penalty

If a customer used a coupon on their first order and has at least one coupon-then-refund event, TrustLens adds a further -10 for a first-order coupon abuse pattern. This stacks with the coupon-then-refund penalty above.

High coupon usage rate

For customers with 5+ orders, TrustLens calculates what percentage of their orders included a coupon. Usage at 80% or above adds -10 points. This catches customers who consistently discount-hunt every order, especially when combined with refunds.

Legitimate coupon use is rewarded

A customer who has used coupons 3 or more times but has zero coupon-then-refund events earns +5 points as a “legitimate coupon user.” The module distinguishes between customers who use discounts and customers who exploit them.

Module 4: Category-Aware Risk Scoring

Category-Aware Risk Scoring recognises that a 40% return rate in electronics means something very different from a 40% return rate in food and grocery. The module tracks return rates per product category and applies a risk weight to amplify or dampen the penalty based on how much damage high returns in that category actually cause.

Default category weights

You can override these weights per category in TrustLens Settings. The weights are applied against your actual WooCommerce product category slugs.

How the penalty calculates

The module looks at each category independently. For categories with a weight of 1.5× and a category-specific return rate of 30% or more, the base penalty is -15 multiplied by the weight: -22 points (rounded to -22). For any category with a return rate of 50% or more (regardless of weight), the penalty is -10 multiplied by the weight. The module caps the total category penalty at -40 across all categories combined.

A customer who returns 40% of electronics orders but has a clean record everywhere else will receive a category penalty from this module that would not appear in the broader Return Abuse module’s signal. The two signals are independent and stack.

Module 5: Linked Accounts Detection

Linked Accounts Detection finds customers who share identifying information with other accounts in your store. The module hashes and compares six types of fingerprints across your entire customer table: shipping address, billing address, phone number, IP address, payment token (including Stripe card fingerprints), and device user agent.

When a match is found on any fingerprint type, the two accounts are considered linked. TrustLens then looks at the risk level of the linked accounts and applies a penalty based on both the count and the severity of those connections.

Scoring structure

The base penalty for linked accounts scales with count:

• 1–2 linked accounts: -5 points
• 3–4 linked accounts: -10 points
• 5+ linked accounts: -15 points

Additional penalties are applied per high-risk linked account and per blocked linked account. The default additional penalty is 5 points per high-risk link (Risk or Critical segment) and 10 points per blocked link. Both the base rates and the per-link penalty are configurable.

What linked accounts actually means

A shared shipping address between two accounts is the weakest signal — it could be a household. A shared IP address is slightly stronger. A shared Stripe card fingerprint is very strong. The module does not weight fingerprint types differently in the current scoring logic; it flags the link and the penalty scales by the number and risk level of linked accounts.

The real value of the linked accounts module is not the score penalty — it is the visibility. Opening a customer profile and seeing four linked accounts listed, with one of them blocked, tells you something that no individual order signal would have surfaced. For stores with generous first-order discounts, this is where multi-account coupon abuse becomes visible.

Module 6: Shipping Address Anomalies

The Shipping Address Anomalies module watches for three patterns that individually suggest little but together often indicate reshipping fraud or shipping-address manipulation: address diversity, billing/shipping country mismatch, and address change velocity. The module’s total contribution is capped at -50.

Signal 1: Address diversity ratio

TrustLens counts distinct shipping addresses used across a customer’s orders and divides by total orders. A ratio above 0.8 (more than 80% of orders shipped to different addresses) applies -15 points. A ratio above 0.5 applies -10. Above 0.3 applies -5.

A repeat buyer who consistently ships to a handful of addresses — home, office, occasional gift — will show a ratio well below 0.3 and trigger nothing. A customer who ships every order to a different address is a different story, especially at scale.

Signal 2: Billing/shipping country mismatch

TrustLens tracks the distinct countries used for billing addresses and shipping addresses. When billing and shipping countries differ across orders, it applies a penalty scaled to the degree of mismatch. This signal catches reshipping patterns where goods are purchased with a domestic card but delivered abroad, or where billing details suggest one geography and shipping suggests another.

Signal 3: Address change velocity

Rapid changes to shipping address within a configurable window (default: 30 days, adjustable from 7 to 90 days in Settings) trigger a velocity penalty. A customer updating their address once is unremarkable. A customer cycling through 5 distinct shipping addresses in 30 days is not.

Signal 4 (Pro): Address diversity trend

Pro adds a trend-detection layer that identifies sudden behavioral shifts in shipping address diversity. A customer whose ratio was stable at 0.2 for 50 orders and then jumps to 0.9 over the last 10 orders is more concerning than a customer who has always had a 0.9 ratio. The trend signal applies an additional penalty for these late-onset patterns.

Module 7: Chargeback Tracking

The Chargeback Tracking module applies the largest single penalties in the TrustLens scoring system. A lost chargeback is one of the clearest signals that a transaction was fraudulent, and TrustLens treats it accordingly.

This module is available in the free version as of TrustLens version 1.2.1. For stores using Stripe or WooPayments, disputes ingest automatically via webhook. For other gateways (PayPal, Square, offline), you can record chargebacks manually from the order edit page.

Lost dispute penalties

• 1 lost dispute: -30 points
• 2 lost disputes: -40 points
• 3+ lost disputes: -50 points (“major risk”)

Pending disputes

Disputes that have not yet resolved carry a -20 penalty per pending dispute. This is meaningful because dispute resolution can take weeks or months. TrustLens does not wait for an outcome to start surfacing the risk.

Won disputes and dispute rate

A dispute that the store wins still applies a small -5 penalty if the customer has no lost disputes. The customer filed a dispute — that alone is a signal. For customers with 5+ orders, a dispute rate of 10% or above (disputes relative to total orders) adds -15 for a high dispute rate signal.

A clean history is rewarded

Customers with 10 or more completed orders and zero disputes earn +10 for an unblemished dispute history. This is a meaningful positive signal for loyal, long-tenured customers.

The minimum-order threshold applies here too

As of version 1.2.3, the chargeback module respects the minimum-order threshold. A one-time buyer who files a legitimate dispute will not receive the -30 penalty until they have met the minimum order count. This prevents a single disputed first purchase from permanently tainting a customer profile that has no other data.

Module 8: Card-Testing Defense

The Card-Testing Defense module is unusual among the eight because it operates in two distinct modes: real-time blocking (at checkout, before the payment gateway is reached) and retrospective scoring (a trust-score signal applied after an attack is detected).

Real-time blocking (not a scoring event)

During an active card-testing attack, TrustLens watches per-device decline rates in 60-second and 10-minute rolling windows. When a device fingerprint crosses the threshold, it is locked out for 90 seconds. This happens before any customer score is affected — it is a gate-level block, not a scoring event.

The VIP customer bypass ensures that customers with sufficient completed orders are never caught by velocity rules. The one-click Panic Freeze button halts all checkouts for up to 15 minutes during an attack your thresholds have not caught.

The trust-score signal: -30 points

When a device fingerprint is confirmed as involved in a card-testing attack, TrustLens marks it as tainted. Any customer account linked to a tainted fingerprint receives a fixed -30 point signal from this module. The penalty is constant regardless of the number of tainted fingerprints — but it is one of the hardest single-module penalties in the system.

This signal matters because card-testing attacks are often tied to stolen payment credentials, and a customer account linked to a device that ran stolen cards is worth watching even after the immediate attack has ended. The signal appears on the customer’s profile with an explanation of how many tainted fingerprints they are linked to.

The Loyalty Bonus: Account Age

After all eight modules contribute their signals, TrustLens adds one more adjustment that cannot be negated by any module: an account age loyalty bonus based on how long the customer has been with your store (measured from their first order date).

• First order 90–179 days ago: +5 points
• First order 180–364 days ago: +10 points
• First order 365+ days ago: +15 points

This bonus applies unconditionally — a customer who has been ordering from your store for over a year earns the full +15 even if they have some return activity or coupon usage. The design intent is to protect loyal long-term customers from being misclassified based on signals that might look suspicious in isolation but are consistent with a genuine, high-volume relationship.

The loyalty bonus is also why two customers can look different even with identical recent behavior: a 14-month customer with a 35% return rate lands at a very different score than a 2-month customer with the same rate.

How Scores Map to Segments

Once the final score is calculated and clamped to 0–100, TrustLens maps it to one of six segments using default thresholds. All thresholds are configurable.

Allowlisted customers are always scored at 100 and placed in VIP regardless of their behavioral signals. The allowlist is an explicit override — it means you have decided this customer is trustworthy regardless of what the data shows.

Why Two Customers With 20 Orders Can Score 30 Points Apart

This question comes up often when store owners first start reviewing customer profiles. Two customers with identical order counts and similar average order values can sit in very different segments. Understanding why makes the scoring system much easier to interpret.

Consider two customers, both with 20 completed orders, both scoring zero on coupon abuse:

Customer A has been with the store for 14 months, returns 10% of orders, no disputes, no linked accounts, consistent shipping address. The scoring looks like: base 50 + loyalty +15 + clean orders +15 + low return +10 = 90. That is a VIP.

Customer B has been with the store for 4 months, returns 45% of orders, one pending dispute, shares a shipping address with a blocked account, and 90% of refunds are full refunds. The scoring looks like: base 50 + loyalty +5 (only 4 months) – returns high -25 – wardrobing -10 – refund value (if over $1k) -5 – dispute pending -20 – linked account to blocked -10 = -15, clamped to 0–100 → arrives near 0. That is Critical.

Same order count. Same module coverage. Completely different outcomes because the patterns are different, not just the totals.

What You Can Configure

TrustLens ships with defaults that work for most stores, but a number of scoring parameters are adjustable in Settings without touching any code:

• Minimum orders threshold — before any module scores the customer (default: 3)
• Return rate high threshold — the rate that triggers the -25 penalty (default: 40%)
• Return rate critical threshold — the rate that triggers the -40 penalty (default: 60%)
• Category risk weights — per WooCommerce product category slug
• Linked accounts penalty per high-risk link — additional points per Risk/Critical linked account (default: 5)
• Address velocity window — how many days to look back for rapid address changes (default: 30, range: 7–90)
• Segment thresholds — the score cutoffs for each of the six segments
• Card-testing velocity thresholds — the decline counts in rolling windows that trigger a targeted block (Pro adds per-fingerprint overrides)

Changing segment thresholds is the most powerful lever if you want to recalibrate how aggressively TrustLens classifies customers. Raising the VIP threshold to 95 narrows the VIP pool. Raising the Risk threshold to 20 sends more customers into Critical. Make these changes deliberately and check the segment distribution on the dashboard after any adjustment.

Frequently Asked Questions

Does TrustLens automatically block customers based on score?

No, not in the free version. TrustLens surfaces the risk data and score, but every action — blocking, allowlisting, manual review — is a decision you make. The free version is manual by design. Pro adds automation rules that can trigger actions when scores drop below a threshold, when disputes are filed, or when linked accounts are detected, but those rules require deliberate configuration.

How quickly does a score update after a new event?

Score recalculation is queued immediately when a triggering event occurs (order completion, refund, dispute filing). The queue is processed by Action Scheduler, the same background system WooCommerce uses for its own jobs. On a typical shared host, scores update within a few minutes of the triggering event.

Can I see exactly which signals affected a score?

Yes. Every signal is stored and displayed on the customer profile page as an impact bar. Each module’s label and score adjustment is visible. If you want to understand why a customer scored 28, open their profile and read down the signal list — the answer will be there.

What happens to a score if a module is disabled?

If you disable a module in Settings, its signal is excluded from future recalculations. Existing scores will reflect the old signal until the next recalculation event. You can trigger a manual recalculation from the customer list using bulk actions.

Does the scoring account for guest checkouts?

Yes. TrustLens identifies customers by a hash of their email address, so guest and registered checkouts with the same email are tracked as the same customer. If a guest later registers, their existing history carries over. The guest-vs-registered distinction does not affect scoring.

How does the loyalty bonus interact with a bad score?

The loyalty bonus is applied after all module signals are summed. It cannot prevent a customer from scoring poorly if the module signals are severe enough — a customer with -60 from modules gets a final score of 50 + (-60) + 15 (loyalty) = 5, which is still Critical. But it does provide meaningful protection for long-tenured customers who have some blemishes. A 14-month customer with a 40% return rate scores much better than a 2-month customer with the same rate.