Fraud Prevention by NoFraud for WooCommerce

Description

OVERVIEW

Online fraud is a major concern for every eCommerce merchant. With NoFraud, you can rest easy that your business is safe from fraud & you can wash your hands of all fraud prevention tasks that occupy hours of your staff’s time including fraud score analyzing, fraud rule building and manual review.NoFraud offers eCommerce fraud prevention through real-time virtual identity verification. We deliver individual, real-time decisions for each transaction using thousands of data points and virtually every fraud detection technology available. The solution is fully automated and managed by in-house experts, requiring no input from the merchants, not even manual review – cardholder verification is done internally by NoFraud.

When the NoFraud extension is enabled, transactions are sent to the NoFraud application for validation after the customer’s transaction has been placed.NoFraud gives you actionable responses you can rely on: Pass or Fail. There are no scores to analyze or rules to configure. For transactions where a high risk transaction has validation potential, NoFraud contacts the cardholder for verification (<0.5% of transactions). This allows NoFraud to approve high risk transactions that other solutions would decline.Unlike other solutions, there is no need to gather evidence on why you believe a high risk transaction is valid – a review is triggered automatically as soon as that order is received by NoFraud.

ACCOUNT AND PRICING

  • NoFraud account required before installation.
  • Click here to create a NoFraud account.
  • Additional Fees apply for the NoFraud service.
  • Please go to www.nofraud.com/pricing for an instant price quote.

BENEFITS

Reduce Or Eliminate Chargeback Cost

  • Stop paying for fraud chargebacks with NoFraud’s Chargeback Protection Guarantee.
  • Save time on chargeback disputes.
  • Save on gateway fees when integrating pre-gateway.

Increase Order Acceptance Rate

  • Get rid of your gateway filters that block good orders.
  • Our review process approves high-risk orders other solutions would decline.
  • Ship high-risk orders with peace of mind.

Increase Efficiency

  • Streamline your order processing with instant decisions.
  • Stop manually reviewing transactions for fraud.
  • Eliminate review queue bottlenecks during busy season.

FEATURES

  • PHONE ORDER SCREENING FUNCTION – All orders are safe from fraud.
  • CUSTOMIZED REVIEW PROCESS – Adjust our review settings to suit your company’s preferences.
  • BLACKLIST – Automatically block any customer you don’t want to do business with, for any reason.
  • WHITELIST – Manage a whitelist of safe customers – save on fees.
  • PRE-GATEWAY INTEGRATION OPTION- Unique to NoFraud, this integration method increases order acceptance rate and simplifies integration
  • CANCEL CHARGEBACK PROTECTION ON SELECT ORDERS – Save on fees.
  • REPORTING – Detailed reporting on order statuses, review results, fraud attempts and more.
  • PHONE & EMAIL SUPPORT – Speak to a live analyst.
  • CREATE MULTIPLE USER ACCOUNTS – Flexible options for different users.
  • TRANSACTION INSIGHT – View the risk factors on every order.

PACKED WITH TONS OF TECHNOLOGY

NoFraud uses a blend of intelligent technology, machine learning and human intelligence to keep up to date with the complex, ever-evolving face of fraud. Below is a sample of the technology utilized:

  • IP Geolocation: IP Geolocation allows NoFraud to compare the device location to the billing or shipping address.
  • Proxy Piercing: Proxy piercing detects if the customer is actually where he or she claims to be.
  • Device Fingerprinting: NoFraud tracks if the device used in the transaction has been linked to fraud in the past.
  • Global Blacklists: Monitors global customer blacklists.
  • Velocity Detection: Monitors transaction velocity to identify risk through related transactions in close succession.
  • Persona Tracking: Persona tracking identifies order characteristics and customer behavior to establish risk.
  • Social Media Validation: Pulls data from social media databases to verify identity
  • Black Lists: Utilizes global and merchant-specific blacklists to cross-reference transactions
  • Email History & Verification: Analyzes email address for history and authentication
  • User Behavior: Monitors the way the shopper interacts with the website
  • Intelligent Monitoring: Monitors future transactions to retroactively flag past transactions as fraudulent when new data becomes available

GATEWAY COMPATIBILITY

The current version of this plugin is compatible with Stripe, PayPal Standard & PayPal Payments Pro only. More gateway integrations are coming shortly. If you are using Auth.net, Braintree, USA ePay, Chase Paymentec, Cardknox, Paypal Payflow or Payflow Pro please contact NoFraud for integration instructions via the gateway emulator integration route.

Screenshots

  • Easy setup & management of the plugin.
  • Simply see the Pass/Fail grade right on the order page in admin.

Installation

  1. Upload the entire fraud-prevention-by-nofraud-for-woocommerce folder to the /wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress.

This integration guide is for installing and configuring the Fraud Prevention by NoFraud for WooCommerce WordPress plug-in if:

  1. Your WordPress store is powered by WooCommerce, and
  2. You use PayPal or Stripe as your merchant gateway.

If you use Authorize.net, Square, BrainTree, Amazon Pay, FirstData, Sage, WorldPay, or some other payment gateway as your payment processor, please contact us at support@nfapps.com to request the plugin and integration guide for your payment gateway.

Follow the steps below to integrate with your WooCommerce-powered WordPress site. It should take you no longer than 15-20 minutes to install and configure the plug-in. If you have any questions, please feel free to contact us at support@nfapps.com.

STEP 1. SIGN UP FOR NOFRAUD

If you don’t already have a NoFraud account, sign up at https://nofraud.com.

STEP 2. OBTAIN YOUR NOFRAUD API KEY

Once you’ve created a NoFraud account, log in to your NoFraud Account Manager. After logging in, click on the ‘Integration’ tab in the left sidebar menu (in the bottom-left corner
of the page). On the ‘Integration’ page, you will see a drop-down menu that says ‘Add new integration’. Click on it and select the ‘Direct API’ option. Then click the ‘Generate API Key’ button that appears just below the drop-down menu. When the page refreshes, you will see an ‘API Key (Direct API)’ appear on the page (as shown below).

Use your mouse to select the entire API Key, and then press ‘Ctrl+C’ (or ‘Cmd+C’ on a Mac) to copy the API Key text to your clipboard. Then paste it (by pressing ‘Ctrl+V’ or ‘Cmd+V’) into a Word file, email draft, or somewhere else you can easily access it later. In Step 3 below, you will need to input this NoFraud API Key into the appropriate field within your WordPress admin panel. Note: Keep your NoFraud Account Manager open, as you will need to come back to it in a later step.

STEP 3. INSTALL THE NOFRAUD PLUG-IN ON YOUR WORDPRESS SITE

Part A.

In a new tab, log in to your WordPress admin panel and navigate to the ‘Plugins > Add New’ page. Click on the ‘Upload Plugin’ button towards the top of the page. After you click the ‘Upload Plugin’ button, a ‘Browse…’ button will appear on the page. Click it. Then browse for and select the ‘nofraudwp.zip’ file. Then click the ‘Install Now’ button, as shown below. The plugin will be uploaded to your WordPress site automatically. On the next page, simply click the ‘Activate Plugin’ button, as shown below. You should see a ‘Plugin activated’ confirmation message at the top of the page. Also note that your WordPress admin panel will now show a new menu item entitled
‘NoFraudWP’ in the left sidebar menu.

Part B.

Click the ‘NoFraudWP’ menu item in the left sidebar of the WordPress admin panel. This will navigate you to the NoFraudWP settings page.

You’ll see that there are 4 expandable sections on the NoFraudWP settings page:

1) NoFraud API – The ‘Key’ field in this section is required, regardless of which payment processor(s) you are using. Simply enter the NoFraud API key (which you obtained from the NoFraud portal in Step 2 above) into the ‘Key’ field. (It should begin with the text ‘NF_prod_’ and then have a long series of letters and numbers at the end.)

2) WooCommerce Stripe Payment Gateway – Expand and complete this section only if your WooCommerce store uses Stripe – Credit Card (Stripe) for payment processing. You need to do two things… First, tick the ‘Activate NoFraud Monitoring For This Payment Gateway’ checkbox to tell the plugin to screen orders/transactions paid for via Stripe. Second, enter your Stripe “secret key” (which you will obtain from your Stripe.com account) into the ‘Secret Key’ field.

Following are instructions for obtaining your Stripe “secret key”…
In a new browser tab, log in to your Stripe account and navigate to the ‘Developers > API keys’ page. On that page, click on the ‘Reveal live key token’ button to the right of the ‘Secret key’ label, as shown in the screenshot below (on the next page). Once you click that button, the secret key will appear. (Note: The Stripe secret key should begin with the text ‘sk_live_’ and then have a long series of letters and numbers.) Copy it and paste it into the ‘Secret Key’ field on the NoFraudWP settings page.

3) Please note that it is possible to “test drive” this plugin by using the Stripe “test key token” rather than the “live key token”. Just make absolutely sure that you switch back to the “live key token” when you’ve completed your testing. The “test key token” is obtained from the same ‘Developers > API keys’ page in your Stripe account. But when you get to that page, you’ll need to click the ‘View test data’ toggle button in the top-right corner. The page will refresh, and you’ll now see a ‘Reveal test key token’ button to the right of the ‘Secret key’ label. (The test secret key will begin with the text ‘sk_test_’ rather than ‘sk_live_’.) To run a couple/few test transactions, you will also need to switch your Stripe payment settings to test mode and enter your test environment credentials (within the appropriate WordPress/WooCommerce admin settings). Again, as soon as you’ve completed your testing and are ready to take real orders again, make sure to switch back to the “live key token” by entering the Stripe secret key beginning with ‘sk_live_’.

4) WooCommerce PayPal Pro – Expand and complete this section only if your WooCommerce store uses PayPal-Pro – Credit Card PP for on-site credit card processing. (Please note: PayPal Payments Pro is not the same as PayPal Standard, or PayPal Express, which is configured in the 5th section below. PayPal Payments Pro is a $30/month full-blown merchant account (much like Stripe or Authorize.net) that allows customers to check out with a credit card right on your website, without being sent to PayPal.com.) To tell the plugin to screen orders/transactions paid for via PayPal Payments Pro, simply tick the ‘Activate NoFraud Monitoring For This Payment Gateway’ checkbox.

5) PayPal for WooCommerce – Expand and complete this section only if your WooCommerce store accepts payments via PayPal Express Checkout – PayPal Express, and you’d like NoFraud to screen PayPal payments. (Please note: PayPal Standard, aka PayPal Express, is the payment option where customers actually leave your site and complete their transaction at PayPal.com, before being re-directed back to your site after completing payment.) If you accept PayPal payments and would like NoFraud to screen such payments, simply tick the ‘Activate NoFraud Monitoring For This Payment Gateway’ checkbox.

6) WooCommerce PayPal Standard – Expand and complete this section only if your WooCommerce store accepts payments via PayPal Standard. (Please note: PayPal Standard, is the default payment method comes with WooCommerce plugin, you don’t have to install any additional plugin for this payment method.) If you accept PayPal Standard and would like NoFraud to screen such payments, simply tick the ‘Activate NoFraud Monitoring For This Payment Gateway’ checkbox.

Make sure to click the blue ‘Save All Changes’ button at the bottom of the page to save your inputs and selections. Please note that if something goes wrong during this plugin installation/setup process, you can simply navigate to the ‘Plugins > Installed Plugins’ page (within your WordPress admin panel) and deactivate and then delete the NoFraudWP plugin, and then begin Step 3 again.

STEP 4. INSERT THE NOFRAUD “DEVICE” JAVASCRIPT CODE INTO HTML

Open the tab in your web browser that still has the NoFraud Account Manager page open (which you had open in Step 2 above). On the ‘Integration’ page, you’ll see a heading called ‘Device JavaScript’ with a snippet of code below it. Select the entire snippet of code, and then press ‘Ctrl+C’ (or ‘Cmd+C’ for Mac users) to copy the text to your clipboard. You need to insert this snippet of code into the content of 2 pages on your site: 1) the ‘Cart’ page, and 2) the ‘Checkout’ page.

Navigate to the ‘Page > All Pages’ page in the left sidebar menu of your WordPress admin panel, which should still be open in one of your web browser tabs. Then click on the ‘Cart’ page (link). This will bring up the ‘Edit Page’ interface for your cart page, which allows you to edit the content of the page.

Since the snippet of code you need to insert into the page is JavaScript, you must be in HTML mode (which WordPress calls ‘Text’ mode) before you paste the code into the content of the page. Paste (by pressing ‘Ctrl+V’ or
‘Cmd+V’) the ‘Device JavaScript’ code that you copied from your NoFraud Account Manager into the content field. (You can place this code anywhere in the field, but we’d recommending placing it at the very end of the content.) Make sure to click the ‘Update’ button to save your changes.

You have now inserted the Device JavaScript code into your ‘Cart’ page. But remember, the code also needs to be inserted into the ‘Checkout’ page. So navigate back to the ‘Pages > All Pages’ page in your WordPress admin panel, click on the ‘Checkout’ page, and insert the code into that page as well (exactly the same way).

One final thing here in Step 4… Please go to your live store in a new browser window, add something to your cart, and take a look at the cart page. Make sure that the page looks the same as it did before. (You shouldn’t be able to see any new content on the page, as the code is “invisible”.) Now right-click anywhere on the page and select the ‘View source’ (or ‘View page source’) option. This allows you to view the HTML source code for the page. Use the ‘Ctrl+F’ (or ‘Cmd+F’ for Mac users) search function to search the content for the text “nofraud”. If the code was inserted correctly, you will be able to find it in the source code for the page. Close that source code tab and go back to the store’s ‘Cart’ page. Go ahead and click the appropriate button to begin the checkout process. Once you’re on the checkout page, do the same 2 things you just did on the cart page: 1) make sure the checkout page looks and functions properly, and 2) view the page’s source code and search for the code you just inserted to ensure it’s there.

How & When This Plug-In Works

It’s important that you understand that the NoFraud screening/fraud check runs 100% independently from your payment processing. The NoFraud screening isn’t run until AFTER the customer’s payment has already been processed. (We wish it was possible for the NoFraud screening to happen before the payment is processed, but unfortunately WooCommerce doesn’t allow that.) Because of this, NoFraud’s decision (PASS, FAIL or UNDER REVIEW) does NOT impact whether the transaction is processed or not. The transaction is completely processed BEFORE the fraud check is performed. Because the payment processing has already occurred before the NoFraud screening is performed, here’s what you need to do in each instance…

a) If NoFraud returns a “PASS” response… Proceed with processing the order (payment has already been processed).
b) If NoFraud returns a “FAIL” response… You need to REFUND the order (since the payment has already been processed).
c) If NoFraud returns a “REVIEW” response… Don’t process the order until you receive an email notification from NoFraud indicating that they’ve completed their manual review.

If NoFraud’s decision after their manual review is “PASS” (which will be specified in the email you receive from NoFraud), proceed with processing the order (just like in (a) above). If NoFraud’s decision after their manual review is “FAIL”, you will need to manually refund the order (since the payment has already been processed, just like in (b) above).

If you never take orders over the phone, you have now completed all of the integration steps to make NoFraud live and functional on your WooCommerce-powered WordPress store. You do not need to complete Step 5 below. However, if you (or your staff) do occasionally place orders on behalf of customers who call in, you must complete Step 5 below in order for NoFraud’s fraud detection system to work for those phone orders.

STEP 5. ADDITIONAL SET-UP TASKS IF YOU EVER TAKE PHONE ORDERS

Many fraudsters call in to place fraudulent orders because having you place the order for them prevents your store’s checkout system from detecting their device ID and IP address (both of which are very important data points for detecting fraud), since you place the order from your computer rather than them placing it from theirs. By completing this last set of steps, it will be possible for NoFraud to detect the fraudster’s device ID and IP address. Here are the 3 set-up tasks to enable NoFraud to screen phone orders placed by you and/or your staff…

Part A.

Within your NoFraud Account Manager, click the ‘Settings’ tab in the left sidebar menu. Along with several other settings (which you should take a couple minutes to review and configure), there is a ‘Merchant (store) IP address’ field. Within this field, you’ll need to enter ALL of the IP addresses (separate each IP address with a comma) that you and/or your staff members may be placing orders from. (Note: To look up your IP address at any location, simply navigate to WhatIsMyIPAdress.com and copy the IP address that appears on the screen.) Make sure to click the green ‘Save’ button to save your changes. When NoFraud sees that an order is placed from one of the IP addresses you enter in this field, it will know that it is a phone order that you (or one of your staff members) placed on behalf of a call-in customers.

Part B.

Decide which page of your website you want a dynamically-generated ‘Customer ID’ number to appear on. Unlike the code we inserted into the ‘Cart’ and ‘Checkout’ pages in Step 4, this ‘Customer ID’ content will actually be visible on the page. Many store owners choose to place it on a page which is seldom visited but which is also easy to navigate to (i.e. because it is linked to in the footer of the site). One of your “store policy” pages may be a good choice. Within your WordPress admin panel, navigate to the page that allows you to edit the textual content of the page you’ve selected. (Most pages will be listed on the ‘Pages > All Pages’ page.) Click on the name of the page you want to insert the ‘Customer ID’ code into. Just like you did in Step 4, you’re going to be inserting some code into the main content field of the page. And once again, make sure you’re in ‘Text’ mode (HTML mode). If the ‘Text’ tab isn’t already selected, make sure to click it to go into HTML mode. You can choose to have the Customer ID number appear anywhere on the page, but most store owners prefer to have it appear at the very bottom of the page. To insert it at the bottom, simply scroll down to the very end of the content in the main content field, press the ‘Enter’ key a time or two, then paste (by pressing ‘Ctrl+V’ or ‘Cmd+V’) the following snippet of code…

Customer ID:

Make sure to replace the #### text in the above script with the correct digits (as shown on the ‘Integration’ page in your NoFraud account). Once you’ve inserted the above code (making sure to replace the #### text with the correct digits from your NoFraud Account Manager), make sure to click the ‘Update’ button to save the changes to the page.

Part C.

Open a new tab and navigate to the page that you just inserted the ‘Customer ID’ code into (i.e. your “store policies” page or whatever page you chose). Scroll to the bottom of the page (if that’s where you placed it) and make sure that you can see the “Customer ID:” text followed by a system-generated set of numbers. You may need to reload or even “hard refresh” the page (by pressing ‘Ctrl+Shift+R’, or ‘Cmd+Shift+R’ on a Mac) in order to see a “fresh” version of the page.

You have now completed all of the set-up tasks necessary to enable NoFraud’s analysis to work for orders placed over the phone. However, please be aware that it will only work if you follow these steps when an order is placed by you or your staff over the phone…

1) Before placing the order for the customer, direct the customer to the page that displays the Customer ID on it and ask them to read the number to you.
2) Within your NoFraud Account Manager, go to the ‘Phone Order’ page (located at https://portal.nofraud.com/customer_id) and enter a) the Customer ID number the customer gives you, and b) the customer’s email address (which must be the same email address you will enter during the checkout process in a few moments). Then click the green ‘Save’ button.
3) After you have completed #1 and 2, place the order using your website’s front-end checkout system. (Do NOT enter the order manually inside the WordPress/WooCommerce admin panel.) NoFraud now has all the information it needs to “match up” the phone order with the customer’s device and IP location, both of which are critical for detecting and preventing fraud.

If you have any questions, please feel free to contact us at support@nfapps.com. Thanks for installing the Fraud Prevention by NoFraud for WooCommerce plugin, and enjoy!

Contributors & Developers

“Fraud Prevention by NoFraud for WooCommerce” is open source software. The following people have contributed to this plugin.

Contributors

Changelog

1.1.3

Added plugin