Download & install the NoFraud app to enjoy the benefits of our fraud prevention solution on your Shift4Shop (formerly 3DCart) store by following the steps outlined in this article. The entire process takes approximately 10-15 minutes, and once completed you'll be all set.
Please note, to integrate multiple Shift4Shop stores, you will need to create a unique NoFraud portal account for each.
Step 1: Download & Install the NoFraud Shift4Shop App
-
- Navigate to the Shift4Shop App Store and Search for NoFraud, or click here.
- Click I want this App as seen below to begin the installation.
Step 2: Create a NoFraud Account
After you install the app, you will be directed to this page that provides more information about our service. To complete the integration, please click here to create a NoFraud account.
Step 3: Get Your NoFraud API Key
Once you've created a NoFraud account, click here to log in to your NoFraud portal. After logging in, click on the Integration tab in the left sidebar menu (in the bottom-left corner of the page).
On the Integration page, you will see a drop-down menu that says Add new integration. Click on it and select the Direct API option. Next, click the Generate API Key button that appears just below the drop-down menu. When the page refreshes, you will see an 'API Key (Direct API)' appear on the page (as shown below).
Use your mouse to select the entire API Key (the string of text with the red box around it in the screenshot above), and then press 'Ctrl+C' (or 'Cmd+C' on a Mac) to copy the API Key text to your clipboard. Then paste it (by pressing 'Ctrl+V' or 'Cmd+V') into a Word file, email draft, or somewhere else you can easily access it later. In Step 4 below, you will need to input this NoFraud API Key into the appropriate field within 3dcart.
Step 4: Activate NoFraud Within Your Shift4Shop Admin Panel
In a new tab, login to your Shift4Shop store admin panel and select the Modules link in the left sidebar menu (as shown below).
On the Modules page, scroll down through the list of modules until you find the REST API module. (If the REST API module doesn't already show that it is installed, click the Install link to install the REST API module. Then continue with this step.)
Click on the (+) icon to the left of the REST API icon and heading. Then click the Change Settings link that appears just below the REST API heading (as shown below).
On the REST API Apps page, it will likely show a message that says 'Attention no entries found' (unless you have previously installed a REST API app for another tool). Regardless of whether it shows this message or it shows one or more REST API apps you've previously added, click on the '+ Add' button in the top-right corner (as shown below).
After you click the '+ Add' button, a Public Key field will appear. Copy and paste the following text into the Public Key field:
IMPORTANT: Do not paste your account-specific NoFraud API Key (which you just obtained in Step 3 above) into this Public Key field. This Public Key field is for the NoFraud's generic public key starting with '5c256', which is provided above.
A pop-up will appear, asking you to authorize the new app. Just click the '+ Authorize' button (as shown below).
After you click the '+ Authorize' button, a pop-up window (like the one shown in the screenshot below) should appear on the screen.
This pop-up window has three fields:
- The first is a field entitled Your NoFraud API Key. This is where you need to enter your account-specific NoFraud API Key beginning with the text 'NF_prod_' (which you obtained from NoFraud in Step 3 above). Simply paste your NoFraud API Key into this field.
- The next 2 fields have 'Yes' and 'No' radio buttons for you to indicate whether you'd like PayPal Express and/or Amazon Pay transactions to be sent to NoFraud for screening. Simply click the 'Yes' or 'No' for each option, then click the green Save button. Important: Please consult with the NoFraud Support team for more information about PayPal Express and Amazon Pay transaction screening. What the fees/costs are, and how Chargeback Protection applies to these non-standard payment methods etc.
You will see a confirmation message popup appear immediately after you click the Save button.
Your Shift4Shop store and NoFraud account are now “connected” and can “talk to each other.” You can close the pop-up window and proceed to Step 5 below.
Step 5. Insert NoFraud “Device” JavaScript Into HTML Code On Two Of Your Site's Pages
Open the tab in your web browser that still has the NoFraud portal page open (which you had open in Step 3 above). If you closed that tab, click here to log in to the NoFraud portal and then select the Integration tab in the left sidebar menu.
On the Integration page, you'll see a heading called 'Device JavaScript' with a snippet of code below it (as shown below). Select the entire snippet of code, and then press Ctrl+C (or 'Cmd+C') to copy the text to your clipboard.
You need to insert this snippet of code into the footer field of two pages on your site:
1) the 'View Cart' page, and 2) the 'Checkout #1' page (which is used regardless of whether your store uses single-page checkout or multi-page checkout).
Navigate to the Content > Titles & Content page in the left sidebar menu of your 3DCart store admin panel, which should still be open in one of your web browser tabs:
On the Titles & Content page, scroll down to the section entitled Main Pages. Both of the pages you need to edit are located in the Main Pages section. One at a time, click the gear icon to the right of the two pages you need to edit ('Checkout #1' and 'View Cart') and then click the Edit link that appears:
On both of the two pages you need to edit (the 'Checkout #1' page and the 'View Cart' page), the process is exactly the same. Scroll down to the Footer section of the page, and then click on the '</>' icon just above the toolbar on the right side of the screen (as shown below). It's very important that you click this '</>' icon so you're editing the HTML code of the footer field.
You may already have existing tracking codes and/or content in this Footer field. (It doesn't really matter whether you do or not.) If you do, simply scroll down to the very bottom of the already-existing content. If you don't, just click into the cell.
Simply paste (by pressing 'Ctrl+V' or 'Cmd+V') the 'Device JavaScript' that you copied from the NoFraud portal into the Footer cell (as shown below). Then press the green Save button in the top-right corner of the page.
As mentioned above, you need to insert this code into the footer field of BOTH the 'Checkout #1' page AND the 'View Cart' page. Once you have inserted the code into the footer of both of those pages, you are done with this step.
Step 6. (Optional) Additional Set-Up Tasks IF You Ever Take Phone Orders
Many fraudsters call in to place fraudulent orders because having you place the order for them prevents your store's checkout system from detecting their device ID and IP address (both of which are very important data points for detecting fraud). Because you place the order from a company computer rather than them placing it on theirs, it's a common way for fraudsters to circumvent your store's prevention tools. By completing these final steps, you will enable NoFraud to detect the device ID and IP address for phone orders, as well.
Here's are the three phone order set-up tasks:
- Within your NoFraud portal, click the Settings tab in the left sidebar menu. Along with several other settings (which you should take a couple of minutes to review and configure), there is a 'Merchant (store) IP address' field. Within this field, you'll need to enter ALL of the IP addresses (separate each IP address with a comma) that you and/or your staff members may be placing orders from. Be sure to hit Save to confirm your changes.
Note: To look up your IP address at any location, simply navigate to https://whatismyipaddress.com/ and copy the IP address that appears on the screen.
When NoFraud sees that an order is placed from one of the IP addresses you enter in this field, it will know that it is a phone order you placed on behalf of one of your customers. - Decide which page of your website you want a dynamically-generated Customer ID number to appear on. Many store owners choose to place it on a page which is seldom visited but which is also easy to navigate to (e.g. a page linked to in the footer of the site). We recommend placing Customer ID on a dedicated page within your store policy pages or similar.
Within your Shift4Shop store admin panel, navigate to the page that allows you to edit the textual content of the page you've selected. Most pages will be listed on the Content > Site Content page. Click the gear icon for the page you've selected, and then click on the Content option that appears in the drop-down menu:
On the next page, scroll down to the Page Content section of the page and click the '</>' button that appears just above the editing toolbar on the far right side of the page:
The Page Content field will now show the HTML code for the content of that page. You can choose to have the Customer ID number appear anywhere on the page, but most store owners prefer to have it appear at the very bottom of the page. To insert it at the bottom, simply scroll down to the very end of the content in the Page Content field, press the Enter key once or twice, then paste (by pressing 'Ctrl+V' or 'Cmd+V') the following snippet of code:<p>Customer ID:</p><div id="nf_customer_code"><script type="text/javascript"
src="https://services.nofraud.com/js/####/customer_code.js"></script></div>Notice that the text in blue is identical the Device ID JavaScript you just inserted into the 'Checkout #1' and 'View Cart' pages of your store in Step 6 above. (This script is provided on the 'Integration' page within your NoFraud portal. Make sure to replace the #### text in the above script (in red) with the correct digits (as shown on the 'Integration' page in your NoFraud account).
After replacing the #### text in the above script with your account-specific digits, paste the script into the Page Content cell (as shown below), and then click the green Save button in the top-right corner of the page to save your changes.
- Open a new tab and navigate to the page that you just inserted the Customer ID code into (i.e. your “store policies” page or whatever page you chose). Scroll to the bottom of the page and make sure that you can see the “Customer ID:” text followed by a system-generated set of numbers (as shown below). You may need to reload or even “hard refresh” the page (by pressing 'Ctrl+Shift+R', or 'Cmd+Shift+R' on a Mac) in order to see a “fresh” version of the page:
How to accept phone orders once the code is added:
You have now completed all of the set-up tasks necessary to enable NoFraud's order screening to work for orders placed over the phone. However, please be aware that it will only work if these steps are followed when an order is placed by you or your staff over the phone:
- Before placing the order for the customer, direct the customer to the page that displays the Customer ID on it and ask them to read the number to.
- Within your NoFraud portal, go to the Phone Order page and enter a) the Customer ID number the customer gives you, and b) the customer's email address (which must be the same email address you will enter during the checkout process in a few moments). Then click the Save button.
- After you have completed #1 and #2, place the order using your website's front-end checkout system. (Do NOT enter the order manually inside the 3DCart admin panel.) NoFraud now has all the information it needs to “match up” the phone order with the customer's device and IP location, both of which are critical for detecting and preventing fraud.