Riskified
Riskified
Fraud management softwareRiskified offers fraud management software you can use regardless of your payment service provider. EVA offers a direct integration with Riskified's API services to make risk mitigation easy.
The basics of a payment flow including Riskified are as follows: if an authorized/confirmed payment meets certain conditions, the entire order is put on hold. EVA then makes a package of information, which includes some information from Adyen, and sends it towards Riskified.
Based on that information, Riskified assesses the potential for fraud and consequently gives EVA either a thumbs up or down for the payment. EVA then releases the order and ships it, or refunds the payment.
If Riskified rejects the payment, after the refund is processed, you will remain in the checkout process and be able to select a new payment method.
Riskified is a separate plugin that needs to be explicitly enabled by the New Black infrastructure team for your environment.
Settings
| Setting | Description |
|---|---|
| Riskified:EndPoint | https://sandbox.riskified.com Set this at root (OU1) level. |
| Riskified:ShopUrl | yourcompany.com_paybylink_fr |
| Riskified:AuthToken | Your authorization token. |
| Riskified:ProductCategoryProperty | The more information Riskified gets, the better the analysis. Set this to Category. Specify a PIM property here to forward its value of the product being ordered. |
| Riskified:ProductSubCategoryProperty | The subcategory of the product. Set this to SubCategory. |
The latter two settings are employed when sending product information to Riskified.
If App:Order:ShowTakeoverAlert is enabled (default) and users are notified when changes are made to their current orders, a Riskified check will trigger this alert as well.
Add your Riskified UserID to App:Order:IgnoreTakeoverUpdateUsers to prevent this from happening.
Update your Adyen configuration
Only payment type ADYEN_DROPIN is capable of working in tandem with Riskified.
Additionally, your Adyen configuration needs to be updated for it to include additional (credit card) information - which can consequently be requested by EVA and passed on to Riskified. See Adyen's documentation.
3DS data
You can also enable the use of 3DS data by Riskified by updating your Adyen configuration.
Please visit Adyen's own Webhooks docs.
Set your EVA endpoint in Riskified
The settings allow you to specify an endpoint for EVA to forward the data to, but Riskified in turn needs to know how to get the decision-carrying data to EVA.
Specify your EVA endpoint URL (for example, https://api.f6gri92.on-eva.io/riskified) in your Riskified account settings. You can find your endpoint URL on the information screen in Admin Suite.
API flow
The following is a slightly more detailed flow between EVA and Riskified in a nutshell.
1. A payment gets authorized/confirmed and is checked for the following conditions
- Is it of Type ADYEN_DROPIN?
- Is it created by a non-employee-or-API-type user?
- Does it have credit card details?
2. If all of the questions in step 1 can be answered with yes, then a Create request is sent towards Riskified
- This process is aborted if Riskified does not respond successfully
3. In the meantime, the payment gets flagged with an order requirement "PaymentFraudCheck", which blocks shipping
4. Now it's up to Riskified to call our Riskified middleware endpoint with a thumbs up/down
- In case of acceptance: the payment is flagged with "Fraud check (passed)" and the order requirement is lifted;
- In case of denial: the payment is flagged with "Fraud check denied" and the payment gets refunded automatically.
5. The final state of the order is to backpropogate Riskified of this information - we do this async
- Either the order was shipped by EVA, which means we send a
Fulfillrequest - Or, if the order was cancelled in EVA, we send a
Checkout_Deniedrequest