What is a customer trust score?

A WooCommerce customer trust score — sometimes called a risk score — is a single number that summarizes everything your store has observed about a customer’s behavior. Rather than asking “did this transaction pass our fraud filter?”, it asks a broader question: “based on everything this customer has done here, how much trust have they earned?”

That distinction matters. A transaction-level check looks at one order in isolation. A behavioral trust score looks at the customer across every order they have ever placed with you: their return patterns, their cancellation history, the way they use coupons, whether the same shipping address turns up under multiple email accounts, and whether any of their past orders have ended in a chargeback.

In practice, most WooCommerce risk scoring systems — including TrustLens — express this as a number on a 0–100 scale. A score near 100 reflects a long, clean history with no abuse patterns. A score near 0 reflects a customer who has accumulated multiple serious signals that suggest either habitual abuse or fraud. Most customers land somewhere in the middle, especially when they are new.

Why behavioral scoring beats IP blocking and static rules

The most common fraud-prevention instinct is to block bad actors by their IP address, country, or payment method. It sounds logical. If a bad order came from this IP, block that IP. If a disproportionate number of chargebacks come from certain countries, block those countries.

The problem is that this approach targets attributes, not behavior. And attributes change constantly — fraudsters use VPNs, shared addresses, and stolen card details that belong to perfectly legitimate cardholders. Meanwhile, your static rules eventually catch real customers who happen to share those attributes. You block a legitimate buyer because they are traveling and using a hotel’s Wi-Fi. You reject an order from a new market you are trying to grow into.

Behavioral scoring works differently. Instead of asking “what does this order look like?”, it asks “what does this customer’s full history look like?” That is a much harder question to game. A fraudster can spoof an IP. They cannot fake six months of completed orders, a low return rate, and no coupon abuse — because they have not placed those orders with you.

The practical result is fewer false positives. You can let orders from unfamiliar IP addresses through if the customer behind them has a solid twelve-month history, and you can flag a low-value order from a customer who has disputed three previous charges — even if the order itself looks completely ordinary.

For a deeper look at why this shift in framing matters, the post on IP blocking vs. behavioral fraud scoring in WooCommerce covers the tradeoffs in more detail.

What signals feed a risk score

A well-designed risk score is built from multiple detection modules, each contributing a positive or negative adjustment to the base score. The signals generally fall into two categories: behavioral signals (patterns that emerge from what a customer does over time) and structural signals (facts about their orders and account).

TrustLens uses eight detection modules, all active in the free version. Here is what each one measures and how it shapes the score.

Return abuse detection

This module tracks each customer’s return rate as a percentage of their completed orders, their total refund value, and whether their refunds tend to be full refunds versus partial ones. A customer with a 65 percent return rate receives a meaningful negative adjustment to their score. A customer with five or more completed orders and a return rate below 5 percent receives a positive adjustment — a signal that they complete purchases reliably.

The module also flags wardrobing specifically: a pattern where a customer consistently returns items in full rather than seeking partial refunds. When 90 percent or more of a customer’s refunds are full-value returns, that is surfaced as a distinct signal alongside the raw return rate.

Order pattern analysis

This module looks at the overall shape of a customer’s order history: how many completed orders they have, their net lifetime value after refunds are subtracted, and their cancellation rate. Positive adjustments come from a track record of completed, non-refunded orders. Negative adjustments come from a high cancellation rate — specifically when a customer has cancelled 30 percent or more of their orders. A high net customer value also contributes a small positive signal.

Coupon abuse detection

The most diagnostic pattern here is coupon-then-refund: a customer who repeatedly uses a discount code and then returns the item. A single instance leaves a small mark on the score. Three or more instances is treated as a clear abuse pattern and carries a substantial negative adjustment. The module also flags customers who consistently use coupons on almost every order relative to their total order count, since that pattern, combined with a refund history, can indicate systematic discount extraction.

On the positive side, customers who use coupons regularly but have never refunded a coupon order receive a small positive signal — legitimate coupon users who also complete their purchases are demonstrably good customers.

Category-aware risk scoring

Not all returns are equal. A product category that you have marked as high-risk — electronics, designer apparel, tools — carries a heavier weight when a customer’s return history is concentrated in that category. A 40 percent return rate on books is concerning. A 40 percent return rate on electronics, where the margin for abuse is higher and the resale value stronger, is more so. This module lets you configure category risk weights to match your actual catalog.

Linked accounts detection

This is where behavioral scoring reaches beyond what any single-transaction check can see. The linked accounts module creates hashed fingerprints from each order: the shipping address, billing address, phone number, IP address, device (user agent), and payment method token. These fingerprints are stored as HMAC-SHA256 hashes keyed to your site — the plaintext values never leave your database, and the hashes cannot be reversed.

After each order, TrustLens checks whether any of the current customer’s fingerprints match fingerprints associated with a different customer account. If they do — same shipping address appearing under two email addresses, for example, or the same payment method token — those accounts are flagged as linked. A customer with known linked accounts receives a negative score adjustment.

This matters because one of the most common return- and chargeback-fraud patterns is multi-accounting: a customer creates a fresh email address once their first account gets flagged, then continues placing orders. Behavioral scoring that tracks fingerprints across accounts can catch this pattern. For the full detail on how linked-account detection works and what it stores, see the post on fraud rings and linked account detection in WooCommerce.

Shipping address anomalies

This module watches for three specific patterns. The first is address diversity: a customer who ships to many different addresses relative to their total order count. Legitimate customers typically ship to a home address and maybe a workplace — they do not cycle through ten distinct delivery addresses over twenty orders. The second is billing-to-shipping country mismatch, which is a known signal for card-not-present fraud. The third is address-change velocity: a customer who uses several new addresses within a short window, which can indicate either account takeover or deliberate address cycling to evade detection.

Chargeback tracking

Disputes from Stripe and WooPayments are ingested automatically via webhook hooks — no manual entry required for either gateway. The module also supports manual dispute recording for other payment processors. Each dispute is recorded against the customer’s profile. A chargeback history has a significant negative impact on a customer’s trust score, and the module tracks dispute outcomes (won vs. lost) so that customers where you successfully defended can be distinguished from those where you could not.

If you use TrustLens Pro, disputes feed the Chargeback Monitor, which tracks your blended chargeback ratio across payment networks and issues threshold alerts. But the core dispute-tracking signal feeds the trust score on the free plan as well.

Card-testing defense

Card testing attacks — where a bad actor runs rapid sequences of small transactions to find live card numbers — create a different signal pattern than behavioral fraud. The velocity detector watches for rapid failed-payment sequences at checkout. When a card-testing pattern is detected, the attacking session is locked down. Verified, logged-in customers with a good history are excluded from lockdown by default via the VIP Customer Bypass setting.

Account age and loyalty signals

Behavioral signals are all negative or neutral by default — they detect problems. But a scoring system that only punishes customers for bad behavior and never rewards them for good behavior will eventually drift toward over-caution. It will treat a long-time customer who has completed eighty orders exactly the same as someone placing their very first order, because neither has done anything wrong yet.

TrustLens counters this with a loyalty bonus based on the age of the customer’s first order. Customers who have been buying from your store for at least ninety days receive a small positive adjustment. At six months, that bonus increases. At one year or more, the maximum loyalty bonus applies. The longer a customer has ordered from you without triggering negative signals, the more the score reflects that relationship.

This also means that scores are not static. A new customer who places their first order today starts at the neutral base score and earns trust — or loses it — over every subsequent transaction.

Linked accounts and identity fingerprinting

It is worth spending a moment on how the fingerprinting system actually works, because it raises a reasonable privacy question: is this storing customer personal data?

The answer is no. The system never stores an IP address, phone number, or delivery address in plaintext. Each value is normalized (punctuation stripped, abbreviations standardized, phone country codes removed) and then run through HMAC-SHA256 using a key derived from your WordPress site’s auth salt. The resulting hash is what gets stored in the fingerprint table. Two customers with the same shipping address will produce the same hash, which is how the link is detected. But there is no way to reconstruct the original address from the stored hash, and the hash for a given address on your site will differ from the hash for the same address on any other site because the key is site-specific.

This design means that the linked-accounts feature can identify shared identifiers across accounts without retaining the personal data that would require special handling under GDPR or similar privacy regulations.

How the six segments work

A raw 0–100 number is hard to act on quickly. Segments translate that number into a named category that tells you, at a glance, what kind of attention this customer needs. TrustLens uses six segments, each with a default score threshold that you can adjust in settings.

The six segments map to risk management decisions more naturally than a raw number. “This customer is in the Risk segment” is immediately actionable in a way that “this customer has a score of 22” is not. The post on TrustLens segments explained goes into more detail on how segment boundaries interact with store-specific thresholds.

How to read a score in practice

The number and the segment label are a starting point, not a verdict. A score of 35 (Caution) from a customer with three returns on cheap items is very different from a score of 35 from a customer with three chargebacks. The segment name is the same, but the underlying situation is not.

The signal breakdown is where the real diagnostic value lies. Every time a score is calculated, TrustLens records which module contributed what adjustment and why. Looking at the signals lets you see precisely what drove the score down. “Very high return rate: 62%” is actionable. “Three coupon orders refunded (abuse pattern)” is actionable. A raw score without that context is much harder to act on fairly.

There are also circumstances where a low score is not alarming. A customer who placed their first two orders in a category you have marked as high-risk might score below Normal even though they have done nothing wrong — they simply have not built enough history yet. The minimum order threshold (default: 3 completed orders) exists precisely to prevent new customers from being incorrectly penalized. Below that threshold, every customer stays at the neutral base score regardless of what the signals might otherwise suggest.

How to act on scores without hurting good customers

This is the part where most store owners feel stuck. The score gives them information. But what are they supposed to do with it?

A graduated response model is the right framework. The idea is that your response to risk should be proportional to both the risk level and the order value — and that most risky situations should trigger a review, not an immediate block.

Normal and Trusted segments

No action needed. Let orders proceed normally. These customers have nothing in their history that warrants intervention.

Caution segment

For small to mid-value orders, let them through. For high-value orders — anything above a threshold that would be painful to lose to a chargeback — add the order to a review queue and check the signal breakdown before fulfilling. You are looking for whether the caution signals are relevant to this particular order type.

Risk segment

Manual review before fulfillment is appropriate for most orders in this segment. Check whether the signals that drove the score down are abuse patterns (coupon-then-refund, linked accounts, chargeback history) or behavioral quirks with a plausible explanation. A Risk score from a customer with three chargebacks is different from a Risk score from a customer who returned a lot of low-cost items during the holidays.

Critical segment

A Critical score generally warrants a block, but confirm it by reading the underlying signals first. It is possible, though rare, for multiple moderate signals to compound to a Critical score without any single signal being severe. Reading the breakdown takes thirty seconds and is worth doing before you block a customer who might have a reasonable explanation.

In TrustLens Free, blocking is always a manual action — you make the call, and you execute it. The free version never blocks automatically. This is intentional: the cost of an automated false-positive block falls entirely on your customer relationship, and that is a decision the plugin should not make for you without your explicit opt-in. The post on why TrustLens free does not auto-block explains the reasoning in full.

TrustLens Pro adds Automation Rules that can trigger holds, emails, or blocks when scores cross defined thresholds — but these are rules you configure and review, not opaque decisions the system makes on its own.

For comparison, Stripe’s own approach to behavioral fraud — what it calls Stripe Radar — uses a similar graduated model at the payment layer. The post on how Stripe Radar and WooCommerce behavioral detection compare is a useful companion read if you are trying to understand how store-level and gateway-level scoring can complement each other.

Why new customers always start at neutral

Every customer starts at a base score of 50 — the midpoint of the 0–100 scale — and stays at Normal until they have completed at least three orders. This threshold is configurable but defaults to three.

Below that order count, the system does not calculate a signal-weighted score at all. Instead, the customer stays at the base score and is placed in the Normal segment. The reason is statistical: a return rate calculated on one or two orders is not reliable. A customer who returned their very first purchase might have an 100 percent return rate on paper, but that one data point tells you almost nothing about what they will do next. Scoring them low based on that data would create false negatives at exactly the moment when you most want to welcome new customers.

As the order count grows past the minimum threshold, the full signal calculation kicks in and the score begins to reflect the actual pattern of behavior. The score then recalculates automatically after each order status change — completion, refund, cancellation, or dispute — so it stays current without requiring manual intervention.

Common questions

Does the score account for guest checkout orders?

Yes. TrustLens tracks customers by their email address hash rather than their WordPress user ID. A guest who checks out with the same email address they used for a previous registered-account order is recognized as the same customer and their history is combined. Guest orders from a first-time email address create a new customer profile at the base score.

Can a score recover after it drops?

Yes. Scores recalculate from scratch based on the customer’s complete history each time a relevant event occurs. A customer who had an elevated return rate but then completed a sustained run of clean orders — no returns, no cancellations — will see their score improve as those positive signals accumulate. The loyalty bonus for account age also increases over time. A drop in score is not permanent.

What if a score seems wrong?

Read the signal breakdown rather than the number alone. If a signal looks implausible — for example, a linked account flag on a customer you know well — you can investigate the match type (shared IP, shared address, etc.) and decide whether it represents genuine concern or a coincidence. You can also add a customer to your allowlist manually, which sets their score to 100 and bypasses future calculations entirely for that customer.

Does risk scoring replace the need to review chargebacks?

No. Risk scoring helps you identify which customers are likely to generate chargebacks before they happen. But when a dispute does arrive, the evidence-building process is separate. TrustLens surfaces the customer’s history on the dispute, which helps with evidence — but the chargeback response process itself is its own workflow. The post on WooCommerce chargebacks and disputes — a store owner’s guide covers that process end to end.

Is any of this data shared with third parties?

No. TrustLens stores all customer data locally in your WordPress database. There are no outbound data calls to external scoring services. The plugin’s Freemius-powered licensing SDK is entirely opt-in and separate from the fraud detection functionality. The hashed fingerprints that power linked-account detection are site-specific and cannot be correlated across stores.

Key takeaways