Hold High-Risk Orders When Your Fraud Tool (Signifyd/NoFraud) Flags Them

· Flow Plus

If you run a dedicated fraud provider like Signifyd or NoFraud, you’ve probably hit this wall: Shopify Flow’s built-in Order risk analyzed trigger works off Shopify’s own risk assessment, not your external tool’s verdict. So when your fraud vendor returns a decline or a “review” recommendation, Flow doesn’t automatically know about it.

This guide shows how to make an external fraud verdict hold and tag the order in Shopify, using Flow.

Why the native trigger isn’t enough

Shopify’s order-protection automations and the Flow risk trigger are built around Shopify’s internal fraud analysis (Shopify Flow for protecting orders). Third-party providers run their own models and deliver their verdict over a webhook or API callback — for example, NoFraud (now Wyllo) documents Shopify workflow automation around its own decision events (Wyllo Help Center). Those verdicts arrive outside Shopify, so a native Flow trigger never sees them.

That’s the same first-mile gap that affects every external integration: Flow can act on Shopify, but it can’t start from an outside event without a relay.

The fix: relay the fraud verdict into Flow

  1. Create a custom channel in Flow Plus and copy the signed webhook URL.

  2. Point your fraud provider’s webhook (or a thin callback from your fraud middleware) at that URL when an order is flagged.

  3. Map the verdict fields onto the Flow trigger:

    order.id        → Field1
risk_score      → Field2
reason          → Field3
customer.email  → Field4
(full payload)  → JSONString

  4. Build the Flow workflow. Using {{ Field1 }} (the order ID) and {{ Field2 }} (the score):

    • Condition: if Field2 is above your threshold, or Field3 equals a high-risk reason code.
    • Action: hold the order’s fulfillment, add an internal fraud-review tag, and notify your CX team in Slack.
    • Optionally schedule a manual-review reminder.

Because the entire provider payload is available as JSONString, you can decode any extra signal (device fingerprint, AVS result, recommendation text) inside a Run Code step without remapping fields.

Why do it through Flow at all?

You keep one place — the Shopify Flow editor your team already uses — for the order-hold logic, instead of scattering it across your fraud tool, a custom script, and Shopify’s admin. Flow Plus is the privacy-first relay in front of it: it fires the trigger and never reads your store data.

Want the full pattern? Start with the pillar guide: How to trigger a Shopify Flow workflow from an external webhook.

Try it on your store

Install Flow Plus, paste a webhook URL, and trigger your first Shopify Flow in minutes.

Install on Shopify