FraudLabs Pro Fraud Prevention (Support Thread)

This module helps you to screen your online transaction, especially the credit card order, for online fraud. It equipped with sophisticated validation engine to efficiently screen the order from different elements, e.g, ip geolocation, free email provider, ship forwarded address, credit card BIN record and many more, to provide you an accurate fraud status and result for your decision making. You are no longer needed to inspect every single element yourself to pinpoint the fraud order.

Furthermore, the solution provide you the flexibility to define you own validation rules to tailor your business needs. And, it is configurable and you can turn in on/off at your convenience.

This module is absolutely FREE for 500 queries per month. So, it cost you just nothing to start protecting your business from fraud. Find out more at http://www.fraudlabspro.com/supported-platforms-zencart

We love inputs and feedback. Please share with us on anything in this thread or http://www.fraudlabspro.com/contact

Hi Chris...

What does your company provide, in terms of service, that PayPal doesn't already do, concerning screening credit cards?

Thank you....!

Hi Donn,
We provide solution for user to perform fraud screening, especially for the credit card transaction, to identify the fraud order. Our system perform a comprehensive screening, i.e, the geo location validation, free email validation, blacklist validation, BIN validation and many more, to unveil a fraud order. Furthermore, we also allow user to tailor make their own business rules on how they want the validation to be carried out and the validation sequence to their preference.

We have both the API and ready plugin solution to suit different user's needs. No doubts, some payment gateway, i.e, paypal, have their default fraud prevention implemented, but it will always be good to have a gate check prior to payment submission. Furthermore, you may not have the access on how they validate your payment nor tailor make the validation rules.

Anyway, we offer absolutely FREE micro plan with just email sign up. Perhaps, you can try out our solution to evaluate further.

Quote:

---

Originally Posted by chrislim

Hi Donn,
We provide solution for user to perform fraud screening, especially for the credit card transaction, to identify the fraud order. Our system perform a comprehensive screening, i.e, the geo location validation, free email validation, blacklist validation, BIN validation and many more, to unveil a fraud order. Furthermore, we also allow user to tailor make their own business rules on how they want the validation to be carried out and the validation sequence to their preference.

We have both the API and ready plugin solution to suit different user's needs. No doubts, some payment gateway, i.e, paypal, have their default fraud prevention implemented, but it will always be good to have a gate check prior to payment submission. Furthermore, you may not have the access on how they validate your payment nor tailor make the validation rules.

Anyway, we offer absolutely FREE micro plan with just email sign up. Perhaps, you can try out our solution to evaluate further.

---

I'm trying it, but I think I need a Callback URL? Yes? No?

Can you please help?

Overview:
This plugin screens the online transactions, especially the credit card orders, for potential fraud. It helps the users to minimize their risk in accepting fraudulent orders, while allowing legitimate users to continue enjoy their shopping experience, without erroneously rejected the valid order.

This plugin returns user a fraud indicator and comprehensive validation results for an online order, so that users can make the right decision if to proceed or reject an order. Furthermore, it also enables users to customize the validation logic by defining their own fraud checking rules based on their business needs. Inevitably, this solution helps to minimize fraud and chargebacks losses and improve business profits.

Module Download Link: http://www.zen-cart.com/downloads.php?do=file&id=1746 -- see v1.02

Essentially this module will send bits of your customer's transaction, nothing too sensitive and anything that is sensitive is hashed 65,000 times. It will assign a score and allow you to monitor the risk factors about your transaction. The approved, rejected, and ignore buttons do not affect the ZenCart transaction but makes a notation as to whether you want to proceed or not.

The FraudLabs Pro service is free of charge but only allows for 500 look ups per month. (AKA 500 transactions a month) After that you will need to pay for their service.

Installation is REALLY easy and there are hardly any core file changes needed. (I do still advise that you go over and backup your files FIRST before working with this.)

THIS IS AN EDIT TO AN ALREADY EXISTING MODULE AND IS BEING REUPLOADED AS SUCH. I CAN PROVIDED **LIMITED SUPPORT** FOR THIS MODULE. PLEASE UNDERSTAND THAT I AM NOT AN EMPLOYEE OF FRAUDLABSPRO AND AM VOLUNTEERING TO DO THIS.

The main reason I'm submitting this module (again) is because it uses file_get_contents coding which is sometimes blocked by hosts for the purposes of security. (Like mine is.) So instead, I've replaced those calls with cURL instead. Now the program will attempt to make a call via cURL three times and if those fail (shouldn't really), then use file_get_contents. If those fail then you will get no response. All responses with the FraudLabsPro server are stored in a separate database table.

Another thing to note, you do NOT need a Callback URL. The callback URL is for another integration option with FraudLabsPro. When you are prompted for the callback option, leave it blank.

(If enough people complain that they aren't seeing the FraudLabs Pro table in their orders module, after making both edits to orders.php (four edits if you're using Super Orders), I'll look into making a callback script available. (It's not really that difficult.)

There are other edits available to this module like the expansion of the payment types result. (I started this with the ones that I use, that come with ZenCart, or is PayPal.) At some point, I will likely go through and add ALL of the ZenCart modules that are available and code it in somehow. (This will require me to download each module, open it, find the short code that is inserted into TABLE_ORDERS, and add that code to the switch statement I wrote in and judge if it's a credit card module of some kind. Later in the summer.)

Quote:

---

Originally Posted by newtozc32

I'm trying it, but I think I need a Callback URL? Yes? No?

Can you please help?

---

You might be running into the same problem I have and that is file_get_contents, a command that is used to "retrieve" a website is disabled by many webhosts by default. I made an edit to the files so that they do not use file_get_contents but rather cURL (which is more often used with every other credit card processor module and even PayPal.)

Also note, you do not need a callback URL. (You can leave the Callback URL blank.) If you are having problems, please let me know via PM. While I don't work for FraudProLabs, I can help with this module as I got it to work with my Zen installation.

Does this plugin work with 'Direct Bank Deposit' plug-in?

Quote:

---

Originally Posted by adb34

Does this plugin work with 'Direct Bank Deposit' plug-in?

---

I don't have an exact answer for this as I don't have much experience with the Direct Bank Deposit. If I'm not mistaken, the information submitted will be passed on to Fraud Labs but it will not pass on any bank account information. It will simply look at the billing and shipping information and render a score with that information. I can do some testing with it but that is almost exactly how it will turn out unless some modifications are made. At the max, I'll end up making a change to the /admin/modules/FraudLabs/support.php to allow the module to appear as "wired" as payment method. I'll add it on to my to-do list.

can you please provide a version also support zen cart 1.3.8a?

Please help!!!!

Thank you

does FraudLabs Pro work with PHP 7.0 or 7.1? I have only get FraudLabs Pro to work with PHP5.6. error at check out.
Any fix for this.

Thank You

I am using Zen Cart 1.5.5e the instructions included in the instructions of Fraudlabs Pro Version: 1.0.8 to modify admin/orders.php indicate to
Search for:
<div class="row noprint">
<div class="formArea">
<?php echo zen_draw_form('statusUpdate', FILENAME_ORDERS, zen_get_all_get_params(['action']) . 'action=update_order', 'post', 'class="form-horizontal"', true); ?>

and replace with:

<?php include(DIR_WS_MODULES . 'fraudlabspro/summary.php'); ?>
<div class="row noprint">
<div class="formArea">

but my file shows:

<!-- BEGIN TY TRACKER 3 - DISPLAY TRACKING ID IN COMMENTS TABLE ------------------------------->
<td class="dataTableHeadingContent smallText" valign="top" width="23%"><strong><?php echo TABLE_HEADING_TRACKING_ID; ?></strong></td>
<!-- END TY TRACKER 3 - DISPLAY TRACKING ID IN COMMENTS TABLE ------------------------------------------------------------>
<!-- Begin Ty Package Tracker Modification (Minor formatting changes) //-->
<td class="dataTableHeadingContent smallText" valign="top" width="40%"><strong><?php echo TABLE_HEADING_COMMENTS; ?></strong></td>
<!-- End Ty Package Tracker Modification (Minor formatting changes) //-->

not sure what to replace

Suggested change for anyone running this on PHP 8.

1. Open /admin/includes/modules/fraudlabspro/summary.php
2. Delete the following line:
   
   PHP Code:

   ---

   $fraudlabspro_enabled = $db->Execute('select configuration_value FROM ' . TABLE_CONFIGURATION . " WHERE configuration_key = 'FRAUDLABSPRO_ENABLED'"); 


   ---

3. Find the following line (should be the next line):
   
   PHP Code:

   ---

   if ($fraudlabspro_enabled == 'true') { 


   ---

   and change it to:
   
   PHP Code:

   ---

   if (FRAUDLABSPRO_ENABLED == 'true') { 


   ---

Trying to pull this value using the $db-> results in an error (using ->Execute seems to generate the result as a MySQL Result field that cannot be assigned or read like a string). My fix to this? Use the raw DEFINE that is generated from all Configuration Keys in the database instead.

Hope this helps.

Another bug fix. (Might create an update at this point...)

Open /admin/include/modules/fraudlabspro/summary.php


Change line 187 (or look for this block) to a </div>.

PHP Code:

---

            echo '  <div class="form-group text-right">';
            echo '    <button id="btn-approve" class="btn btn-primary">Approve</button>';
            echo '    <button id="btn-reject" class="btn btn-primary">Reject</button>';
            echo '    <button id="btn-blacklist" class="btn btn-primary">Blacklist</button>';
            echo '  <div>';
            echo '</form>'; ?> 


---

and change that <div> to a </div> at the end.

Quote:

---

Originally Posted by retched

Another bug fix. (Might create an update at this point...)

Open /admin/include/modules/fraudlabspro/summary.php


Change line 187 (or look for this block) to a </div>.

PHP Code:

---

            echo '  <div class="form-group text-right">';
            echo '    <button id="btn-approve" class="btn btn-primary">Approve</button>';
            echo '    <button id="btn-reject" class="btn btn-primary">Reject</button>';
            echo '    <button id="btn-blacklist" class="btn btn-primary">Blacklist</button>';
            echo '  <div>';
            echo '</form>'; ?> 


---

and change that <div> to a </div> at the end.

---

Submitted this change as version 1.4.1 to the Plugin database

Rather than

if (FRAUDLABSPRO_ENABLED == 'true') {


I would suggest

if (defined('FRAUDLABSPRO_ENABLED') && FRAUDLABSPRO_ENABLED == 'true') {

for PHP 8 use.

Quote:

---

Originally Posted by swguy

Rather than

if (FRAUDLABSPRO_ENABLED == 'true') {


I would suggest

if (defined('FRAUDLABSPRO_ENABLED') && FRAUDLABSPRO_ENABLED == 'true') {

for PHP 8 use.

---

Noted that change and another bug I just found with the email domain variable too. I'm also working on a callback script but I don't want to submit it until I'm sure it works. Also working on a "fixed" (read: prettified) amount field to be properly format and not just a raw pull from the database complete with the float. (Started a thread in "Contribution guidelines" about it if anyone wants to help.)

Even better, IMO:

Code:

---

if (defined('FRAUDLABSPRO_ENABLED') && FRAUDLABSPRO_ENABLED === 'true') {

---

Ready with those total changes but I think I have to wait for my other submission to be made before I can submit it.

Added version 1.5.0 to the Plugin DB (awaiting confirmation and approval).

Changelog:
===
Added
- Created ZenCart observer to delete the order details from the Fraudlabs order table when the base orders details are deleted from the ZC database. (NOTE: There is no way to delete a transaction from the Fraudlabs backend once it has been posted to FraudLabs.)
- Added Agent Javascript (https://www.fraudlabspro.com/developer/javascript) processing. Effectively, each order submitted to the FraudLabsPro API can have a hash of the UserAgent, IP Address, OS version, and device type added to the order. This will avail the opportunity to blacklist devices or detect if the device is a known bad agent. This is optional and must be turned on by visiting the ZenCart configuration and enabling the "Agent Javascript" option by setting it to TRUE.
- Array-based language defines support (See first point in Changed section.)


Changed
- Changed all plain text language to ZC language defines. These files are the array-based files that are found in ZC 1.5.8 and onward, allowing for translation possibility. (Base language included in English.)
- Changed the layout of FraudlabsPro Summary to match that of the full details found in the FraudLabsPro backend. (Effectively, all parts that make up the response from FraudLabsPro's API can now be found in a tabbed area on the backend. The layout of the table has also been changed. (`TODO:` Move this off from being a hard edit in /admin/orders.php to a separate observer class.)
- Rearranged the order of the country details so that now it is `order_city, order_region, order_country, order_continent`. If there are any blanks, they will be skipped.
- Moved the link to the geolocation.com website to a button found next to the IP address listing.
- The database will now contain `NULL` values. The script will handle `NULL` by displaying `<em>- N/A -</em>` where necessary.
- All possible values that can be pulled from the ScreenOrder API are now stored in the database.
- Changed the feedback buttons (APPROVE, REJECT, BLACKLIST) to now only show the necessary button. (ie. An already APPROVE'd order cannot be approved twice.) Note: If you use the FraudLabsPro backend to update the status of the order, currently, this will not be reflected in ZenCart. (A webhook script is being worked on.)
- Added a flag icon that will be displayed next to the IP location and other country lookups as necessary (provided by the flagcdn.com API). Will only show up if the country field being looked up isn't `NULL`.
- Break down the errors that could be found and help for fixing them. (99% of the errors of the API will effectively kill the transaction.) If an error is found, a new tab "Error Details" will be available to view.
- Moved the calling of the order details during the checkout process to be a ZC observer instead. (This way it will survive edits from core file edits.)
- Made this [change]( to better detect if the module is enabled.


Fixed
- Fixed an unclosed <div> found in /admin/includes/modules/fraudlabspro/summary.php that was causing some bad displays.


===
If you're updating to 1.5.0, there is an additional SQL file that needs to be run called alter_flp_orders.sql. That should be ran against your orders_fraudlabspro table. If you don't care to keep your Fraudlabs order history, you can drop that table and run flp_orders.sql. Keep in mind that this doesn't remove them Fraudlabs' databases.

Additionally take care that you delete the folder /includes/modules/fraudlabspro and remove the following line from /includes/modules/pages/checkout_process/header.php: (they are no longer needed as the observer class will take over as needed)

PHP Code:

---

require(DIR_WS_MODULES . 'fraudlabspro/fraudlabspro.php'); 


---

Also missing from the notes is the more prevalent usage of the "N/A" descriptor. This is due to some fields not being returned from Fraudlabs API unless you have a paid plan with them. I left them in the database and output but overall these do NOT cripple the code in anyway shape or form.

If you plan on using Agent Javascript and maintain a privacy policy list and cookies statement, you should link to the Fraudlabs Pro Privacy Policy as well as note the cookie 'flp_checksum' in your cookies declaration statement. Agent Javascript is an optional part of the module, you do not need to enable it and by default it is turned off.

The next version (2.0.0) made by me will likely be made into an encapsulated plugin. (I just have to figure out how to add the contents of summary.php to work with the orders.php.)

If there are any errors, please discuss them here. I will reply when I am available to do so.