# Transaction Validation - Fraud Mitigation A professional WordPress plugin for connecting WooCommerce stores to the Transaction Validation service for fraud detection and mitigation. ## Features - **Secure JWT Authentication** - Industry-standard token-based authentication - **Easy Account Registration** - Create accounts directly from WordPress admin - **Customer Management** - Automatic customer registration on main site - **Professional Admin Interface** - Clean, intuitive user experience - **WordPress.org Compliant** - Follows all WordPress coding standards - **Security Focused** - Nonces, sanitization, and encryption throughout ## Installation 1. Upload the plugin files to `/wp-content/plugins/transaction-validation-fraud-mitigation/` 2. Activate the plugin through the 'Plugins' menu in WordPress 3. Navigate to Transaction Validation menu 4. Create an account or login 5. Start using the service ## Requirements - WordPress 5.8+ - WooCommerce 5.0+ - PHP 7.4+ - Active internet connection ## Usage ### First Time Setup 1. After activation, go to **Transaction Validation** in the WordPress admin menu 2. Choose **Register** to create a new account or **Login** if you already have one 3. Fill in the required information: - Username - Email - First Name - Last Name - Password 4. Click **Create Account** or **Login** ### Managing Your Account - View connection status in the main dashboard - Access settings through the Settings submenu - Disconnect your account anytime from the account page ## File Structure ``` transaction-validation-fraud-mitigation/ ├── assets/ │ ├── css/ │ │ └── admin.css │ └── js/ │ └── admin.js ├── includes/ │ ├── class-tvfm-admin.php │ ├── class-tvfm-api-client.php │ ├── class-tvfm-jwt-handler.php │ └── class-tvfm-registration.php ├── languages/ ├── readme.txt ├── README.md └── transaction-validation-fraud-mitigation.php ``` ## Configuration The plugin connects to `https://transactionvalidation.com` by default. This URL is defined as a constant in the main plugin file. ### Settings - **Enable Logging** - Track API calls and errors - **Test Mode** - Use test environment for development ## Security - All API communications use JWT tokens - Passwords are never stored locally - WordPress nonces protect all forms - Data is sanitized and validated - Follows WordPress security best practices ## External Services This plugin requires connections to external services to function properly. Below is a detailed description of all third-party services used. ### 1. Transaction Validation Service **What it is:** The primary service that provides fraud detection and mitigation for WooCommerce transactions. **URL:** https://transactionvalidation.com **When data is sent:** - During user registration (account creation) - During user login - Periodically when sync transaction data is requested - When retrieving merchant dashboard data - When viewing transaction reports **What data is sent:** - User credentials (username, email, password) during registration/login - JWT authentication tokens during API calls - User profile information (first name, last name, email) - Transaction data for validation and fraud analysis - WooCommerce order information when sync is triggered **Purpose:** To authenticate users, store account information, process transactions, perform fraud detection analysis, and provide real-time validation and reporting services. **Terms of Service:** https://transactionvalidation.com/terms-of-service/ **Privacy Policy:** https://transactionvalidation.com/privacy-policy/ ### 2. cPanel API Service **What it is:** Server management API for creating and managing email accounts on the hosting provider's cPanel services. **URL:** `https://:2083/execute/Email/*` (custom domain based on merchant's server) **When data is sent:** - When email accounts are automatically created for fraud mitigation notifications - When email forwarders are configured for transaction validation emails **What data is sent:** - Email account creation requests (username, domain) - Email forwarding configuration - API authentication credentials (username and token - securely stored locally) - These requests are only made if the merchant has configured cPanel integration **Purpose:** To automatically create email accounts and configure email forwarding for fraud detection notifications and transaction validation alerts on the merchant's hosting server. **Terms of Service:** Provided by your hosting provider (typically cPanel, Inc.) **Privacy Policy:** Provided by your hosting provider ### Data Privacy - All communications with external services use HTTPS encryption - API tokens are stored securely in the WordPress database with appropriate encryption - User passwords are never transmitted or stored insecurely - The plugin respects user consent and only sends data when explicitly configured/triggered - Merchants can disconnect their accounts at any time to stop data transmission ## API Integration The plugin uses the JWT Authentication for WP-API plugin on the main site. Required endpoints: - `/wp-json/jwt-auth/v1/token` - Authentication - `/wp-json/jwt-auth/v1/token/validate` - Token validation - `/wp-json/jwt-auth/v1/token/refresh` - Token refresh - `/wp-json/wc/v3/customers` - Customer registration ## Development ### Filters (Future versions will include filters for extensibility) ### Actions (Future versions will include action hooks) ## Support For support, please visit: - Website: https://transactionvalidation.com - Documentation: https://transactionvalidation.com/docs - Support: https://transactionvalidation.com/support ## License This plugin is licensed under GPLv2 or later. ## Credits Developed by the Transaction Validation Team ## Changelog ### Version 1.0.0 - Initial release - JWT authentication integration - User registration and login - Admin dashboard and settings - Connection status monitoring