Title: TrustLens – Fraud Prevention & Chargeback Defense for WooCommerce Author: webstepper Published: February 13, 2026 Last modified: June 28, 2026 --- Search plugins ![](https://ps.w.org/trustlens/assets/banner-772x250.png?rev=3580051) ![](https://ps.w.org/trustlens/assets/icon.svg?rev=3461127) # TrustLens – Fraud Prevention & Chargeback Defense for WooCommerce By [webstepper](https://profiles.wordpress.org/webstepper/) [Download](https://downloads.wordpress.org/plugin/trustlens.1.3.4.zip) [Live Preview](https://vec.wordpress.org/plugins/trustlens/?preview=1) * [Details](https://vec.wordpress.org/plugins/trustlens/#description) * [Reviews](https://vec.wordpress.org/plugins/trustlens/#reviews) * [Installation](https://vec.wordpress.org/plugins/trustlens/#installation) * [Development](https://vec.wordpress.org/plugins/trustlens/#developers) [Support](https://wordpress.org/support/plugin/trustlens/) ## Description **Stop losing money to WooCommerce fraud you can’t see.** Serial returners, coupon abusers, fraud rings, and stolen-card bots quietly drain stores — often thousands per year. By the time the chargeback ratio climbs or your margin disappears, the damage is done. TrustLens is a behavior-based **customer trust scoring and fraud detection plugin for WooCommerce**. It scores every shopper from **0 to 100** using real store behavior and sorts them into six risk segments — **VIP, Trusted, Normal, Caution, Risk, Critical**. Eight detection modules run in the background: returns, orders, coupons, categories, linked accounts, shipping anomalies, chargebacks, and card-testing attacks at checkout. You see exactly which signals moved each score, and **you decide what to do** about it. **TrustLens never auto-blocks in Free.** You review the customer profile and choose: block at checkout, allowlist forever, or simply watch the trend. Nothing happens behind your back. All customer data stays inside your store — no third-party calls— and linked-account fingerprints are pseudonymized with keyed HMAC-SHA256 hashes. #### Video Tutorial #### Abuse patterns TrustLens catches TrustLens turns the WooCommerce data you already have into actionable customer intelligence. Instead of reading hundreds of orders and refunds line by line, you get one clear score per customer and a six-segment view of your entire customer base. The dashboard surfaces the patterns that move the needle: * **Return abuse and wardrobing** — serial returners, high refund rates buried across hundreds of orders, customers with 90%+ full-refund ratios * **Coupon and discount fraud** — repeat first-order coupon use, coupon-then-refund cycles, throwaway accounts created only to grab a discount * **Multi-account fraud rings** — different emails sharing the same shipping address, IP, payment method, phone number, or device fingerprint * **Chargeback exposure** — disputes per customer, blended store-wide chargeback ratio, brand-by-brand approach to Visa, Mastercard, Amex, and Discover monitoring thresholds * **Card-testing attacks at checkout** — bots probing stolen cards through your payment gateway, racking up declines, fees, and downstream chargebacks * **Shipping address fraud** — address hopping, billing/shipping country mismatches, rapid address-change velocity, reshipping patterns * **Hidden VIPs** — long-tenured loyal customers you should protect from accidental friction or false positives You see who’s worth rewarding, who’s silently costing you, and you take the call. #### What’s included in the free version The WordPress.org download is the **complete plugin** — no trial limits, no disabled scoring, no locked modules. Everything below ships in Free. **Detection — all 8 modules included** * **Return Abuse Detection** — analyzes refund rate, refund frequency, refund value, and full-vs-partial refund ratio to spot serial returners and wardrobing * **Order Pattern Analysis** — completion rates, cancellation patterns, unusual order velocity * **Coupon Abuse Detection** — repeat first-order coupon use, coupon-then-refund pattern, excessive coupon stacking * **Category-Aware Risk Scoring** — applies extra risk when customers show high return rates in specific product categories * **Linked Accounts Detection** — identifies accounts sharing shipping addresses, billing addresses, phone numbers, IPs, payment methods, or device user-agent fingerprints * **Shipping Address Anomalies** — address hopping, billing/shipping country mismatches, address-change velocity, configurable velocity window (7–90 days) * **Chargeback Tracking** — per-customer dispute history with automatic ingestion from Stripe and WooPayments, manual entry form for other gateways, automatic card-brand capture for accurate ratio reporting * **Card-Testing Defense** — real-time decline-velocity monitoring in a 60-second rolling window, matching on both the browser fingerprint and a server-side fingerprint( IP and user agent) so bots can’t evade by rotating their browser fingerprint; attacker devices locked out of checkout for 90 seconds, VIP customer bypass on by default so repeat buyers are never disrupted, one-click Panic Freeze button that halts all checkouts for 15 minutes during an active attack **Trust scoring engine** * **0–100 trust score** for every customer, recalculated automatically when behavior changes * **Six risk segments** — VIP, Trusted, Normal, Caution, Risk, Critical * **Every signal visible on the customer profile** so you can see exactly how a score was calculated * **Account-age loyalty bonus** up to +15 points for long-standing customers * **Configurable scoring thresholds** — minimum orders required, return-risk levels, checkout-blocking settings **Dashboard and monitoring** * **Command Center dashboard** — trust score trends, segment distribution, refund activity, high-risk customer list, revenue-protection KPIs * **Chargeback Ratio Speedometer** — blended calendar-month ratio with Healthy / Approaching threshold / Action-needed status against Visa, Mastercard, Amex, and Discover monitoring programs * **Module status row** — quick on/off and one stat per detection module at a glance * **Guided onboarding and in-app help** — Quick Start setup card, plain-language score summaries, a VIP-to-Critical segment glossary with inline help tips, and“ recommended next actions” on every screen * **Persistent plugin-wide admin header** with unified navigation, live status pill, notifications bell, and ⌘K command palette for fast access to any customer or setting **Customer management** * **Trust badges on the WooCommerce orders list** — sortable, filterable by segment, one click to the full customer profile * **Detailed customer profile** with score history, event timeline, linked accounts, signal impact bars, and return-rate trend chart * **Bulk actions** — block, unblock, allowlist, recalculate, tag, delete, and CSV export in bulk * **Customer tags and review flags** — tag customers manually or in bulk, and mark a customer “flagged for review” with a badge and a dedicated filter on the Customers screen * **Allowlist protection** — locks a customer’s score at 100 and prevents any negative signals from affecting them, protecting VIPs from false positives * **Checkout enforcement** — blocked customers can’t add items to cart or complete checkout (works on both Classic and WooCommerce Blocks / Store API checkout) * **Customizable block message** **Operational** * **Historical Sync** — build trust profiles from past WooCommerce orders in the background using small batches that don’t slow the frontend * **REST API** with 8 endpoints for integrations, customer lookups, score retrieval, segment filtering, and triggering recalculations * **WooCommerce HPOS compatibility** — fully compatible with High-Performance Order Storage * **GDPR privacy tools** — full WordPress privacy export and erasure integration, including signals, fingerprints, category stats, and automation logs * **Data controls** — one-click reset of operational data and an optional “remove all data on uninstall” toggle, so you stay in full control of what TrustLens stores * **Order-screen integration** — trust score and segment displayed directly on every WooCommerce order edit page * **Core email notifications** — blocked-checkout alerts, activation summary, weekly protection report #### What Pro adds Pro is for stores that want TrustLens to act on what it finds — automation, advanced alerts, deeper chargeback analytics, and payment-risk workflows. **Advanced Chargeback Monitor** A dedicated **TrustLens Chargeback Monitor** page built to keep you clear of card- network monitoring programs: * Per-brand ratio breakdown — **Visa VDMP/VFMP, Mastercard ECP, Amex, Discover**— with threshold progress bars * **12-month trend chart** showing how each brand has moved over time * **Trailing-30-day window** alongside the Free calendar-month view * **Recent disputes activity feed** with case status * **Top-disputed customers** with one-click access to a **Dispute Evidence Report**— print-ready professional behavioral risk report (trust score, signals, order history, return analysis vs store average, linked accounts, full event timeline) that you can submit alongside processor dispute responses * **Independently verifiable evidence** — every report carries a tamper-evidence SHA-256 fingerprint, a scannable QR code, and a public verification link, so a card issuer can confirm at a neutral domain that the report is genuine and unaltered. Reports also auto-flag order history that qualifies for **Visa Compelling Evidence 3.0** (two or more shared identifiers from an order 120–365 days before the dispute) * **Dispute-deadline worklist** — every open dispute shown with its response deadline and a live countdown, plus a due-soon count on the dashboard, so a representment window never slips past you * **Customizable warn-threshold percent** (50–100%) * **Auto-Block After N Lost Disputes** — configurable runtime enforcement **Chargeback Ratio Email Alerts** — daily check that emails you before any brand crosses its network threshold, deduplicated per brand per calendar month so you’re never spammed. **Automation Rules** Build trigger-based rules that fire when customer risk changes, orders are placed, refunds are processed, disputes are filed, linked accounts are detected, card-testing attacks happen, or shipping anomalies are spotted. * **15 triggers** including Chargeback Filed, Dispute Recorded, Linked Accounts Detected, Card Testing Attack, Shipping Anomaly * **30+ condition fields** including trust score, segment, total order value, total disputes, customer age, country mismatch, coupon total, payment method, linked accounts count * **Actions** — block customer, hold order, send email, fire webhook, allowlist customer, cancel order, tag customer * **Async dispatch with automatic retry** (60s / 120s / 240s backoff) * **HMAC-SHA256 signed webhooks** by default for security * **Save-time validator** blocks rules that can never fire — unsatisfiable conditions, schema violations, contradictions — each with a specific inline reason * **Inline rule inspector** shows SKIP status with the exact reason (“Cooldown active” / “Condition not met: trust_score > 50”) so you can answer “why didn’t my rule fire?” in one glance **Card-Testing Defense Pro** On top of free Card-Testing Defense, Pro adds attack-scale protection: * **Auto-escalation** from targeted blocking to global Panic Freeze when an attack spreads across multiple device fingerprints (default: 3 distinct devices in 10 minutes) * **Geographic-diversity safeguard** — before escalating, checks whether the decline burst is naturally distributed across ≥10 countries with no single country >50%, so legitimate flash-sale or viral traffic isn’t mistaken for an attack * **Fingerprint and IP CIDR allowlists** for QA, integration partners, and known- good traffic (IPv4 and IPv6 ranges supported) * **Advanced fingerprint signal** — 12-font detection via baseline-width comparison, harder for botnets to spoof consistently across nodes * **Per-fingerprint threshold overrides** for tighter or looser thresholds on specific known devices * **Attack History tab** with 24-hour decline count, decline-code breakdown, top- 10 attacking fingerprints, hourly timeline chart, CSV export of all velocity events * **Slack and email alert dispatcher** for `attack_detected`, `auto_escalated`, and `panic_button_activated` events **Payment Method Risk Controls** — hide specific payment gateways for high-risk customers, linked accounts, or velocity spikes. Fine-grained checkout protection without blocking the whole order. **Scheduled Reports** — daily, weekly, or monthly email summaries of store risk activity, customer trends, and protection KPIs. **10 advanced notification types** — High-Risk Order Alert, Segment Change Alert, Daily Digest, High-Value Order Alert, Repeat Refunder Alert, Velocity Alert, Score Recovery Alert, New Customer Risk Alert, Monthly Revenue Protection Report, Chargeback Filed Alert. **Advanced Address Analysis** — diversity-trend detection and enhanced country-mismatch severity for deeper shipping-fraud insight. **Bottom line:** Free surfaces the risk. Pro acts on it. #### How trust scoring works Every customer starts at a neutral **50**. TrustLens detection modules analyze behavior and apply positive or negative signals: * **Completed orders** increase trust * **Refunds** decrease trust based on frequency, value, and full-vs-partial ratio * **Coupon abuse patterns** apply penalties (repeat first-order coupons, coupon- then-refund cycles) * **High return rates in specific categories** add additional risk * **Linked accounts** with already-risky customers reduce scores via fraud-ring detection * **Disputes and chargebacks** apply significant penalties * **Shipping anomalies** (address hopping, country mismatches, change velocity) reduce scores * **Card-testing exposure** — customers tied to device fingerprints involved in past attacks lose trust * **Account age** adds a loyalty bonus of up to **+15** for long-standing customers Scores are always clamped to 0–100. Every signal is visible on the customer profile so you can see exactly how each score was calculated and trust the decision. Customers below the configurable minimum order threshold (default: 3 orders) stay in the Normal segment until enough data exists for confident scoring — so new stores don’t get noisy false positives in their first weeks. #### Who TrustLens is for * **WooCommerce store owners** losing margin to serial returners, refund abuse, or coupon fraud * **Operations and CX managers** who need data to back up customer policies with confidence * **Fraud prevention teams** looking past payment-gateway signals into behavioral patterns * **Merchants worried about Visa, Mastercard, Amex, or Discover** chargeback monitoring programs (VDMP / VFMP / ECP) * **Stores with generous return policies** that attract both loyal customers and abuse * **Stores using Stripe or WooPayments** — chargeback and card-brand data flow in automatically with no manual setup * **Stores using other gateways** (PayPal, Square, offline, custom) — manual chargeback entry keeps your ratio accurate #### Privacy and data handling TrustLens works **entirely inside your WordPress and WooCommerce installation** and never sends customer personal data off your site. The one default external call is the optional Pro report-verification feature, which — while enabled — sends a non-personal, one-way fingerprint of a dispute report to the TrustLens verification service (webstepper.io) so a card issuer can confirm the report is genuine; it sends no customer data and can be disabled (see _External Services_ below). All other external delivery (webhooks, Slack alerts, email notifications) happens only if you configure it. * Customer identifiers are pseudonymized with **keyed HMAC-SHA256 hashes** so raw email and identifier values are never exposed or reused across sites * Linked-account fingerprints (address, phone, IP, payment method, device) use the same keyed-hash approach * **WordPress privacy tools** are fully integrated — customers can request data export or erasure through the standard WordPress workflow, and TrustLens responds with signals, fingerprints, category stats, and automation logs included * **GDPR-compatible** by design * All scoring signals are visible on the customer profile so customer-service teams can explain any score on request #### Built for production WooCommerce TrustLens is engineered for busy stores and growing order volume: * **Asynchronous background scoring** via Action Scheduler — the same system WooCommerce uses for its own background jobs * **WooCommerce HPOS compatibility** — fully compatible with High-Performance Order Storage and legacy stores alike * **Transient-cached dashboard queries** (15-minute and 1-hour TTLs) with automatic invalidation on new events so the dashboard doesn’t re-query order meta on every page load * **Batch-based Historical Sync** that processes past orders in small chunks without blocking the frontend * **Lightweight checkout enforcement** using a single email-hash lookup * **Unified Request Gate** that intercepts both Classic and Blocks / Store API checkout through one rule-registration surface * **PHP 7.4+ supported**, WordPress 6.4+ tested, WooCommerce-first throughout If you need **chargeback prevention**, **return-abuse detection**, **fraud-ring detection**, or **stolen-card attack protection** for WooCommerce, TrustLens gives you the data and the tools to act — without taking control out of your hands. ### External Services This plugin may connect to external services as described below. #### Freemius SDK This plugin uses the [Freemius](https://freemius.com) SDK for optional usage tracking, license management, and plugin updates. **When data is sent:** * During plugin activation, only if the user explicitly opts in * When checking for plugin updates * When activating or deactivating a Pro license **What data is sent:** * Site URL, WordPress version, and PHP version * Plugin version and activation status * Admin email (only if opted in) * License key (Pro version only) **Important:** No data is sent unless you explicitly opt in during plugin activation. You can skip the opt-in entirely and use the free version without sharing any data. * Service: [Freemius](https://freemius.com) * Terms … ## Screenshots [⌊Command Center Dashboard — Health score, KPI cards, trust-score trends, and the six-segment distribution at a glance⌉⌊Command Center Dashboard — Health score, KPI cards, trust-score trends, and the six-segment distribution at a glance⌉[ **Command Center Dashboard** — Health score, KPI cards, trust-score trends, and the six-segment distribution at a glance [⌊Card-Testing Defense — Real-time decline-velocity monitoring, attacker fingerprints, one-click Panic Freeze, and the recent-attack feed⌉⌊Card-Testing Defense — Real- time decline-velocity monitoring, attacker fingerprints, one-click Panic Freeze, and the recent-attack feed⌉[ **Card-Testing Defense** — Real-time decline-velocity monitoring, attacker fingerprints, one-click Panic Freeze, and the recent-attack feed [⌊Customer List — Searchable, sortable list with segment badges, trust scores, return rates, and bulk actions⌉⌊Customer List — Searchable, sortable list with segment badges, trust scores, return rates, and bulk actions⌉[ **Customer List** — Searchable, sortable list with segment badges, trust scores, return rates, and bulk actions [⌊Customer Detail — Full profile with the trust-score gauge, signal impact, return- rate trend, and linked accounts⌉⌊Customer Detail — Full profile with the trust-score gauge, signal impact, return-rate trend, and linked accounts⌉[ **Customer Detail** — Full profile with the trust-score gauge, signal impact, return- rate trend, and linked accounts [⌊Order Integration — Customer trust score, segment, and dispute status shown right on the WooCommerce order edit screen⌉⌊Order Integration — Customer trust score, segment, and dispute status shown right on the WooCommerce order edit screen⌉[ **Order Integration** — Customer trust score, segment, and dispute status shown right on the WooCommerce order edit screen [⌊Settings — Detection modules and scoring thresholds, with checkout-blocking and notification controls⌉⌊Settings — Detection modules and scoring thresholds, with checkout-blocking and notification controls⌉[ **Settings** — Detection modules and scoring thresholds, with checkout-blocking and notification controls ## Installation 1. Install **TrustLens** directly from the WordPress plugin repository, or upload the `trustlens` folder to `/wp-content/plugins/` 2. Activate the plugin through the **Plugins** menu — TrustLens checks for WooCommerce automatically 3. Open **TrustLens Dashboard** to see the Command Center 4. Click **Run Historical Sync** to build trust profiles from your existing WooCommerce orders — the sync runs in the background in small batches and does not affect site performance 5. Visit **TrustLens Settings** to adjust scoring thresholds, checkout blocking, and notification preferences **What works out of the box:** * All 8 detection modules are enabled by default * Card-Testing Defense ships **enabled** with sensible thresholds — no configuration required to start blocking stolen-card attacks * VIP Customer Bypass is on, so repeat buyers are never disrupted by velocity rules * Chargeback tracking is active for Stripe and WooPayments — disputes ingest automatically * TrustLens **does not auto-block** any customer in Free until you explicitly choose to If you use Stripe or WooPayments, no extra setup is required for chargeback and card-brand capture. Other gateways can be tracked through the manual chargeback entry form on the order edit page. ## FAQ ### How is TrustLens different from my payment gateway’s fraud tools? Your payment gateway (Stripe Radar and similar) scores a single **transaction** at the moment of charge — card, IP, AVS, device — and is blind to what happens before and after on your store. TrustLens scores the **customer’s behavior over time**: refund and return patterns, coupon abuse, multi-account links, dispute history, category-specific returns, and card-testing activity at checkout. Those are signals your gateway never sees. They’re complementary, not competing. Your gateway blocks obvious stolen-card charges; TrustLens surfaces friendly-fraud chargebacks, serial returners, coupon abusers, fraud rings, and card-testing bots that slip past a per-transaction view — and it keeps you in control (the free version never auto-blocks; you decide). Everything runs inside your own store, so no customer data leaves your site. ### Does TrustLens work with guest checkout? Yes. Customers are identified by a hash of their email address, so guest and registered customers are tracked equally. If a guest later registers, their history carries over. ### Will TrustLens automatically block customers? By default, no. The free version is manual: it surfaces customer risk data, and you decide when to block or allowlist someone. Pro can optionally automate specific actions, including alerts, order holds, verification requirements, and customer blocking if you configure automation rules or chargeback auto-blocking. ### How does linked accounts detection work? TrustLens creates fingerprints from shipping addresses, billing addresses, phone numbers, IP addresses, payment methods, and device user agents. When multiple customer accounts share fingerprints, they are flagged as linked. This helps detect multi- account abuse like repeated first-order discounts. ### Can TrustLens help reduce return abuse and refund abuse in WooCommerce? Yes. TrustLens tracks refund rate, refund value, refund frequency, category-specific return behavior, and related customer patterns over time. This helps you spot serial returners and high-risk refund behavior earlier instead of reviewing refunds one order at a time. ### Can TrustLens help with chargebacks and disputes? Yes — and the core chargeback tracking is in the **free** version. TrustLens automatically ingests disputes from Stripe and WooPayments, accepts manual entry for other gateways( PayPal, Square, offline), keeps per-customer dispute counters, and feeds dispute history into trust scores. The free dashboard also shows a **Chargeback Ratio Speedometer** with a Healthy / Approaching / Action-needed status against Visa, Mastercard, Amex, and Discover thresholds. Pro adds a dedicated **Advanced Chargeback Monitor** with per-brand breakdown (Visa VDMP/VFMP, Mastercard ECP, Amex, Discover), 12-month trend, trailing-30-day window, daily ratio email alerts, a one-click Dispute Evidence Report for processor responses, and auto-block after N lost disputes. ### How does the Chargeback Ratio Monitor work? TrustLens captures the card brand on every Stripe and WooPayments paid order and tracks how many of those orders end up as disputes. Your blended monthly chargeback ratio is shown on the dashboard speedometer, with status colors keyed to **Visa VDMP/VFMP, Mastercard ECP, Amex, and Discover** monitoring thresholds — so you can see if you’re approaching enrollment before it happens. Pro adds per-brand ratios, the 12-month trend chart, the trailing-30-day window, and daily email alerts. ### What is Card-Testing Defense? Card-Testing Defense (free) is real-time protection against stolen-card attack bots that probe your checkout with thousands of declined payment attempts. TrustLens watches per-device decline rates in a 60-second rolling window, matching on both the browser fingerprint and a server-side fingerprint (IP and user agent) so bots can’t slip through by rotating their browser fingerprint. When a device crosses the threshold it’s locked out of checkout for 90 seconds, blocking the attack before it reaches your payment gateway and runs up gateway fees, fraud fees, and downstream chargebacks. **VIP Customer Bypass** is enabled by default, so established customers — those who meet your minimum-order threshold (default 3 completed orders) and aren’t already in a Risk or Critical segment — are never blocked by velocity rules. A one-click** Panic Freeze** button halts all checkouts for 15 minutes during an active attack your thresholds haven’t caught. Pro adds auto-escalation, a geographic-diversity safeguard so flash-sale traffic isn’t mistaken for an attack, fingerprint and IP CIDR allowlists, attack analytics with CSV export, and Slack alerts. ### Can I automate actions based on customer risk? Yes, with Pro. Automation Rules let you build trigger-based rules that fire when customer risk changes, orders are placed, refunds are processed, disputes are filed, linked accounts are detected, card-testing attacks happen, or shipping anomalies are spotted. Each rule supports 30+ condition fields and actions like block customer, hold order, send email, fire webhook, allowlist customer, cancel order, or tag customer. Pro automation also includes a save-time validator that blocks rules that can never fire, an inline inspector that shows exactly why each rule fired or didn’t, and async HMAC-SHA256-signed webhooks with automatic retry. ### What happens when I block a customer? Blocked customers see a customizable message when they try to add items to their cart or proceed to checkout. The block applies to both logged-in users and guest checkouts matching the blocked email. All blocked checkout attempts are logged. ### Can I undo a block? Yes. You can unblock a customer at any time from their profile page or the customer list. You can also add customers to the allowlist, which locks their score at 100 and prevents any negative signals from affecting them. ### What happens right after I install TrustLens? New WooCommerce orders are analyzed automatically after activation. If you already have historical orders, you can run Historical Sync from the dashboard to build trust profiles from your existing store data without slowing down the frontend. ### Does this slow down my store? No. Score calculations run asynchronously via Action Scheduler (the same system WooCommerce uses). Checkout blocking uses a lightweight email-hash lookup. The historical sync processes orders in small batches in the background. ### Does TrustLens send customer data to an external service? No customer personal data ever leaves your site. TrustLens works inside your WordPress and WooCommerce installation. The only default external call is the optional Pro report-verification feature, which (while enabled) sends a non-personal, one-way fingerprint of a dispute report to the TrustLens verification service so issuers can confirm it is genuine — never customer data, and it can be disabled. All other external delivery (webhooks, email notifications) happens only if you configure it. ### Is TrustLens compatible with WooCommerce HPOS? Yes. TrustLens declares full compatibility with High-Performance Order Storage and works with both legacy and HPOS-enabled stores. ### Does TrustLens store personal data? TrustLens stores customer email addresses and behavioral data (order counts, refund counts, trust scores) in custom database tables. Matching identifiers used for linked- account detection are pseudonymized using keyed HMAC-SHA256 hashes, preventing the raw values from being exposed or reused across sites. The plugin integrates with WordPress privacy tools — customers can request data export or erasure through the standard WordPress privacy workflow. ### Can I access TrustLens data from external systems? Yes. TrustLens includes a REST API with 8 endpoints for looking up customers, retrieving scores, filtering by segment, and triggering recalculations. API access requires either the `manage_woocommerce` capability or a valid API key configured in settings. ### Can I get alerts and reports by email? Yes. The free version includes core email notifications such as blocked checkout alerts, a welcome summary, and a weekly summary. Pro adds advanced alerts, daily digests, monthly revenue protection reports, and scheduled email reports. ### What is the minimum data needed for accurate scoring? By default, customers need at least 3 orders before they move out of the Normal segment. You can adjust this threshold in Settings > General. Customers below the threshold still accumulate signals — they just aren’t classified until enough data exists. ### Does the free version include all detection modules? Yes. All **8 detection modules** ship in the free version — returns, orders, coupons, categories, linked accounts, shipping address anomalies, chargebacks, and card-testing defense. There are no trial limits, no disabled scoring, and no locked modules. Pro adds automation rules, webhooks, scheduled reports, payment-method risk controls, the advanced per-brand Chargeback Monitor with daily alerts, Card-Testing Defense Pro (auto-escalation + analytics + Slack alerts), and 10 advanced notification types. ### What happens if I rotate my WordPress secret keys? **Important:** TrustLens uses your WordPress `auth` secret key (via `wp_salt('auth')`) as the HMAC keying material for hashing customer emails and linked-account fingerprints. This is a deliberate security choice — it makes stored hashes non-reversible and non-portable across sites. The trade-off is that **regenerating your WordPress secret keys** (whether through a security plugin’s “regenerate keys” tool or by editing `wp-config.php` directly) will permanently invalidate every customer hash and fingerprint already stored in your TrustLens tables. After rotation, the plugin won’t be able to match a returning customer to their existing trust profile, and linked-account detection will reset. If you ever need to rotate WordPress secret keys, plan to **run Historical Sync afterward** so TrustLens rebuilds the customer table from your existing WooCommerce order data using the new keying material. Allowlisted/blocked status set manually on individual customer rows is the exception that won’t auto-recover — re-apply those after the sync. ## Reviews ![](https://secure.gravatar.com/avatar/fe248b45807f81c1011ff0f0e7eccc029e1aeb0716b8878ed294a6411eadf2b1? s=60&d=retro&r=g) ### 󠀁[Powerful but Needs Wider Adoption](https://wordpress.org/support/topic/powerful-but-needs-wider-adoption/)󠁿 [mvbn78677](https://profiles.wordpress.org/mvbn78677/) March 10, 2026 TrustLens offers strong features such as return abuse detection, coupon misuse detection, and order pattern analysis. ![](https://secure.gravatar.com/avatar/a5cd38888a32b2f9c1c1dfc6e85db09eb69f79b45527036d94c25b667157e5e3? s=60&d=retro&r=g) ### 󠀁[Great Visibility Into Customer Behavior](https://wordpress.org/support/topic/great-visibility-into-customer-behavior/)󠁿 [mvmmk78890](https://profiles.wordpress.org/mvmmk78890/) March 10, 2026 TrustLens gives store owners something WooCommerce usually lacks: behavior-based customer intelligence. Instead of guessing who might abuse refunds or coupons, the plugin analyzes patterns like refunds, cancellations, and account connections. ![](https://secure.gravatar.com/avatar/3ad72544e19a56a2f3719f58c9d2b35e623e8e4ff9235a5e8004c8e52db796f3? s=60&d=retro&r=g) ### 󠀁[Excellent Fraud Protection for WooCommerce](https://wordpress.org/support/topic/excellent-fraud-protection-for-woocommerce/)󠁿 [aquilaproperty7867](https://profiles.wordpress.org/aquilaproperty7867/) February 16, 2026 Simple, effective, and professional solution for review protection. [ Read all 3 reviews ](https://wordpress.org/support/plugin/trustlens/reviews/) ## Contributors & Developers “TrustLens – Fraud Prevention & Chargeback Defense for WooCommerce” is open source software. The following people have contributed to this plugin. Contributors * [ webstepper ](https://profiles.wordpress.org/webstepper/) * [ Freemius ](https://profiles.wordpress.org/freemius/) [Translate “TrustLens – Fraud Prevention & Chargeback Defense for WooCommerce” into your language.](https://translate.wordpress.org/projects/wp-plugins/trustlens) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/trustlens/), check out the [SVN repository](https://plugins.svn.wordpress.org/trustlens/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/trustlens/) by [RSS](https://plugins.trac.wordpress.org/log/trustlens/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 1.3.4 * Fix: Activation no longer fails with a fatal error. In some setups the plugin could stop with a “Call to undefined function” error during activation; the installer now loads its helper functions in the right order before seeding default settings. #### 1.3.3 * New: Usage-data opt-in — a clear control in Data & Privacy to share anonymous usage data (off unless you opt in), with a one-time, dismissible reminder. * Improvement: Clearer confirmation-email message after opt-in or activation, so it no longer looks like activation stalled or failed. * Change: Every chargeback control is now in one place. The Chargeback Tracking on/off toggle joins the other detection modules in Settings Modules, and auto- block, ratio alerts, and dispute-report verification all live on the Chargeback Monitor page. The separate Settings Chargebacks tab has been removed. * Change: Chargeback auto-block now defaults to off. Auto-blocking permanently blocks customers at checkout, so it is now opt-in — set a threshold on the Chargeback Monitor when you want it. Stores that already configured it keep their setting. * Change: More reliable data removal on uninstall. When “remove data on uninstall” is enabled, TrustLens now clears all of its data through a single prefix contract so nothing is left behind, and the redundant “Delete All TrustLens Data” button has been removed (uninstall and the Data tab cover it). * Change: Renamed to TrustLens – Fraud Prevention & Chargeback Defense for WooCommerce to better reflect what the plugin does. No settings or data change. * Fix: Saving one Settings tab no longer resets the others. Previously, saving a tab (for example General) could silently wipe or reset options that live on other tabs — detection modules, chargeback thresholds, webhook events, scheduled- report recipients, and more. Each Settings form now saves only its own options. * Fix: Long device-fingerprint hashes no longer overflow the “Targeted now” list in the Card-Testing attack feed. * Fix: Free-version packaging — hardened how the Freemius configuration is packaged so the free build always installs as the free version (a regression could otherwise leave it asking for a license key and locking the plugin’s admin screens). #### 1.3.1 * Improvement: Clearer, privacy-first wording on the activation and license screens— a reminder that TrustLens never sends your customer, order, or payment data — with the TrustLens icon now shown on them. * Improvement: The Account screen now carries an on-brand TrustLens panel with quick links to your dashboard, documentation, and support. * Improvement: Activating the Pro version now automatically deactivates the free version (and vice-versa), preventing duplicate-plugin conflicts and stray PHP notices when both are installed. * Change: Hardened the free/Pro build pipeline — a single source of truth now controls which files are Pro-only, and an automated pre-release check verifies every build, so a free feature can’t be dropped (or Pro-only code shipped to free users) by mistake. * Fix: Chargeback Tracking restored on the free version — free stores again get per-customer dispute history and the blended chargeback-ratio speedometer on the dashboard. A packaging error had unintentionally left this module out of recent free builds; Pro stores were unaffected. #### 1.3.0 The centerpiece of 1.3.0 is the new **Chargeback Evidence Report** (Pro) — a representment- ready document that builds your Visa Compelling Evidence 3.0 case automatically and, uniquely, lets a card issuer **independently verify** it as genuine and unaltered at a neutral domain: every report carries a tamper-evidence SHA-256 fingerprint, a scannable QR code, and a public verification page. It’s rounded out by a broad reliability and accuracy pass across scoring, reporting, chargebacks, automation, and the dashboard. * New: Dispute evidence report (Pro) — the chargeback dispute report is now a representment- ready evidence document. It matches the disputed order against the customer’s prior orders by shared identifiers (billing/shipping address, device, IP), flags history that qualifies for Visa Compelling Evidence 3.0 (two or more shared identifiers from an order 120–365 days before the dispute), and summarizes the continuity you can submit to fight the chargeback. * New: Independent report verification (Pro) — every dispute evidence report carries a unique fingerprint, report ID, a verification link and a scannable QR code that take a card issuer straight to webstepper.io/verify to confirm the report is genuine and unaltered. The report confirms on-screen whether it registered with the verification service (and retries automatically in the background if the service can’t be reached), and the Chargeback Monitor’s open-disputes list flags which reports are registered. Only a one-way fingerprint and non-personal figures are sent (never customer data), and it can be switched off on the Chargeback Monitor page. * Fix: The “New Risky Customer” email now alerts only on a genuine first-time customer, instead of also firing for a returning customer placing a repeat order. * Fix: Disputes resolved through the alternative Stripe integration now clear from the Open Disputes worklist instead of lingering as falsely “overdue” and inflating the dashboard’s due-soon count. * Fix: Dispute updates from a payment gateway no longer overwrite stored details— a status-only update can’t zero out a dispute’s amount or reopen a dispute you’ve already closed. * Fix: Card-brand detection now reads nested Stripe dispute payloads correctly, so disputes are attributed to the right brand (Visa/Mastercard/Amex/Discover) and your chargeback ratios are accurate instead of landing in “unknown”. * Fix: Chargeback threshold alerts no longer risk firing twice or being missed around the start of a new month. * Fix: Monthly ROI and protection figures now report each calendar month’s own data instead of repeating the current rolling window for every past month. * Fix: The weekly scheduled report now covers the correct time window on stores not set to UTC (previously it could be offset by your timezone). * Fix: Scheduled reports now also run at the configured time of day on stores not set to UTC, instead of being delivered offset by the site’s timezone. * Fix: Recalculating a customer’s trust score via the REST API now triggers your automation rules, notifications and webhooks, matching the in-app and bulk recalculation. * Fix: REST customer endpoints now work for customers stored with legacy 32-character hashes, not only 64-character ones. * Fix: Customer segments are assigned correctly even when the segment-threshold filter returns a partial set, preventing mis-segmentation. * Fix: The high-risk customer list and dashboard segment counts now refresh promptly after changes such as allowlisting, instead of lagging behind a stale cache. * Fix: First-order coupon-abuse detection no longer misflags a returning customer’s second order as their first. * Fix: Repeat-refunder and velocity alerts now fire when a count jumps past the threshold (not only when it lands exactly on it), once per pattern without spamming. * Fix: Automation email actions fall back to the site admin address when no notification email is configured, instead of silently failing to send. * Fix: Bulk actions for remove-from-allowlist, remove-tag and export now run instead of being silently marked complete; unrecognized actions report a clear error. * Fix: The Historical Sync panel now shows accurate progress and status instead of blank or incorrect values. * Fix: The REST statistics endpoint returns zeroes instead of erroring during a full data reset. * Fix: Risk signals in the evidence report now show refund and customer-value amounts as clean currency (e.g. $2,429.00) instead of raw price markup. * Security: All CSV export paths (admin export and scheduled/bulk export) neutralize spreadsheet formula injection by escaping cells that begin with =, +, -, @, tab or carriage return. * Maintenance: Updated the Freemius SDK to 2.13.2, hardened webhook-log pruning and card-testing alert scheduling, and stopped an internal scoring snapshot row from appearing in customer signal lists. #### 1.2.8 * New: Video walkthrough — a short explainer showing how TrustLens turns real shopping behavior into a 0–100 trust score and surfaces returns, coupon, linked-account and card-testing abuse, now on the plugin page. * Update: Refreshed the plugin banner artwork. #### 1.2.7 * New: Dispute deadline worklist on Chargeback Monitor — every open dispute with its response deadline and a live countdown, plus a due-soon count on the dashboard, so a chargeback response window never slips past you. * New: Ten new automation conditions — write rules on full and partial refunds, coupons used, first-order coupons, disputes won and lost, order edits, reviews- before-refund, and whether a customer is allowlisted or flagged. * New: Skip trusted customers — rules can now exclude allowlisted buyers with an is_allowlisted condition, so blanket rules don’t catch the people you’ve already vouched for. * New: Flagged for review is now a real customer status — the Flag action shows a badge, adds a filter on the Customers screen, and clears in one click, instead of leaving a note nobody could find. * Improvement: Automation Add Tag now writes a real customer tag — visible on the customer page and removable in bulk — instead of a hidden note. * Fix: Rules that quietly never fired now fire — first-order rules at checkout, and card-testing blocks against brand-new attacker emails, now work as configured. * Fix: Require Verification now actually holds the order for review (and flags it) instead of doing nothing. * Fix: Webhook activity is counted honestly — each delivery counts once (queued, then delivered or failed) instead of logging both a success and a failure for the same call, and queued deliveries are properly cancelled when the plugin is deactivated. * Fix: Allowlisting a customer now clears any review flag, so a trusted customer can’t stay flagged. * Fix: The rule builder no longer rejects valid rules — mixing 1 and true on a yes/no condition, or upper- and lower-case country codes, is understood correctly. * Fix: Choosing to remove all data on uninstall now also drops the disputes table, and automation log cleanup keeps running even after a Pro license lapses. #### 1.2.6 * New: Quick Start setup card on the dashboard — three guided choices (block risky customers, email alerts, import past orders) get a new store protected without hunting through settings. * New: Block reason picker — when you block a customer you can record why, from a preset or your own note; it’s saved to the customer’s notes and history so you keep an audit trail. * New: Plain-language score summary on each customer — see at a glance what’s weighing a score down and what’s in their favour, instead of decoding raw signal bars. * New: Segment glossary and inline help — a built-in legend for VIP through Critical with their score bands, plus ? tips that explain terms like “fingerprint” right where you need them. * New: Recommended next actions on the dashboard and Card-Testing Defense — each screen now tells you what to do, not just what’s happening. * Improvement: Customer actions no longer reload the whole page — block and unblock update in place with a confirmation toast, and allowlist or recalculate keep your scroll position so you never lose your place. * Improvement: Panic Freeze remembers your chosen duration instead of resetting to 15 minutes each time, and the misleading “1 hour” option (which the server capped at 30) has been removed. * Improvement: Card-Testing Defense is now discoverable as the 8th detection module from the Modules tab in Settings. * Improvement: Signal explanations on the customer page are now keyboard-accessible, not hover-only. * Fix: The Automation tab now shows consistently in the in-app header, matching the WordPress admin menu. For the complete changelog of earlier versions, visit [the full changelog](https://webstepper.io/wordpress/plugins/trustlens/changelog/). ## Meta * Version **1.3.4** * Last updated **15 hours ago** * Active installations **Fewer than 10** * WordPress version ** 6.4 or higher ** * Tested up to **7.0** * PHP version ** 7.4 or higher ** * Language * [English (US)](https://wordpress.org/plugins/trustlens/) * Tags * [anti-fraud](https://vec.wordpress.org/plugins/tags/anti-fraud/)[card-testing](https://vec.wordpress.org/plugins/tags/card-testing/) [chargeback](https://vec.wordpress.org/plugins/tags/chargeback/)[fake orders](https://vec.wordpress.org/plugins/tags/fake-orders/) [woocommerce security](https://vec.wordpress.org/plugins/tags/woocommerce-security/) * [Advanced View](https://vec.wordpress.org/plugins/trustlens/advanced/) ## Ratings 5 out of 5 stars. * [ 3 5-star reviews ](https://wordpress.org/support/plugin/trustlens/reviews/?filter=5) * [ 0 4-star reviews ](https://wordpress.org/support/plugin/trustlens/reviews/?filter=4) * [ 0 3-star reviews ](https://wordpress.org/support/plugin/trustlens/reviews/?filter=3) * [ 0 2-star reviews ](https://wordpress.org/support/plugin/trustlens/reviews/?filter=2) * [ 0 1-star reviews ](https://wordpress.org/support/plugin/trustlens/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/trustlens/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/trustlens/reviews/) ## Contributors * [ webstepper ](https://profiles.wordpress.org/webstepper/) * [ Freemius ](https://profiles.wordpress.org/freemius/) ## Support Got something to say? Need help? [View support forum](https://wordpress.org/support/plugin/trustlens/)