Abuse Prevention

abuse prevention at checkout configuration overview the forter sfcc cartridge version 21 1 3+ contains built in functionality to support abuse prevention at checkout in the form of decline reason code handling merchants who would like to take advantage of this new functionality should first follow the integration guide for fraud at checkout including the import cartridge docid\ i69a4ilokqp4un56xkeun , \[customizing order and payment data in the orders validation request]\( /fraud management/checkout md) , and sending order status docid 8td3eytun9nqwvcoeoyem data the following policies are supported with the dedicated abuse policies ui and each policy has two built in handling options “no action” “cancel and void with custom decline message” fig 1 abuse policies section in sfcc bm supported reasoncodes the cartridge has built in functionality to receive and execute the following policies and reason codes policy type reasoncode format reshipper merchantpolicyreshipper inr at checkout merchantpolicycheckoutinr returns at checkout merchantpolicycheckoutreturns promotion/coupon abuse merchantpolicycouponabuse limited item merchantpolicylimiteditemabuse reseller merchantpolicyreseller example response format the response format below shows how the reasoncode parameter is populated with a supported abuse policy string { "status" "success", "transaction" "712123002479", "action" "decline", "message" " | link in portal https //portal forter com/dashboard/7121230", "reasoncode" "merchantpolicylimiteditemabuse", "recommendations" \[], "additionaltags" "" } if you would like to leverage this functionality as is or would like to customize the policy reasoncode handling to execute unique customer flows or custom reason codes, please follow the steps below integration process step 1 install the sfcc cartridge follow the standard guide for \[importing the forter cartridge]\( /installation/import cartridge md) make sure you include your forter api credentials, specify the api version, and select your fraud handling note the fraud decline handling will be the default decline handling if a policy is enabled but no dedicated action is selected, the cartridge will default to your fraud decline settings step 2 select your integration placement forter’s abuse policies can be executed pre auth (prior to calling your payment processor) or post auth (after the payment has been authorized) the options for customizing the code are located below \[pre auth decision flow]\( /fraud management/checkout/pre auth credit card/sfra md) \[post auth decision flow]\( /fraud management/checkout/post auth credit card/sfra md) step 3 map your payment data/customize mapping customize the mapping and retrieval of the payment data depending on the flow selected in step 2, you will need to customize the forterorder js file with the appropriate payment data retrieved from your payment processor step 4 select your policy decline handling built in options once you have successfully mapped the order and payment data, your forter implementations team will enable abuse prevention functionality once this is enabled, you can go to the sfcc business manager ui merchant tools > site preferences > custom preferences > forter > abuse policies note the abuse policies section will show in cartridge version 21 1 3 upon installation but will not be executed in the cartridge unless your forter team has exposed policy reason codes in the forter api response and you and your forter team have already created policy rules separate from the cartridge click on the abuse policy settings option and then toggle the “enabled” option at the top of the page next, go to the policies you enforce (i e “reseller abuse policy”) and select the action from the dropdown menu note while all policies show in the bm ui, only the ones that have been enabled by your forter team and have corresponding rules created (by analysts or via policy builder) will execute in your sfcc cartridge customizing the policy execution the following policies are supported with the dedicated abuse policies ui and each policy has two built in handling options “no action” “cancel and void with custom decline message” the reasoncode strings and policies supported are listed below policy type reasoncode format reshipper merchantpolicyreshipper inr at checkout merchantpolicycheckoutinr returns at checkout merchantpolicycheckoutreturns promotion/coupon abuse merchantpolicycouponabuse limited item merchantpolicylimiteditemabuse reseller merchantpolicyreseller if you want to customize the reasoncode handling (i e “reroute back to payments page”, “cancel but don’t void and show custom decline”, etc) go to the following files to add custom functions or flows cartridges/int forter sfra/cartridge/controllers/checkoutservices js cartridges/int forter sfra/cartridge/scripts/pipelets/forter/fortervalidate js if you’re receiving a custom decline reasoncode in the api response or receiving a policy within the recommendation response parameter instead of the reasoncode, you will not be able to use the sfcc business manager ui instead you can add your custom policy handling via the same files cartridges/int forter sfra/cartridge/controllers/checkoutservices js cartridges/int forter sfra/cartridge/scripts/pipelets/forter/fortervalidate js using policy builder for policy creation once policy builder has been enabled in your forter portal, you can create custom policies and rules make sure to select the decline action when they create rules in the policy builder in order for the sfcc cartridge to correctly ingest the correct parameter viewing orders policy enforced orders you can customize the “orders” grid ui in the forter section of the business manager, so that the reason code and accompanying policy that was executed on an order can be easily searched and exportable step 1 global preferences go to administration > global preferences > order search step 2 add custom column click on the button option next to a “custom order column” row and select the reasoncode option (custom forterreasoncode) to ensure that this value is exposed in the orders grid additionally, when you click on the order link or search for the order in forter portal, the enforced policy can be shown in both the transactions grid and the detailed transaction view https //portal forter com/app/dashboard/transactions