=== IronPhantom Antifraud - AI Fraud Detection and Bot Defense for WooCommerce ===
Contributors: izioh1979
Tags: woocommerce, fraud, security, bot-detection, card-testing
Requires at least: 6.1
Tested up to: 6.9
Requires PHP: 7.4
Stable tag: 1.1.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html
WC requires at least: 7.0
WC tested up to: 10.1

AI-assisted fraud monitoring and bot defense for WooCommerce, powered by MGFirewallAI risk intelligence.

== Description ==

IronPhantom Antifraud brings AI-assisted fraud monitoring and bot defense to WooCommerce.

The plugin works in a non-intrusive way by analyzing checkout, order, login, behavioral, and technical risk signals in real time. It helps identify risky behavior, compromised account indicators, suspicious IP patterns, automated activity, and session anomalies before they become a serious operational problem.

IronPhantom is designed for merchants who want more visibility, more control, and less noise.


### Automated Provisioning

IronPhantom is built for fast activation.

After the merchant accepts the Privacy Policy and enables the service, the plugin can automatically generate a unique API Key linked to the store domain and connect the WooCommerce installation to the MGFirewallAI SaaS environment.

No risk analysis data is sent to MGFirewallAI until the merchant accepts the Privacy Policy and activates the service.


### Smart Correlation Engine

Traditional fraud tools often generate too much noise.

IronPhantom focuses on correlated risk signals instead of isolated events. The dashboard is designed to highlight the most relevant suspicious transactions, where multiple indicators suggest a concrete risk.

Examples of correlated signals may include:

* Anonymous or high-risk IP address
* Email address associated with previous data breaches
* Password exposure indicator using privacy-preserving checks where applicable
* Repeated checkout attempts
* Suspicious user-agent or device behavior
* Behavioral patterns compatible with automation
* Unusual order or session activity
* Technical signals related to suspicious sessions or checkout abuse

This helps merchants focus on the cases that actually require attention.


### Decision Support, Not Automatic Checkout Blocking

IronPhantom is designed to support merchant decisions, not replace them blindly.

By default, the plugin does not automatically block the WooCommerce checkout. This reduces the risk of false positives damaging legitimate sales.

IronPhantom is intended to support the merchant before order fulfillment and shipping. When a suspicious transaction is detected, the plugin provides risk context and supporting signals so the merchant can make a more informed decision before dispatching the product.

IronPhantom does not automatically block payments, cancel orders, refund orders, or stop shipments. Any decision to approve, review, verify, hold, cancel, refund, or ship an order remains under the merchant’s control and responsibility.

Instead, IronPhantom provides clear risk signals, context, and decision-support information so the merchant can decide whether to approve, review, verify, hold, refund, cancel, or ship an order.

Advanced mitigation features may be available in future paid or Pro plans, depending on the configuration enabled by the merchant.


### Merchant Decision Responsibility

IronPhantom provides risk intelligence, alerts, and decision-support information.

The plugin does not make final business decisions on behalf of the merchant. Decisions such as approving, holding, verifying, refunding, cancelling, or shipping an order remain entirely under the merchant’s control and responsibility.

Risk scores, alerts, provider responses, and behavioral signals are intended to support review workflows and should not be considered a guarantee that an order is fraudulent or safe.


### Behavioral AI Sensor

IronPhantom includes an optional behavioral sensor that can monitor interaction patterns such as mouse movement, scroll behavior, click timing, session duration, and technical browser signals.

The sensor is designed to help detect patterns compatible with:

* Bot activity
* Card testing attempts
* Credential stuffing
* Automated checkout abuse
* Suspicious session behavior
* Abnormal interaction patterns

The Behavioral AI Sensor is disabled by default and can be enabled manually from the IronPhantom dashboard after the merchant has reviewed the privacy information and service settings.

The sensor is designed to analyze behavioral and technical patterns. It is not intended to record payment card numbers, CVV codes, plain-text passwords, or the content of private form fields.

In the current testing phase, the sensor may operate in monitoring mode. Advanced mitigation and active response features may be introduced in future paid or Pro plans.


### Identity Verification Workflow

For high-risk cases or high-value orders, IronPhantom can support an identity verification workflow through **Didit**.

Identity verification is handled externally by Didit. IronPhantom does not process or store identity documents, facial recognition data, biometric data, or government document images.

IronPhantom receives only the limited verification result/status required to support the merchant’s risk decision.

Identity verification features may be limited, disabled, or reserved for future paid or Pro plans depending on the current service configuration.


### Testing Phase

IronPhantom is currently available for testing and evaluation.

During this phase, merchants may be able to test the plugin and its connected MGFirewallAI risk intelligence features without payment.

Future paid plans may introduce additional features, extended limits, advanced mitigation, identity verification workflows, and enhanced dashboard capabilities.


== Key Features ==

* **AI-Assisted Risk Intelligence** – Detect suspicious order, login, checkout, behavioral, and technical risk signals.
* **Behavioral AI Sensor** – Optional sensor for interaction-based bot and automation detection, disabled by default.
* **Smart Risk Dashboard** – Shows priority transactions where multiple signals indicate a meaningful risk.
* **Bot & Card Testing Detection** – Helps detect patterns compatible with automated checkout abuse and repeated payment attempts.
* **Credential Risk Signals** – Supports checks related to compromised emails and password exposure indicators.
* **External Risk Intelligence** – Supports integrations with providers such as FraudLabs Pro, ProxyCheck, and Have I Been Pwned, where configured.
* **Identity Verification Support** – Optional workflow through Didit for high-risk cases, where available.
* **Decision Support Mode** – Helps merchants decide without automatically interrupting legitimate customers.
* **Pre-Fulfillment Review Support** – Helps merchants review suspicious orders before shipping products.
* **GDPR-First Approach** – Built with data minimization, pseudonymization where applicable, and privacy-aware processing.
* **SaaS Architecture** – Keeps heavy analysis outside the WordPress installation.
* **Testing Mode Availability** – Current testing access may be available without payment while the service is being evaluated.


== Installation ==

1. **Install the Plugin**
   Search for **IronPhantom Antifraud** from the WordPress Plugins menu and click **Install**.

2. **Activate IronPhantom**
   Activate the plugin from the WordPress admin area.

3. **Accept Privacy Policy & Terms**
   Before risk analysis is activated, the merchant must review and accept the Privacy Policy and service conditions.

4. **Automatic API Key Setup**
   After acceptance, IronPhantom can automatically generate a unique API Key linked to the store domain and connect the plugin to MGFirewallAI.

5. **Open the Dashboard**
   Go to the **IronPhantom** menu in the WordPress admin sidebar.

6. **Enable Optional Features**
   From the dashboard, the merchant can enable or disable optional features such as the Behavioral AI Sensor.


== Privacy & Data Security ==

IronPhantom follows a **Privacy by Design** approach.

The system is designed to process only the data required for fraud prevention, bot detection, security monitoring, and risk intelligence.

No risk analysis data is sent to MGFirewallAI until the merchant accepts the Privacy Policy and activates the service.

The Behavioral AI Sensor is disabled by default and must be enabled manually by the merchant from the dashboard.


### Data Used for Risk Analysis

Depending on the plugin configuration and WooCommerce event, IronPhantom may process limited technical, behavioral, and transactional metadata such as:

* Order ID or transaction reference
* Store domain or merchant identifier
* Email address or pseudonymized identifier where applicable
* IP address
* Order amount
* Timestamp
* Browser and user-agent information
* Session and technical metadata
* Behavioral sensor signals, if enabled
* Risk-related status returned by external providers


### Behavioral Sensor Data

If enabled by the merchant, the Behavioral AI Sensor may process interaction and technical signals such as:

* Mouse movement patterns
* Scroll behavior
* Click timing
* Session duration
* Browser and user-agent signals
* Technical indicators related to automation or abnormal sessions

The sensor is intended to analyze behavioral patterns and technical signals. It is not intended to record payment card numbers, CVV codes, plain-text passwords, or the content of private form fields.


### Payment Data

IronPhantom does **not** process, collect, transmit, or store:

* Full payment card numbers
* CVV codes
* Full payment credentials
* Plain-text passwords
* Banking credentials

Payment processing remains handled by the store’s payment gateway or WooCommerce payment provider.


### Didit Identity Verification

For high-risk cases or high-value orders, IronPhantom can support an identity verification workflow through **Didit**, where available.

Identity verification is handled externally by Didit.

During the 14-day trial period, the **"Verify User"** button and the identity verification workflow through Didit are disabled for security and abuse prevention purposes.

Identity verification is reserved for full Pro subscriptions or specifically approved configurations.

IronPhantom does **not** store:

* Identity document images
* Facial recognition data
* Biometric data
* Government ID files
* Liveness check media

IronPhantom receives only the limited verification result/status needed to support the merchant’s fraud review process.
---

### External Intelligence Providers

IronPhantom may use external providers such as:

* FraudLabs Pro
* ProxyCheck
* Have I Been Pwned
* Didit

These integrations are used only for security, fraud prevention, identity verification, and risk validation purposes, as described in the Privacy Policy.

Availability of specific integrations may depend on the current configuration, testing phase, or future paid service plan.


### WordPress Database Impact

IronPhantom is designed as a SaaS-based solution. Heavy analysis is handled outside the WordPress installation, helping keep the local WordPress environment lighter and focused on essential plugin settings, status information, and relevant risk summaries.


== Frequently Asked Questions ==

= Does IronPhantom block my checkout? =

By default, no.

IronPhantom analyzes and reports risk signals without automatically interrupting the WooCommerce checkout flow. This helps reduce the risk of false positives affecting legitimate customers.

Advanced mitigation features may be available in future paid or Pro plans and can be enabled depending on the merchant’s configuration.


= Does IronPhantom block payments, orders, or shipments? =

No.

IronPhantom does not automatically block payments, cancel WooCommerce orders, refund orders, or stop shipments.

When a suspicious transaction is detected, IronPhantom provides risk signals and context to help the merchant make a better decision before fulfilling or shipping the order.

The final decision to approve, review, verify, hold, refund, cancel, or ship the order always remains with the merchant.


= Is IronPhantom responsible for merchant decisions? =

No.

IronPhantom provides risk signals, alerts, and decision-support information. The final decision to approve, hold, verify, refund, cancel, or ship an order always remains with the merchant.

Risk scores and alerts are not guarantees. They are tools designed to help merchants review suspicious activity with more context.


= Why do I only see some orders in the dashboard? =

IronPhantom is designed to reduce noise.

The dashboard focuses on transactions where multiple correlated signals indicate a meaningful risk. Safe or low-risk orders may not appear as priority alerts.


= What does the Behavioral AI Sensor do? =

The Behavioral AI Sensor monitors interaction and technical patterns that may indicate automated or suspicious activity.

Examples include mouse movement, scroll behavior, click timing, session duration, browser signals, and checkout interaction patterns.

The sensor is intended to support bot and automation detection by analyzing behavioral and technical patterns.


= Is the sensor enabled by default? =

No.

The Behavioral AI Sensor is disabled by default and can be enabled manually from the IronPhantom dashboard after the merchant has reviewed the privacy information and service settings.


= Does the Behavioral AI Sensor record passwords or payment data? =

No.

The sensor is not intended to record payment card numbers, CVV codes, plain-text passwords, or the content of private form fields.

It is designed to analyze behavioral and technical patterns related to session activity, automation, and abnormal interaction behavior.


= What is the difference between Free, Testing, and Pro features? =

During the current testing phase, merchants may be able to evaluate IronPhantom without payment.

Basic monitoring and visibility may be available for testing purposes. Future paid or Pro plans may include advanced behavioral analysis, stronger mitigation options, identity verification workflows, extended threat intelligence, and additional dashboard features.

Feature availability may change as the service evolves.


= Is there a 14-day Pro trial? =

Where available, IronPhantom may offer a 14-day Pro trial without requiring a credit card.

During the trial, the merchant can test selected advanced Pro features, including enhanced visibility into the Behavioral AI Sensor and smart risk correlation.

For security and abuse prevention purposes, the **"Verify User"** button and the identity verification workflow through Didit are **disabled during the 14-day trial period**.

Identity verification is reserved for full Pro subscriptions or specifically approved configurations.

At the end of the trial, the account may return to the standard testing or Free mode unless the merchant chooses to upgrade when paid plans become available.


= Does IronPhantom store credit card data? =

No.

IronPhantom does not process or store full credit card numbers, CVV codes, or full payment credentials.


= Does IronPhantom process passwords? =

IronPhantom does not store plain-text passwords.

Where password compromise checks are supported, privacy-preserving methods are used where applicable, such as k-anonymity-based checks through Have I Been Pwned.


= Are identity documents stored by IronPhantom? =

No.

Identity verification, when requested, is handled externally by Didit. IronPhantom receives only a limited verification result/status and does not store identity documents, biometric data, facial recognition data, or government ID images.


= Can IronPhantom work alongside other security tools? =

Yes.

IronPhantom is designed to complement existing security tools such as firewalls, anti-spam systems, hosting-level security, CAPTCHA alternatives, and WooCommerce fraud prevention workflows.


= Is IronPhantom suitable for stores that already use Cloudflare or hosting security? =

Yes.

Cloudflare, WAF systems, and hosting security tools are useful for perimeter protection. IronPhantom focuses on WooCommerce-specific fraud behavior, checkout abuse, suspicious transactions, compromised credential indicators, behavioral anomalies, and merchant decision support.

The two approaches can work together.


= Is IronPhantom currently paid? =

IronPhantom is currently available for testing and evaluation without payment, where access is provided.

Future paid plans may introduce additional limits, advanced mitigation, identity verification workflows, and extended risk intelligence features.


== Changelog ==

= 1.1.0 =
* Added Behavioral AI Sensor documentation and monitoring support.
* Clarified that the Behavioral AI Sensor is disabled by default.
* Added privacy clarification for behavioral sensor data.
* Added Didit identity verification workflow documentation, where available.
* Added 14-day Pro trial documentation, where available.
* Added merchant decision responsibility clarification.
* Added pre-fulfillment and shipping decision support clarification.
* Clarified that IronPhantom does not automatically block payments, cancel orders, refund orders, or stop shipments.
* Added FAQ entries for payment, order, shipment, behavioral sensor, trial mode, and merchant decision responsibility.
* Added clarification regarding "Verify User" button availability during trial or approved configurations.
* Improved Privacy by Design and external provider wording.
* Improved Free, Testing, and future Pro feature wording.
* Updated WooCommerce and WordPress compatibility metadata.

= 1.0.1 =
* Internal testing release.
* Automated API Key generation after merchant acceptance.
* Smart Correlation Engine for priority risk dashboard.
* WooCommerce checkout and login risk signal support.
* Basic external risk intelligence support.
* WooCommerce HPOS compatibility.
* WordPress 6.8 compatibility.

== Upgrade Notice ==

= 1.1.0 =
Added Behavioral AI Sensor documentation, Didit identity verification workflow documentation, improved privacy wording, testing phase clarification, and merchant decision responsibility wording.

= 1.0.1 =
Internal testing release of IronPhantom Antifraud with AI-assisted risk intelligence, smart dashboard filtering, WooCommerce risk signal support, and SaaS-based MGFirewallAI integration.
