How to Build a Manual Review Workflow for Risky WooCommerce Orders
Store Security — TrustLens
How to Build a Manual Review Workflow for Risky WooCommerce Orders
A practical, operator-focused guide to deciding which orders actually need a second look, reading the signals TrustLens surfaces, and building a review process fast enough that it doesn’t slow down your fulfillment.
When a flagged order lands in your queue, the instinct is often to reach for the most decisive tool available — block the customer and move on. It feels clean. It feels safe. But for most WooCommerce stores, especially those running TrustLens on the free plan where manual review is the only option, a thoughtful review process is not a consolation prize. It is the right approach.
Auto-blocking removes human judgment from decisions that carry real consequences. A wrong block doesn’t just lose one order — it loses a customer, possibly a repeat buyer, and sometimes generates a dispute if they contest a charge that was never processed. The value of a manual review workflow isn’t that it’s slower. It’s that it’s fairer, and over time, that fairness pays off in fewer wrongly blocked customers and better-calibrated signals.
This guide walks through how to build that workflow from scratch — which orders to pull for review, what TrustLens actually shows you inside each one, how to use the allowlist to stop your best customers from ever appearing in the queue, and how to keep the whole process tight enough that it doesn’t slow down your fulfillment.
Why manual review beats auto-blocking for most stores
Auto-blocking sounds efficient, but it trades one problem for another. Every automatic block based on a risk score carries a built-in false-positive rate. Risk scores are statistical summaries — they describe patterns, not certainties. A customer who returned several items during a difficult few months will have a lower trust score than their long-term behavior warrants. If an auto-block rule fires on that score, you block a real customer for a temporary pattern.
The cost of that block is asymmetric. If you block a fraudster, you avoid one bad order. If you block a legitimate customer, you lose that customer’s lifetime value, generate a negative experience that they may share, and — if they dispute the situation — potentially invite a chargeback of your own making. The higher the customer’s lifetime value, the higher the cost of a false block.
The false-positive cost is rarely symmetric
Missing one fraudulent order typically costs you the margin on that order. Wrongly blocking a loyal customer can cost you their entire remaining lifetime value — and their social influence if they talk about the experience. Manual review lets you distinguish between these cases before taking irreversible action.
Manual review is also how you calibrate. When you review a flagged order and decide to approve it, you learn something about which signals are noisy at your store. When you cancel one and it turns out to have been legitimate, you learn what a false positive looks like in practice. That feedback loop makes your judgment better over time. An auto-block rule just fires and moves on.
In TrustLens Free, this isn’t a philosophical choice — it’s the only mode available. The free version flags and scores every customer, surfaces the signals behind each score, and shows that information prominently on the order screen. But it never blocks automatically. For more on why that design decision was made deliberately rather than as a feature limitation, the post on why TrustLens free does not auto-block explains the reasoning in full.
Which orders actually need reviewing
Not every flagged order warrants the same attention. A useful review workflow starts with a clear triage rule: which segment triggers a review, and under what conditions?
TrustLens assigns every customer to one of six segments based on their trust score. Understanding what each segment represents is the foundation of any triage decision. For a full explanation of what goes into a trust score and how the segments are calculated, the post on understanding WooCommerce customer trust scores and segments covers the mechanics in detail.
Score 100 (allowlisted) / 90–100
VIP
No review needed. Allowlisted customers are forced to score 100 and bypass all module calculations entirely. Customers who reached this segment through score alone have a long, clean history. Let orders proceed.
70–89
Trusted
No review needed in most cases. These customers have a solid, established history with no significant abuse signals. You can let orders proceed unless an order is unusually large relative to their past behavior.
50–69
Normal
Review only if the order value is high enough that a loss would be painful. Normal-segment customers have not accumulated meaningful negative signals — they just have not built enough history yet, or have one minor signal without a pattern. Most do not need a second look.
30–49
Caution
Review recommended for orders above your value threshold. Caution means meaningful signals have accumulated — an elevated return rate, a cancellation pattern, some coupon abuse — but not enough to be conclusive. A thirty-second signal check before fulfilling a high-value order is worth it.
10–29
Risk
Review all orders before fulfillment. Multiple strong negative signals are present — a high return rate combined with coupon abuse, or linked accounts alongside a chargeback history. This does not mean you cancel every Risk-segment order. It means you look before you ship.
0–9
Critical
Review immediately. A Critical score requires multiple severe signals to compound — multiple chargebacks, a very high return rate, linked account flags. Even here, read the underlying signals before acting. A block is often warranted, but the signal breakdown is worth the thirty seconds it takes to check.
A practical starting point for most stores: review all Caution orders over your average order value, review all Risk orders regardless of value, and treat Critical as requiring immediate attention before fulfillment proceeds.
Set your value threshold based on what a loss actually costs you
There is no universal right answer for the order-value threshold that triggers a Caution review. A $50 threshold might make sense for a store where the average order is $30. A $200 threshold might be right for a store selling digital products with high margins. Pick a number that represents “a loss here would hurt” — and revisit it quarterly as your average order value shifts.
What to look at inside a flagged order
When you open a flagged order in WooCommerce, TrustLens adds a Customer Trust meta box to the order detail screen on the right-hand side. This meta box shows the customer’s current trust score, their segment, and the breakdown of which detection modules contributed signals to that score.
The meta box is your primary review tool. It answers the question “why is this customer flagged?” without requiring you to dig through order history manually. Here is what each section of the breakdown tells you.
The score and segment label
The number at the top is the most recent trust score for this customer — recalculated automatically after each completed order, refund, cancellation, or dispute. The segment label (VIP, Trusted, Normal, Caution, Risk, or Critical) is the actionable summary. Your first question when you see a flagged order should be: which signals drove this segment assignment?
The signal breakdown
Below the score, the meta box lists which detection modules fired and what each one found. TrustLens runs eight modules on every customer — all active in the free plan. Understanding what each one is telling you makes the difference between a useful review and a guess.
High return rate — customer has returned a significant proportion of completed orders, including full-value returns that may indicate wardrobing
Return Abuse
Coupon-then-refund pattern detected — customer has repeatedly used discount codes and then returned the item
Coupon Abuse
Shared shipping address or payment fingerprint detected across multiple customer accounts
Linked Accounts
One or more past chargebacks recorded against this customer’s account
Chargeback History
Customer has shipped to many distinct addresses relative to total order count
Shipping Anomaly
Solid completed-order track record — high net lifetime value, low cancellation rate
Order Patterns
When reviewing a flagged order, the key question is not “is the score low?” — it is “are the signals that drove this score relevant to this particular order?” A customer flagged for return abuse who is now ordering a non-returnable digital product represents a very different risk than the same customer ordering a high-value physical item in your highest-risk category.
Order history context
TrustLens tracks per-customer history across all their orders. When you are reviewing a flagged order, the order-level context matters alongside the customer-level signals. Ask: is the product category one where this customer has a problem history? Is the order value unusually high relative to their prior purchases? Does anything about the shipping address in this order match a pattern that was previously flagged?
A low score does not automatically mean a bad customer
New customers with fewer than the minimum order threshold (default: three completed orders) stay at the neutral base score regardless of signals. A customer who returned their first two orders may look risky on paper while being entirely explainable — a gift purchase that went wrong, a sizing issue, a product that did not match the description. The signal breakdown is what lets you distinguish this from a habitual abuse pattern.
Building the allowlist to stop false flags
The most efficient thing you can do for your review workflow is to make sure your best customers never appear in it. That is exactly what the TrustLens allowlist does.
When you add a customer to the allowlist, TrustLens immediately sets their trust score to exactly 100 and their segment to VIP. Critically, their score bypasses all module calculations entirely — the eight detection modules do not run for allowlisted customers. Their signals array is empty. This is not a score adjustment; it is a complete bypass. No signal from any module will ever drag an allowlisted customer’s score below 100.
This behavior is intentional. Your genuine VIP customers — the ones who have been buying from you for years, whose lifetime value you can verify firsthand, and whose trust you have earned through direct experience — should never be caught in a fraud filter. A tool that occasionally flags your best customers is not a fraud tool; it is a liability.
Who belongs on the allowlist
The allowlist should be reserved for customers where your direct knowledge of the relationship overrides anything a scoring algorithm might calculate. That typically includes:
- Long-standing customers with a verified history — people who have been ordering from you for years and have earned trust through sustained behavior, not just a high score.
- Business accounts with known billing arrangements — B2B customers or trade account holders where the relationship is managed outside the normal retail flow.
- Customers whose score was temporarily distorted by a known event — someone who went through a difficult period, returned several items for understandable reasons, and has since returned to normal ordering behavior. If you are confident the score is a historical artifact rather than an ongoing pattern, the allowlist resolves the issue cleanly.
- Customers who flagged up after a technical issue — if a payment processor problem or shipping error generated an anomalous return or dispute, that can distort a score that would otherwise be clean.
Who does not belong on the allowlist
The allowlist bypasses all scoring. If you add a customer to it incorrectly, no future signal will surface them — even if their behavior deteriorates. Keep it selective. Customers who scored low and you are not sure about should go through the review-and-decide process, not straight onto the allowlist. The allowlist is for customers you already trust, not customers you are still evaluating.
Review your allowlist periodically
Because allowlisted customers bypass all scoring, the list should be reviewed at least once or twice a year. Customer relationships change. A business account that was in good standing two years ago may have changed hands. A long-standing individual customer whose order behavior has shifted should be considered for removal if the relationship no longer justifies the bypass. The allowlist is not a permanent status — it is a considered decision that needs occasional revisiting.
A decision framework: approve, hold, or cancel
Once you have read the signals on a flagged order, you need to decide what to do. There is no decision tree that handles every case, but the following framework covers the vast majority of situations.
Check which signals actually fired
A low segment is caused by specific signals. Read the breakdown. Is the score driven by a chargeback history? A coupon-abuse pattern? Linked accounts? A high return rate? Each of these carries a different implication for the order in front of you. A customer whose score is low because of shipping address diversity is very different from one whose score is low because of three chargebacks.
Ask whether the signals are relevant to this order
A coupon-abuse flag matters more when the current order uses a coupon. A return-abuse flag matters more when the product is in a high-return category. A chargeback history matters more when the order value is high and you have no recourse. If the signals that drove the score are unrelated to the specific risk the current order presents, that is a meaningful reason to proceed.
Consider the order value in context
A $15 order from a Risk-segment customer is a different calculation from a $400 order from the same customer. The cost of a wrong decision scales with order value. For small orders, the cost of reviewing and approving a borderline case is typically lower than the cost of cancelling legitimate orders at volume. For large orders from heavily flagged customers, the calculus reverses.
Approve with normal fulfillment
Use this when the signals don’t materially increase the risk of this specific order, or when the order value is low enough that the downside is acceptable. This is the right call for most Caution-segment orders and many Risk-segment orders where the signals are behavioral (returns, coupon use) rather than financial (chargebacks, linked account fraud). Approving an order after conscious review is not the same as ignoring the signals — it is a considered decision based on them.
Hold and request verification
Use this when the signals are concerning but not conclusive, and the order value is high enough that you want additional confidence. Contact the customer directly — by email is usually enough — to confirm the order details. Most legitimate customers will respond promptly. A fraudster, or a customer who placed the order carelessly, often does not. If you do not receive a response within 24 to 48 hours on a high-value hold, that absence of response is itself a signal.
Cancel and refund
Use this when multiple severe signals compound in a way that makes fulfillment unjustifiable — a chargeback history combined with a linked account flag on a high-value order, for example. Even when cancelling, a brief, neutral customer-facing message explaining that you could not complete the order at this time (without detailing why) is better than silence. Cancel promptly and issue any refund in full. A cancelled order is not a block — the customer can still place future orders.
The hold-and-verify step is underused
Many store owners skip the hold step because it feels awkward to contact a customer about their own order. In practice, it rarely is. Most customers understand that fraud is a real concern for online retailers, and a straightforward “we want to confirm your order details before we ship” message is received without offense. The hold-and-verify step gives you information a risk score alone cannot — a live human response — and it filters out a large proportion of fraudulent orders at no cost to your real customers.
Keeping review fast enough to matter
A review workflow only works if it actually happens. If reviewing flagged orders takes twenty minutes each, or if the process requires navigating to multiple screens to get the information you need, it will get deprioritized as soon as the store gets busy. Building a sustainable workflow means keeping each review to roughly two minutes or less for routine cases.
Use the orders list column as your triage surface
TrustLens adds a sortable, filterable trust score and segment column to your WooCommerce orders list. This is your primary triage surface. Before you open any individual order, you can sort the orders list by trust score to bring all Caution, Risk, and Critical orders to the top, or filter by segment to see only the orders that need attention.
This means your review session starts by scanning a filtered list — not by opening orders one by one and checking each customer’s score individually. A list of twenty orders becomes five after you filter by segment. Those five get reviewed. The rest proceed to fulfillment without touching your queue at all.
Set a fixed daily review window
Rather than reviewing flagged orders reactively — opening each one as it arrives throughout the day — designate a fixed time window for order review. First thing in the morning, before fulfillment runs, is the most natural fit for stores with overnight order volume. This batches the cognitive work of reviewing into a single focused session and avoids the context-switching cost of handling each flagged order as a separate interruption.
For most stores, a well-structured daily review window takes ten to fifteen minutes. If yours is consistently taking longer than that, the workflow likely needs adjustment — either the segment thresholds are too broad, the value threshold for triggering a review is too low, or too many repeat customers who should be on the allowlist are still appearing in the queue.
Prioritize by segment, then by order value
Within a review session, work through the queue in order of priority: Critical-segment orders first, Risk-segment next, then Caution above your value threshold. Within each segment, sort by order value descending. The highest-risk, highest-value combinations get your attention first, while smaller or lower-segment orders flow through quickly.
Document your decisions briefly
When you approve a flagged order after review, add a brief order note: “Reviewed — signals noted, approved to proceed.” When you cancel one, note the reason. This documentation has three benefits. It protects you if the same customer disputes later. It creates a record that a second team member can read if the review responsibility shifts. And it creates a visible record of your own decision-making that you can review over time to assess whether your thresholds are calibrated well.
Where Pro auto-block fits in
Everything described in this guide so far is available in TrustLens Free. Manual review is not a workaround for the Pro plan — it is a complete, sustainable approach that many stores run indefinitely.
That said, there is a specific scenario where automated action becomes genuinely useful: repeat, high-confidence offenders who have already cost you money in lost disputes.
TrustLens Pro includes an auto-block feature that triggers after a configurable number of lost disputes are recorded against a customer’s account. This is not a broad risk-score-based block — it is a narrow automation anchored to the most conclusive signal available: a dispute that you fought and lost. The setting is off by default and is only available in TrustLens Pro.
For stores that have reached a review volume where manually processing every high-confidence repeat offender is impractical, the Pro auto-block provides a targeted layer of automation for that specific case. It does not replace the broader manual review workflow for ambiguous cases — it handles the narrow category of cases where the outcome is already clear from the dispute history.
For the full picture on what happens operationally when a customer is blocked — from their checkout experience to how you can reverse a block — the post on what actually happens when you block a WooCommerce customer covers the mechanics. And for the behavioral scoring approach that TrustLens uses versus IP-blocking or static rule approaches, the post on behavioral fraud scoring vs. IP blocking in WooCommerce explains the architectural difference.
Auto-block is not the default — and that’s intentional
Even in TrustLens Pro, auto-block requires explicit opt-in through settings. The default state is off. This mirrors the philosophy behind the free version’s manual-only approach: automated, irreversible customer actions should be a deliberate configuration choice by the store owner, not a default behavior the plugin imposes.
Common questions
How long should a manual order review take?
For routine flagged orders, two minutes or less. The TrustLens order meta box surfaces the trust score, segment, and signal breakdown without requiring you to navigate away from the order. Reading the signals and making a decision — approve, hold, or cancel — should take roughly the same time as reading a short email. If reviews are consistently taking longer, the most common cause is that too many orders are entering the queue because the segment threshold or value threshold is set too broadly.
What should I do when a Risk-segment customer places a small, low-value order?
For small orders, the economic calculus usually favors a quick look rather than a block. Open the order, read the signal breakdown, and ask whether the signals that drove the Risk score are relevant to this specific order. A customer flagged for coupon abuse placing a small order without a coupon is a reasonable approve. A customer with a chargeback history placing a high-value order in the category where their dispute occurred is worth more scrutiny. The segment is a filter, not a verdict.
Can I review orders in bulk from the orders list, or do I need to open each one individually?
The TrustLens trust score column in the WooCommerce orders list is sortable and filterable, which means you can bring all Caution-and-below orders to the top of your list in one click. For quick triage — deciding which orders to investigate further versus which to let through — the orders list view is enough. For the full signal breakdown on a specific order, you need to open that order. A practical workflow is to filter the orders list, scan for any orders that look obviously safe at a glance, and open only the ones where the segment and value combination warrants a closer look.
Is there a risk that I add someone to the allowlist by mistake and then miss a problem?
Yes, and it is worth taking seriously. An allowlisted customer bypasses all module calculations permanently — no future signal will surface them, even if their behavior changes. This is by design for genuine VIP customers, but it means the allowlist should be curated carefully and reviewed periodically. If you add a customer to the allowlist based on a strong prior relationship and their behavior subsequently deteriorates, the only way to catch that is to remove them from the allowlist so scoring resumes. Treat allowlist additions as decisions that need occasional review, not permanent grants.
Key takeaways
What to remember
- Manual review is the right default for most stores. The cost of a wrongly blocked loyal customer almost always exceeds the cost of one fulfilled fraudulent order. Review gives you the context to distinguish between them.
- In TrustLens Free, manual review is the only mode available. The free plan flags, scores, and surfaces signals for every customer. Blocking is always a conscious manual decision by the store owner.
- Triage by segment: review all Risk orders before fulfillment, all Caution orders above your value threshold, and treat Critical as requiring immediate attention. VIP and Trusted rarely need any intervention.
- The signal breakdown matters more than the score. A Risk-segment score caused by return abuse is a different situation from one caused by a chargeback history and linked accounts. Read the breakdown before deciding.
- The allowlist eliminates false flags for your best customers. Allowlisted customers receive a forced score of 100, segment VIP, and bypass all module calculations entirely. Keep the allowlist selective — it is a permanent bypass, not a temporary override.
- A fixed daily review window beats reactive interruptions. Batch your review into one focused session before fulfillment runs. Filter by segment first, then work through by value. Most sessions should take ten to fifteen minutes.
- Pro auto-block is narrow and opt-in — not a replacement for this workflow. It handles high-confidence repeat offenders with a lost dispute history. It does not replace manual review for the ambiguous cases that make up most of your queue.
TrustLens: Risk scoring and manual review tools, free.
Flagging, trust scoring, the order meta box, the trust score column in your orders list, and the allowlist are all available on the free plan. You get all eight detection modules, per-customer signal history, and the tools to run a full manual review workflow without spending anything. Auto-block after repeated lost disputes is a Pro feature.
