Setting up 1C-Bitrix order fraud verification

Our company is engaged in the development, support and maintenance of Bitrix and Bitrix24 solutions of any complexity. From simple one-page sites to complex online stores, CRM systems with 1C and telephony integration. The experience of developers is confirmed by certificates from the vendor.

8+Years of workmore info 900+Completed projectsmore info 100+In house employeesmore info 19+Partnersmore info

Showing 1 of 1 servicesAll 1626 services

Simple

~1 business day

FAQ

Our competencies:

Free consultation

Book a free consultation if you have any questions. A dedicated specialist will advise you.

Cost calculation

If you know what exactly you need to develop, or you already have a ready-made technical task.

Development stages

Latest works

B2B ADVANCE company website development
1175
Website development for FIXPER company
811
Development based on Bitrix, Bitrix24, 1C for the company Development of an Online Appointment Booking Widget for a Medical Center
564
Development based on 1C Enterprise for MIRSANBEL
747
Website development on CRM Bitrix24 for DOLBIMBY
655
Development based on Bitrix24 for the company TECHNOTORGKOMPLEKS
976

Show more works

Fraud Order Scoring Configuration in 1C-Bitrix

Fraud scoring is a system that evaluates each order against a set of signals and decides whether to pass it, queue it for manual review, or block it. Unlike simple rate limiting, scoring considers the combination of factors — one signal may be normal on its own, but three together constitute a red flag.

Scoring system

Each check factor contributes a number of risk points. The final score determines the action.

namespace Local\Fraud;

class FraudScorer
{
    // Thresholds
    private const BLOCK_SCORE  = 70;
    private const REVIEW_SCORE = 40;

    public function score(\Bitrix\Sale\Order $order): ScoreResult
    {
        $signals = [];

        $ip    = $_SERVER['REMOTE_ADDR'] ?? '';
        $props = $order->getPropertyCollection();
        $email = $props->getItemByOrderPropertyCode('EMAIL')?->getValue() ?? '';
        $phone = $props->getItemByOrderPropertyCode('PHONE')?->getValue() ?? '';
        $name  = trim(
            ($props->getItemByOrderPropertyCode('NAME')?->getValue() ?? '') . ' ' .
            ($props->getItemByOrderPropertyCode('LAST_NAME')?->getValue() ?? '')
        );

        // IP signals
        $signals['ip_orders_1h']    = $this->ipOrders($ip, 1)    * 8;  // max ~80 at 10 orders
        $signals['ip_orders_24h']   = $this->ipOrders($ip, 24)   * 2;  // max ~40 at 20 orders
        $signals['ip_in_stoplist']  = $this->isInStopList($ip)    ? 80 : 0;

        // Email signals
        $signals['disposable_email']  = $this->isDisposableEmail($email) ? 35 : 0;
        $signals['no_email']          = empty($email) ? 25 : 0;
        $signals['email_orders_24h']  = $this->emailOrders($email, 24) * 5;

        // Phone signals
        $signals['invalid_phone']   = !$this->isValidPhone($phone) ? 20 : 0;

        // Amount and history
        $signals['high_amount_new']  = $this->highAmountNewUser($order) ? 30 : 0;
        $signals['unusual_amount']   = $this->isUnusualAmount($order, (int)$order->getUserId()) ? 15 : 0;

        // Name
        $signals['suspicious_name']  = $this->isSuspiciousName($name) ? 20 : 0;

        $total = min(100, array_sum($signals));

        return new ScoreResult(
            score:       $total,
            signals:     array_filter($signals),
            action:      match(true) {
                $total >= self::BLOCK_SCORE  => 'block',
                $total >= self::REVIEW_SCORE => 'review',
                default                      => 'allow',
            }
        );
    }

    private function ipOrders(string $ip, int $hours): int
    {
        $safe = \Bitrix\Main\Application::getConnection()->getSqlHelper()->forSql($ip);
        return (int)\Bitrix\Main\Application::getConnection()->query(
            "SELECT COUNT(*) cnt FROM b_sale_order
             WHERE CREATED_BY_IP = '{$safe}'
               AND DATE_INSERT   > DATE_SUB(NOW(), INTERVAL {$hours} HOUR)"
        )->fetch()['cnt'];
    }

    private function isInStopList(string $ip): bool
    {
        $safe = \Bitrix\Main\Application::getConnection()->getSqlHelper()->forSql($ip);
        return (bool)\Bitrix\Main\Application::getConnection()->query(
            "SELECT ID FROM b_stop_list WHERE IP_ADDR = '{$safe}' AND ACTIVE = 'Y' LIMIT 1"
        )->fetch();
    }

    private function emailOrders(string $email, int $hours): int
    {
        if (empty($email)) return 0;
        $safe = \Bitrix\Main\Application::getConnection()->getSqlHelper()->forSql($email);
        return (int)\Bitrix\Main\Application::getConnection()->query(
            "SELECT COUNT(*) cnt
             FROM b_sale_order_props_value pv
             JOIN b_sale_order_props p ON p.ID = pv.ORDER_PROPS_ID
             JOIN b_sale_order o       ON o.ID = pv.ORDER_ID
             WHERE p.CODE = 'EMAIL'
               AND pv.VALUE = '{$safe}'
               AND o.DATE_INSERT > DATE_SUB(NOW(), INTERVAL {$hours} HOUR)"
        )->fetch()['cnt'];
    }

    private function isDisposableEmail(string $email): bool
    {
        $domain  = strtolower(substr(strrchr($email, '@'), 1));
        return in_array($domain, [
            'mailinator.com', 'guerrillamail.com', 'tempmail.com',
            'throwam.com', 'yopmail.com', '10minutemail.com',
        ], true);
    }

    private function isValidPhone(string $phone): bool
    {
        $digits = preg_replace('/\D/', '', $phone);
        return strlen($digits) >= 10 && strlen($digits) <= 15;
    }

    private function highAmountNewUser(\Bitrix\Sale\Order $order): bool
    {
        $userId = (int)$order->getUserId();
        if ($order->getPrice() < 30000 || $userId <= 0) return false;

        $prevCount = (int)\Bitrix\Main\Application::getConnection()->query(
            "SELECT COUNT(*) cnt FROM b_sale_order WHERE USER_ID = {$userId}"
        )->fetch()['cnt'];

        return $prevCount === 0;
    }

    private function isUnusualAmount(\Bitrix\Sale\Order $order, int $userId): bool
    {
        if ($userId <= 0) return false;

        $avg = (float)\Bitrix\Main\Application::getConnection()->query(
            "SELECT AVG(PRICE) avg FROM b_sale_order
             WHERE USER_ID = {$userId} AND STATUS_ID NOT IN ('C')"
        )->fetch()['avg'];

        return $avg > 0 && $order->getPrice() > $avg * 5;
    }

    private function isSuspiciousName(string $name): bool
    {
        // Fully numeric name, too short, or special characters only
        return preg_match('/^\d+$/', $name)
            || mb_strlen($name) < 3
            || preg_match('/[<>{}\\\\]/', $name);
    }
}

Score result

namespace Local\Fraud;

class ScoreResult
{
    public function __construct(
        public readonly int    $score,
        public readonly array  $signals,
        public readonly string $action,  // 'allow', 'review', 'block'
    ) {}

    public function isBlocked(): bool { return $this->action === 'block'; }
    public function needsReview(): bool { return $this->action === 'review'; }

    public function getComment(): string
    {
        $parts = ["[FRAUD_SCORE:{$this->score}]"];
        foreach ($this->signals as $signal => $value) {
            $parts[] = "{$signal}:{$value}";
        }
        return implode(' ', $parts);
    }
}

Scoring result logging

All checks are logged to the FraudLog HL block for analysis and threshold tuning:

Field	Value
`UF_ORDER_ID`	Order ID (if created)
`UF_IP`	IP address
`UF_EMAIL`	Email from the order
`UF_SCORE`	Final score
`UF_ACTION`	allow / review / block
`UF_SIGNALS`	JSON with signal breakdown
`UF_DATE`	Check date

Analyzing logs over 2–4 weeks allows threshold calibration for a specific store.

Implementation timelines

Configuration	Timeline
Scoring system with basic signals	3–4 days
+ logging, admin interface	+2 days
+ calibration on historical data	+1 week

1C Bitrix presentation 1C Bitrix24 presentation 1C Enterprise presentation