Layer 1 copy


This guide helps on-demand businesses stop chargebacks, referral abuse, and other types of fraud.

Send User Events

A core integration includes the following (when applicable):

Integrate your website
Integrate your mobile app
Integrate your events
User creates an account
  • If users can create accounts, send a $create_account event with custom fields to capture differences between users, such as:
    • 'num_reviews' : 0
    • 'successful_ride_count' : 0
    • 'user_type' : 'partner'
    • 'orders_canceled' : 0
    • 'num_referrals_redeemed' : 0
  • If a user updates their account information outside of the checkout flow, send an $update_account event.
  • If users can checkout anonymously, follow our tutorial.
User places an order
  • When a user places an order, send a $create_order event. Fill in as many $items fields as you can and include custom fields such as:
    • 'num_reviews' : 4
    • 'successful_ride_count' : 9
    • 'delivery_method' : 'pickup'
    • 'order_message' : 'leave on the doorstep'
    • 'promo_code' : 'SpringPromo'
    • 'amount_after_credit' : 12.43 (how much the user spent after promos and credits, if different order $amount)
    • 'minutes_until_service' : 60
    • 'pickup_lat' : 35.360555
    • 'pickup_lng' : 138.727778
  • If a user can update an order (e.g. change the shipping address), send an $update_order event.
    • Custom field ideas:
    • 'address_changed' : True
When you interact with a payment gateway
  • Send a $transaction event for each payment gateway interaction, as well as each other payment method accepted for the order (e.g. gift card).
  • When a payment gateway informs you of a chargeback, send a $chargeback eventand a fraud label.
Referral Fraud

If you offer a referral promotion, do the following. When user B signs up using user A's referral:

  • Send '$referrer_user_id' : 'A' in the code '$create_account' event for user B.
  • Send a referral_redeemed custom event for user A with the following fields:
    • '$type' : 'referral_redeemed'
    • '$api_key' : 'your_rest_api_key'
    • '$user_id' : 'A'
    • 'referred_user' : 'B'
    • 'num_referrals_redeemed' : 3 (value including this redemption)

You'll also want to take advantage of our promotion object that can be sent with $create_account, $create_order, and $add_promotion.

Additonal events

The following events can be sent to capture a more complete picture of users when applicable: $submit_review, $send_message, $login, $order_status.

Send Feedback to Sift

One of the key strengths of the Sift Science platform is that as you give it feedback it continues to learn and adapt to patterns. By providing continuous feedback on who your good and bad users are, we will evolve our detection and improve the accuracy of risk scores. You’ll be able to stop bad actors even as they change their attack vectors. In addition to sending an optional historical backfill:

  • Create a Feedback focused Workflow where you review high scoring users and tell us how well we are predicting your fraudsters.
  • If you are already doing manual review in your existing system, just send the outcome of each review to our Labels API

Once you’re up and running with Sift, continuing to send feedback will improve your score accuracy in real-time, catching bad users as soon as they appear. This is an important part of a successful integration.

Make Decisions with Sift

Scores are an indication of how risky a user is for a given abuse type. You can use these scores as a means to block bad users, add friction to users you are unsure about (e.g., SMS verification), and let good users sail right through. You’ll want to make these checks at the key events where fraudulent users can hurt your business: typically $create_order for payment_abuse and $create_account if facing promo_abuse.

The two ways to do this are:

  • Create a Sift Workflow You can build application logic into Sift with our Workflow product. Workflows let you set up criteria that get evaluated whenever specified events occur. Learn more in our Workflows tutorial.
  • Build application logic in your system An alternate approach is to request abuse specific risk scores to be returned in the response of the user events you send. See our API documentation

Any questions? We're happy to talk it through.