Functional Overview

The following functionality is supported by the extension:

  • Monitor behavioral signals and browsing habits with our JavaScript snippet
  • Track account logins via the $login event
  • Automatically synchronize account details during registration and update with the $create_account and $update_account events
  • Instantly accept or deny orders with our powerful Workflows engine by sending new orders through the $create_order event
  • Record all payments and refunds through the $transaction event
  • Process review queue decisions through the built-in webhook endpoint
  • Retry order decision processing automatically when an error occurs through a custom Cron job

The following payment service providers are supported by the extension:

  • Built-in payment methods
    • Braintree Payments
    • Braintree Vault
    • Braintree Paypal
    • Paypal Express
    • Paypal Payflow
    • Amazon Payments
    • Klarna
    • Authorize.net Directpost (deprecated)
    • Authorize.net Accept.js (deprecated)
    • Bank Transfer
    • Cash on Delivery
    • Check/Money Order
    • Purchase Order
  • Third-party payment methods:
    • Stripe Payments
    • Stripe ApplePay
    • Stripe Bancontact
    • Stripe Giropay
    • Stripe iDEAL
    • Stripe Multibanco
    • Stripe EPS
    • Stripe Przelewy24
    • Stripe SEPA
    • Stripe Sofort
    • Stripe FPX
    • Stripe Klarna
    • Stripe ACH

If you wish to use a payment service provider that is not listed, please see the section below called “Adding Support for Third-Party Payment Providers.”

Pre-requisites

The following software programs are required for proper operation of the Sift Payment Protection extension:

  • PHP version 7.1.3 or greater, 7.2.* or 7.3.* with the JSON and Hash extensions (version 7.3.20 or higher recommended)
  • Magento Open Source 2.3.*, Magento Commerce 2.3.* or Magento Commerce Cloud 2.3.*
  • The Sift PHP SDK

Installing the Extension

Sift Payment Protection can be downloaded for free from the Magento Marketplace. Once downloaded, you will need to install it with Composer (recommended), or download the Zip archive and install it manually.

Note: We highly recommend installing the extension on a development site prior to installing it on your production site. This will allow you to test and tune the extension to suit your needs.

Note: The following commands are for illustrative purposes only. The actual commands used for installation may vary based on external factors, including the Operating System of the machine the extension is being installed on as well as any available software programs.

Installing the Extension with Composer

  1. Log into the Web server where the extension will be installed via SSH (if you are installing the extension on a remote server)
  2. Enter the following commands:
    cd /path/to/your/store
    composer require sift/module-payment-protection
    bin/magento module:enable Sift_PaymentProtection
    bin/magento setup:upgrade
    bin/magento setup:di:compile
    bin/magento setup:static-content:deploy
  3. Log out of your server, if applicable
  4. Proceed to the “Configuration” section for details on how to set up the extension, or the “Customization” section for details on how to modify the extension

Installing the Extension Manually

  1. Download the Zip archive from Magento Marketplace, but do not unpack it yet
  2. Transfer the Zip archive to the Web server where your store is hosted using SFTP, SCP or your favorite file transfer program (if you are installing the extension on a remote server)
  3. Log into the server that you transferred the Zip archive to using SSH (if you are installing the extension on a remote server)
  4. Enter the following commands:
    unzip -d /tmp sift-payment-protection.zip
    cd /path/to/your/store
    composer require siftscience/sift-php
    mkdir -p app/code/Sift/PaymentProtection
    mv /tmp/sift-payment-protection/* app/code/Sift/PaymentProtection
    bin/magento module:enable Sift_PaymentProtection
    bin/magento setup:upgrade
    bin/magento setup:di:compile
    bin/magento setup:static-content:deploy
    rm -r /tmp/sift-payment-protection
  5. Log out of your server, if applicable
  6. Proceed to the “Configuring the Extension” section for details on how to set up the extension, or the “Customizing the Extension” section for details on how to modify the extension

Updating the Extension

Sift recommends checking for extension updates from the Magento Marketplace listing at least once a month. Please follow the instructions below to install the latest version, depending on which method was used to install the extension.

Installed with Composer

  1. Log into the Web server where the extension was previously installed via SSH (if you are updating the extension on a remote server)
  2. Enter the following commands:
    cd /path/to/your/store
    composer update sift/module-payment-protection
    bin/magento setup:upgrade
    bin/magento setup:di:compile
    bin/magento setup:static-content:deploy
  3. Log out of your server, if applicable

Installed Manually

  1. Log into the Web server where the extension was previously installed via SSH (if you are updating the extension on a remote server)
  2. Use the following commands to remove the existing version of the extension:
    cd /path/to/your/store
    rm -rf app/code/Sift/PaymentProtection
  3. Download and install the latest version of extension by following the instructions in the “Installing the Extension Manually” section

Uninstalling the Extension

Should you wish to remove the extension for any reason, please follow the instructions below to remove it, depending on which method was used to install the extension.

Note: we highly recommend backing up your store’s code files and database prior to performing the following steps.

Installed with Composer

  1. Log into the Web server where the extension was previously installed via SSH (if you are updating the extension on a remote server)
  2. Enter the following commands:
    cd /path/to/your/store
    bin/magento module:uninstall -r Sift_PaymentProtection
    bin/magento setup:di:compile
    bin/magento setup:static-content:deploy
  3. Log out of your server, if applicable

Installed Manually

  1. Log into the Web server where the extension was previously installed via SSH (if you are updating the extension on a remote server)
  2. Use the following commands to remove the existing version of the extension:
    cd /path/to/your/store
    bin/magento module:uninstall --non-composer Sift_PaymentProtection
    bin/magento module:disable Sift_PaymentProtection
    rm -rf app/code/Sift/PaymentProtection
    bin/magento setup:upgrade
    bin/magento setup:di:compile
    bin/magento setup:static-content:deploy
  3. Log out of your server, if applicable

Configuration

All settings for the extension can be found in the Magento Admin at “Stores > Settings > Configuration > Sales > Fraud Protection > Sift.”

General Settings

NameDescriptionDefaultScope
Enable this Solution Turns the functionality of the extension on or offYes (Enabled)Base, Website
Process Score DecisionWhether to allow orders to be placed based on the decision received from Sift.Yes (Enabled)Base, Website

API Settings

NameDescriptionDefaultScope
Account TypeWhat mode your Sift account is in (Sandbox or Production)SandboxBase, Website
Sandbox Account ID Found on the API Keys page of the Sift Payment Protection console.No ValueBase, Website
Sandbox API Key Found on the API Keys page of the Sift Payment Protection console.No ValueBase, Website
Sandbox Beacon Key Found on the API Keys page of the Sift Payment Protection console.No ValueBase, Website
Production Account ID Found on the API Keys page of the Sift Payment Protection console.No ValueBase, Website
Production API Key Found on the API Keys page of the Sift Payment Protection console.No ValueBase, Website
Production Beacon Key Found on the API Keys page of the Sift Payment Protection console.No ValueBase, Website
Signature Key Found on the API Keys page of the Sift Payment Protection console.No ValueBase, Website
Webhook URL Displays the URL that needs to be configured in the “Webhook URL” field for asynchronous decisions.Not ConfigurableBase, Website

E-mail Settings

NameDescriptionDefaultScope
Send E-mail for Orders Marked FraudWhether the customer should receive an e-mail if their order is marked as fraudulent by a decision.Yes (Enabled)Base, Website
Fraudulent Order E-mail Sender The identity to send the e-mail as (from “Stores > Settings > Configuration > General > Store Email Addresses”)Sales RepresentativeBase, Website, Store View
Fraudulent Order E-mail Template What template to use for the fraudulent order e-mail (from “Marketing > Communication > Email Templates” or the active theme)Fraudulent Order E-mail Template (Default)Base, Website, Store View
Send Fraudulent Order E-mail Copy To Comma-separated list of e-mail addresses to send a copy of the fraudulent order e-mail to.No ValueBase, Website, Store View
Send Fraudulent Order E-mail Copy Method Whether to BCC the fraudulent order e-mail to copy recipients, or to send a separate e-mail.BCCBase, Website, Store View

Order Status Mapping

The grid found in this section of the configuration allows you to configure what Magento order statuses correspond to their equivalent decision identifiers in the Sift console.

Note: At a minimum, you must configure a mapping for the Magento “Canceled” or “Closed” status in order for the extension to function properly.

Example Configuration

Debug

NameDescriptionDefaultScope
DebugDetermines whether logging and other development features are enabled.No (Disabled)Base, Website

Customization

The Sift Payment Protection extension includes a number of event hooks which can be subscribed to for performing various actions, such as mapping fields for third-party payment providers sent to the $create_order event.

Events

  • Event:

    sift_mark_order_fraud_before

    Properties:

    \Magento\Sales\Api\Data\OrderInterface $order
    \Sift\PaymentProtection\Api\Data\SiftOrderDecisionInterface $decision

    Description:

    Allows additional actions or processing to occur before an order is marked as fraud by a decision.

    Location:

    \Sift\PaymentProtection\Plugin\Sales\Api\OrderManagementInterfacePlugin::aroundPlace()
  • Event:

    sift_mark_order_fraud_after

    Properties:

    \Magento\Sales\Api\Data\OrderInterface $order
    \Sift\PaymentProtection\Api\Data\SiftOrderDecisionInterface $decision

    Description:

    Allows additional actions or processing to occur after an order is marked as fraud by a decision.

    Location:

    \Sift\PaymentProtection\Plugin\Sales\Api\OrderManagementInterfacePlugin::aroundPlace()
  • Event:

    sift_account_event_properties

    Properties:

    array $accountProperties

    Description:

    Allows properties generated for the $create_account and $update_account events to be viewed and modified.

    Location:

    \Sift\PaymentProtection\Model\SiftEvent\Account::execute()
  • Event:

    sift_account_event_response

    Properties:

    \SiftResponse $response

    Description:

    Contains the full response object returned from the Sift API.

    Location:

    \Sift\PaymentProtection\Model\SiftEvent\Account::execute()
  • Event:

    sift_create_order_event_properties

    Properties:

    array $orderProperties

    Description:

    Allows properties generated for the $create_order event to be viewed and modified.

    Location:

    \Sift\PaymentProtection\Model\SiftEvent\CreateOrder::execute()
  • Event:

    sift_create_order_event_response

    Properties:

    \SiftResponse $response

    Description:

    Contains the full response object returned from the Sift API.

    Location:

    \Sift\PaymentProtection\Model\SiftEvent\CreateOrder::execute()
  • Event:

    sift_login_event_properties

    Properties:

    array $loginProperties

    Description:

    Allows properties generated for the $login event to be viewed and modified.

    Location:

    \Sift\PaymentProtection\Model\SiftEvent\Login::execute()
  • Event:

    sift_login_event_response

    Properties:

    \SiftResponse $response

    Description:

    Contains the full response object returned from the Sift API.

    Location:

    \Sift\PaymentProtection\Model\SiftEvent\Login::execute()
  • Event:

    sift_transaction_event_properties

    Properties:

    array $transactionProperties

    Description:

    Allows properties generated for the $transaction event to be viewed and modified.

    Location:

    \Sift\PaymentProtection\Model\SiftEvent\Transaction::execute()
  • Event:

    sift_transaction_event_response

    Properties:

    \SiftResponse $response

    Description:

    Contains the full response object returned from the Sift API.

    Location:

    \Sift\PaymentProtection\Model\SiftEvent\Transaction::execute()
  • Event:

    sift_map_payment_methods_properties

    Properties:

    array $mappedProperties

    Description:

    Allows payment method event properties to be modified.

    Location:

    \Sift\PaymentProtection\Model\PaymentMethodsPropertiesMapper::mapFromMagentoPaymentCode()
  • Event:

    sift_fraudulent_order_email_send_before

    Properties:

    \Magento\Framework\Mail\TransportInterface $transport

    Description:

    Allows actions to be taken before the fraudulent order e-mail is sent.

    Location:

    \Sift\PaymentProtection\Model\Email\Sender\SiftFraudulentOrder::send()
  • Event:

    sift_fraudulent_order_email_send_after

    Properties:

    \Magento\Framework\Mail\TransportInterface $transport

    Description:

    Allows actions to be taken after the fraudulent order e-mail is sent.

    Location:

    \Sift\PaymentProtection\Model\Email\Sender\SiftFraudulentOrder::send()

Adding Support for Third-Party Payment Providers

If you wish to add support for a payment method that is not supported yet, please see the mapFromMagentoPaymentCode() method in the \Sift\PaymentProtection\Model\PaymentMethodsPropertiesMapper class. We recommend creating an after plug-in for this method and adding your desired payment method to the $mappedProperties array that is returned by this method. Please see the Sift Payment Method documentation for a list of supported payment providers.

Example:

<?php

declare(strict_types=1);
namespace Vendor\Extension\Plugin;

use Sift\PaymentProtection\Api\PaymentMethodsPropertiesMapperInterface;

class PaymentMethodsPropertiesMapperInterfacePlugin
{
   public function afterMapFromMagentoPaymentCode(
       PaymentMethodsPropertiesMapperInterface $subject,
       array $result,
       string $paymentCode
   ): array {
       if ($paymentCode === 'adyen_cc') {
           $result = [
               '$payment_type' => '$credit_card',
               '$payment_gateway' => '$adyen'
           ];
       }

       return $result;
   }
}

Any questions? We're happy to talk it through.