A build-to-order Frappe app that adds a real-time risk-scoring engine, velocity and blocklist rules, a manual review queue, and 3-D Secure 2 step-up orchestration on top of your existing ERPNext payment gateways. ECOSIRE scopes, builds, installs, and supports it — this is not an instant Marketplace download. Built to order by ECOSIRE for ERPNext v15, v16 — indicative price from $399.00 USD; request a quote for a scoped proposal.

A build-to-order Frappe app that adds a real-time risk-scoring engine, velocity and blocklist rules, a manual review queue, and 3-D Secure 2 step-up orchestration on top of your existing ERPNext payment gateways. ECOSIRE scopes, builds, installs, and supports it — this is not an instant Marketplace download.
Sem pagamento agora. Isto envia um pedido de orçamento à nossa equipe — responderemos por e-mail com preços e próximos passos.
High-volume ERPNext merchants lose real margin to card fraud and chargebacks, and ERPNext core gives you nothing to fight it. Payment Entry and the Payment Gateway integrations record that a transaction happened, but there is no risk score, no velocity check, no BIN or geo rule, no blocklist, and no way to force a step-up challenge before authorization. When fraud slips through you find out weeks later as a chargeback, and by then the goods have shipped and the acquirer is debiting your account. Merchants end up bolting on spreadsheets, manual eyeballing of orders, or an expensive external fraud SaaS that has no idea what a Sales Order or Customer actually looks like in your system.
Weighted risk-scoring engine that combines every triggered rule into a single `Risk Assessment` decision (approve / decline / review) per payment
Velocity rules with rolling-window counters (transactions or cumulative amount) keyed by card hash, email, IP, or device fingerprint, persisted in a `Velocity Counter` DocType
BIN and issuer-country checks to flag high-risk card ranges and cross-border mismatches against the billing address
Geo/IP intelligence: compares IP geolocation against shipping and billing country and raises score on mismatch
Configurable blocklists (`Blocklist Entry`) for email, card fingerprint, IP, and device, with allowlist overrides for trusted repeat customers
3-D Secure 2 step-up orchestration: initiates 3DS2 auth, handles the ACS challenge, verifies the result, and records the liability-shift outcome on a `3DS Session`
We build a proper Frappe app — a dedicated fraud-prevention module with its own DocTypes (Risk Assessment, Fraud Rule, Velocity Counter, Blocklist Entry, Chargeback Case, 3DS Session) that lives inside your bench and speaks native ERPNext. A configurable rules engine evaluates each incoming payment against velocity limits (transactions or amount per card, email, IP, or device over a rolling window), BIN and issuer-country checks, geo/IP mismatch, email and device blocklists, and amount thresholds. Each rule contributes to a weighted risk score, and the resulting Risk Assessment decides an action: approve, decline, or route to a manual review queue for an analyst. Device fingerprinting hooks capture a client-side signal on your web checkout and attach it to the assessment so the same device can be tracked across orders.
Technically it wires into ERPNext through hooks.py doc events (for example a before_submit/on_submit handler on Payment Entry and Sales Order) and whitelisted server-side methods exposed over the Frappe REST API, so your storefront or headless checkout can request a risk decision before it authorizes the charge. For payments that need a challenge, the 3-D Secure 2 orchestration layer initiates a step-up flow with the gateway (3DS2 authentication request, ACS challenge, and result verification), records the liability-shift outcome on the 3DS Session, and only lets the payment proceed on a successful authentication. Scheduler events (via scheduler_events) roll velocity counters, expire stale sessions, and reconcile chargeback webhooks; server scripts and client scripts handle tenant-specific logic; and role profiles plus permission rules keep the review queue and blocklist restricted to your fraud/finance team. The whole thing runs on Frappe/ERPNext v15 and v16.
Because this is build-to-order, nothing is auto-shipped. We start with a scoping call to map your gateways, checkout stack, chargeback history, and risk tolerance, then confirm scope in writing. From confirmed scope, typical delivery is 2–4 weeks: we build on a staging bench, run UAT with your team against real order patterns, tune rule weights and thresholds with you, then deploy to production with a rollback plan. You receive the full source, the git repository, documentation, and a post-go-live support window — you own the version we build for you.
Runs a storefront or headless checkout backed by ERPNext and is bleeding margin to card-not-present fraud and chargebacks. Needs a real-time risk decision before authorization and a way to force 3DS challenges on risky transactions without hurting good-customer conversion.
Owns the chargeback ratio and the relationship with the acquirer. Needs a review queue, blocklist management, chargeback tracking, and reporting on decline and dispute rates — all inside ERPNext, scoped to their team via role profiles, rather than a disconnected external tool.
Runs the bench and integrations. Wants a clean Frappe app with proper DocTypes, hooks.py doc events, whitelisted REST methods, and scheduler events they can read, extend, and maintain — plus a git repo handover and v15/v16 compatibility, not a black box.
Manages the payment gateways and reconciliation. Needs the fraud layer to sit gateway-agnostically across Stripe, Razorpay, PayPal, and custom gateways, orchestrate 3DS2 liability shift correctly, and reconcile chargeback webhooks back to the originating order automatically.
Compre a licença em ecosire.com e baixe o ZIP do aplicativo Fraud Shield & 3DS Manager for ERPNext no painel da sua conta.
Extraia o ZIP na pasta de aplicativos do seu banco ou execute `bench get-app` com o caminho para o aplicativo extraído.
Execute `bench --site SITE_NAME install-app APP_NAME` seguido de `bench Migra` para instalar Fraud Shield & 3DS Manager for ERPNext e aplicar seu esquema.
Abra as configurações de licença ECOSIRE em seu site e ative sua chave de licença. Requer os aplicativos gratuitos ecosire_connect e ecosire_license_client.
| Critério | ECOSIRE | Construção personalizada | Concorrente | Odoo nativo |
|---|---|---|---|---|
| Fit to your ERPNext data model | Native Frappe app with real DocTypes, hooks, and REST methods scoped to your setup | Fully bespoke but you specify and maintain everything | Generic app assuming a standard bench; limited customization | |
| Risk scoring engine | Weighted multi-rule score with configurable actions per payment | Whatever you build from scratch | Fixed scoring, hard to reweight for your patterns | |
| 3-D Secure 2 step-up | Orchestrated 3DS2 challenge + liability-shift recording across gateways | Must be built and tested per gateway yourself | Rarely included or single-gateway only | |
| Velocity & blocklist rules | Rolling-window counters keyed by card, email, IP, device + allow/blocklists | Buildable but time-consuming to get right | Basic velocity, limited keys | |
| Manual review queue | Frappe list view with SLA aging and one-click approve/decline write-back | You design the whole workflow | Sometimes present, often disconnected from orders | |
| Chargeback tracking | `Chargeback Case` ingests webhooks and links back to the order + ratio reporting | Extra scope to build | Usually out of scope | |
| Delivery model | Build-to-order, 2–4 weeks from confirmed scope, UAT + rollback + support window | Long build cycle, you own all risk | Instant download but generic and unsupported for your case | |
| Ownership & maintainability | Full source + git repo handover; you own and can extend the version we build | You own it but built it all yourself | Vendor-locked, closed or restricted source |
This is a build-to-order product, not an instant download. After an initial scoping call we confirm scope in writing, and typical delivery is 2–4 weeks from that confirmed scope. Timing depends on how many gateways, rules, and integrations are in scope. We build on a staging bench, run UAT with your team, then deploy to production with a rollback plan.
Yes. Every build includes a post-go-live support window for bug fixes and rule/threshold tuning. Because we hand over the full source and git repository, your team can also extend the app themselves. We offer extended support and maintenance retainers if you want us to keep tuning rules, add gateways, or track new fraud patterns over time.
We build for Frappe/ERPNext v15 and v16. During scoping we confirm your exact bench version and any customizations so the app installs cleanly alongside your existing apps and doc-event handlers.
The engine is gateway-agnostic. It uses an adapter layer over ERPNext's Payment Gateway integrations, so it works across Stripe, Razorpay, PayPal, Braintree, and custom or regional gateways. 3-D Secure 2 orchestration is available for gateways that expose a 3DS2 authentication flow; where a gateway doesn't, we still apply risk scoring and velocity rules before authorization.
Risk evaluation runs server-side via whitelisted methods and doc events and is designed to return a decision fast. Low-risk transactions pass straight through; only transactions above your configured threshold are stepped up with a 3DS challenge or routed to manual review. You control the rule weights and thresholds, and we tune them with you during UAT to balance fraud capture against friction for good customers.
No. ECOSIRE builds, installs, and supports this specifically for your environment — your gateways, your checkout stack, your risk tolerance, and your ERPNext version. There is no self-serve Marketplace download. You do, however, receive the full source and git repository, so you own the version we build for you.
A `Chargeback Case` DocType ingests dispute notifications from your acquirer/gateway webhooks, links each case back to the originating Sales Order and Payment Entry, and computes your fraud and chargeback ratios over time. This closes the loop: rules that let a fraudulent order through become visible, so you can tighten them.
A build-to-order Frappe app that adds a real-time risk-scoring engine, velocity and blocklist rules, a manual review queue, and 3-D Secure 2 step-up orchestration on top of your existing ERPNext payment gateways. ECOSIRE scopes, builds, installs, and supports it — this is not an instant Marketplace download.