IronPhantom Antifraud - AI Fraud Detection and Bot Defense for WooCommerce

IronPhantom Antifraud brings AI-assisted fraud monitoring and bot defense to WooCommerce. The plugin works in a non-intrusive way by analyzing checkout, order, login, behavioral, and technical risk signals in real time. It helps identify risky behavior, compromised account indicators, suspicious IP patterns, automated activity, and session anomalies before they become a serious operational problem. IronPhantom is designed for merchants who want more visibility, more control, and less noise. Automated Provisioning IronPhantom is built for fast activation. After the merchant accepts the Privacy Policy and enables the service, the plugin can automatically generate a unique API Key linked to the store domain and connect the WooCommerce installation to the MGFirewallAI SaaS environment. No risk analysis data is sent to MGFirewallAI until the merchant accepts the Privacy Policy and activates the service. Smart Correlation Engine Traditional fraud tools often generate too much noise. IronPhantom focuses on correlated risk signals instead of isolated events. The dashboard is designed to highlight the most relevant suspicious transactions, where multiple indicators suggest a concrete risk. Examples of correlated signals may include:

• Anonymous or high-risk IP address
• Email address associated with previous data breaches
• Password exposure indicator using privacy-preserving checks where applicable
• Repeated checkout attempts
• Suspicious user-agent or device behavior
• Behavioral patterns compatible with automation
• Unusual order or session activity
• Technical signals related to suspicious sessions or checkout abuse

This helps merchants focus on the cases that actually require attention. Decision Support, Not Automatic Checkout Blocking IronPhantom is designed to support merchant decisions, not replace them blindly. By default, the plugin does not automatically block the WooCommerce checkout. This reduces the risk of false positives damaging legitimate sales. IronPhantom is intended to support the merchant before order fulfillment and shipping. When a suspicious transaction is detected, the plugin provides risk context and supporting signals so the merchant can make a more informed decision before dispatching the product. IronPhantom does not automatically block payments, cancel orders, refund orders, or stop shipments. Any decision to approve, review, verify, hold, cancel, refund, or ship an order remains under the merchant’s control and responsibility. Instead, IronPhantom provides clear risk signals, context, and decision-support information so the merchant can decide whether to approve, review, verify, hold, refund, cancel, or ship an order. Advanced mitigation features may be available in future paid or Pro plans, depending on the configuration enabled by the merchant. Merchant Decision Responsibility IronPhantom provides risk intelligence, alerts, and decision-support information. The plugin does not make final business decisions on behalf of the merchant. Decisions such as approving, holding, verifying, refunding, cancelling, or shipping an order remain entirely under the merchant’s control and responsibility. Risk scores, alerts, provider responses, and behavioral signals are intended to support review workflows and should not be considered a guarantee that an order is fraudulent or safe. Behavioral AI Sensor IronPhantom includes an optional behavioral sensor that can monitor interaction patterns such as mouse movement, scroll behavior, click timing, session duration, and technical browser signals. The sensor is designed to help detect patterns compatible with:

• Bot activity
• Card testing attempts
• Credential stuffing
• Automated checkout abuse
• Suspicious session behavior
• Abnormal interaction patterns

The Behavioral AI Sensor is disabled by default and can be enabled manually from the IronPhantom dashboard after the merchant has reviewed the privacy information and service settings. The sensor is designed to analyze behavioral and technical patterns. It is not intended to record payment card numbers, CVV codes, plain-text passwords, or the content of private form fields. In the current testing phase, the sensor may operate in monitoring mode. Advanced mitigation and active response features may be introduced in future paid or Pro plans. Identity Verification Workflow For high-risk cases or high-value orders, IronPhantom can support an identity verification workflow through Didit. Identity verification is handled externally by Didit. IronPhantom does not process or store identity documents, facial recognition data, biometric data, or government document images. IronPhantom receives only the limited verification result/status required to support the merchant’s risk decision. Identity verification features may be limited, disabled, or reserved for future paid or Pro plans depending on the current service configuration. Testing Phase IronPhantom is currently available for testing and evaluation. During this phase, merchants may be able to test the plugin and its connected MGFirewallAI risk intelligence features without payment. Future paid plans may introduce additional features, extended limits, advanced mitigation, identity verification workflows, and enhanced dashboard capabilities.

1.1.0

• Added Behavioral AI Sensor documentation and monitoring support.
• Clarified that the Behavioral AI Sensor is disabled by default.
• Added privacy clarification for behavioral sensor data.
• Added Didit identity verification workflow documentation, where available.
• Added 14-day Pro trial documentation, where available.
• Added merchant decision responsibility clarification.
• Added pre-fulfillment and shipping decision support clarification.
• Clarified that IronPhantom does not automatically block payments, cancel orders, refund orders, or stop shipments.
• Added FAQ entries for payment, order, shipment, behavioral sensor, trial mode, and merchant decision responsibility.
• Added clarification regarding "Verify User" button availability during trial or approved configurations.
• Improved Privacy by Design and external provider wording.
• Improved Free, Testing, and future Pro feature wording.
• Updated WooCommerce and WordPress compatibility metadata.

1.0.1

• Internal testing release.
• Automated API Key generation after merchant acceptance.
• Smart Correlation Engine for priority risk dashboard.
• WooCommerce checkout and login risk signal support.
• Basic external risk intelligence support.
• WooCommerce HPOS compatibility.
• WordPress 6.8 compatibility.