CODfraud preventionorder management

How to Set Up COD Order Limits on Shopify

Shopify COD order limit settings showing per-customer restrictions on a clean dashboard interface

One customer. Same phone number. Five COD orders in three days — and four of them came back undelivered. If you're running a COD store on Shopify, you've seen this pattern. Blocklists catch the worst offenders after the damage is done. Order limits stop them before they place the next one.

Each failed COD delivery costs ₹180–240 in wasted shipping, reverse logistics, and blocked inventory. At scale, repeat abusers quietly drain thousands per month from stores that have no mechanism to cap how many orders a single person can place. Shopify doesn't offer a native COD order limit per customer — which means most merchants either absorb the losses or spend hours manually flagging suspicious orders.

Why Blocklists Aren't Enough for COD Order Limits

Blocklists are reactive. You add a phone number or email after a customer has already burned you. That works for known bad actors. But it doesn't help with the first-time abuser who places six orders from slightly different details. It also misses the serial returner who isn't technically committing fraud — they just refuse delivery every other time.

Order limits work differently. Instead of waiting for a problem and blocking the source, you set a ceiling: no customer can place more than X COD orders within Y days. Everyone gets treated the same. Legitimate buyers rarely hit the cap. Abusers hit it immediately.

Brands that have introduced order limits or COD restrictions for repeat returners have seen abuse rates drop by 15–25%. The reduction isn't just from blocking bad orders — it's from deterrence. When abusers learn they can't place unlimited orders, most move on.

What Does a COD Order Limit Control?

A COD order limit caps how many orders a single customer can place within a set time window — typically identified by phone number, email, or IP address. It's a proactive rule, not a reactive block. Here's what a useful order limit system restricts:

  • Phone number — the most reliable identifier for COD markets where email is optional. Cap orders per phone number within a rolling window (e.g., 3 orders per 7 days).
  • Email address — useful when your form requires one, though easier to create throwaway addresses.
  • IP address — catches customers placing orders from the same device or network, even if they rotate contact details.

The best setup uses multiple identifiers together. A customer who hits the limit on their phone number can't bypass it by changing their email if the IP check also triggers.

Setting the Right Threshold

Set the limit too low and you block legitimate bulk buyers. Set it too high and abusers slip through. The right number depends on your product and order patterns.

Start by checking your average orders per customer over the last 90 days. For most COD stores selling consumer goods, the typical customer places 1–2 orders per month. A limit of 3–5 COD orders per 7-day window catches abuse without affecting normal buying behavior.

A few guidelines:

  • Low-ticket consumables (under ₹500/order) — set tighter limits (2–3 per week). These attract the most fake orders because the perceived risk is low.
  • Mid-range products (₹500–₹2,000) — 3–5 per week works for most stores.
  • High-ticket items (₹2,000+) — you can afford a lower limit (1–2 per week) since legitimate repeat purchases at this price point are rare.

Review your limits monthly. If you're still seeing high RTO from repeat numbers, tighten the window. If legitimate customers complain they can't reorder, loosen it.

How to Set Up Order Limits With EasySell

EasySell includes built-in order limit and quantity restriction controls inside its COD order form. Here's how to configure them:

  1. Open EasySell settings — go to your Shopify admin, open the EasySell app, and navigate to the fraud prevention section.
  2. Enable order limits — toggle on the order limit feature. You'll see options to set limits by phone number, email, or IP address.
  3. Set your cap and time window — choose the maximum number of orders allowed per identifier within a specific period. For example: 3 orders per phone number per 7 days.
  4. Configure the rejection message — when a customer hits the limit, they'll see a message on the order form. Write something clear: "You've reached the maximum number of orders for this period. Please try again later or contact support."
  5. Combine with quantity restrictions — separately from order limits, you can also cap the quantity per product per order. This prevents a single order from containing 50 units of a product you normally sell 1–2 at a time.

The entire setup takes under 10 minutes. Once active, the limits run automatically — no manual review needed.

Pair Order Limits With Other Fraud Controls

Order limits work best as one layer in a broader fraud prevention stack. On their own, they reduce repeat abuse. Combined with other controls, they make your COD operation significantly harder to exploit.

OTP verification adds a phone confirmation step before the order is placed. This alone filters out customers who enter fake phone numbers — which accounts for a large share of COD fraud. According to Razorpay data, 8–10% of COD orders are fraudulent, and many of those use fabricated contact details that OTP would catch.

Pincode blocking lets you disable COD for high-RTO areas. If a specific pincode consistently shows 40%+ return rates, removing COD as an option there forces prepaid — which filters out unserious buyers.

Partial payments require a small deposit (10–20% of the order value) at checkout, with the rest paid on delivery. Even a ₹50 deposit eliminates most fake orders because abusers aren't willing to spend real money on orders they plan to refuse.

EasySell supports all three of these alongside order limits, so you can configure them from a single dashboard without installing multiple apps.

When Order Limits Don't Apply

Not every store needs per-customer order limits. If your RTO rate is under 10% and you don't see patterns of repeat abuse from the same contacts, adding limits introduces friction without solving a real problem.

Order limits also aren't the right tool for wholesale or B2B stores where a single buyer legitimately places multiple large orders per week. In that case, you'd want to exempt specific customer tags or accounts from the limit — or skip limits entirely and rely on OTP verification and partial payments instead.

The merchants who benefit most from order limits are COD-heavy stores (60%+ COD share) selling consumer products at mid-range price points, in markets where RTO rates exceed 20%. That's where repeat abuse concentrates.

Start With One Change This Week

If you're seeing the same phone numbers show up across multiple failed deliveries, set a COD order limit per customer today. Start conservative — 5 orders per phone number per 7 days — and tighten based on what your data shows. Most stores find their sweet spot within 2–3 weeks of adjustments.

The goal isn't to block every possible bad order. It's to make your store expensive to abuse at scale. One limit, applied consistently, does more than a hundred manual reviews.