Download & install the NoFraud app to enjoy the benefits of our fraud prevention solution on your Shift4Shop (formerly 3DCart) store by following the steps outlined in this article. The entire process takes approximately 10-15 minutes, and once completed you'll be all set.
Please note, to integrate multiple Shift4Shop stores, you will need to create a unique NoFraud portal account for each.
Step 1: Download & Install the NoFraud Shift4Shop App
- Navigate to the Shift4Shop App Store and Search for NoFraud, or click here.
- Click I want this App as seen below to begin the installation.
Step 2: Create a NoFraud Account
Step 3: Get Your NoFraud API Key
Once you've created a NoFraud account, click here to log in to your NoFraud portal. After logging in, click on the Integration tab in the left sidebar menu (in the bottom-left corner of the page).
On the Integration page, you will see a drop-down menu that says Add new integration. Click on it and select the Direct API option. Next, click the Generate API Key button that appears just below the drop-down menu. When the page refreshes, you will see an 'API Key (Direct API)' appear on the page (as shown below).
Use your mouse to select the entire API Key (the string of text with the red box around it in the screenshot above), and then press 'Ctrl+C' (or 'Cmd+C' on a Mac) to copy the API Key text to your clipboard. Then paste it (by pressing 'Ctrl+V' or 'Cmd+V') into a Word file, email draft, or somewhere else you can easily access it later. In Step 4 below, you will need to input this NoFraud API Key into the appropriate field within 3dcart.
Step 4: Activate NoFraud Within Your Shift4Shop Admin Panel
In a new tab, login to your Shift4Shop store admin panel and select the Modules link in the left sidebar menu (as shown below).
On the Modules page, scroll down through the list of modules until you find the REST API module. (If the REST API module doesn't already show that it is installed, click the Install link to install the REST API module. Then continue with this step.)
Click on the (+) icon to the left of the REST API icon and heading. Then click the Change Settings link that appears just below the REST API heading (as shown below).
On the REST API Apps page, it will likely show a message that says 'Attention no entries found' (unless you have previously installed a REST API app for another tool). Regardless of whether it shows this message or it shows one or more REST API apps you've previously added, click on the '+ Add' button in the top-right corner (as shown below).
After you click the '+ Add' button, a Public Key field will appear. Copy and paste the following text into the Public Key field:
IMPORTANT: Do not paste your account-specific NoFraud API Key (which you just obtained in Step 3 above) into this Public Key field. This Public Key field is for the NoFraud's generic public key starting with '5c256', which is provided above.
A pop-up will appear, asking you to authorize the new app. Just click the '+ Authorize' button (as shown below).
After you click the '+ Authorize' button, a pop-up window (like the one shown in the screenshot below) should appear on the screen.
This pop-up window has three fields:
- The first is a field entitled Your NoFraud API Key. This is where you need to enter your account-specific NoFraud API Key beginning with the text 'NF_prod_' (which you obtained from NoFraud in Step 3 above). Simply paste your NoFraud API Key into this field.
- The next 2 fields have 'Yes' and 'No' radio buttons for you to indicate whether you'd like PayPal Express and/or Amazon Pay transactions to be sent to NoFraud for screening. Simply click the 'Yes' or 'No' for each option, then click the green Save button. Important: Please consult with the NoFraud Support team for more information about PayPal Express and Amazon Pay transaction screening. What the fees/costs are, and how Chargeback Protection applies to these non-standard payment methods etc.
You will see a confirmation message popup appear immediately after you click the Save button.
Your Shift4Shop store and NoFraud account are now “connected” and can “talk to each other.” You can close the pop-up window and proceed to Step 5 below.
Step 5. Insert the “Trigger” Code Into the Order Confirmation Page Template File
In this step, you will insert a short code snippet into the template file for the Order Confirmation Page (i.e. “Thank You” page) of your store. When a customer completes the checkout process and arrives on the Order Confirmation (“Thank You”) Page, this snippet of code triggers the app to run.
The code, which is embedded into the code of the page, alerts the app that an order has been processed so NoFraud can run its fraud analysis on the transaction and generate the PASS/FAIL decision. Without this “trigger code”, the app won't run and transactions won't be screened.
The following steps will walk you through how to insert the snippet of code into the template file for the 'Order Confirmation (“Thank You”) Page':
- Within the left sidebar menu of your 3DCart store admin panel, navigate to the Settings > Design > Themes & Styles page.
On the Themes & Styles page, click on the More option from the drop-down at the top of the page. Then select the Edit Template (HTML) option that appears in the drop-down menu.
- You will now be on the Template Editor page. Towards the top of the page on the right side of the screen, use the Go to folder: drop-down menu to select the templates/common-html5 folder.
IMPORTANT NOTE IF YOU DON'T SEE A 'TEMPLATES/COMMON-HTML5' FOLDER:
Depending on which “theme” your store is using, you may not see a folder named 'templates/common-html5'. Your theme may have different folders instead. If that's the case, you will need to follow either of these options:
a) contact the creator of your store's theme and ask them which folder contains the template file (which is most likely entitled 'checkout-step4.html') that controls the content of the 'Order Confirmation (“Thank You”) Page'.
Or, option b) go into each of the folders that are listed in the 'Go to folder' drop-down and, within each folder, look for a file entitled 'checkout-step4.html'. You may find just a single folder containing a 'checkout- step4.html' file, or you may find 3-4 folders containing this file. What you'll want to do is add the snippet of code to ALL of the 'checkout-step4.html' file(s) you find in any of the folders.
All of the template files within the 'templates/common-html5' folder will appear. Scroll down through the list of files until you find the 'checkout-step4.html' file. Click the gear icon on the right side of the screen, and then select Edit.
Within the code for the 'checkout-step4.html' page, you will see a line that says:
This line of text will likely appear about 30-35 rows down on the page (depending on the width of your screen, and whether you have made any other changes to the code previously). If you have trouble finding it, use your web browser's “Find” feature (typically accessed by pressing 'Ctrl+F', or 'Cmd+F' on a Mac) to search for the text <!--END: ordercompleted-->.
In order for the NoFraud app to work correctly, you need to insert the following code somewhere above the <!--END: ordercompleted--> text:
<img src="https://3dcart.nfapps.com/api/thankyou/?store=[store_url]&invoice=[invoicenum]" alt="NoFraud" />
We recommend placing the code on a new row just above the row with the </div> text, which is above the row with the <!--END: ordercompleted--> text. If you do so, the code will look like this:
Important: Do NOT modify or replace the '[store_url]' or '[invoicenum]' text in this snippet of code. Shift4Shop will automatically insert your store's URL and the order ID number on its own. Just copy and paste the above code exactly as-is.
Once you've copied and pasted the snippet into the code and verified that it looks the way it's illustrated in the image above, click the green 'Save' button in the top-right corner of the page. (If you do not click the 'Save' button, your changes will not be saved.)
Leave this tab open in your web browser, as there are still a couple of things you need to do within your Shift4Shop store admin panel in the upcoming steps.
Open the tab in your web browser that still has the NoFraud portal page open (which you had open in Step 3 above). If you closed that tab, click here to log in to the NoFraud portal and then select the Integration tab in the left sidebar menu.
You need to insert this snippet of code into the footer field of two pages on your site:
1) the 'View Cart' page, and 2) the 'Checkout #1' page (which is used regardless of whether your store uses single-page checkout or multi-page checkout).
Navigate to the Content > Titles & Content page in the left sidebar menu of your 3DCart store admin panel, which should still be open in one of your web browser tabs:
On the Titles & Content page, scroll down to the section entitled Main Pages. Both of the pages you need to edit are located in the Main Pages section. One at a time, click the gear icon to the right of the two pages you need to edit ('Checkout #1' and 'View Cart') and then click the Edit link that appears:
On both of the two pages you need to edit (the 'Checkout #1' page and the 'View Cart' page), the process is exactly the same. Scroll down to the Footer section of the page, and then click on the '</>' icon just above the toolbar on the right side of the screen (as shown below). It's very important that you click this '</>' icon so you're editing the HTML code of the footer field.
You may already have existing tracking codes and/or content in this Footer field. (It doesn't really matter whether you do or not.) If you do, simply scroll down to the very bottom of the already-existing content. If you don't, just click into the cell.
As mentioned above, you need to insert this code into the footer field of BOTH the 'Checkout #1' page AND the 'View Cart' page. Once you have inserted the code into the footer of both of those pages, you are done with this step.
Step 7. (Optional) Additional Set-Up Tasks IF You Ever Take Phone Orders
Many fraudsters call in to place fraudulent orders because having you place the order for them prevents your store's checkout system from detecting their device ID and IP address (both of which are very important data points for detecting fraud). Because you place the order from a company computer rather than them placing it on theirs, it's a common way for fraudsters to circumvent your store's prevention tools. By completing these final steps, you will enable NoFraud to detect the device ID and IP address for phone orders, as well.
Here's are the three phone order set-up tasks:
- Within your NoFraud portal, click the Settings tab in the left sidebar menu. Along with several other settings (which you should take a couple of minutes to review and configure), there is a 'Merchant (store) IP address' field. Within this field, you'll need to enter ALL of the IP addresses (separate each IP address with a comma) that you and/or your staff members may be placing orders from. Be sure to hit Save to confirm your changes.
Note: To look up your IP address at any location, simply navigate to https://whatismyipaddress.com/ and copy the IP address that appears on the screen.
When NoFraud sees that an order is placed from one of the IP addresses you enter in this field, it will know that it is a phone order you placed on behalf of one of your customers.
- Decide which page of your website you want a dynamically-generated Customer ID number to appear on. Many store owners choose to place it on a page which is seldom visited but which is also easy to navigate to (e.g. a page linked to in the footer of the site). We recommend placing Customer ID on a dedicated page within your store policy pages or similar.
Within your Shift4Shop store admin panel, navigate to the page that allows you to edit the textual content of the page you've selected. Most pages will be listed on the Content > Site Content page. Click the gear icon for the page you've selected, and then click on the Content option that appears in the drop-down menu:
On the next page, scroll down to the Page Content section of the page and click the '</>' button that appears just above the editing toolbar on the far right side of the page:
The Page Content field will now show the HTML code for the content of that page. You can choose to have the Customer ID number appear anywhere on the page, but most store owners prefer to have it appear at the very bottom of the page. To insert it at the bottom, simply scroll down to the very end of the content in the Page Content field, press the Enter key once or twice, then paste (by pressing 'Ctrl+V' or 'Cmd+V') the following snippet of code:
After replacing the #### text in the above script with your account-specific digits, paste the script into the Page Content cell (as shown below), and then click the green Save button in the top-right corner of the page to save your changes.
- Open a new tab and navigate to the page that you just inserted the Customer ID code into (i.e. your “store policies” page or whatever page you chose). Scroll to the bottom of the page and make sure that you can see the “Customer ID:” text followed by a system-generated set of numbers (as shown below). You may need to reload or even “hard refresh” the page (by pressing 'Ctrl+Shift+R', or 'Cmd+Shift+R' on a Mac) in order to see a “fresh” version of the page:
How to accept phone orders once the code is added:
You have now completed all of the set-up tasks necessary to enable NoFraud's order screening to work for orders placed over the phone. However, please be aware that it will only work if these steps are followed when an order is placed by you or your staff over the phone:
- Before placing the order for the customer, direct the customer to the page that displays the Customer ID on it and ask them to read the number to.
- Within your NoFraud portal, go to the Phone Order page and enter a) the Customer ID number the customer gives you, and b) the customer's email address (which must be the same email address you will enter during the checkout process in a few moments). Then click the Save button.
- After you have completed #1 and #2, place the order using your website's front-end checkout system. (Do NOT enter the order manually inside the 3DCart admin panel.) NoFraud now has all the information it needs to “match up” the phone order with the customer's device and IP location, both of which are critical for detecting and preventing fraud.