Title: TrustLens – Fraud Prevention &amp; Chargeback Defense for WooCommerce
Author: webstepper
Published: <strong>February 13, 2026</strong>
Last modified: July 2, 2026

---

Search plugins

![](https://ps.w.org/trustlens/assets/banner-772x250.png?rev=3580051)

![](https://ps.w.org/trustlens/assets/icon.svg?rev=3461127)

# TrustLens – Fraud Prevention & Chargeback Defense for WooCommerce

 By [webstepper](https://profiles.wordpress.org/webstepper/)

[Download](https://downloads.wordpress.org/plugin/trustlens.1.3.7.zip)

[Live Preview](https://tzm.wordpress.org/plugins/trustlens/?preview=1)

 * [Details](https://tzm.wordpress.org/plugins/trustlens/#description)
 * [Reviews](https://tzm.wordpress.org/plugins/trustlens/#reviews)
 *  [Installation](https://tzm.wordpress.org/plugins/trustlens/#installation)
 * [Development](https://tzm.wordpress.org/plugins/trustlens/#developers)

 [Support](https://wordpress.org/support/plugin/trustlens/)

## Description

**Stop losing money to WooCommerce fraud you can’t see.** Serial returners, coupon
abusers, fraud rings, and stolen-card bots quietly drain stores — often thousands
a year, and by the time your chargeback ratio climbs the damage is done.

TrustLens is a behavior-based **customer trust scoring and fraud detection plugin
for WooCommerce**. It scores every shopper **0–100** from real store behavior and
sorts them into six segments — **VIP, Trusted, Normal, Caution, Risk, Critical**.
Eight detection modules run in the background, from return abuse to card-testing
attacks at checkout. You see exactly which signals moved each score, and **you decide
what to do**.

**TrustLens never auto-blocks in Free.** You review the profile and choose: block
at checkout, allowlist forever, or just watch the trend. All data stays inside your
store (no third-party calls), with identifiers pseudonymized via keyed HMAC-SHA256.

#### Free — the complete plugin

 * **All 8 detection modules** — return abuse, order patterns, coupon abuse, category-
   aware risk, linked accounts / fraud rings, shipping anomalies, chargeback tracking(
   auto-ingest from Stripe & WooPayments), and real-time card-testing defense with
   a one-click Panic Freeze
 * **Trust scoring engine** — 0–100 score, six segments, every signal visible on
   the profile, loyalty bonus, configurable thresholds
 * **Command Center dashboard** — score trends, segment distribution, high-risk 
   list, and a chargeback-ratio speedometer (Visa / Mastercard / Amex / Discover)
 * **Customer management** — trust badges on the orders list, detailed profiles,
   bulk actions, allowlist protection, checkout enforcement (Classic + Blocks)
 * **Operational** — Historical Sync, REST API, HPOS support, GDPR export/erasure,
   core email notifications

#### Pro — act on what TrustLens finds

 * **Advanced Chargeback Monitor** — per-brand ratios, 12-month trends, a dispute-
   deadline worklist, and independently verifiable **Dispute Evidence Reports** (
   tamper-evident fingerprint + QR, auto-flags Visa CE 3.0)
 * **Automation Rules** — 15 triggers, 30+ conditions, signed webhooks, async retry,
   save-time validation
 * **Card-Testing Defense Pro** — auto-escalation, geo-diversity safeguard, allowlists,
   attack history, and Slack/email alerts
 * **Payment Method Risk Controls**, **Scheduled Reports**, advanced notifications,
   and address analysis

**Bottom line: Free surfaces the risk. Pro acts on it.**

### External Services

This plugin may connect to external services as described below.

#### Freemius SDK

This plugin uses the [Freemius](https://freemius.com) SDK for optional usage tracking,
license management, and plugin updates.

**When data is sent:**

 * During plugin activation, only if the user explicitly opts in
 * When checking for plugin updates
 * When activating or deactivating a Pro license

**What data is sent:**

 * Site URL, WordPress version, and PHP version
 * Plugin version and activation status
 * Admin email (only if opted in)
 * License key (Pro version only)

**Important:** No data is sent unless you explicitly opt in during plugin activation.
You can skip the opt-in entirely and use the free version without sharing any data.

 * Service: [Freemius](https://freemius.com)
 * Terms of Service: [https://freemius.com/terms/](https://freemius.com/terms/)
 * Privacy Policy: [https://freemius.com/privacy/](https://freemius.com/privacy/)

#### Webhooks (Pro, Optional)

When webhooks are enabled in TrustLens settings (Pro feature), the plugin sends 
HTTP POST requests to URLs configured by the administrator.

**When data is sent:**

 * When a customer’s trust score is updated (if enabled)
 * When a customer is blocked (if enabled)
 * When a checkout is blocked (if enabled)
 * When a high-risk order is placed (if enabled)
 * When testing webhook connectivity

**What data is sent:**

 * Customer email hash and, when available, the customer email stored in TrustLens
 * Trust score and customer segment
 * Event type and timestamp
 * Order details for high-risk order events (order ID, total, status)
 * Site URL and site name

**Important:** Webhook endpoints are entirely configured by you. No data is sent
to any third-party service unless you explicitly add webhook URLs. The plugin does
not send data to the plugin developer or any default external service.

#### Report Verification (Pro, Optional)

When a Pro “dispute evidence report” is generated, TrustLens can register a tamper-
evidence fingerprint of that report with the TrustLens verification service (webstepper.
io), so a card issuer or payment processor can independently confirm at a public
URL that the report is genuine and has not been altered.

**When data is sent:**

 * Each time a dispute evidence report is generated (Pro feature), while Report 
   Verification is enabled (TrustLens  Chargeback Monitor)

**What data is sent:**

 * A one-way SHA-256 fingerprint of the report and a short derived report ID
 * The disputed order’s ID (number only) and a timestamp
 * The report’s risk figures: compelling-evidence count, trust score, risk segment,
   and return rate
 * Your site URL

**No customer personal data is sent** — no names, emails, addresses, IP addresses,
or email hashes. The fingerprint is one-way and cannot be reversed into report contents.

**Important:** This feature is enabled by default and can be turned off at any time
on the TrustLens  Chargeback Monitor page (“Report verification”). When disabled,
nothing is sent to webstepper.io and the report simply omits the public verification
link (it still shows its local fingerprint).

 * Service: [Webstepper TrustLens Verification](https://webstepper.io/verify)
 * Terms of Service: [https://webstepper.io/terms-of-service/](https://webstepper.io/terms-of-service/)
 * Privacy Policy: [https://webstepper.io/privacy-policy/](https://webstepper.io/privacy-policy/)

## Screenshots

[⌊Command Center Dashboard — Health score, KPI cards, trust-score trends, and the
six-segment distribution at a glance⌉⌊Command Center Dashboard — Health score, KPI
cards, trust-score trends, and the six-segment distribution at a glance⌉[

**Command Center Dashboard** — Health score, KPI cards, trust-score trends, and 
the six-segment distribution at a glance

[⌊Card-Testing Defense — Real-time decline-velocity monitoring, attacker fingerprints,
one-click Panic Freeze, and the recent-attack feed⌉⌊Card-Testing Defense — Real-
time decline-velocity monitoring, attacker fingerprints, one-click Panic Freeze,
and the recent-attack feed⌉[

**Card-Testing Defense** — Real-time decline-velocity monitoring, attacker fingerprints,
one-click Panic Freeze, and the recent-attack feed

[⌊Customer List — Searchable, sortable list with segment badges, trust scores, return
rates, and bulk actions⌉⌊Customer List — Searchable, sortable list with segment 
badges, trust scores, return rates, and bulk actions⌉[

**Customer List** — Searchable, sortable list with segment badges, trust scores,
return rates, and bulk actions

[⌊Customer Detail — Full profile with the trust-score gauge, signal impact, return-
rate trend, and linked accounts⌉⌊Customer Detail — Full profile with the trust-score
gauge, signal impact, return-rate trend, and linked accounts⌉[

**Customer Detail** — Full profile with the trust-score gauge, signal impact, return-
rate trend, and linked accounts

[⌊Order Integration — Customer trust score, segment, and dispute status shown right
on the WooCommerce order edit screen⌉⌊Order Integration — Customer trust score, 
segment, and dispute status shown right on the WooCommerce order edit screen⌉[

**Order Integration** — Customer trust score, segment, and dispute status shown 
right on the WooCommerce order edit screen

[⌊Settings — Detection modules and scoring thresholds, with checkout-blocking and
notification controls⌉⌊Settings — Detection modules and scoring thresholds, with
checkout-blocking and notification controls⌉[

**Settings** — Detection modules and scoring thresholds, with checkout-blocking 
and notification controls

## Installation

 1. Install **TrustLens** directly from the WordPress plugin repository, or upload 
    the `trustlens` folder to `/wp-content/plugins/`
 2. Activate the plugin through the **Plugins** menu — TrustLens checks for WooCommerce
    automatically
 3. Open **TrustLens  Dashboard** to see the Command Center
 4. Click **Run Historical Sync** to build trust profiles from your existing WooCommerce
    orders — the sync runs in the background in small batches and does not affect site
    performance
 5. Visit **TrustLens  Settings** to adjust scoring thresholds, checkout blocking, 
    and notification preferences

**What works out of the box:**

 * All 8 detection modules are enabled by default
 * Card-Testing Defense ships **enabled** with sensible thresholds — no configuration
   required to start blocking stolen-card attacks
 * VIP Customer Bypass is on, so repeat buyers are never disrupted by velocity rules
 * Chargeback tracking is active for Stripe and WooPayments — disputes ingest automatically
 * TrustLens **does not auto-block** any customer in Free until you explicitly choose
   to

If you use Stripe or WooPayments, no extra setup is required for chargeback and 
card-brand capture. Other gateways can be tracked through the manual chargeback 
entry form on the order edit page.

## FAQ

### How is TrustLens different from my payment gateway’s fraud tools?

Your payment gateway (Stripe Radar and similar) scores a single **transaction** 
at the moment of charge — card, IP, AVS, device — and is blind to what happens before
and after on your store. TrustLens scores the **customer’s behavior over time**:
refund and return patterns, coupon abuse, multi-account links, dispute history, 
category-specific returns, and card-testing activity at checkout. Those are signals
your gateway never sees.

They’re complementary, not competing. Your gateway blocks obvious stolen-card charges;
TrustLens surfaces friendly-fraud chargebacks, serial returners, coupon abusers,
fraud rings, and card-testing bots that slip past a per-transaction view — and it
keeps you in control (the free version never auto-blocks; you decide). Everything
runs inside your own store, so no customer data leaves your site.

### Does TrustLens work with guest checkout?

Yes. Customers are identified by a hash of their email address, so guest and registered
customers are tracked equally. If a guest later registers, their history carries
over.

### Will TrustLens automatically block customers?

By default, no. The free version is manual: it surfaces customer risk data, and 
you decide when to block or allowlist someone. Pro can optionally automate specific
actions, including alerts, order holds, verification requirements, and customer 
blocking if you configure automation rules or chargeback auto-blocking.

### How does linked accounts detection work?

TrustLens creates fingerprints from shipping addresses, billing addresses, phone
numbers, IP addresses, payment methods, and device user agents. When multiple customer
accounts share fingerprints, they are flagged as linked. This helps detect multi-
account abuse like repeated first-order discounts.

### Can TrustLens help reduce return abuse and refund abuse in WooCommerce?

Yes. TrustLens tracks refund rate, refund value, refund frequency, category-specific
return behavior, and related customer patterns over time. This helps you spot serial
returners and high-risk refund behavior earlier instead of reviewing refunds one
order at a time.

### Can TrustLens help with chargebacks and disputes?

Yes — and the core chargeback tracking is in the **free** version. TrustLens automatically
ingests disputes from Stripe and WooPayments, accepts manual entry for other gateways(
PayPal, Square, offline), keeps per-customer dispute counters, and feeds dispute
history into trust scores. The free dashboard also shows a **Chargeback Ratio Speedometer**
with a Healthy / Approaching / Action-needed status against Visa, Mastercard, Amex,
and Discover thresholds.

Pro adds a dedicated **Advanced Chargeback Monitor** with per-brand breakdown (Visa
VDMP/VFMP, Mastercard ECP, Amex, Discover), 12-month trend, trailing-30-day window,
daily ratio email alerts, a one-click Dispute Evidence Report for processor responses,
and auto-block after N lost disputes.

### How does the Chargeback Ratio Monitor work?

TrustLens captures the card brand on every Stripe and WooPayments paid order and
tracks how many of those orders end up as disputes. Your blended monthly chargeback
ratio is shown on the dashboard speedometer, with status colors keyed to **Visa 
VDMP/VFMP, Mastercard ECP, Amex, and Discover** monitoring thresholds — so you can
see if you’re approaching enrollment before it happens. Pro adds per-brand ratios,
the 12-month trend chart, the trailing-30-day window, and daily email alerts.

### What is Card-Testing Defense?

Card-Testing Defense (free) is real-time protection against stolen-card attack bots
that probe your checkout with thousands of declined payment attempts. TrustLens 
watches per-device decline rates in a 60-second rolling window, matching on both
the browser fingerprint and a server-side fingerprint (IP and user agent) so bots
can’t slip through by rotating their browser fingerprint. When a device crosses 
the threshold it’s locked out of checkout for 90 seconds, blocking the attack before
it reaches your payment gateway and runs up gateway fees, fraud fees, and downstream
chargebacks.

**VIP Customer Bypass** is enabled by default, so established customers — those 
who meet your minimum-order threshold (default 3 completed orders) and aren’t already
in a Risk or Critical segment — are never blocked by velocity rules. A one-click**
Panic Freeze** button halts all checkouts for 15 minutes during an active attack
your thresholds haven’t caught.

Pro adds auto-escalation, a geographic-diversity safeguard so flash-sale traffic
isn’t mistaken for an attack, fingerprint and IP CIDR allowlists, attack analytics
with CSV export, and Slack alerts.

### Can I automate actions based on customer risk?

Yes, with Pro. Automation Rules let you build trigger-based rules that fire when
customer risk changes, orders are placed, refunds are processed, disputes are filed,
linked accounts are detected, card-testing attacks happen, or shipping anomalies
are spotted. Each rule supports 30+ condition fields and actions like block customer,
hold order, send email, fire webhook, allowlist customer, cancel order, or tag customer.

Pro automation also includes a save-time validator that blocks rules that can never
fire, an inline inspector that shows exactly why each rule fired or didn’t, and 
async HMAC-SHA256-signed webhooks with automatic retry.

### What happens when I block a customer?

Blocked customers see a customizable message when they try to add items to their
cart or proceed to checkout. The block applies to both logged-in users and guest
checkouts matching the blocked email. All blocked checkout attempts are logged.

### Can I undo a block?

Yes. You can unblock a customer at any time from their profile page or the customer
list. You can also add customers to the allowlist, which locks their score at 100
and prevents any negative signals from affecting them.

### What happens right after I install TrustLens?

New WooCommerce orders are analyzed automatically after activation. If you already
have historical orders, you can run Historical Sync from the dashboard to build 
trust profiles from your existing store data without slowing down the frontend.

### Does this slow down my store?

No. Score calculations run asynchronously via Action Scheduler (the same system 
WooCommerce uses). Checkout blocking uses a lightweight email-hash lookup. The historical
sync processes orders in small batches in the background.

### Does TrustLens send customer data to an external service?

No customer personal data ever leaves your site. TrustLens works inside your WordPress
and WooCommerce installation. The only default external call is the optional Pro
report-verification feature, which (while enabled) sends a non-personal, one-way
fingerprint of a dispute report to the TrustLens verification service so issuers
can confirm it is genuine — never customer data, and it can be disabled. All other
external delivery (webhooks, email notifications) happens only if you configure 
it.

### Is TrustLens compatible with WooCommerce HPOS?

Yes. TrustLens declares full compatibility with High-Performance Order Storage and
works with both legacy and HPOS-enabled stores.

### Does TrustLens store personal data?

TrustLens stores customer email addresses and behavioral data (order counts, refund
counts, trust scores) in custom database tables. Matching identifiers used for linked-
account detection are pseudonymized using keyed HMAC-SHA256 hashes, preventing the
raw values from being exposed or reused across sites. The plugin integrates with
WordPress privacy tools — customers can request data export or erasure through the
standard WordPress privacy workflow.

### Can I access TrustLens data from external systems?

Yes. TrustLens includes a REST API with 8 endpoints for looking up customers, retrieving
scores, filtering by segment, and triggering recalculations. API access requires
either the `manage_woocommerce` capability or a valid API key configured in settings.

### Can I get alerts and reports by email?

Yes. The free version includes core email notifications such as blocked checkout
alerts, a welcome summary, and a weekly summary. Pro adds advanced alerts, daily
digests, monthly revenue protection reports, and scheduled email reports.

### What is the minimum data needed for accurate scoring?

By default, customers need at least 3 orders before they move out of the Normal 
segment. You can adjust this threshold in Settings > General. Customers below the
threshold still accumulate signals — they just aren’t classified until enough data
exists.

### Does the free version include all detection modules?

Yes. All **8 detection modules** ship in the free version — returns, orders, coupons,
categories, linked accounts, shipping address anomalies, chargebacks, and card-testing
defense. There are no trial limits, no disabled scoring, and no locked modules.

Pro adds automation rules, webhooks, scheduled reports, payment-method risk controls,
the advanced per-brand Chargeback Monitor with daily alerts, Card-Testing Defense
Pro (auto-escalation + analytics + Slack alerts), and 10 advanced notification types.

### What happens if I rotate my WordPress secret keys?

**Important:** TrustLens uses your WordPress `auth` secret key (via `wp_salt('auth')`)
as the HMAC keying material for hashing customer emails and linked-account fingerprints.
This is a deliberate security choice — it makes stored hashes non-reversible and
non-portable across sites.

The trade-off is that **regenerating your WordPress secret keys** (whether through
a security plugin’s “regenerate keys” tool or by editing `wp-config.php` directly)
will permanently invalidate every customer hash and fingerprint already stored in
your TrustLens tables. After rotation, the plugin won’t be able to match a returning
customer to their existing trust profile, and linked-account detection will reset.

If you ever need to rotate WordPress secret keys, plan to **run Historical Sync 
afterward** so TrustLens rebuilds the customer table from your existing WooCommerce
order data using the new keying material. Allowlisted/blocked status set manually
on individual customer rows is the exception that won’t auto-recover — re-apply 
those after the sync.

## Reviews

![](https://secure.gravatar.com/avatar/fe248b45807f81c1011ff0f0e7eccc029e1aeb0716b8878ed294a6411eadf2b1?
s=60&d=retro&r=g)

### 󠀁[Powerful but Needs Wider Adoption](https://wordpress.org/support/topic/powerful-but-needs-wider-adoption/)󠁿

 [mvbn78677](https://profiles.wordpress.org/mvbn78677/) March 10, 2026

TrustLens offers strong features such as return abuse detection, coupon misuse detection,
and order pattern analysis.

![](https://secure.gravatar.com/avatar/a5cd38888a32b2f9c1c1dfc6e85db09eb69f79b45527036d94c25b667157e5e3?
s=60&d=retro&r=g)

### 󠀁[Great Visibility Into Customer Behavior](https://wordpress.org/support/topic/great-visibility-into-customer-behavior/)󠁿

 [mvmmk78890](https://profiles.wordpress.org/mvmmk78890/) March 10, 2026

TrustLens gives store owners something WooCommerce usually lacks: behavior-based
customer intelligence. Instead of guessing who might abuse refunds or coupons, the
plugin analyzes patterns like refunds, cancellations, and account connections.

![](https://secure.gravatar.com/avatar/3ad72544e19a56a2f3719f58c9d2b35e623e8e4ff9235a5e8004c8e52db796f3?
s=60&d=retro&r=g)

### 󠀁[Excellent Fraud Protection for WooCommerce](https://wordpress.org/support/topic/excellent-fraud-protection-for-woocommerce/)󠁿

 [aquilaproperty7867](https://profiles.wordpress.org/aquilaproperty7867/) February
16, 2026

Simple, effective, and professional solution for review protection.

 [ Read all 3 reviews ](https://wordpress.org/support/plugin/trustlens/reviews/)

## Contributors & Developers

“TrustLens – Fraud Prevention & Chargeback Defense for WooCommerce” is open source
software. The following people have contributed to this plugin.

Contributors

 *   [ webstepper ](https://profiles.wordpress.org/webstepper/)
 *   [ Freemius ](https://profiles.wordpress.org/freemius/)

[Translate “TrustLens – Fraud Prevention & Chargeback Defense for WooCommerce” into your language.](https://translate.wordpress.org/projects/wp-plugins/trustlens)

### Interested in development?

[Browse the code](https://plugins.trac.wordpress.org/browser/trustlens/), check 
out the [SVN repository](https://plugins.svn.wordpress.org/trustlens/), or subscribe
to the [development log](https://plugins.trac.wordpress.org/log/trustlens/) by [RSS](https://plugins.trac.wordpress.org/log/trustlens/?limit=100&mode=stop_on_copy&format=rss).

## Changelog

#### 1.3.7

 * Improvement: The Store Trust Network now withdraws a shared flag. When you win
   a chargeback, allowlist a customer, or a flagged customer’s risk clears, TrustLens
   removes that customer’s flag from your linked stores within the hour — instead
   of leaving it in place. An allowlisted customer is never shared in the first 
   place.

#### 1.3.6

 * Improvement: See the Store Trust Network at work (Pro, multi-site). Flags shared
   by your linked stores now appear right where you need them: a panel on the customer
   profile, a line on the WooCommerce order screen, and a new network status + early-
   warnings summary on the dashboard that surfaces shoppers a sister store flagged
   before they could build any history with you. The network already protected you
   quietly in the background — now you can see it doing its job.
 * Change: Refreshed review request. The occasional review prompt is now an on-brand
   card with warmer, friendlier wording — the same one-click dismiss and “remind
   me later” controls, just nicer to look at.
 * Fix: Clearer plan messaging for single-site Pro. On a single-site plan (for example
   Starter), the Store Trust Network tab showed a generic “upgrade to Pro” prompt
   even though you already had Pro. It now correctly points to the Professional 
   and Business plans that include the network, so the path to enabling it is obvious.

#### 1.3.5

 * New: Store Trust Network (Pro, multi-site). If you run more than one WooCommerce
   store, link them so a customer who racks up return abuse or chargebacks at one
   store is automatically recognized at the others. It is opt-in and off by default:
   generate one secret group key, paste it into each store, and list your store 
   URLs. Stores share flags in the background, so checkout is never slowed or blocked
   when another store is offline — and no names or email addresses ever leave a 
   store, only an irreversible hashed signal. Your existing per-store data and trust
   scores are untouched.
 * Improvement: Faster WordPress dashboard. TrustLens no longer loads its full admin
   script and style bundle on the dashboard home screen — only the small stylesheet
   the Customer Trust widget needs — so the main dashboard stays light for every
   admin.
 * Fix: More accurate return-rate scoring. Corrected an off-by-one that slightly
   skewed every customer’s stored return rate, and the trust signal built from it.
   Existing customers are recalculated automatically once on update.
 * Fix: Removed a WordPress 6.7+ “translation loading triggered too early” notice
   from the Freemius activation message (it now runs on the init hook), so it no
   longer shows up in Site Health or debug logs.

#### 1.3.4

 * Fix: Activation no longer fails with a fatal error. In some setups the plugin
   could stop with a “Call to undefined function” error during activation; the installer
   now loads its helper functions in the right order before seeding default settings.

#### 1.3.3

 * New: Usage-data opt-in — a clear control in Data & Privacy to share anonymous
   usage data (off unless you opt in), with a one-time, dismissible reminder.
 * Improvement: Clearer confirmation-email message after opt-in or activation, so
   it no longer looks like activation stalled or failed.
 * Change: Every chargeback control is now in one place. The Chargeback Tracking
   on/off toggle joins the other detection modules in Settings  Modules, and auto-
   block, ratio alerts, and dispute-report verification all live on the Chargeback
   Monitor page. The separate Settings  Chargebacks tab has been removed.
 * Change: Chargeback auto-block now defaults to off. Auto-blocking permanently 
   blocks customers at checkout, so it is now opt-in — set a threshold on the Chargeback
   Monitor when you want it. Stores that already configured it keep their setting.
 * Change: More reliable data removal on uninstall. When “remove data on uninstall”
   is enabled, TrustLens now clears all of its data through a single prefix contract
   so nothing is left behind, and the redundant “Delete All TrustLens Data” button
   has been removed (uninstall and the Data tab cover it).
 * Change: Renamed to TrustLens – Fraud Prevention & Chargeback Defense for WooCommerce
   to better reflect what the plugin does. No settings or data change.
 * Fix: Saving one Settings tab no longer resets the others. Previously, saving 
   a tab (for example General) could silently wipe or reset options that live on
   other tabs — detection modules, chargeback thresholds, webhook events, scheduled-
   report recipients, and more. Each Settings form now saves only its own options.
 * Fix: Long device-fingerprint hashes no longer overflow the “Targeted now” list
   in the Card-Testing attack feed.
 * Fix: Free-version packaging — hardened how the Freemius configuration is packaged
   so the free build always installs as the free version (a regression could otherwise
   leave it asking for a license key and locking the plugin’s admin screens).

#### 1.3.1

 * Improvement: Clearer, privacy-first wording on the activation and license screens—
   a reminder that TrustLens never sends your customer, order, or payment data —
   with the TrustLens icon now shown on them.
 * Improvement: The Account screen now carries an on-brand TrustLens panel with 
   quick links to your dashboard, documentation, and support.
 * Improvement: Activating the Pro version now automatically deactivates the free
   version (and vice-versa), preventing duplicate-plugin conflicts and stray PHP
   notices when both are installed.
 * Change: Hardened the free/Pro build pipeline — a single source of truth now controls
   which files are Pro-only, and an automated pre-release check verifies every build,
   so a free feature can’t be dropped (or Pro-only code shipped to free users) by
   mistake.
 * Fix: Chargeback Tracking restored on the free version — free stores again get
   per-customer dispute history and the blended chargeback-ratio speedometer on 
   the dashboard. A packaging error had unintentionally left this module out of 
   recent free builds; Pro stores were unaffected.

#### 1.3.0

The centerpiece of 1.3.0 is the new **Chargeback Evidence Report** (Pro) — a representment-
ready document that builds your Visa Compelling Evidence 3.0 case automatically 
and, uniquely, lets a card issuer **independently verify** it as genuine and unaltered
at a neutral domain: every report carries a tamper-evidence SHA-256 fingerprint,
a scannable QR code, and a public verification page. It’s rounded out by a broad
reliability and accuracy pass across scoring, reporting, chargebacks, automation,
and the dashboard.

 * New: Dispute evidence report (Pro) — the chargeback dispute report is now a representment-
   ready evidence document. It matches the disputed order against the customer’s
   prior orders by shared identifiers (billing/shipping address, device, IP), flags
   history that qualifies for Visa Compelling Evidence 3.0 (two or more shared identifiers
   from an order 120–365 days before the dispute), and summarizes the continuity
   you can submit to fight the chargeback.
 * New: Independent report verification (Pro) — every dispute evidence report carries
   a unique fingerprint, report ID, a verification link and a scannable QR code 
   that take a card issuer straight to webstepper.io/verify to confirm the report
   is genuine and unaltered. The report confirms on-screen whether it registered
   with the verification service (and retries automatically in the background if
   the service can’t be reached), and the Chargeback Monitor’s open-disputes list
   flags which reports are registered. Only a one-way fingerprint and non-personal
   figures are sent (never customer data), and it can be switched off on the Chargeback
   Monitor page.
 * Fix: The “New Risky Customer” email now alerts only on a genuine first-time customer,
   instead of also firing for a returning customer placing a repeat order.
 * Fix: Disputes resolved through the alternative Stripe integration now clear from
   the Open Disputes worklist instead of lingering as falsely “overdue” and inflating
   the dashboard’s due-soon count.
 * Fix: Dispute updates from a payment gateway no longer overwrite stored details—
   a status-only update can’t zero out a dispute’s amount or reopen a dispute you’ve
   already closed.
 * Fix: Card-brand detection now reads nested Stripe dispute payloads correctly,
   so disputes are attributed to the right brand (Visa/Mastercard/Amex/Discover)
   and your chargeback ratios are accurate instead of landing in “unknown”.
 * Fix: Chargeback threshold alerts no longer risk firing twice or being missed 
   around the start of a new month.
 * Fix: Monthly ROI and protection figures now report each calendar month’s own 
   data instead of repeating the current rolling window for every past month.
 * Fix: The weekly scheduled report now covers the correct time window on stores
   not set to UTC (previously it could be offset by your timezone).
 * Fix: Scheduled reports now also run at the configured time of day on stores not
   set to UTC, instead of being delivered offset by the site’s timezone.
 * Fix: Recalculating a customer’s trust score via the REST API now triggers your
   automation rules, notifications and webhooks, matching the in-app and bulk recalculation.
 * Fix: REST customer endpoints now work for customers stored with legacy 32-character
   hashes, not only 64-character ones.
 * Fix: Customer segments are assigned correctly even when the segment-threshold
   filter returns a partial set, preventing mis-segmentation.
 * Fix: The high-risk customer list and dashboard segment counts now refresh promptly
   after changes such as allowlisting, instead of lagging behind a stale cache.
 * Fix: First-order coupon-abuse detection no longer misflags a returning customer’s
   second order as their first.
 * Fix: Repeat-refunder and velocity alerts now fire when a count jumps past the
   threshold (not only when it lands exactly on it), once per pattern without spamming.
 * Fix: Automation email actions fall back to the site admin address when no notification
   email is configured, instead of silently failing to send.
 * Fix: Bulk actions for remove-from-allowlist, remove-tag and export now run instead
   of being silently marked complete; unrecognized actions report a clear error.
 * Fix: The Historical Sync panel now shows accurate progress and status instead
   of blank or incorrect values.
 * Fix: The REST statistics endpoint returns zeroes instead of erroring during a
   full data reset.
 * Fix: Risk signals in the evidence report now show refund and customer-value amounts
   as clean currency (e.g. $2,429.00) instead of raw price markup.
 * Security: All CSV export paths (admin export and scheduled/bulk export) neutralize
   spreadsheet formula injection by escaping cells that begin with =, +, -, @, tab
   or carriage return.
 * Maintenance: Updated the Freemius SDK to 2.13.2, hardened webhook-log pruning
   and card-testing alert scheduling, and stopped an internal scoring snapshot row
   from appearing in customer signal lists.

#### 1.2.8

 * New: Video walkthrough — a short explainer showing how TrustLens turns real shopping
   behavior into a 0–100 trust score and surfaces returns, coupon, linked-account
   and card-testing abuse, now on the plugin page.
 * Update: Refreshed the plugin banner artwork.

For the complete changelog of earlier versions, visit [the full changelog](https://webstepper.io/wordpress/plugins/trustlens/changelog/).

## Meta

 *  Version **1.3.7**
 *  Last updated **3 days ago**
 *  Active installations **Fewer than 10**
 *  WordPress version ** 6.4 or higher **
 *  Tested up to **7.0**
 *  PHP version ** 7.4 or higher **
 *  Language
 * [English (US)](https://wordpress.org/plugins/trustlens/)
 * Tags
 * [anti-fraud](https://tzm.wordpress.org/plugins/tags/anti-fraud/)[card-testing](https://tzm.wordpress.org/plugins/tags/card-testing/)
   [chargeback](https://tzm.wordpress.org/plugins/tags/chargeback/)[fake orders](https://tzm.wordpress.org/plugins/tags/fake-orders/)
   [woocommerce security](https://tzm.wordpress.org/plugins/tags/woocommerce-security/)
 *  [Advanced View](https://tzm.wordpress.org/plugins/trustlens/advanced/)

## Ratings

 5 out of 5 stars.

 *  [  3 5-star reviews     ](https://wordpress.org/support/plugin/trustlens/reviews/?filter=5)
 *  [  0 4-star reviews     ](https://wordpress.org/support/plugin/trustlens/reviews/?filter=4)
 *  [  0 3-star reviews     ](https://wordpress.org/support/plugin/trustlens/reviews/?filter=3)
 *  [  0 2-star reviews     ](https://wordpress.org/support/plugin/trustlens/reviews/?filter=2)
 *  [  0 1-star reviews     ](https://wordpress.org/support/plugin/trustlens/reviews/?filter=1)

[Your review](https://wordpress.org/support/plugin/trustlens/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/trustlens/reviews/)

## Contributors

 *   [ webstepper ](https://profiles.wordpress.org/webstepper/)
 *   [ Freemius ](https://profiles.wordpress.org/freemius/)

## Support

Got something to say? Need help?

 [View support forum](https://wordpress.org/support/plugin/trustlens/)