TrustLens – Fraud Prevention & Chargeback Defense for WooCommerce
Stop losing money to WooCommerce fraud you can’t see. Serial returners, coupon abusers, fraud rings, and stolen-card bots quietly drain stores — often thousands a year, and by the time your chargeback ratio climbs the damage is done.
TrustLens is a behavior-based customer trust scoring and fraud detection plugin for WooCommerce. It scores every shopper 0–100 from real store behavior and sorts them into six segments — VIP, Trusted, Normal, Caution, Risk, Critical. Eight detection modules run in the background, from return abuse to card-testing attacks at checkout. You see exactly which signals moved each score, and you decide what to do.
TrustLens never auto-blocks in Free. You review the profile and choose: block at checkout, allowlist forever, or just watch the trend. All data stays inside your store (no third-party calls), with identifiers pseudonymized via keyed HMAC-SHA256.
Free — the complete plugin
- All 8 detection modules — return abuse, order patterns, coupon abuse, category-aware risk, linked accounts / fraud rings, shipping anomalies, chargeback tracking (auto-ingest from Stripe & WooPayments), and real-time card-testing defense with a one-click Panic Freeze
- Trust scoring engine — 0–100 score, six segments, every signal visible on the profile, loyalty bonus, configurable thresholds
- Command Center dashboard — score trends, segment distribution, high-risk list, and a chargeback-ratio speedometer (Visa / Mastercard / Amex / Discover)
- Customer management — trust badges on the orders list, detailed profiles, bulk actions, allowlist protection, checkout enforcement (Classic + Blocks)
- Operational — Historical Sync, REST API, HPOS support, GDPR export/erasure, core email notifications
Pro — act on what TrustLens finds
- Advanced Chargeback Monitor — per-brand ratios, 12-month trends, a dispute-deadline worklist, and independently verifiable Dispute Evidence Reports (tamper-evident fingerprint + QR, auto-flags Visa CE 3.0)
- Automation Rules — 15 triggers, 30+ conditions, signed webhooks, async retry, save-time validation
- Card-Testing Defense Pro — auto-escalation, geo-diversity safeguard, allowlists, attack history, and Slack/email alerts
- Payment Method Risk Controls, Scheduled Reports, advanced notifications, and address analysis
Bottom line: Free surfaces the risk. Pro acts on it.
External Services
This plugin may connect to external services as described below.
Freemius SDK
This plugin uses the Freemius SDK for optional usage tracking, license management, and plugin updates.
When data is sent:
- During plugin activation, only if the user explicitly opts in
- When checking for plugin updates
- When activating or deactivating a Pro license
What data is sent:
- Site URL, WordPress version, and PHP version
- Plugin version and activation status
- Admin email (only if opted in)
- License key (Pro version only)
Important: No data is sent unless you explicitly opt in during plugin activation. You can skip the opt-in entirely and use the free version without sharing any data.
- Service: Freemius
- Terms of Service: https://freemius.com/terms/
- Privacy Policy: https://freemius.com/privacy/
Webhooks (Pro, Optional)
When webhooks are enabled in TrustLens settings (Pro feature), the plugin sends HTTP POST requests to URLs configured by the administrator.
When data is sent:
- When a customer’s trust score is updated (if enabled)
- When a customer is blocked (if enabled)
- When a checkout is blocked (if enabled)
- When a high-risk order is placed (if enabled)
- When testing webhook connectivity
What data is sent:
- Customer email hash and, when available, the customer email stored in TrustLens
- Trust score and customer segment
- Event type and timestamp
- Order details for high-risk order events (order ID, total, status)
- Site URL and site name
Important: Webhook endpoints are entirely configured by you. No data is sent to any third-party service unless you explicitly add webhook URLs. The plugin does not send data to the plugin developer or any default external service.
Report Verification (Pro, Optional)
When a Pro “dispute evidence report” is generated, TrustLens can register a tamper-evidence fingerprint of that report with the TrustLens verification service (webstepper.io), so a card issuer or payment processor can independently confirm at a public URL that the report is genuine and has not been altered.
When data is sent:
- Each time a dispute evidence report is generated (Pro feature), while Report Verification is enabled (TrustLens → Chargeback Monitor)
What data is sent:
- A one-way SHA-256 fingerprint of the report and a short derived report ID
- The disputed order’s ID (number only) and a timestamp
- The report’s risk figures: compelling-evidence count, trust score, risk segment, and return rate
- Your site URL
No customer personal data is sent — no names, emails, addresses, IP addresses, or email hashes. The fingerprint is one-way and cannot be reversed into report contents.
Important: This feature is enabled by default and can be turned off at any time on the TrustLens → Chargeback Monitor page (“Report verification”). When disabled, nothing is sent to webstepper.io and the report simply omits the public verification link (it still shows its local fingerprint).
- Service: Webstepper TrustLens Verification
- Terms of Service: https://webstepper.io/terms-of-service/
- Privacy Policy: https://webstepper.io/privacy-policy/
