Frontend

Script Placement

Ensure that the javascript string provided by the backend is placed on the page to be protected. Place the string in a script tag as early as possible in the <head> section of the page. Doing this gives the script the maximum time to run, reducing false positives.

HTML

  <head>
  <script>
  //jsstring goes here:
  !function(e){var t={};...
  </script>
  </head>

Warning

Ensure that the script string is unescaped and unencoded when it is placed on the page.

Multiple submissions

Warning

Please ensure that multiple button clicks by the user does not submit the same token multiple times.

If the button being pressed multiple times results in the token being sent to us more than once this will cause false positives. We will block all repeat token submissions to avoid a token being used for multiple transactions.

Checks Completed

It is important that the script has completed its checks before allowing the user to navigate off the page, redirecting the URL or submitting the token for validation. Please add the monitoring snippet below and only allow the user to navigate off the page once !# statusCode === 201, this will help prevent false positives in the datapoint missing category.

Javascript

  EmpelloInterface.onFraudStopLoaded(function (statusCode) {
    if (statusCode === 101) {
      // main JS loaded successfully
    }
    else if (statusCode === 201) {
      // Checks completed, journey can continue
    }
    else if (statusCode === 202) {
      // There was an error
    }
    else if (statusCode === 203) {
      // The JS function timed out
    }
  });

We suggest you do not prevent the user from clicking the button in the event that they click the button before !# statusCode === 201. Instead allow the user to click the button and display a loading icon until !# statusCode === 201.