Case StudiesDocsBlogContact
Log InGet started
Back to Case Studies
E-Commerce · Anonymized case study
Anonymized case study — company name and identifying details withheld. Reference available on request — contact us.

€41K in chargebacks blocked in 90 days

A growing D2C apparel brand was bleeding revenue to stolen-card fraud routed through residential proxies. Every blocklist said the traffic was clean. Sentinel said otherwise — and shut it down in an afternoon, without adding a single click for real customers.

€41K
Fraudulent chargebacks blocked in 90 days
2.3% → 0.4%
Chargeback rate drop — below Visa threshold
91%
Reduction in bot checkout attempts
3 hrs
Time from signup to live in production
Threat signals detected
Residential Proxy
VPN
Bot Automation

The Company

A mid-size D2C apparel brand with over 90,000 monthly visitors and a Shopify-based checkout. Rapidly growing, with a lean fraud team that couldn't scale manual review to match transaction volume.

The Problem

Their chargeback rate had climbed to 2.3% of monthly revenue — well above the 1% Visa threshold that triggers fines and monitoring programs. The fraud team traced roughly 40% of chargebacks back to orders placed with VPNs masking stolen credit card billing locations.

The harder problem: bots were rotating through residential proxy networks, placing hundreds of transactions per hour from different "clean" residential IPs. Every IP looked legitimate to traditional blocklists. The fraud was invisible.

Key pain points before Sentinel:

  • Residential proxies bypassed every existing blocklist — each order came from a different "clean" residential IP
  • Standard CAPTCHAs were solved instantly by CAPTCHA farms, adding friction only for real customers
  • Manual review team was overwhelmed — reviewing 60+ flagged orders per day with 72-hour backlogs
  • Visa had issued a chargeback warning — fines were imminent if the rate didn't drop

The Solution

The team integrated Sentinel's API at the checkout stage. Every checkout attempt passes through /v1/evaluate before payment processing. Orders from residential proxy networks, datacenter IPs with spoofed headers, or high-risk ASNs are flagged for additional verification — or quietly rejected based on risk score thresholds.

Implementation took 3 hours using their existing Node.js backend. Risk score threshold was set at 65 — orders above that require SMS verification before the payment is processed. Legitimate customers never see a CAPTCHA.

"We'd tried IP reputation tools before but residential proxies always got through. Sentinel was the first solution that actually stopped them — and it took one afternoon to integrate."

— Head of Trust & Safety

Results — 90 Days Post-Implementation

€41,000
In fraudulent chargebacks blocked
2.3% → 0.4%
Chargeback rate — below Visa threshold, eliminating fines
91%
Reduction in bot checkout attempts
Zero
CAPTCHAs added for legitimate customers
60 → <5
Daily orders requiring manual review
Week 1
Full results visible within the first week

Why Residential Proxies Are Hard to Stop

Traditional IP reputation tools work by maintaining blocklists of known bad IPs — datacenters, VPN endpoints, known fraud infrastructure. Residential proxies are different: they route traffic through real home internet connections, making each request look like a legitimate consumer in a specific city.

Sentinel detects residential proxies not by checking IP reputation alone, but by identifying the ASN signatures, traffic patterns, and device signals that indicate a proxy network is in use — even when the IP itself is "clean." This is the layer that traditional tools miss, and the layer where modern fraud lives.

Implementation Detail

The integration is a single API call at checkout submission. The Sentinel response includes a risk score (0–100) and specific signal flags. Their backend logic:

  • Score 0–64: proceed to payment normally
  • Score 65–84: require SMS verification before processing
  • Score 85+: decline with a generic error and flag for review

The entire decision happens in under 40ms — below the threshold where users notice any latency.

Protect your e-commerce platform like this brand did

10,000 free API requests per month. No credit card. Integrates in an afternoon.

Get Free API Key
Fraud BriefOnce a month · no spam · unsubscribe anytime
Get the new VPN, proxy & bot patterns we see each month
Short, technical breakdowns of what fraudsters changed last month — written for engineers, not marketers.