--- title: "Go-live checklist" description: "Follow this checklist before you start accepting live payments." url: "https://docs.adyen.com/plugins/adobe-commerce/go-live-checklist" source_url: "https://docs.adyen.com/plugins/adobe-commerce/go-live-checklist.md" canonical: "https://docs.adyen.com/plugins/adobe-commerce/go-live-checklist" last_modified: "2023-05-03T14:15:00+02:00" language: "en" --- # Go-live checklist Follow this checklist before you start accepting live payments. [View source](/plugins/adobe-commerce/go-live-checklist.md) The setup from your test environment is not copied over to your live environment, so you need to configure live settings for: * [Account](#account) * [Finance](#finance) * [Risk and compliance](#risk) * [API communication](#api-communication) * [Webhooks](#webhooks) After you have configured your [live Customer Area](https://ca-live.adyen.com/) and the Adobe Commerce admin panel, [test your integration by making real payments](#end-to-end-testing). If you have a feature request, or spotted a bug or a technical problem, [create a GitHub issue](https://github.com/Adyen/adyen-magento2/issues/new/choose). For other questions, contact our [Support Team](https://ca-test.adyen.com/ca/ca/contactUs/support.shtml?form=other). ## Account ### Set up your live account structure * [Create additional merchant accounts](/account/manage-account-structure#request-merchant-account) if needed for your business. ### Give team members access to the live environment * [Create a separate user](/account/users#create) for each team member who needs to access your [live Customer Area](https://ca-live.adyen.com/). * Give each user the [roles](/account/user-roles) and account access required to perform their tasks. * [Set up Customer Area notifications](/account/notification-center/#configure-notification-settings) to be notified of important events such as chargebacks. * Consider setting up [two-factor authentication](/account/two-factor-authentication) for increased security. ### Set up payment methods The plugin renders the payment methods based on what is enabled in your [Customer Area](https://ca-live.adyen.com/). * [Add all the payment methods](/payment-methods/add-payment-methods) that you want to offer to your shoppers. * Check that the payment methods are rendered in the correct order in your checkout. You can change the order of local payment methods in your [Customer Area](https://ca-live.adyen.com/) > **Settings** > **Checkout settings**. * Make sure that payments appear correctly on the shopper's bank statement. To make any adjustments to the **shopper statement**, contact our [Support Team](https://ca-test.adyen.com/ca/ca/contactUs/support.shtml?form=other). ## Finance ### Receive payouts from Adyen * [Add information about the bank accounts](/account/manage-payout-account-details) where you want to receive the payouts from Adyen, if you haven't done so [as part of your application](/get-started-with-adyen/application-requirements#bank-statement). * [Review and change how you get paid](/account/getting-paid#change-how-you-get-paid), if required. ### Use reports for reconciliation * Set up [automatic generation of reports](/reporting/automatically-get-reports). * Use the [Settlement details report](/reporting/settlement-detail-report) to reconcile your accounts on a transaction level. * Consider [automating your reconciliation process](/reporting/settlement-reconciliation). ### (Optional) Set up a Reserve * Consider setting up a [Reserve](/account/balances/reserve): this is used for refunds and other operational expenses in case of insufficient [in-process funds](/account/balances). ## Risk and compliance ##### Risk webinar To learn more about risk management with Adyen, [sign up for an upcoming webinar](https://help.adyen.com/academy). By default, your Adyen account has a risk profile based on industry standards. * Review and [customize](/risk-management) your risk profile. * [Set up Customer Area notifications](/account/notification-center/#configure-notification-settings) about [Fraudulent Payments (NOF)](/risk-management/understanding-disputes/dispute-process-and-flow#dispute-process) and [Chargebacks (NOC)](/risk-management/understanding-disputes/dispute-process-and-flow#dispute-process). * Make sure that you know how risk rules are triggered, for example by making a payment where the billing address is different from the delivery address, or using different email addresses with the same IP address. We strongly recommend to implement CAPTCHA [to prevent card testing attacks](https://help.adyen.com/en_US/knowledge/risk/fraud-score/how-can-i-prevent-bin-attacks), also known as [BIN](/get-started-with-adyen/adyen-glossary/#bank-identification-number-bin) attacks. ### 3D Secure Note that for Visa and Mastercard, the enrollment for [3D Secure](/online-payments/3d-secure) can take up to seven days. This means that you might not be able to offer [3D Secure](/online-payments/3d-secure) to your shoppers immediately after your [live Customer Area](https://ca-live.adyen.com/) has been activated. * Configure your own rules for [Dynamic 3D Secure](/risk-management/dynamic-3d-secure), to have more control over which transactions are processed with [3D Secure](/online-payments/3d-secure). ### Compliance When using our Adobe Commerce plugin, you need to assess your PCI DSS compliance according to the [Self-Assessment Questionnaire A (SAQ A)](/development-resources/pci-dss-compliance-guide?tab=client_side_encryption_3). To meet SAQ-A requirements, we recommend to use the default card component of the plugin. Adobe Commerce enforces strict Content Security Policy (CSP) rules under PCI DSS 4.0.1, that requires you to [authorize and assure the integrity of scripts](/online-payments/script-security-compliance/manage-script-security/) regardless of your SAQ-A status. To meet the Adobe Commerce requirements, use plugin [v9.17.0](https://github.com/Adyen/adyen-magento2/releases/tag/v9.17.0) or later. If you customized the plugin front end, or use a headless integration, you must review the [applicable compliance requirements](/development-resources/pci-dss-compliance-guide/?tab=api_only_3_4#online-payments), and make sure you comply with [script security requirements for PCI DSS v4.0.1](/online-payments/script-security-compliance/). ### Accessibility (WCAG/EAA) Compliance You are responsible for ensuring compliance with WCAG and EAA accessibility standards. The Adyen Adobe Commerce plugin uses technologies that do not enforce additional accessibility requirements by default. The Adyen Plugins team does not implement additional accessibility measures beyond what the [Adobe Commerce platform](https://experienceleague.adobe.com/en/docs/commerce-knowledge-base/kb/faq/accessibility) and [Adyen Web Components](/online-payments/accessibility/#adyens-commitment-to-accessibility) provide. ## API communication * [Generate an API key](/plugins/adobe-commerce/set-up-adyen-customer-area?tab=automated_1#step-1-generate-your-api-and-client-keys) in your [live Customer Area](https://ca-live.adyen.com/). * [Generate a client key](/plugins/adobe-commerce/set-up-adyen-customer-area?tab=automated_1#step-1-generate-your-api-and-client-keys) in your [live Customer Area](https://ca-live.adyen.com/), and [copy it over to the Adobe Commerce admin panel](/plugins/adobe-commerce/set-up-the-plugin-in-adobe-commerce#step-3-configure-the-plugin-in-adobe-commerce). * Make sure that your live API credentials have the following [permissions](/development-resources/api-credentials#api-permissions): * Merchant PAL webservice role * Merchant Recurring role * Checkout webservice role * Checkout encrypted cardholder data * [Configure your Adobe Commerce admin panel](/plugins/adobe-commerce/set-up-the-plugin-in-adobe-commerce#step-3-configure-the-plugin-in-adobe-commerce) with your live API key and your live endpoints from your [live Customer Area](https://ca-live.adyen.com/). ## Webhooks * [Set up webhooks](/plugins/adobe-commerce/set-up-adyen-customer-area?tab=manual_2#step-3-set-up-webhooks) in your [live Customer Area](https://ca-live.adyen.com/). * [In your Adobe Commerce admin panel](/plugins/adobe-commerce/set-up-the-plugin-in-adobe-commerce#step-3-configure-the-plugin-in-adobe-commerce), enter the webhook credentials and the HMAC key from your [live Customer Area](https://ca-live.adyen.com/). * Follow the instructions to for [non-default event codes](/development-resources/webhooks/webhook-types#non-default-event-codes) to enable the [OFFER\_CLOSED](https://docs.adyen.com/api-explorer/Webhooks/latest/post/OFFER_CLOSED) webhook. This is needed to close abandoned orders. * Check that you are receiving all [webhook event types](/development-resources/webhooks/webhook-types#event-codes) needed for your integration. * To [prevent webhook events being queued](/development-resources/webhooks/troubleshoot#retry-queue), make sure that you [accept all webhook events](/development-resources/webhooks/configure-and-manage#accept-webhooks). * The plugin has a cronjob that handles the webhook event. To test that this is working correctly: 1. In your [Customer Area](https://ca-live.adyen.com/), go to **Developers** > **Webhooks**. 2. Next to **Standard Webhook**, select the edit webhook icon **. 3. Select **Test Configuration**. 4. If you are on a [company account](/account/account-structure#company-account), select a **Merchant account** from the dropdown list. 5. In the **Event** dropdown list, select the [event code](/development-resources/webhooks/webhook-types#event-codes). If the webhook is working correctly, you will see a [successful HTTP response status code](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status#successful_responses), for example `ResponseCode`: **200**. ## End-to-end testing To make sure your integration can handle the entire [payment lifecycle](/account/payments-lifecycle) with real payment details, you need to test possible scenarios with real payment details. Payments with real details incur fees. To have enough funds available for refunds, consider setting up a [Reserve](#reserve). * For each payment method that you offer, make a successful payment using real details. * Make a payment with `resultCode`: **Refused**, for example by entering incorrect card details. * Make a payment with `refusalReason`: **FRAUD**, by triggering multiple risk checks to achieve a risk score above **100**. ### Capture * If using manual capture, [capture a payment](/account/manage-payments#capture-a-payment). * If using manual capture or a capture delay of 1-7 days, [cancel a payment](/account/manage-payments#cancel-a-payment) before it has been captured. * If using multiple partial captures, [capture part of the authorised amount](/account/manage-payments#capture-a-payment), and make sure that the remaining amount is not automatically cancelled. ### 3D Secure * Make a successful payment with 3D Secure authentication. * Make a 3D Secure payment where the shopper fails to complete the challenge. * Make sure that [3D Secure](/online-payments/3d-secure) is triggered correctly according to your [Dynamic 3D Secure](/risk-management/dynamic-3d-secure) settings and your [risk profile](/risk-management/create-and-use-risk-profiles). ## Next steps Once you have completed the above checklist, you are ready to accept live payments! ###### [Keep your plugin up to date](/plugins/release-notes) [Follow our release notes, and subscribe to our releases on GitHub.](/plugins/release-notes) ###### [Managing your live account](/account) [Learn how to manage your Adyen account after your integration is live.](/account)