64% of the 50 Shopify stores we audited violate at least one clause of the FTC's 2024 fake-review rule, and 18% violate three or more. The most common violations are unmoderated incentivized reviews (42% of stores), hidden filtering of negative reviews (28%), and unlabeled employee or affiliate reviews (22%). Penalties under the rule can reach $51,744 per violation. Most merchants are accidentally non-compliant and do not know it. Methodology, the 5 prohibited practices in plain English, and a free self-audit checklist below.
Reviewed by Nicolas Provost, founder of Reviewz.ai. Insights based on auditing 500+ Shopify review setups and analyzing public pricing, schema, and conversion data across the leading review platforms. LinkedIn
Why this audit, and why you should care now
In August 2024, the FTC finalized 16 CFR Part 465, the rule banning fake reviews and testimonials. It took effect October 21, 2024. Eighteen months later, most Shopify merchants we talk to still think "the FTC rule" means "do not buy fake Trustpilot reviews" from Pakistan. That is one clause out of five.
The other four are where everyone gets caught: incentivized reviews without disclosure, review suppression, employee reviews without identification, and using the threat of legal action to silence honest negative reviews. These are not theoretical risks. The FTC opened its first enforcement matter under the new rule in early 2025, and the maximum civil penalty is currently $51,744 per violation per the inflation-adjusted Civil Penalty Inflation table. Per fake review. Multiply that by 100 fake reviews on a Trustpilot profile and the math is bad.
We wanted to know how exposed real Shopify stores actually are. So we ran a structured compliance audit on 50 of them. Reviews are too valuable a growth asset to put at legal risk; the case for collecting them honestly only holds if the collection itself is clean.
What the FTC rule actually says (5 prohibited practices)
The rule itself is at the FTC's final rule announcement. Plain-English summary of the five categories:
1. Fake or false reviews and testimonials. You cannot create, buy, sell, or disseminate reviews from people who did not actually use the product, or that misrepresent the reviewer's experience. This includes AI-generated reviews if they are presented as genuine customer feedback, which are getting easier to detect at scale. Also covers reviews from people who were paid to leave a specific sentiment without disclosure.
2. Buying positive or negative reviews. You cannot pay for, or condition any benefit on, reviews that express a particular sentiment. "Leave us a 5-star review for $10 off" is a clean violation. "Leave us an honest review for $10 off" is the borderline case, and the FTC is skeptical of incentives in general because they bias the review pool; our guide to offering a discount for reviews walks the compliant line.
3. Insider reviews and consumer testimonials. Reviews from officers, managers, employees, agents, or relatives of the business cannot be posted without clear and conspicuous disclosure of the relationship. "Best moisturizer ever" from the founder's spouse is illegal if not disclosed.
4. Company-controlled review websites. You cannot create or operate a review site that misrepresents itself as independent when it is run by the company being reviewed. This catches a lot of "best of" affiliate sites that pretend to be neutral.
5. Review suppression. You cannot use unfounded legal threats, physical threats, intimidation, or public false accusations to suppress negative reviews. You also cannot misrepresent that the displayed reviews are a complete set when in fact you have filtered out the negatives. This is the clause that catches most Shopify merchants by surprise.
For the EU equivalent (which is stricter on incentivized reviews), see the EU Omnibus Directive (2019/2161). Most large Shopify merchants are now subject to both.
Methodology: how we audited 50 Shopify stores
Honest disclosure: this is a compliance checklist applied to public-facing pages, not a forensic investigation. We did not access merchant dashboards, look at the actual review-collection emails, or interview customers. We audited what is visible to any consumer plus what is readable in the source code.
Sample selection. We pulled 50 Shopify stores from a stratified random sample: 20 from BuiltWith's top-10k Shopify list (mid-market), 20 from the top 50 Shopify App Store featured stores (high-traffic), and 10 from the Shopify ecosystem map of stores doing under $1M ARR. Categories cover apparel (14), beauty (10), health and supplements (8), home goods (8), food and beverage (6), and other (4).
Audit checks per store (12 visual + 4 structural):
Visual checks on the product reviews page:
(a) Does the store offer any incentive for reviews (discount code, points, gift card)? If yes, is the incentive disclosed on the product page near the reviews?
(b) Does the review widget show a complete distribution (1-star through 5-star counts visible)?
(c) Are 1-star and 2-star reviews actually displayable when filtered, or is the filter broken?
(d) Is there a verified-buyer badge, and how is it earned?
(e) Are reviews from employees, founders, or affiliates labeled as such?
(f) Is the displayed average rating consistent with the visible distribution? (We flagged stores where 4.9 average + 800 reviews + 0 visible 1-stars suggested suppression.)
(g) Is there a public review policy page linked from the reviews widget or footer?
Visual checks on review request emails (sampled from our merchant network where overlap existed):
(h) Is the email asking for an "honest review" or specifically a "positive/5-star review"?
(i) Is any incentive conditional on the sentiment of the review?
(j) Does the email include the FTC-required disclosure when an incentive is offered?
Structural checks via page source:
(k) Does the AggregateRating schema match the visible reviews?
(l) Are there hidden reviews in the JSON-LD that do not render in the widget?
(m) Is the Trustpilot or Google embed selectively filtered? (Stores that only show 4 and 5 star reviews on-site while their Trustpilot profile shows otherwise.)
(n) Are any "sponsored" or "affiliate" disclosures present?
(o) Is there a TrustBox / widget configuration that excludes ratings below 4 stars?
(p) Does the store run a separate company-controlled "best of" or comparison page?
Each store was scored as compliant, borderline, or violating on each of the 5 FTC prohibited practices. A store needed zero violations and at most one borderline finding to be flagged compliant overall.
Violation breakdown by category
| FTC prohibited practice | Stores violating | Stores borderline | Stores compliant |
|---|---|---|---|
| 1. Fake or false reviews | 6 (12%) | 9 (18%) | 35 (70%) |
| 2. Buying positive or negative reviews (incentive issues) | 21 (42%) | 11 (22%) | 18 (36%) |
| 3. Insider reviews (employees, family) | 11 (22%) | 7 (14%) | 32 (64%) |
| 4. Company-controlled review sites | 3 (6%) | 5 (10%) | 42 (84%) |
| 5. Review suppression / filtering | 14 (28%) | 10 (20%) | 26 (52%) |
| Overall (at least 1 violation) | 32 (64%) | 9 (18%) | 9 (18%) |
Only 9 of 50 stores were fully compliant. 9 more were borderline. The remaining 32 had at least one clear violation, and 9 of those had three or more.
The 3 most common violations (with real examples, anonymized)
Violation #1: incentivized reviews without disclosure (42% of stores). The pattern is identical across categories: store sends a post-purchase email offering "$10 off your next order when you leave a review." The incentive is real. The disclosure is missing from the published review. The FTC requires that when a reviewer received any incentive, the review (or the area around it) must clearly disclose that incentive. "This review was given in exchange for a discount" or a small badge does the job. The lazy version (the email asks for a review, the reviewer gets a coupon, the public review says nothing) is a textbook violation.
Violation #2: review filtering and suppression (28% of stores). Two flavors. The first is on-site: the review widget defaults to showing only 4 and 5 star reviews, with 1 and 2 stars technically accessible behind a filter that nobody clicks. The second is dispute-based: the store flags every negative Trustpilot review as "suspicious" to trigger Trustpilot's removal process, even when the reviews are clearly legitimate. We covered the legitimate side of this in how to remove a fake Trustpilot review and the suppression side in delete a Trustpilot review. There is a difference between flagging actually-fake reviews and weaponizing the flag process to silence critics; the FTC has explicitly warned about the latter.
Violation #3: undisclosed insider reviews (22% of stores). Easier to catch than people think. The pattern is a 5-star review from someone with the same last name as the founder, or a review posted from an IP that matches the merchant's office. Most merchants do this innocently (a cofounder genuinely loves the product and posts a review), but if the relationship is not disclosed, it is a violation. The fix is either remove these reviews or add a visible badge like "Reviewer is a co-founder of the company."
Route happy customers to Trustpilot & Google, capture negatives privately.
Install Reviewz on ShopifyPenalties and enforcement reality
The headline penalty is $51,744 per violation, which the FTC adjusts annually for inflation. Each fake review can be counted as a separate violation. The FTC's standard playbook is to open an inquiry, issue a Civil Investigative Demand, negotiate a consent order, and then publicly announce the settlement. For a Shopify merchant doing $5M ARR with 100 incentivized but undisclosed reviews, a worst-case settlement is in the $1M to $3M range plus mandatory corrective disclosures.
The realistic enforcement scenario for most Shopify merchants is different. The FTC does not have the bandwidth to chase 500k Shopify stores. They prioritize: (a) stores with significant traffic and media attention, (b) stores in regulated categories (health, supplements, financial services, children's products), (c) repeat offenders, (d) stores reported by competitors or activist consumer groups. State AGs are also enforcing parallel state laws in California, New York, Florida and Texas; these often have lower thresholds for opening a case.
The other risk is private litigation. The FTC rule does not create a private right of action, but plaintiff's lawyers are using it as evidence in state consumer-protection class actions. We have seen three Shopify merchants pulled into class actions in 2025 over incentivized review programs that did not disclose properly.
How to audit and fix your own store in 30 minutes
Step 1: open your product page in incognito mode and look at the review widget. Can you actually filter to 1-star reviews? Are there any? If your distribution is 90%+ 5-star with 500+ reviews and zero 1-stars, you have a credibility problem and probably a compliance problem.
Step 2: pull a recent post-purchase review request email. Does it offer an incentive? If yes, does it ask for an "honest" review (OK) or a "positive" review (not OK)? Does the published review on your product page disclose the incentive? Use our review request email generator for FTC-compliant templates.
Step 3: run our fake review checker on a sample of your own reviews. If your own reviews are pinging as suspicious (overly similar patterns, suspicious posting cadence), you have a problem that an FTC investigator could find too.
Step 4: audit your Trustpilot profile with our Trustpilot profile audit tool. The audit flags suspicious review velocity, sentiment imbalance, and dispute patterns that suggest suppression.
Step 5: identify any employee, founder, or affiliate reviews and either remove them or add disclosure. The cleanest fix is to remove them entirely.
Step 6: publish a public review policy. One page on your site explaining how you collect reviews, whether you offer incentives, how you handle negative feedback, and your moderation policy. This is not legally required but it gives you a clear defense if questioned.
Step 7: switch to a review collection workflow that pre-screens sentiment without suppressing negatives. This is what we built Reviewz.ai to do, and it is also covered in our how to respond to negative reviews guide. The key is that 1 to 3 star customers get routed to a private support flow (legal), not deleted from public view (illegal).
FAQ
Is offering a discount for a review illegal under the FTC rule?
Not automatically, but it is risky. The rule prohibits conditioning the incentive on the sentiment ("$10 off for a 5-star review" is illegal). It allows incentives tied to leaving an honest review of any rating, as long as the incentive is clearly disclosed near the published review. The cleanest approach is to ask for honest reviews without any incentive, or to offer a tiny non-conditional incentive (free shipping on next order) and require disclosure. The EU Omnibus Directive is stricter and effectively requires that any incentivized review be flagged as such.
Can I hide a negative review if the customer was clearly unreasonable?
No, not unless the review actually violates a content policy (profanity, personal attacks, off-topic). "Customer is being unreasonable" is not a valid moderation reason under the FTC rule. The legal path is to respond publicly to the review, explaining your side, and let consumers judge. Most platforms (including Trustpilot and Google) allow you to flag legitimately fraudulent reviews, and that process is fine. What is not fine is mass-flagging legitimate negatives to trigger their removal queue.
What counts as an "insider review" exactly?
An insider review is one written by someone with a material relationship to the business: officers, directors, employees, agents, family members, or close friends acting at the company's request. The FTC rule allows these reviews if the relationship is clearly and conspicuously disclosed. The disclosure must be visible to the consumer reading the review, not buried in terms of service. A small label like "Reviewer is an employee of the company" next to the review name is the standard approach. Affiliates who promote the product for commission also need disclosure.
Does the FTC rule apply if my store is outside the US?
Yes, if you sell to US consumers. The FTC has jurisdiction over any business whose conduct affects US commerce, regardless of where the business is located. A UK Shopify merchant selling to US customers is subject to the rule. Practically, enforcement against foreign stores is harder, but US payment processors and ad platforms can be compelled to cut off non-compliant merchants. The safer assumption: if any of your customers are American, comply. The EU Omnibus Directive separately applies to anyone selling to EU consumers.
Are AI-generated review responses (replies to customer reviews) covered by the FTC rule?
Review responses (merchant replies) are not the same as reviews and are not directly covered, but if the response misrepresents facts about the product or the customer's experience, that triggers separate FTC truth-in-advertising rules. AI-generated reviews (presented as customer reviews) absolutely are covered, and the FTC has been explicit that AI-written fake reviews are illegal. The safe pattern is: AI can help draft responses to real reviews, but the published reply should be reviewed by a human and represent the merchant's actual position. Our AI review response generator is built around this model.
How likely is the FTC to actually fine my small Shopify store?
Low for sub-$1M ARR stores in non-regulated categories, but not zero. The FTC prioritizes high-impact and regulated cases. State AGs and private class actions are more realistic risks for small stores. The other risk is reputational: a viral Twitter thread or a competitor's complaint to the FTC creates downstream consequences (Shopify TOS issues, payment processor reviews) even when the FTC does not act directly. Compliance costs an hour to set up and saves an unknown amount of pain.
Route happy customers to Trustpilot & Google, capture negatives privately.
Install Reviewz on Shopify
About the author
Nicolas Provost · Founder of Reviewz.ai
Nicolas built Reviewz.ai after auditing 500+ Shopify review setups while running Kanal (WhatsApp marketing for Shopify). He has spent four years inside the Shopify ecosystem and writes about review collection, brand trust SEO, and the actual economics of running customer-feedback flows on ecommerce sites.
