This section lets you redirect customers to any page in your store if no payment method is available.
The Fraud section has several features that protect your store from fraudulent credit card use
|Failed Authorization Delay:||
During checkout, the customer submits their credit card information at the Payment Information screen (OPAY). If a credit card authorization fails, you can make the customer wait a certain amount of time before they are allowed to try again. Enter the wait time in milliseconds.
During the delay, the customer will usually see a browser message that says: "Trying to connect." When the wait time is over, Miva Merchant shows the customer an authorization failure message. At that point, the customer can submit their credit card information again.
|Invalidate Checkout Session After:||
The Invalidate Checkout Session field is another way you can make it more difficult for criminals to launch scripted attacks against your store.
When a customer visits your store, Miva Merchant creates several session cookies. For example, there is a cookie that keeps track of the customer's basket (see Basket Timeout).
Another cookie, the checkout session cookie, is created when the customer clicks past the Order Details page (OCST). If you check this box, and the customer's credit card fails authorization a certain number of times, Miva Merchant automatically expires the checkout session cookie. The customer is taken to the Basket page and has to start the checkout process again.
|Use Authorization Token:||
The Authorization Token helps insure that a credit card authorization request is coming from a human being, and not an automated attack on your store.
If you enable this option, Miva Merchant adds a random, 32 character alphanumeric string to your Payment Information page (OPAY). The customer cannot see this string, but when Miva Merchant is authorizing a credit card, it checks to see if the credit card data is accompanied by the token. If the token is missing or incorrect, the credit card authorization request is ignored.
When a customer visits your on-line store, Miva Merchant can see their IP address. The Authorization Blacklist is a list of IP addresses that you aren't going to accept credit cards from.
To manually add IP addresses to your blacklist:
To automatically add IP addresses to your blacklist:
If you set the Authorization Blacklist field to Automatic, use the Threshold field to decide how many credit card authentication failures you'll allow before an IP address is added to your blacklist.
In this example, if there are 10 credit card authorization failures from the same IP address within a 30 minute period, that IP address is automatically added to the blacklist.
If you set the Authorization Blacklist field to Automatic, use the Duration field to decide how long an IP address stays on your blacklist.
In this example, if an IP address is automatically added to the blacklist, the IP will stay on the blacklist for 1 hour.
reCAPTCHA helps you make sure that your store is being used by human beings and not a scripted attack. There are many types of reCAPTCHA, but they all ask the user to take some action.
Different styles of reCAPTCHA
Miva Merchant uses Google reCAPTCHA. It's easy to add to your store, but the reCAPTCHA boxes are (almost) completely controlled by Google. In the simplest case, Google reCAPTCHA asks you to click a checkbox to prove that you are a human being. However, Google reCAPTCHA has code running in the background. If their code suspects the page is being accessed by a script, it will ask for a more complicated proof that you are human.
After you install Google reCAPTCHA in your store, customers will see the reCAPTCHA challenge on your Payment Information page (OPAY).
3.1. Click the Get reCAPTCHA button.
3.2. Register your store with Google reCAPTCHA.
4.1. The Site Key.
4.2. The Secret Key
If any customer has a certain number of credit card authorization failures in a certain amount of time, all customers will see the reCAPTCHA prompt.
In this case, if any customer has 5 authorization failures within 1 hour, all customers will see the reCAPTCHA prompt. The reCAPTCHA prompt will disappear when the number of failures drops below 5 in one hour.
|Theme:||Sets the background color of the reCAPTCHA box to either Light or
Dark, to show better contrast with your store pages.
|Type:||Set the reCAPTCHA box to either Audio or Image.
|Size:||Set the reCAPTCHA box to either Normal or Compact.
Sets the language of the reCAPTCHA box.
|Public Key:||Enter the site key that you got when you added your Miva Merchant store domain to the Google reCAPTCHA page.|
|Private Key: Confirm Private Key:||Enter the secret key that you got when you added your Miva Merchant store domain to the Google reCAPTCHA page.|
|Disable reCAPTCHA for Free Orders||If you enable this option, and the customer's entire order is free, the customer will not be shown a reCAPTCHA prompt.|
This is a read only field that shows the Mode you selected. If you set the Mode to Velocity, you'll see that the Velocity mode is either active or inactive.