What Is TrustLens
6 min read
TrustLens is a behavior-based customer trust scoring and fraud detection plugin for WooCommerce. It analyzes the order, refund, coupon, dispute, and checkout data your store already generates, turns it into a single 0–100 trust score per customer, and sorts every shopper into one of six risk segments — VIP, Trusted, Normal, Caution, Risk, or Critical. Eight detection modules run quietly in the background so abuse patterns surface before they cost you margin.
Core Capabilities #
TrustLens is built around four ideas: see every customer clearly, catch the abuse patterns that drain margin, give you the data to act, and never auto-block in the free tier without your explicit decision.
Trust Score Engine #
Every customer receives a 0–100 trust score recalculated automatically when behavior changes — a new order, a refund, an applied coupon, a recorded dispute, or a card-testing event. Scoring runs asynchronously through Action Scheduler (the same background system WooCommerce uses) so it never blocks the frontend. Customers below the configurable minimum-orders threshold (default: 3) stay in the Normal segment until enough data exists for confident scoring, so new stores don’t get noisy false positives in their first weeks.
Six Customer Segments #
The 0–100 scale is split into six clearly defined segments, each with its own color, icon, and recommended treatment:
| Segment | Score | Meaning | Suggested Treatment |
|---|---|---|---|
| VIP | 90–100 | Long-tenured, high-value, low-friction customers | Reward, fast-track, protect from false positives |
| Trusted | 70–89 | Reliable repeat buyers | Normal processing |
| Normal | 50–69 | Average customer, no notable signals | Normal processing |
| Caution | 30–49 | Early warning signs — watch the trend | Monitor, consider optional friction |
| Risk | 10–29 | Behavior pattern consistent with abuse | Hold for review, require account creation |
| Critical | 0–9 | Confirmed abuse signals across multiple modules | Manual approval or block |
Eight Detection Modules #
TrustLens ships with eight independent detection modules. Each emits its own signals into the score, so you can see exactly which patterns moved a customer in either direction:
- Return Abuse Detection — refund rate, refund frequency, refund value, full-vs-partial ratio
- Order Pattern Analysis — completion rates, cancellation patterns, order velocity
- Coupon Abuse Detection — repeat first-order coupons, coupon-then-refund cycles, coupon stacking
- Category-Aware Risk Scoring — extra risk where return rates are concentrated in specific product categories
- Linked Accounts Detection — accounts sharing shipping/billing addresses, phone numbers, IPs, payment methods, or device fingerprints
- Shipping Address Anomalies — address hopping, billing/shipping country mismatches, address-change velocity
- Chargeback Tracking — per-customer dispute history with automatic ingestion from Stripe and WooPayments
- Card-Testing Defense — real-time decline-velocity monitoring at checkout with attacker fingerprint lockouts
Command Center Dashboard #
One screen at TrustLens → Dashboard surfaces the metrics that matter: trust score trends over the last 30 days, segment distribution across all customers, refund activity, the high-risk customer list, the chargeback ratio speedometer against Visa, Mastercard, Amex, and Discover monitoring thresholds, and revenue-protection KPIs. A persistent plugin-wide admin header gives every page a live status pill, notifications bell, and ⌘K command palette for fast access to any customer, page, or setting.
You Decide What Happens #
TrustLens never auto-blocks in Free. When a customer enters Risk or Critical, you review their profile — every signal that moved their score is shown with its specific reason — and you choose what to do: block at checkout, allowlist forever, hold orders for review, or simply watch the trend. Nothing happens behind your back.
Key Benefits #
| Benefit | Description |
|---|---|
| See the money you’re losing | Refund value, coupon abuse, and chargeback exposure rolled into per-customer numbers you can act on. |
| Protect the customers worth keeping | VIP segmentation and allowlist locking ensure your best customers never get caught by false positives. |
| Stay below card-network thresholds | Blended monthly chargeback ratio against Visa VDMP/VFMP, Mastercard ECP, Amex, and Discover programs so you see trouble coming. |
| Stop card-testing attacks live | Real-time decline-velocity detection, attacker fingerprint lockouts, and one-click Panic Freeze if an attack escalates. |
| Explain every decision | Every signal on every score is visible, so CX teams can justify a hold, block, or refund denial with data. |
| No third-party data sharing | All scoring runs inside your WordPress install — no external API calls, identifiers are pseudonymized with keyed HMAC-SHA256. |
Who Should Use TrustLens? #
- WooCommerce store owners losing margin to serial returners, refund abuse, or coupon fraud
- Operations and CX managers who need data to back up customer policies with confidence
- Fraud prevention teams looking past payment-gateway signals into behavioral patterns
- Merchants worried about chargeback monitoring programs (VDMP / VFMP / ECP)
- Stores with generous return policies that attract both loyal customers and abuse
- Stripe / WooPayments stores where dispute and card-brand data ingest automatically
- Stores on other gateways (PayPal, Square, offline, custom) using manual chargeback entry to keep their ratio accurate
How It Works #
1. Install and Sync #
Activate the plugin, then run Historical Sync from the dashboard. TrustLens reads your existing WooCommerce orders, refunds, and disputes in small background batches and builds a trust profile for every past customer. The sync runs through Action Scheduler and does not affect site performance.
2. Detection Runs Automatically #
From activation onward, all eight detection modules listen for relevant WooCommerce events — order completed, refund issued, coupon applied, dispute filed, decline received at checkout — and log signals to a customer’s record. Score recalculation is queued automatically with deduplication so a single customer placing five orders in a minute is recalculated once, not five times.
3. Review Risk and Act #
The Dashboard surfaces customers who need attention. The Customer Detail page shows the full event timeline, every signal that contributed to the score, linked accounts, and a return-rate trend chart. From there you can block at checkout, add to the allowlist, leave admin notes, or trigger a manual recalculation.
4. Automate (Pro) #
Pro adds an automation engine with 16+ triggers, 30+ condition fields, and async-dispatched actions. Rules fire when risk changes — e.g. “If chargeback filed and trust score < 30, send Slack alert and block customer.” A save-time validator blocks rules that can never fire so you don’t discover broken automation only when an attack lands.
Free vs Pro Comparison #
| Feature Category | Free | Pro |
|---|---|---|
| Detection | ||
| All 8 detection modules | ✓ | ✓ |
| Trust scoring engine (0–100, 6 segments) | ✓ | ✓ |
| Per-customer signal visibility | ✓ | ✓ |
| Account-age loyalty bonus | ✓ | ✓ |
| Advanced address-diversity analysis | — | ✓ |
| Card-Testing Defense | ||
| Real-time velocity detection | ✓ | ✓ |
| Panic Freeze button | ✓ | ✓ |
| VIP customer bypass | ✓ | ✓ |
| Auto-escalation to global Panic Freeze | — | ✓ |
| Geographic-diversity safeguard | — | ✓ |
| Fingerprint / IP CIDR allowlists | — | ✓ |
| 12-font advanced fingerprint signal | — | ✓ |
| Attack History tab + CSV export | — | ✓ |
| Slack + email attack alerts | — | ✓ |
| Chargeback Monitor | ||
| Blended monthly ratio speedometer | ✓ | ✓ |
| Stripe / WooPayments auto-ingestion | ✓ | ✓ |
| Manual dispute entry | ✓ | ✓ |
| Per-brand Visa/MC/Amex/Discover breakdown | — | ✓ |
| 12-month trend chart | — | ✓ |
| Trailing-30-day window | — | ✓ |
| Dispute Evidence Report (print-ready) | — | ✓ |
| Auto-block after N lost disputes | — | ✓ |
| Daily ratio email alerts | — | ✓ |
| Customer Management | ||
| Trust badges on WooCommerce orders list | ✓ | ✓ |
| Customer detail profile | ✓ | ✓ |
| Block / Allowlist / Bulk actions | ✓ | ✓ |
| Checkout enforcement (Classic + Blocks) | ✓ | ✓ |
| Order-edit-screen trust display | ✓ | ✓ |
| Automation | ||
| Automation rules engine | — | ✓ |
| 16+ triggers, 30+ condition fields | — | ✓ |
| HMAC-SHA256 signed webhooks | — | ✓ |
| Async dispatch with retries | — | ✓ |
| Save-time validator + rule inspector | — | ✓ |
| Notifications & Reports | ||
| Core email notifications (block, weekly, activation) | ✓ | ✓ |
| 10 advanced notification types | — | ✓ |
| Scheduled reports (daily/weekly/monthly) | — | ✓ |
| Payment Method Risk Controls | — | ✓ |
| Platform | ||
| REST API (8 endpoints) | ✓ | ✓ |
| WooCommerce HPOS compatible | ✓ | ✓ |
| GDPR privacy export / erasure | ✓ | ✓ |
| Historical Sync | ✓ | ✓ |
| Priority support | — | ✓ |
The WordPress.org download is the complete plugin — no trial limits, no disabled scoring, no locked modules. Everything in the Free column above ships in the free release.
Technical Requirements #
| Requirement | Minimum | Recommended |
|---|---|---|
| WordPress | 6.4 | 6.8+ |
| WooCommerce | 8.0 | 9.5+ |
| PHP | 7.4 | 8.1+ |
| MySQL | 5.6 | 8.0+ |
| MariaDB | 10.1 | 10.6+ |
| PHP Memory Limit | 128 MB | 256 MB+ |
Compatibility #
- HPOS Compatible — Full support for WooCommerce High-Performance Order Storage
- Classic + Blocks Checkout — Unified Request Gate intercepts both Shortcode and Store API checkouts through one rule surface
- Stripe + WooPayments — Native dispute and card-brand ingestion via webhooks
- Other gateways — Manual dispute entry keeps your ratio accurate on PayPal, Square, offline, and custom gateways
- Block + Classic themes — No frontend dependencies on theme markup
Privacy and Data Handling #
TrustLens runs entirely inside your WordPress and WooCommerce installation. It does not send customer data to Webstepper or to any default third-party service. External delivery only happens if you explicitly configure webhooks, Slack alerts, or email notifications.
- Customer identifiers are pseudonymized with keyed HMAC-SHA256 hashes so raw email values are never exposed or reused across sites
- Linked-account fingerprints (address, phone, IP, payment method, device) use the same keyed-hash approach
- WordPress privacy tools are fully integrated — customers can request export or erasure through the standard WordPress workflow, and TrustLens returns signals, fingerprints, category stats, and automation logs
- GDPR-compatible by design
Architecture Highlights #
- Modular Detection — Each detection type is a self-contained module that can be toggled independently
- Asynchronous Scoring — Action Scheduler queues score recalculations with deduplication so duplicate triggers collapse into one job
- Unified Request Gate — A single rule-registration surface intercepts both Classic and Blocks / Store API checkout
- Transient-Cached Dashboard — 15-minute and 1-hour TTLs with automatic invalidation on new events
- Security First — Nonce verification, capability checks, prepared statements, and keyed-hash pseudonymization throughout
- WordPress Standards — Follows WordPress and WooCommerce coding standards; no framework dependencies
