The Settings tab allows you to configure several different options for Payment Settings.
This section sets where shoppers are redirected, to a page in your store, if no payment method is available.
For information on configuring the MivaPay settings in this section, visit the MivaPay page.
The Fraud section is where you set various features to protect your store from fraudulent credit card use.
Failed Authorization Delay: During checkout, a shopper submits their credit card information on the Payment Information (OPAY) screen. If the authorization fails, you can make a customer wait a certain amount of time before they can try it again. The wait time is entered here in milliseconds.
Invalidate Checkout Session After: This is another place where you can make it more difficult for people to commit fraud through scripted attacks on your site. When a shopper clicks past the Order Details (OCST) page, a checkout session cookie is created. If the Invalidate Checkout Session After box is checked, when a shopper’s credit card fails authorization the number of times you choose, the Miva admin will expire the checkout session cookie, and make them start the checkout process again from the basket page.
Use Authorization Token: The Authorization Token helps insure that a credit card authorization request is coming from a human and not an automated attack on your store. When you enable this option, the Miva admin adds a random, 32-character, alphanumeric string to your Payment Information (OPAY) page. The shopper cannot see the string, but when the admin authorizes a credit card, it checks to see if the credit card data is accompanied by the token. If the token is missing or incorrect, the authorization request is ignored.
Authorization Blacklist: When a shopper visits your store, the Miva admin can see their IP address. The Authorization Blacklist is a list of IP addresses that you will not accept credit cards from.
Threshold: If you set the Authorization Blacklist field to Automatic, use the Threshold field to decide how many credit card authorization failures you will allow before an IP address is added to your blacklist. It is set in the number of authorization failures within a certain number of minutes.
Duration: If you set the Authorization Blacklist field to Automatic, use the Duration field to set how long an IP address will stay on your blacklist.
reCAPTCHA is another tool to make sure that your store is being used by human shoppers and not a scripted attach. There are many types of reCAPTCHA you can configure here.
While these methods can be used in your store, there is a new, reCAPTCHA v3 available that Miva recommends using. For more information on it, view the reCAPTCHA v3 doc.