Reference Guide

Payment

Settings

Payment Rules

This section lets you redirect customers to any page in your store if no payment method is available.

Fraud

The Fraud section has several features that protect your store from fraudulent credit card use

Failed Authorization Delay:	During checkout, the customer submits their credit card information at the Payment Information screen (OPAY). If a credit card authorization fails, you can make the customer wait a certain amount of time before they are allowed to try again. Enter the wait time in milliseconds. During the delay, the customer will usually see a browser message that says: "Trying to connect." When the wait time is over, Miva Merchant shows the customer an authorization failure message. At that point, the customer can submit their credit card information again.
Invalidate Checkout Session After:	The Invalidate Checkout Session field is another way you can make it more difficult for criminals to launch scripted attacks against your store. When a customer visits your store, Miva Merchant creates several session cookies. For example, there is a cookie that keeps track of the customer's basket (see Basket Timeout). Another cookie, the checkout session cookie, is created when the customer clicks past the Order Details page (OCST). If you check this box, and the customer's credit card fails authorization a certain number of times, Miva Merchant automatically expires the checkout session cookie. The customer is taken to the Basket page and has to start the checkout process again.
Use Authorization Token:	The Authorization Token helps insure that a credit card authorization request is coming from a human being, and not an automated attack on your store. If you enable this option, Miva Merchant adds a random, 32 character alphanumeric string to your Payment Information page (OPAY). The customer cannot see this string, but when Miva Merchant is authorizing a credit card, it checks to see if the credit card data is accompanied by the token. If the token is missing or incorrect, the credit card authorization request is ignored.
Authorization Blacklist:	When a customer visits your on-line store, Miva Merchant can see their IP address. The Authorization Blacklist is a list of IP addresses that you aren't going to accept credit cards from. To manually add IP addresses to your blacklist: Set Authorization Blacklist to Manual. Go to > Payment > Authorization Blacklist tab, and click Add Blacklisted IP . You can also manually add IP addresses to the blacklist by going to: > Order Processing > Authorization Failures tab. Select a failed authorization and click the Blacklist button. To automatically add IP addresses to your blacklist: Set Authorization Blacklist to Automatic. Set the Threshold and Duration fields (below).
Threshold:	If you set the Authorization Blacklist field to Automatic, use the Threshold field to decide how many credit card authentication failures you'll allow before an IP address is added to your blacklist. In this example, if there are 10 credit card authorization failures from the same IP address within a 30 minute period, that IP address is automatically added to the blacklist.
Duration:	If you set the Authorization Blacklist field to Automatic, use the Duration field to decide how long an IP address stays on your blacklist. In this example, if an IP address is automatically added to the blacklist, the IP will stay on the blacklist for 1 hour.

reCAPTCHA

reCAPTCHA helps you make sure that your store is being used by human beings and not a scripted attack. There are many types of reCAPTCHA, but they all ask the user to take some action.

Check a Box

Captcha - Add Text

Captcha - Select Image

Different styles of reCAPTCHA

Miva Merchant uses Google reCAPTCHA. It's easy to add to your store, but the reCAPTCHA boxes are (almost) completely controlled by Google. In the simplest case, Google reCAPTCHA asks you to click a checkbox to prove that you are a human being. However, Google reCAPTCHA has code running in the background. If their code suspects the page is being accessed by a script, it will ask for a more complicated proof that you are human.

After you install Google reCAPTCHA in your store, customers will see the reCAPTCHA challenge on your Payment Information page (OPAY).

Payment Info

To Install Google reCAPTCHA in Your Store

Sign up for a Google account if you don't already have one.
Login to your Google account.
Go to: https://www.google.com/recaptcha/intro/index.html

3.1. Click the Get reCAPTCHA button.

3.2. Register your store with Google reCAPTCHA.

Google Recaptcha

When you register your domain at the Google reCAPTCHA page, make a note of the following:

4.1. The Site Key.

4.2. The Secret Key

Note that, when you register your Miva Merchant store with Google reCAPTCHA, their registration page will show you some fairly complicated instructions for adding Google JavaScript to your store pages. You can ignore all of those instructions. Miva Merchant will do that for you automatically.

Login to the admin interface.
Go to > Payment > Settings tab > reCAPTCHA section.
Set the options in the reCAPTCHA section.

Mode:	Off: Never use reCAPTCHA. On: Always use reCAPTCHA. Velocity - Activate After [ ] failed attempts within [ ] hours: If any customer has a certain number of credit card authorization failures in a certain amount of time, all customers will see the reCAPTCHA prompt. For example: In this case, if any customer has 5 authorization failures within 1 hour, all customers will see the reCAPTCHA prompt. The reCAPTCHA prompt will disappear when the number of failures drops below 5 in one hour.
Theme:	Sets the background color of the reCAPTCHA box to either Light or Dark, to show better contrast with your store pages.
Type:	Set the reCAPTCHA box to either Audio or Image.
Size:	Set the reCAPTCHA box to either Normal or Compact.
Language:	Sets the language of the reCAPTCHA box.
Public Key:	Enter the site key that you got when you added your Miva Merchant store domain to the Google reCAPTCHA page.
Private Key: Confirm Private Key:	Enter the secret key that you got when you added your Miva Merchant store domain to the Google reCAPTCHA page.
Disable reCAPTCHA for Free Orders	If you enable this option, and the customer's entire order is free, the customer will not be shown a reCAPTCHA prompt.
Current Status	This is a read only field that shows the Mode you selected. If you set the Mode to Velocity, you'll see that the Velocity mode is either active or inactive.

When you have finished setting the options in the reCAPTCHA section, click Update.

Apple Pay Payment Networks

Apple Pay allows customers to make purchases from an Apple device without using a physical credit card and without storing credit card data on that device.

Apple Pay uses "tokenization". The customer's credit card data is kept on a secure Apple server. A token, an alphanumeric string that represents the credit card data, is kept on the Apple device. Once the customer's Apple device is set up with Apple Pay, they can make a purchase without reentering their credit card information.

Requirements for Using Apple Pay

As of 03/01/2017, you must be using either Authorize.net or Braintree as a payment gateway.
Apple Pay only works on secure (HTTPS) pages.
Apple Pay requires MacOS Sierra and Safari browser version 10.0 or later.
Apple Pay requires Bluetooth 4.0.
You must be using Miva Merchant 9.0065 or later to use Apple Pay

Apple Pay Supported Devices

Please see: https://support.apple.com/en-us/KM207105

To Install and Enable Apple Pay in Your Store

Go to the > Payment > Add/Remove Modules tab.
Select Apple Pay from the Available Modules section and click the Install button. Once you have installed the Apple Pay Module, you can map the Apple Pay payment methods to one of the supported payment gateways in Miva.
Under the Payment > Settings tab, scroll down to the Apple Payment Networks section.

The default setting is . This setting automatically chooses the first gateway you have installed that supports Apple Pay (currently, Authorize.Net or Braintree). You can override the Automatic setting if you want to choose a specific gateway.
Select the desired payment gateway from the drop-down list for each payment method, or if the given payment method is not accepted in your store.

Adding Apple Pay to Page Templates

For the best conversion results using Apple Pay, Miva recommends placing the Apple Pay button in the following locations:

Product Page
Basket Page
Bill To/Ship To (OCST)
Global Mini-Basket

Note: The Apple Pay button can only be implemented on secure (HTTPS) pages.

To add an Apple Pay button to a page, you must edit the page template.

Go to > User Interface > Pages.
Select the page you want to edit and click the Open Page icon.

The page opens in edit mode and the Page tab is selected by default.
In the header section of the template, add the following tag:
<mvt:item name="applepay" param="head" />
In the body section of the template, add the following tag:
<mvt:item name="applepay" />
Check the “Link to This Page Using HTTPS” box, if it is not already checked.

Note: Adding the Apple Pay button to the Product page allows the customer to quickly purchase just the item they are viewing. Any additional items in their cart are ignored. All other Apple Pay buttons will purchase the entire cart.

To add the Apple Pay button to the Product page, insert the following tag to the body section of the Product Page template:
<mvt:item name="applepay" param="product" />

For each page on which you want the Apple Pay button to appear, you must assign the item
Go to > User Interface > Pages.
Edit a Page and select the Items tab.
In the Items tab, click the slider icon next to the “applepay” code until it turns blue.
You can customize the way the Apple Pay button looks from the Edit Page screen.
Go to > User Interface > Pages > Edit Page: Basket Contents > Page
Scroll down to the Apple Pay Button section.