This is a guide for an integration to help SaaS businesses combat account takeover, fake accounts, payment abuse, or promotion program abuse.
Send User Events
A core integration includes the following (when applicable):
Integrate your website
Integrate your mobile app
Integrate your events
User creates an account
- If users can create accounts, send a $create_account event.
- If users can update their account information outside of the checkout flow, send an $update_account event.
- If users can remit money anonymously, follow our tutorial.
Whenever a user attempts to log in to their account, send a record of that to Sift Science. Send both successful and failed logins. Also, send a logout event whenever a user actively chooses to logout.
NOTE: You must send the Session ID with the login event for ATO to work properly.
In response to a risky login, you’ll likely want to verify whether the user is who they say they are. If your login flow contains a verification step, sending this information to Sift Science is very useful as it gives additional feedback to our systems.
User buys a service or goods
When a user places an order, send a $create_order event. Fill in as many
$itemsfields as you can and send custom fields to capture differences between users and orders such as:
'Is_first_time_buyer' : true(prior to this purchase, the user has reviewed 4 items)
'source_of_order' : 'web'
'location_of_user' : 'US EAST'
'account_age' : '3 days'
'Type_of_subscription' : 'monthly'
You Interact with a Payment Gateway
- Send a $transaction event for each payment gateway interaction, as well as each other payment method accepted for the order (e.g. gift card).
- When a payment gateway informs you of a chargeback, send a fraud label.
- Please include any information sent from your payment gateway within the payment method nested object
Add custom fields to capture differences between users (think about the form fields users submit, as well data about the user's account and the item, service, or content). The more data points you provide, the better we can differentiate between good and fraudulent users.
Send Feedback to Sift
One of the key strengths of the Sift Science platform is that as you give it feedback it continues to learn and adapt to patterns. By providing continuous feedback on who your good and bad users are, we will evolve our detection and improve the accuracy of risk scores. You’ll be able to stop bad actors even as they change their attack vectors. In addition to sending an optional historical backfill:
- Create a Feedback focused Workflow where you review high scoring users and tell us how well we are predicting your fraudsters.
- If you are already doing manual review in your existing system, just send the outcome of each review to our Labels API
Once you’re up and running with Sift, continuing to send feedback will improve your score accuracy in real-time, catching bad users as soon as they appear. This is an important part of a successful integration.
Make Decisions with Sift
Scores are an indication of how risky a user is for a given abuse type. You can use these scores
as a means to block bad users, add friction to users you are unsure about (e.g., SMS verification), and let good users sail right through. You’ll likely be making this check at
The two ways to do this are:
- Create a Sift Workflow You can build application logic into Sift with our Workflow product. Workflows let you set up criteria that get evaluated whenever specified events occur. Learn more in our Workflows tutorial.
- Build application logic in your system An alternate approach is to request abuse specific risk scores to be returned in the response of the user events you send. See our API documentation
Any questions? We're happy to talk it through.