Miva Merchant 9.53 introduces a collection of tools for defending against credit card fraud attacks targeting your online store. In this video will have a look at the authorization failure log and the authorization blacklist which are two areas in your Miva Merchant Admin that can help you assess and take action in the event your store is being targeted by a bot attempting to verify a batch of stolen credit card numbers. To view the authorization failure log, log into your Miva Merchant Store Admin and go into the Order Processing area. Look for the tab called “Authorization Failures” and click into it. Anytime a credit card authorization attempt results in a failure, the store takes note of the details of the failed attempt. Here we can see that there have been six failed credit card authorization attempts. We can see when they happened, what number they were associated with, what IP address the requests were coming from, we can see what payment module was being targeted, the card type, the amount of money it was attempting to process, as well as the reason the authorization failed. If you click on one or more of the failure records, you get a few options. You can click on this button here to export the selected records to a flat file, or you can delete the selected records from the log by clicking on this trash button. Lastly you can choose to manually add the selected IP addresses to the Black List by clicking on this button. Any credit card processing requests placed by an IP address on the Blacklist will be automatically ignored by your store.
When manually adding an IP address to your Blacklist you can control how long the IP address should remain on the Blacklist using the “Expires” field. Leaving this set to “Never” results in a permanent ban of the IP address in question. You can also configure the Blacklist entry to expire after a set duration of time. For instance, after 15 minutes have passed, or after a certain date and time have come to pass. Note, that IP addresses can automatically be added to this Black List as well if your store’s configured accordingly. This was covered in part one of the Fraud Protection Settings videos. Please review that video for more information on Blacklist Automation.
To view your Blacklist, go to Payment Settings and click on the Authorization Blacklist tab. You'll see a list of IP addresses that have been manually or automatically added to the Blacklist, as well as how long they are configured to remain on the Blacklist. You can modify a Blacklist entry by selecting it and clicking on the edit button on top. You can delete the entry with this delete button or this trash button here and finally you can manually add more IP addresses to the Blacklist by clicking on this “Add” button here.