My Cart
Illegitimate Customer Payments Protection in Magento 2: Quick Tutorial

Illegitimate Customer Payment Protection in Magento 2: Quick Tutorial

Starting to operate in the e-commerce field, businesses should be ready for any threats that can go with their online presence.

Internet fraud is the issue that must not be underestimated, as any illegitimate action can seriously affect the well-being of any business.

Illegitimate Customer Payments Protection in Magento 2: Quick Tutorial

In general, there are two types of internet fraud: illegitimate actions causing security breaches and suspicious transactions related to the use of credit cards by defrauders pretending to be honest buyers. In this article, we will describe the major forms of customer payment fraud and then consider how Magento 2 store owners can protect their sites from fraudulent transactions.

Major Forms of Customer Payment Fraud

Credit Card Fraud

This form of customer payment fraud implies making online purchases with stolen credit cards. However, defrauders might not necessarily steal cards physically, sometimes, they digitally obtain required credit card details. The main challenge for merchants here, as well as in the case of any other form of payment fraud, is to determine the identity of a buyer to find out whether the purchase was truly legitimate.

Refund Fraud

In the case of refund frauds, a defrauder using a stolen credit card deliberately overpays money for an order made in a store. Then, this person contacts the store and claims a reimbursement due to accidental overpayment. Moreover, the defrauder might ask to pay the refund by a method alternative to card transaction. In this case, the swindler claims that the card from which the overpayment was made is closed, so the card transaction is not possible.

Card Testing Fraud

Defrauders can generate credit card credentials and then test their validity in web stores. For example, if a store denies the purchase due to an incorrect card expiration date, a defrauder will try to find the date to be accepted by testing various card expiration dates on other web stores.

Chargeback Fraud

This form of internet fraud occurs when a defrauder makes an online purchase through a credit card and then claims that the card has been stolen. After receiving the goods or services purchased, this person asks for a chargeback.

With Magento 2, store owners can prevent these threats by getting the advantage of the third-party fraud protection solutions supported by the platform: PayPal Fraud Management Filters and Signifyd Fraud Protection. Let’s consider each solution individually.

PayPal Fraud Management Filters

PayPal Fraud Management Filters help store owners identify potentially fraudulent transactions. By checking payment characteristics, the PayPal fraud filters detect illegitimate payment activities so that merchants can timely deny such payments, thus, saving time and money.

The work of Fraud Management Filters consists of three major steps:

1. The filters are configured by choosing between the filter actions on the PayPal side (we will talk about filter types and filter actions in the following paragraph).
2. All transactions incoming in a store will be analyzed according to the action chosen.
3. The configured fraud filters will automatically perform the action for each order, reliable or suspicious, in a web store. In fact, most payments are accepted, as they are legal.

Now, let’s consider how to configure PayPal Fraud Management Filters both on the PayPal side and in the Magento 2 Admin Panel.

Configuring PayPal Fraud Management Filters

The PayPal fraud protection solution provides two types of fraud management filters – Basic Filters and Advanced Filters.

Basic Filters provide merchants the following options:

  • Total purchase price ceiling filter;

  • Total item ceiling filter;

  • Shipping-billing  address mismatch filter;

  • AVS failure filter;

  • Card security code failure filter;

  • ZIP risk list match filter;

  • USPS address validation failure filter;

  • IP address velocity filter.

Advanced filters, in turn, help merchants manage filter actions in the following options:

  • Buyer authentication failure filter;

  • USPS address validation failure filter;

  • Email service provider risk lists;

  • IP address match filter;

  • Account number velocity filter;

  • Geo-location failure filter;

  • Bad lists;

  • International shipping-billing address filter;

  • International AVS filter;

  • International IP address filter;

  • Country risk list match filter;

  • Good lists;

  • Total purchase price floor filter;

  • Custom filters;

  • Product watch list filter.

For more information about PayPal fraud filters, read the official User Guide

Note: PayPal Fraud Management Filters are available only for owners of PayPal Business (basic filters) and PayPal Website Payments Pro (basic and advanced filters) accounts located in the US, UK, Canada, and Australia.

To start the configuration, first, create a PayPal account and configure the PayPal payment method for your Magento store. Here is provided the detailed process for the PayPal payment methods configured in Magento 2.

Then, move to the PayPal side and configure your Fraud Management Filters.

After that, open the Orders menu in Sales in your Magento 2 Admin Panel. Here, you can monitor the status of each order that will be changed in accordance with the filter actions you set.

In the menu opened on the PayPal side, configure filter actions by choosing among the following options:

  • Review – the status of the suspected product order will be set to “Payment Review” in the Orders menu of your Magento 2 Admin Panel when the order is placed on your web site. Having changed the status of the transaction on the PayPal side, click on the Get Payment Update button on the top of the Order page of the Magento 2 Admin Panel to apply the settings for your web store.

  • Deny – the order cannot be placed on the web site as the PayPal system rejects it. The order status in the store’s Admin will be changed to “Canceled”, the transaction will be denied, and the funds will be returned to the customer’s account. The information about the transaction, in turn, will be added to the Comments History section in the Order View menu in Orders.

  • Flag – the suspicious order will receive the “Processing” status in the Orders menu of your Admin Panel.

The configuration of PayPal Fraud Management Filters is completed. Apply the configured settings by clicking on the Save button on the PayPal settings page.

Now, let’s move on to another fraud protection solution – Signifyd.

Signifyd Fraud Protection

Signifyd is one of the world’s largest providers of powerful anti-fraud protection solutions. The Signifyd’s solution is not as well-known as the PayPal fraud protection filters, so we will talk about it in more detail.

In 2011, Signifyd engineers from San Jose, USA, created the technology that evaluates transaction risks related to the processing of bank cards. The ideas of the company's specialists turned out to be so innovative that they managed to attract considerable investments from third-party sources, which allowed them to further improve their fraud protection solution. After a while, the total amount of third-party financing exceeded the $30 million mark.

The Signifyd team managed to develop the self-titled system based on machine learning. It means that the system uses thousands of different data points necessary for decision-making. At the same time, if Signifyd makes a mistake while analyzing an order, the company pays 100% compensation to a client.

Signifyd perfectly deals with threats that many e-commerce businesses today face. Those threats include significant financial losses due to chargebacks, mistakenly denied orders causing customers’ dissatisfaction, wearisome manual order reviews resulting in operational costs, etc. The solution is supported by the cloud-based platform that automates the fraud prevention process.

When a customer places an order in a web store, Signifyd automatically reviews the order and informs a merchant whether this order is suspicious or not. From the information provided, merchants can decide whether to accept or deny the order.

Signifyd provides three options (pricing plans) for reviewing orders:

  • On-demand Assurance – manages suspicious orders independently and address the Signifyd experts for help if needed;

  • Complete Assurance – Signifyd will review and manage orders without merchants’ participation so that they can focus on other business tasks;

  • Enterprise Assurance – merchants can customize order reviewing process according to their requirements.

Signifyd does not slow down the checkout process, and each order is reviewed in 5 seconds in average. Moreover, the customers won’t even know that merchants use this solution, as it virtually invisible on the frontend.

Today, Signifyd is used by multiple Fortune 100 and Internet Retailer Top 500 companies. More and more e-commerce platforms, such as BigCommerce and others, choose Signifyd as the protection solution for web stores. Quite recently, the Magento team also integrated this system with the latest version of the Magento 2 Commerce platform.

So, let’s consider how this solution can be configured in your Magento 2 store.

Configuring Signifyd in Magento 2

First, contact the Signifyd sales team by filling the Sales Questions form on the Signifyd’s official site, so that they can provide you with their protection solution. After this, install the Signifyd system on the server of your web store by following the instructions of the installer.

Having installed Signifyd, open the Admin Panel of your Magento 2 store. Then, open Stores and click on Configuration in the Settings section. In the Configuration menu, expand the Sales section on the left and choose the Fraud Protection option. Activate the solution by choosing Yes in the Enable this Solution field.

Next, open the Signifyd console on the Signifyd Settings page. Copy the API key from the console to the corresponding field on the Signifyd Settings page of the Magento 2 Admin Panel. Leave the API URL field unchanged, as its value is automatically assigned by Signifyd.

If you want the system to create log files recording the information about all Signifyd transactions occurred in your web store, choose Yes in the Debug field.

Note that the value in the Webhook URL section in the Admin Panel of your Magento 2 store cannot be changed, as it stands for the location of the handler that synchronizes Signifyd’s automation operations with the store.

All is done! Click on the Save Config button on the top of the Configuration page to apply the configured settings.


With fraud protection solutions integrated in Magento 2, online merchants can deal with various forms of customer payment frauds threatening web stores. Both the PayPal and Signifyd anti-fraud systems ensure a high level of protection, so now, Magento 2 store owners don’t have to worry about unscrupulous buyers that can attempt to make purchases on their sites.