The Kount Fraud Prevention plugin for WooCommerce provides fraud protection to WooCommerce customers for their online store. Before you can begin using the plugin, you are required to sign a contract with Kount, an Equifax company, and receive a product demonstration delivered remotely by a dedicated account team. If you are not a Kount Command or Kount Control customer, contact your Kount representative to be paired with an account executive and schedule a demonstration.
For the integration process, you must have the following:
- Admin privileges in the WordPress site you are configuring to support the Kount extension
- WooCommerce Kount Plugin zip file (or the WordPress plugin download)
- Your Kount Agent Web Console (AWC) login credentials
- A Kount provided Merchant ID
- A login API Key
Note: You cannot process phone orders in WooCommerce. Instead, you must add all IP addresses to the IP Exclusion list in the AWC. For more details about IP exclusion lists, refer to How to Create Persona Exclusions.
Step 1: Create a new RIS API key
- Log in to the AWC using your Kount credentials.
- Click the ADMIN tab and then select API Keys from the drop-down menu.
- On the API Key Management page, click Create API Key.
- Provide the Key Name and select the RIS and API Key boxes on the pop-up window. Then click Create API Key. API keys are required to authenticate to Kount.
- Your new API Key displays on the API Key Management screen. This API Key is used in Step 2.
Step 2: Add a WooCommerce website in the Agent Web Console
- Log in to the Kount Test Portal.
- Under the Fraud Control list, click the Website option.
- In the Add Website pop-up window, enter a Website ID, which is any unique identifier for the website. The Website ID is used while configuring the plugin.
- If desired, add a description for the website .
- With the Kount Plugin installed successfully, Event Notification Service information displays. Under ENS Enabled, select No and leave the Merchant ENS URL empty.
- Click Add Website.
- A different Website ID can be created for Payments and Account Creation. To configure WooCommerce to use two IDs, create two separate Website IDs in the AWC. The same Website ID can be used for Kount Control and Kount Command – or you can create two separate websites.
Step 3: Install the Kount Fraud Prevention plugin
- Log in to WordPress with your admin credentials.
- Go to Plugins.
- In the Plugin section, click Add New option.
- Search for Kount Fraud Prevention, and then click Install Now.
- Once the plugin is installed, select Activate. The plugin displays in the WordPress menu list.
Note: To enable a connection to the Kount test environment, enable Test Mode on the configuration page as shown in Step 4.
Step 4: Enter the Configuration Information
- Switch the Enable Plugin button to turn on the feature. With the plugin enabled, Kount is called for any payment assessment.
- In the Merchant ID textbox, enter the 6-digit MID provided by Kount.
Note: Do not click Regenerate Consumer key & secret key. This is generated automatically during this process. However, there are instances where Kount might instruct you to regenerate the keys. If Kount instructs you to regenerate the keys, click Regenerate Consumer key & secret key, and then click Save.
- To enable a connection to the Kount test environment, click the Enable Test Mode toggle button.
Note: For production use, this setting must be disabled.
- Switch the Payment Risk Assessment button to enable Kount to perform a payment risk assessment.
- Choose a Payment Workflow Mode.
- Pre-Authorization: Query Kount RIS before attempting an authorization from the payment gateway.
- Post-Authorization: Query Kount RIS after the payment gateway has been contacted.
- Enter the API Key created in Step 1.
- Copy the ENS Callback URL from the WooCommerce plugin and paste it in the ENS Callback URL textbox. If the Payment Risk assessment is enabled, the ENS URL appears in the respective field. This is a read-only field and is used as the value for the ENS API URL configured in the Kount AWC.
- Enter the Website ID set up in Step 2.
Account Creation Settings
- Account Creation is enabled by default. If you are using Kount Control and Kount Command, enable Account Creation to prevent sending a risk assessment within Woo/WordPress for recently created accounts.
- Trusted Device remains disabled by default. When enabled, the Kount Trusted Device End Point and user device details are saved as a trusted device in Kount’s database.
- Enter the Website ID set up in the Agent Web Console (AWC) in Step 2.
Account Login Settings
- Account Login remains disabled by default. If enabled, it performs a risk assessment for login users.
- Enter the Login API Key provided by Kount as mentioned in the prerequisite.
- Trusted Device remains disabled by default. When enabled, it calls the Trusted Device Endpoint. If the user device is not saved as a trusted device, then Kount sends a challenge-response and the user is challenged with MFA depending on the MFA setup configured by admin in WordPress.
Refer to the documentation for MFA and Trusted Device on the configuration page for more details.
- Select the appropriate logs level from the three levels available: Debug, Info, and Error.
- In the logs deletion duration (in days) text box, select the logs delete duration. The default setting is 30 days and can be extended up to 999 days.
- Click Download file to download the log file.
- Save the configuration information.
Step 5: Update the AWC
- Return to the AWC.
- Next to the WooCommerce website you created earlier, click the Gear icon, and then click Edit.
- Under ENS Enabled, select Yes.
- In the Merchant ENS URL text box, enter the URL from the ENS Callback URL page retrieved during the WooCommerce installation in Step 4.