It sucks that I need to do this.

I need to share a quick update regarding how orders are processed on our website for the time being. Like many small businesses, we've recently experienced a significant surge in fraudulent credit card attempts.

While we catch and cancel these fake orders immediately, credit card processing fees are non-refundable. This means we lose money on transactions we never even accepted. To protect our small business from these predatory fees, we have switched our checkout settings from automatic capture to manual authorization.

How Manual Payment Authorization Works for Shoppers

If you are shopping with us, your checkout experience will remain exactly the same.

• No change to checkout: You will shop exactly as you always do.
• Temporary hold: Your bank will place a temporary hold on the funds, but your card will not be officially charged right away.
• Review & Charge: We will personally review the order details to ensure they are legitimate before officially processing the payment.

If you have ordered from us before, you likely won't see any delays. I will recognize your names and your info from previous orders. This new review step will mostly affect new, unknown customers, for whom verifying details might add a day or two to our usual window. We will still aim to process and ship all orders within 3 to 5 business days.

How to Prevent E-commerce Credit Card Fraud: Tips for Small Businesses

If you run an online boutique or e-commerce shop, you are likely dealing with the exact same surge in sophisticated fraud bots. Here is how we are fighting back, and steps you can take to protect your own margins:

1. Switch from Automatic Capture to Manual Authorization

Most e-commerce platforms default to automatic capture, meaning the moment a customer clicks "buy," the payment is fully processed. If it turns out to be fraud, you are stuck paying the non-refundable processing fee. Switching to manual authorization gives you a 7-day window to look at the order details before any transaction fees are locked in.

2. Look for Red Flags in Your Order Analytics

When reviewing your temporary authorizations, look for these common bot indicators:

Mismatched addresses: The billing address and shipping address do not match.

Geographic anomalies: The IP address is thousands of miles away from the credit card billing address.

No conversion info: They make very small purchases, and there is no conversion path or traffic data associated with the session.

Fake contact details: The phone number is a string of random digits or from an unrelated country code.

Generated emails: The email address is a random, nonsensical combination of letters and numbers (e.g., ab12345@gmail.com).

Card testing patterns: Multiple low-value orders are placed in rapid succession using completely different credit cards.

Illogical selections: They pay for shipping on an item or service that does not actually require shipping.

3. Protect Your Customers’ Stolen Data

Remember that when fraud hits your store, the card numbers used belong to real people whose data has been stolen elsewhere. By implementing a manual review step, you aren't just protecting your business's bottom line—you are actively blocking scammers from exploiting stolen consumer data.

Thank you so much to our incredible community for your continued support, your loyalty, and most of all, your understanding as we navigate these behind-the-scenes adjustments.

— Rosie