A new store opens registrations, runs a 10%-off welcome coupon, and within a week the customer list is full of accounts that never buy anything. Some used throwaway inboxes. A few are bots farming the coupon. The order log has guest checkouts with email addresses that bounce the moment you send a tracking update. None of it is payment fraud exactly, but all of it is noise that costs you coupon budget, email deliverability, and hours of cleanup.
That kind of abuse rarely shows up as one big attack. It leaks in quietly through every unprotected signup and guest checkout.
CEV PRO — Customer Email Verification closes those gaps by requiring a verified email (and optionally a verified phone or an authenticator code) before an account becomes usable or a checkout completes. It blocks disposable inboxes, holds new accounts back from coupon abuse until they actually buy, and gives you the tools to clean up the accounts you already have.
One thing to be clear about up front: email verification is not payment-fraud protection. A determined fraudster with a real inbox and a stolen card can still pass verification. What CEV PRO removes is the cheap, high-volume abuse: fake emails, throwaway accounts, bot signups, and coupon farming. That is where most of your day-to-day pain actually comes from.
This guide walks through the specific CEV PRO features that stop fake orders and account abuse, and where each one fits.
How CEV PRO blocks fake orders and account abuse
- Require email verification before checkout completes
Logged-in customers and guests both have to confirm a one-time code sent to their email before the order goes through. An address that can’t receive the code can’t place the order, which kills guest-checkout spam at the source. - Block disposable and temporary email domains
CEV PRO ships with a bundled list of known throwaway-email domains and rejects signups using them. You can extend the list with your own domains and set a custom rejection message, so the obvious junk never gets an account. - Validate that the email domain can actually receive mail
A DNS-based MX record check confirms the domain is set up to accept email before you trust it, with a 24-hour per-domain cache so it stays fast. Addresses on domains that can’t receive mail get stopped. - Hold new accounts back from coupon abuse with Paid-Order Gatekeeping
When enabled, a verified user stays in a restricted “pending paid order” state until their first WooCommerce order completes. This stops bot accounts from collecting welcome coupons or promotional emails before they’ve ever bought anything, which is the exact mechanic coupon farmers rely on. - Trigger verification only on risky orders with cart-total and category rules
You can require OTP verification only when the cart subtotal or total crosses an amount you set, or only for specific product categories. High-value or high-risk orders get the extra check while small, low-risk orders stay friction-free. - Lock down accounts with phone or authenticator verification
Beyond email, Smart Form can verify customers by phone OTP (via MSG91, Twilio, Vonage, or WhatsApp Business), and you can enforce TOTP authenticator-app 2FA for chosen user roles. This raises the cost of creating throwaway accounts well past what bulk abuse tolerates. - Clean up the accounts you already have
“Force re-verify all customers” marks existing unverified users as unverified in one action, so after a spam wave you can flush legacy junk. Auto-delete safely removes stale unverified accounts on a daily cron, with safeguards that skip anyone who has orders, active subscriptions, elevated roles, or a recent login. - See what’s actually being blocked
The Analytics tab reports signups, verification rate, blocked-spam totals, average time-to-verify, and your top blocked disposable domains over 7, 30, or 90 days. You get evidence the protection is working rather than a guess.
What each layer protects against
| Abuse type | CEV PRO defence |
|---|---|
| Throwaway-email signups | Disposable domain blocklist |
| Dead or fake domains | MX record validation |
| Guest-checkout spam | Pre-checkout email OTP |
| Welcome-coupon farming | Paid-Order Gatekeeping |
| High-value risky orders | Cart-total threshold OTP |
| Bulk bot accounts | Phone OTP and TOTP 2FA |
| Legacy junk accounts | Force re-verify and auto-delete |
Conclusion
Most fake orders and abusive accounts come in through the easy doors: unverified emails, throwaway domains, and coupon-hungry bot signups. CEV PRO shuts those doors and gives you a clean way to remove the junk already sitting in your user list, so your customer data, coupon budget, and email reputation stay intact.
🔒 Ready to cut fake orders and account abuse on your WooCommerce store?
14-Day Money-Back Guarantee. HPOS Compatible. WPML and Polylang ready. Priority Support.