# Sift (Chargeback) MCP

> Sift (Chargeback) manages your entire fraud defense lifecycle from a single conversation. Connect this MCP to instantly check user risk scores, report suspicious chargebacks, and apply manual decisions—all without opening the Sift dashboard. It lets you run real-time dispute resolution and audit user history directly through any AI agent.

## Overview
- **Category:** security-compliance
- **Price:** Free
- **Tags:** fraud-prevention, chargeback-management, risk-analysis, dispute-resolution, fraud-detection, security-monitoring

## Description

This connector gives your AI client full control over fraud prevention and chargeback management. Instead of jumping between dashboards to check risk or submit a dispute, you talk to your agent and it handles the heavy lifting. You can ask for a real-time fraud score on any user, instantly seeing if they're high risk or low risk. Need to audit why an order was blocked? Ask the system to list all past decisions applied to that account. If something suspicious happens, you just report the chargeback event, and Sift updates the user profile immediately. Because Vinkius hosts this MCP, you connect your agent once, giving it access to powerful security tools like these for fraud intelligence, decision automation, and deep behavioral tracking.

## Tools

### apply_user_decision
Manually applies a decision, such as blocking or approving, to a specific user account.

### list_user_decision_history
Retrieves a chronological list of all decisions and actions ever applied to a given user.

### get_user_fraud_labels
Fetches the specific fraud labels (like $bad or $good) Sift has assigned to a user's profile.

### get_user_fraud_score
Checks and returns the real-time numerical fraud risk score for any specified user.

### list_sift_decisions
Shows all the available decision types or actions that Sift recognizes.

### list_sift_workflows
Lists and provides visibility into your currently configured fraud prevention workflows within Sift.

### report_sift_chargeback
Submits a formal chargeback event report to Sift, triggering an update of the user's risk profile.

### track_sift_event
Logs general events (like logins or transactions) into Sift so they can train their machine learning model.

## Prompt Examples

**Prompt:** 
```
What is the fraud score for user 'user_abc_123'?
```

**Response:** 
```
Checking risk for 'user_abc_123'... The user has a fraud score of 85.2% (High Risk). Sift has labeled this user as '$bad' based on recent transaction patterns.
```

**Prompt:** 
```
Report a chargeback for order #999 from user 'user_789' as '$fraud'.
```

**Response:** 
```
Reporting chargeback for order #999... The event has been successfully sent to Sift with the reason '$fraud'. This will update the user's risk profile immediately.
```

**Prompt:** 
```
Show me the last 5 decisions applied to user 'user_456'.
```

**Response:** 
```
Retrieving decision history for 'user_456'... I found 2 recent decisions: 'watch_user' (Applied on 2024-03-15) and 'approve_order' (Applied on 2024-02-10).
```

## Capabilities

### Check current risk score
The system fetches the latest fraud score assigned to any user.

### Identify user labels
It retrieves the specific flags or labels Sift has applied to a user's account history (e.g., $bad).

### Apply manual actions
You can instruct your agent to manually accept, block, or change the status of a user's account.

### Report disputes
The MCP sends formal chargeback reports to Sift, updating the risk profile for the involved party.

### Track behavior and events
It logs custom activity like a user logging in or completing a transaction to refine Sift's machine learning model.

## Use Cases

### Handling an unknown fraud risk during checkout
A customer service agent receives a ticket for a high-value order. Instead of asking the customer for their account details and then opening Sift, they ask their agent: 'What is the fraud score for this user?' The agent runs `get_user_fraud_score` and sees it's 92% (Very High Risk). They immediately run `apply_user_decision` to block the order before processing.

### Investigating a sudden spike in chargebacks
A risk analyst notices an unusual cluster of disputes. They ask their agent: 'List all recent chargeback events for this merchant.' The agent runs `report_sift_chargeback` and then uses `list_user_decision_history` to see if any past decisions correlate with the spike, finding a pattern they missed.

### Training the model on new behavior
The development team needs to verify that Sift is tracking all relevant activity. They ask their agent: 'Log this specific login and transaction pair.' The agent executes `track_sift_event`, ensuring the data feeds directly into Sift for better future detection.

### Auditing compliance after an incident
A manager needs to prove that all necessary steps were taken following a breach. They ask their agent: 'Show me every decision made on user X.' The agent compiles the report using `list_user_decision_history`, providing immediate, auditable proof.

## Benefits

- Instant Risk Checks: Instead of logging into Sift just to see a score, you ask your agent for the `get_user_fraud_score` and get an immediate risk assessment in natural conversation. This cuts down on triage time drastically.
- Full Audit Trail Access: You can request the full history of actions by running `list_user_decision_history`. Your team gets a clear, simple log of every decision made about a user’s account.
- Proactive Fraud Logging: Use `track_sift_event` to automatically feed data—like new logins or transactions—back into Sift. This continuously sharpens their detection models without any manual effort from your side.
- Immediate Dispute Reporting: When fraud hits, you simply run `report_sift_chargeback`. The agent handles the required data submission and ensures the user's risk profile is updated instantly for review.
- Decision Enforcement: If a user needs to be blocked or their status changed, running `apply_user_decision` executes that action securely via chat, eliminating the need to click through complex UI forms.

## How It Works

The bottom line is you use natural language to perform complex security operations that usually require multiple logins and dashboard navigations.

1. Subscribe to this MCP and provide your specific Sift REST API Key and Account ID.
2. Authorize the connection within your preferred AI client (Claude, Cursor, etc.).
3. Ask your agent a question like, 'What is the fraud score for user X?' and get an immediate answer.

## Frequently Asked Questions

**How do I check a user's risk score using the Sift (Chargeback) MCP?**
You ask your agent to run `get_user_fraud_score` and provide the username. The system returns the current numerical fraud score, along with any associated labels like $bad or $good.

**Can I use Sift (Chargeback) MCP to block a user?**
Yes. You can execute an action by calling `apply_user_decision` and specifying the required decision, such as 'block_user,' which immediately updates their account status.

**What if I need to update Sift after a dispute?**
You run `report_sift_chargeback`. This tool sends the official chargeback event details to Sift, ensuring that the user's risk profile is updated and reviewed by their models.

**Does Sift (Chargeback) MCP track basic activity?**
It does. You can use `track_sift_event` to log specific events, like a transaction or login, directly into Sift for behavioral analysis and ML training.

**How do I see what actions are available? (Sift (Chargeback) MCP)**
Run the `list_sift_decisions` tool. This shows you every recognized action or decision type that can be applied to a user within Sift.

**Is it possible to check past decisions on a user?**
Absolutely. Use the `list_user_decision_history` tool, and the system will retrieve all historical records of actions taken against that specific user account.