Payflow Pro Fraud Protection Services User’s Guide For Professional Use Only Currently only available in English. A usage Professional Uniquement Disponible en Anglais uniquement pour l’instant.
Payflow Pro Fraud Protection Services User’s Guide Document Number: 200011.en_US-201206 © 2012 PayPal, Inc. All rights reserved. PayPal is a registered trademark of PayPal, Inc. The PayPal logo is a trademark of PayPal, Inc. Other trademarks and brands are the property of their respective owners. The information in this document belongs to PayPal, Inc. It may not be used, reproduced or disclosed without the written approval of PayPal, Inc. Copyright © PayPal. All rights reserved. PayPal (Europe) S.à r.l.
Content Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Document Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Document Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Customer Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Revision History . . . . . . . . . . . .
Content Acting on Transactions that Triggered Filters . . . . . . . . . . . . . . . . . . . . . . 22 Rejecting Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Fine-tuning Filter Settings—Using the Filter Scorecard . . . . . . . . . . . . . . . . . . . 23 Ensuring Meaningful Data on the Filter Scorecard . . . . . . . . . . . . . . . . . . . 24 Re-running Transactions That Were Not Screened . . . . . . . . . . . . . . . . . . . . .
Content Logging Transaction Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Audit Trail and Transaction Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Chapter 7 Screening Transactions Using the Payflow SDK . . . . . . 49 Downloading the Payflow SDK (Including APIs and API Documentation) . . . . . . . . . . 49 Transaction Data Required by Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Transaction Parameters Unique to the Filters . . . . .
Content Product Watch List Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 High-risk Payment Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 AVS Failure Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 Card Security Code Failure Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Buyer Authentication Failure Filter. . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 BIN Risk List Match Filter . .
Content IP Address Match Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Shipping/Billing Mismatch Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Total Item Ceiling Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Total Purchase Price Ceiling Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 Total Purchase Price Floor Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Content 8
Preface This document describes Fraud Protection Services and explains how you can use the Payflow SDK to perform transactions that will be screened by Fraud Protection Services filters. For details on how to configure and use Fraud Protection Services and to generate Buyer Authentication reports through PayPal Manager, see PayPal Manager online help. Intended Audience This document is intended for Payflow Pro merchants who subscribe to any Fraud Protection Services options.
Preface Customer Service Appendix A, “Fraud Filter Reference,” describes the Transaction filters that make up part of the Fraud Protection Services. Appendix B, “Testing the Transaction Security Filters,” provides Payflow SDK transactions that you can use to test the filters. Appendix C, “Deactivating Fraud Protection Services,” describes the process of deactivating Fraud Protection Services.
1 Overview This chapter discusses how fraud can affect you the merchant and provides an overview of Fraud Protection Services. In This Chapter “Growing Problem of Fraud” on page 11 “Reducing the Cost of Fraud” on page 11 Growing Problem of Fraud Online fraud is a serious and growing problem.
1 12 Overview Reducing the Cost of Fraud Fraud Protection Services User’s Guide
2 How Fraud Protection Services Protect You This chapter describes the security tools that make up the Fraud Protection Services. In This Chapter “The Threats” on page 13 “Protection Against the Threats—Fraud Filters” on page 13 “Special Considerations” on page 14 The Threats There are two major types of fraud—hacking and credit card fraud.
2 How Fraud Protection Services Protect You Special Considerations Example Filter The Total Purchase Price Ceiling filter compares the total amount of the transaction to a maximum purchase amount (the ceiling) that you specify. Any transaction amount that exceeds the specified ceiling triggers the filter.
3 Configuring the Fraud Protection Services Filters This chapter describes how to configure the Fraud Filters for your Payflow Pro account. The chapter explains a phased approach to implementing the security of transactions. You are not required to use the approach described in this chapter. However it enables you to fine tune your use of filters before you actually deploy them in a live environment. You first make and fine-tune filter settings in a test environment.
3 Configuring the Fraud Protection Services Filters Phase 1: Run Test Transactions Against Filter Settings on Test Transaction Security Servers Phase 1: Run Test Transactions Against Filter Settings on Test Transaction Security Servers In this phase of implementation, you configure filter settings for test servers that do not affect the normal flow of live transactions. You then run test transactions against the filters and review the results offline to determine whether the integration was successful.
Configuring the Fraud Protection Services Filters Phase 2: Run Live Transactions on Live Transaction Servers in Observe Mode 3 Phase 2: Run Live Transactions on Live Transaction Servers in Observe Mode In this phase, you configure filters on live servers to the settings that you had fine-tuned on the test servers. In Observe mode, filters examine each live transaction and mark the transaction with the filter results.
3 Configuring the Fraud Protection Services Filters Phase 3: Run All Transactions Through the Live Transaction Security Servers Using Active Mode Phase 3: Run All Transactions Through the Live Transaction Security Servers Using Active Mode Once you have configured all filters to optimum settings, you convert to Active mode. Filters on the live servers examine each live transaction and take the specified action. 7. Click Move Test Filter Settings to Live.
4 Assessing Transactions that Triggered Filters As part of the task of minimizing the risk of fraud, you review each transaction that triggered a filter. You decide, based on the transaction’s risk profile, whether to accept or reject the transaction. This chapter describes how to review transactions that triggered filters, and provides guidance on deciding on risk.
4 Assessing Transactions that Triggered Filters Reviewing Suspicious Transactions FIGURE 4.1 Fraud Transactions Report page 2. Specify the date range of the transactions to review. 3. Specify a Transaction Type: TABLE 4.1 Transaction types Transaction Type Description Reject Transactions that the filters rejected. These transactions cannot be settled. The type of filter that took this action is called a Reject filter. Review Transactions that the filters set aside for your review.
Assessing Transactions that Triggered Filters Reviewing Suspicious Transactions 4 N OTE : If filters are deployed in Observe mode, then all transactions have been submitted for processing and are ready to settle. Transactions are marked with the action that the filter would have taken had the filters been deployed in Active mode. The following information appears in the report: TABLE 4.2 Transactions Report field descriptions Heading Description Report Type The type of report created.
4 Assessing Transactions that Triggered Filters Reviewing Suspicious Transactions Acting on Transactions that Triggered Filters The Fraud Details page displays the data submitted for a single transaction. The data is organized to help you to assess the risk types and to take action (accept, reject, or continue in the review state). The following notes describe data in the Fraud Details page shown in the figure. 1. This transaction was set aside because it triggered the AVS Failure filter. 2.
Assessing Transactions that Triggered Filters Fine-tuning Filter Settings—Using the Filter Scorecard 4 Fine-tuning Filter Settings—Using the Filter Scorecard The Filter Scorecard displays the number of times that each filter was triggered and the percentage of all transactions that triggered each filter during a specified time period. This information is especially helpful in fine-tuning your risk assessment workflow.
4 Assessing Transactions that Triggered Filters Re-running Transactions That Were Not Screened Ensuring Meaningful Data on the Filter Scorecard The Scorecard shows the total number of triggered transactions for the time period that you specify, so if you had changed a filter setting during that period, the Scorecard result for the filter might reflect transactions that triggered the filter at several different settings.
5 Activating and Configuring the Buyer Authentication Service This chapter describes how to enroll, configure, test, and activate the Buyer Authentication Service.
5 Activating and Configuring the Buyer Authentication Service Configuring Buyer Authentication IMPO RTANT: Full API documentation is included with each SDK. Configuring Buyer Authentication To enable Buyer Authentication processing on your site, you will need to construct two transaction requests (messages) and construct a frameset. You can accomplish the tasks in a few hours.
Activating and Configuring the Buyer Authentication Service Configuring Buyer Authentication 5 Generate Transaction Request Software 1. Submit a Verify Enrollment transaction request (type E) to determine whether the cardholder is enrolled in either the Verified by Visa or MasterCard SecureCode service. See the example on page 38. 2. The response is either Enrolled or Not Enrolled. See the example responses on page 38. 3.
5 Activating and Configuring the Buyer Authentication Service Testing and Activating the Service 5. When the customer enters their password and clicks Submit, the ACS verifies the password and posts a response to the TermURL (the page on your site that is configured to receive ACS responses). 6.
Activating and Configuring the Buyer Authentication Service Testing and Activating the Service 5 Failure messaging. The example text in the red box handles cases where customers cannot successfully authenticate themselves. The text requests another form of payment.
5 Activating and Configuring the Buyer Authentication Service Testing and Activating the Service Consumer Messaging for Failed Authentication: Please submit new form of payment. 2. Testing Buyer Authentication is not available at this time. 3. Once all message flows and customer messaging and required logos are in place, you can activate Buyer Authentication to accept live transactions.
6 Performing Buyer Authentication Transactions Using the SDK This chapter describes the process of performing Buyer Authentication transactions using the Payflow SDK. For information on using the SDK and on transaction syntax see Payflow Pro Developer’s Guide. The content and format of responses to transaction requests are described in “Buyer Authentication Transaction Parameters and Return Values” on page 40. Standard Payflow Pro response values are described in Payflow Pro Developer’s Guide.
6 Performing Buyer Authentication Transactions Using the SDK Buyer Authentication Terminology 2. If the cardholder is enrolled, then your program redirects the customer to the issuing bank’s buyer authentication page. The customer submits their username and password. The issuing bank authenticates the customer’s identity by returning a payer authentication response value to your program. 3. Your program then validates the authentication response. 4.
Performing Buyer Authentication Transactions Using the SDK Buyer Authentication Server URLs 6 Buyer Authentication Server URLs IMPO RTANT: URLs listed here are used only for buyer authentication transactions: Verify Enrollment (TRXNTYPE=E) and Validate Authentication (TRXNTYPE=Z). The production Buyer Authentication server URL is buyerauth.verisign.com Detailed Buyer Authentication Transaction Flow A buyer authentication transaction involves the following four program calls.
6 Performing Buyer Authentication Transactions Using the SDK Detailed Buyer Authentication Transaction Flow Generate the data for the intended transaction Merchant Web Store 510551055105 $42.02 Transaction Data AMT=42.02 DESCRIPTION=case ACCT=5105510551055555 EXPDATE=0306 NAME=johnson BUY "Is this cardholder enrolled?" TRXTYPE=E ACCT=5105510551055555 EXPDATE=0308 1 Verify Enrollment call RESULT=0 AUTH_STATUS=E AUTH_ID=1A3D4G PAREQ=J84H+To4vv6K ACSURL=www.issuer.
Performing Buyer Authentication Transactions Using the SDK Detailed Buyer Authentication Transaction Flow "Please authenticate this customer." 2 HTTP method="POST" PaReq=J84H+To4vv6K TermUrl=http://merchantpage.
6 Performing Buyer Authentication Transactions Using the SDK Detailed Buyer Authentication Transaction Flow
Click Submit to continue processing your 3-D Secure transaction.
Performing Buyer Authentication Transactions Using the SDK Example Buyer Authentication Transactions 6 the standard sale or authorization transaction data, you include buyer authentication data, as follows: (Standard values:) "Here's a Sale transaction, and I've included Buyer Authentication data" TRXTYPE=S TENDER=C AMT=42.
6 Performing Buyer Authentication Transactions Using the SDK Example Buyer Authentication Transactions Example Verify Enrollment Transaction Use TRXTYPE=E to submit a Verify Enrollment request transaction. The following is an example name-value pair parameter string. "TRXTYPE=E&ACCT=5105105105105100&AMT=19.
Performing Buyer Authentication Transactions Using the SDK Example Buyer Authentication Transactions 6 Example Validate Authentication Response RESULT[1]=0&RESPMSG[2]=OK&AUTHENTICATION_ID[20]=8d4d5ed66ac6e6faac6d&AUTHEN TICATION_STATUS[1]=Y&CAVV[28]=OTJlMzViODhiOTllMjBhYmVkMGU=&ECI[1]=5&XID[28] =YjM0YTkwNGFkZTI5YmZmZWE1ZmY Displaying the ACS Form The Issuer ACS page presents transaction information to the cardholder.
6 Performing Buyer Authentication Transactions Using the SDK Buyer Authentication Transaction Parameters and Return Values CAVV Is Valid RESULT=0&PNREF=VXYZ01234567&RESPMSG=APPROVED&AUTHCODE=123456&AVSADDR=Y&A VSZIP=N&IAVS=Y&CVV2MATCH=Y&CARDSECURE=Y CAVV Is Invalid RESULT=0&PNREF=VXYZ01234567&RESPMSG=APPROVED&AUTHCODE=123456&AVSADDR=Y&A VSZIP=N&IAVS=Y&CVV2MATCH=Y&CARDSECURE=N Buyer Authentication Transaction Parameters and Return Values The Buyer Authentication server accepts the parameters listed
Performing Buyer Authentication Transactions Using the SDK Buyer Authentication Transaction Parameters and Return Values 6 TABLE 6.2 Verify enrollment parameters Name Description CURRENCY Required ISO 3-number Currency Code (The code for US dollars is 840) PUR_DESC Optional purchase description Type Max. Length Verify Enrollment Return Values TABLE 6.3 Verify Enrollment response values Name Description Type Max. Length RESULT 0: successful transaction, otherwise error.
6 Performing Buyer Authentication Transactions Using the SDK Buyer Authentication Transaction Parameters and Return Values Validate Authentication Transaction Name-Value Pairs TABLE 6.4 Validate Authentication parameters Name Description Type Max. Length TRXTYPE Z alpha 1 VENDOR Vendor name USER User name PARTNER Partner name PWD Merchant’s password PARES The complete XML PARES message generated by the ACS Validate Authentication Return Values TABLE 6.
Performing Buyer Authentication Transactions Using the SDK Buyer Authentication Transaction Parameters and Return Values 6 TABLE 6.
6 Performing Buyer Authentication Transactions Using the SDK ECI Values Sale or Authorization Response Value Visa only: In addition to the return values described in Payflow Pro Developer’s Guide, the following value is returned: TABLE 6.7 Buyer Authentication Visa response values Name Value CARDSECURE Visa only. CAVV validity. Y=Card issuer judges CAVV to be valid N=Card issuer judges CAVV to be invalid X=Cannot determine validity ECI Values TABLE 6.
Performing Buyer Authentication Transactions Using the SDK ECI Values 6 TABLE 6.
6 Performing Buyer Authentication Transactions Using the SDK Logging Transaction Information TABLE 6.
Performing Buyer Authentication Transactions Using the SDK Logging Transaction Information 6 Verify Enrollment Transactions Verify Enrollment transactions are logged when all of the following items occur: The merchant passes data needed to perform buyer authentications. The server connects to Visa or MasterCard and gets a meaningful response (card enrollment AUTHENTICATION_STATUS=E, U, or X). If status is Y, then the PAREQ value is logged along with the Verify Enrollment transaction data.
6 48 Performing Buyer Authentication Transactions Using the SDK Logging Transaction Information Fraud Protection Services User’s Guide
7 Screening Transactions Using the Payflow SDK This chapter describes the process of using the Payflow SDK to perform transactions that will be screened by the Fraud Protection Services filters. For information on using the SDK, and on transaction syntax, see Payflow Pro Developer’s Guide. IMPO RTANT: Recurring Billing transactions are not screened by Fraud Protection Services filters. Response Values. Payflow response values are described in “RESULT Codes and RESPMSG Values” on page 65. Testing Filters.
7 Screening Transactions Using the Payflow SDK Transaction Data Required by Filters TABLE 7.
Screening Transactions Using the Payflow SDK Transaction Data Required by Filters 7 TABLE 7.
7 Screening Transactions Using the Payflow SDK Transaction Parameters Unique to the Filters TABLE 7.
Screening Transactions Using the Payflow SDK Existing Payflow Parameters Used by the Filters 7 TABLE 7.2 Parameters accepted by the Payflow server Max. Length Example String formatted as an email address 40 abc@xyz.com Alphanumeric String 3 US, USA, 840 Name Description Type SHIPTOEMAIL Optional. E-mail Address for the shipping contact COUNTRYCODE Optional. Country code of the shipping country. The country code depends on the processor.
7 Screening Transactions Using the Payflow SDK Response Strings for Transactions that Trigger Filters Shipping Information SHIPTOFIRSTNAME SHIPTOLASTNAME SHIPTOMIDDLENAME SHIPTOSTREET SHIPTOSTREET2 SHIPTOCITY SHIPTOSTATE SHIPTOZIP COUNTRYCODE SHIPTOPHONE SHIPTOPHONE2 SHIPTOEMAIL Order Information DOB DL SS CUSTIP BROWSERUSERAGENT BROWSERTIME BROWSERCOUNTRYCODE FREIGHTAMT TAXAMT COMMENT1 DESC CUSTREF PONUM Line Item (each item is appended with the line item number) L_COST0 L_UPC0 L_QTY0 L_DESC0 L_SKU0 L_
Screening Transactions Using the Payflow SDK Response Strings for Transactions that Trigger Filters 7 VERBOSITY=LOW: This is the default setting for Payflow Pro accounts. The following values (described in Payflow Pro Developer’s Guide) are returned: {RESULT, PNREF, RESPMSG, AUTHCODE, AVSADDR, AVSZIP, CVV2MATCH, IAVS, CARDSECURE} The following values are specific to Fraud Protection Services: TABLE 7.
7 Screening Transactions Using the Payflow SDK Response Strings for Transactions that Trigger Filters TABLE 7.4 Medium VERBOSITY parameters 56 Parameter Type Length Description TRANSSTATE Integer 10 State of the transaction.
Screening Transactions Using the Payflow SDK Response Strings for Transactions that Trigger Filters 7 TABLE 7.4 Medium VERBOSITY parameters Parameter Type Length Description BATCHID Integer 10 Value available only after settlement has assigned a Batch ID. SETTLE_DATE Date format YYYY-MMDD HH:MM:SS 19 Value available only after settlement has completed. N OTE : If you use Nashville, TeleCheck, or Paymentech, then you must use a client version newer than 2.
7 Screening Transactions Using the Payflow SDK Response Strings for Transactions that Trigger Filters TABLE 7.6 Transaction RESULTs/RESPMSGs(Continued) RESULT RESPMSG and Explanation 128 Fraud Protection Services Filter — Declined by merchant after being flagged for review by filters 131 Version 1 Payflow client no longer supported. Upgrade to the most recent version of the Payflow client.
Screening Transactions Using the Payflow SDK Response Strings for Transactions that Trigger Filters 7 ion>Total Purchase Price CeilingRThe purchase amount of 7501 is greater than the ceiling value set of 7500CeilingValue75.
7 Screening Transactions Using the Payflow SDK Response Strings for Transactions that Trigger Filters is from: CZ41HighRiskFreightCheckFreight Forwarder MatchRHigh riskg freight forwarder(Remove text completely&POSTFPSMSG=Review:More than one rule was triggered for Review&FPS_ POSTXMLDATA[682]=
Screening Transactions Using the Payflow SDK Accepting or Rejecting Transactions That Trigger Filters 7 Location FailureRGeoLo cation difference: Bill Address and IP, GeoLocation difference: Ship Addres s and IP8NonUSIPAddressInternational IP AddressRThe IP address is from: CZ< /triggeredMessage><
7 Screening Transactions Using the Payflow SDK Logging Transaction Information N OTE : This record is not the official bank statement. The activity on your account is the official record. In addition, it is strongly recommends that you log all transaction results (except for check information) on your own system.
8 Responses to Credit Card Transaction Requests This chapter describes the contents of a response to a credit card transaction request. In This Chapter “An Example Response String” on page 63 “Contents of a Response to a Credit Card Transaction Request” on page 63 “PNREF Value” on page 64 “RESULT Codes and RESPMSG Values” on page 65 An Example Response String When a transaction finishes, the server returns a response string made up of name-value pairs.
8 Responses to Credit Card Transaction Requests PNREF Value TABLE 8.1 Transaction response values (Continued) Field Description Type Length CVV2MATCH Result of the card security code (CVV2) check. The issuing bank may decline the transaction if there is a mismatch. In other cases, the transaction may be approved despite a mismatch. Alpha Y, N, X, or no response 1 RESPMSG The response message returned with the transaction result. Exact wording varies.
Responses to Credit Card Transaction Requests RESULT Codes and RESPMSG Values 8 The PNREF value is used as the ORIGID value (original transaction ID) in delayed capture transactions (TRXTYPE=D), credits (TRXTYPE=C), inquiries (TRXTYPE=I), and voids (TRXTYPE=V). The PNREF value is used as the ORIGID value (original transaction ID) value in reference transactions for authorization (TRXTYPE=A) and Sale (TRXTYPE=S).
8 Responses to Credit Card Transaction Requests RESULT Codes and RESPMSG Values TABLE 8.2 Payflow transaction RESULT values and RESPMSG text 66 RESULT RESPMSG and Explanation 0 Approved. 1 User authentication failed. Error is caused by one or more of the following: Login information is incorrect. Verify that USER, VENDOR, PARTNER, and PASSWORD have been entered correctly. VENDOR is your merchant ID and USER is the same as VENDOR unless you created a Payflow Pro user.
Responses to Credit Card Transaction Requests RESULT Codes and RESPMSG Values 8 TABLE 8.2 Payflow transaction RESULT values and RESPMSG text (Continued) RESULT RESPMSG and Explanation 22 Invalid ABA number 23 Invalid account number. Check credit card number and re-submit. 24 Invalid expiration date. Check and re-submit. 25 Invalid Host Mapping.
8 Responses to Credit Card Transaction Requests RESULT Codes and RESPMSG Values TABLE 8.2 Payflow transaction RESULT values and RESPMSG text (Continued) 68 RESULT RESPMSG and Explanation 104 Timeout waiting for processor response. Try your transaction again. 105 Credit error. Make sure you have not already credited this transaction, or that this transaction ID is for a creditable transaction. (For example, you cannot credit an authorization.
Responses to Credit Card Transaction Requests RESULT Codes and RESPMSG Values 8 TABLE 8.2 Payflow transaction RESULT values and RESPMSG text (Continued) RESULT RESPMSG and Explanation 125 Fraud Protection Services Filter — Declined by filters 126 Fraud Protection Services Filter — Flagged for review by filters Important Note: Result code 126 indicates that a transaction triggered a fraud filter. This is not an error, but a notice that the transaction is in a review status.
8 Responses to Credit Card Transaction Requests RESULT Codes and RESPMSG Values TABLE 8.2 Payflow transaction RESULT values and RESPMSG text (Continued) 70 RESULT RESPMSG and Explanation 1014 Buyer Authentication Service — Merchant is not enrolled for Buyer Authentication Service (3-D Secure). 1016 Buyer Authentication Service — 3-D Secure error response received. Instead of receiving a PARes response to a Validate Authentication transaction, an error response was received.
Responses to Credit Card Transaction Requests RESULT Codes and RESPMSG Values 8 RESULT Values for Communications Errors A RESULT value less than zero indicates that a communication error occurred. In this case, no transaction is attempted. A value of -1 or -2 usually indicates a configuration error caused by an incorrect URL or by configuration issues with your firewall. A value of -1 or -2 can also be possible if the PayPal servers are unavailable, or an incorrect server/socket pair has been specified.
8 Responses to Credit Card Transaction Requests RESULT Codes and RESPMSG Values TABLE 8.
A Fraud Filter Reference This appendix describes the filters that make up part of the Fraud Protection Services. Filters analyze transactions and act on those that show evidence of potential fraudulent activity. Filters can set such transactions aside for your review or reject them outright, depending on settings that you specify. Filters are grouped to help you to assess the risk types and to take action (accept, reject, or continue in the review state).
A Fraud Filter Reference About the Fraud Risk Lists “Freight Forwarder Risk List Match Filter” on page 83 “IP Address Velocity Filter” on page 86 Filters Included with the Advanced Fraud Protection Services Option All Basic filters plus: “Special Case: Buyer Authentication Failure Filter” on page 74 “USPS Address Validation Failure Filter” on page 83 “Email Service Provider Risk List Match Filter” on page 84 “IP Address Match Filter” on page 84 “Account Number Velocity Filter” o
Fraud Filter Reference Unusual Order Filters A Filters Applied After Processing Most filters are applied to the transaction request before forwarding the request to the processor.
A Fraud Filter Reference Unusual Order Filters Total Item Ceiling Filter What does the filter do? This filter compares the total number of items (or volume for bulk commodities) to the maximum count (the ceiling) that you specify. The specified action is taken whenever the item count in a transaction exceeds the specified ceiling. How does the filter protect me? An unusually high item count (compared to the average for your business) can indicate potential fraudulent activity.
Fraud Filter Reference High-risk Payment Filters A is using a stolen identity to complete a purchase (and having the items sent to another address from which they can retrieve the stolen items). To help to distinguish between legitimate and fraudulent orders, review all mismatches by cross-checking other purchase information such as AVS and card security code.
A Fraud Filter Reference High-risk Payment Filters If AVS information is not submitted with the transaction, then the response is NN. TABLE A.1 AVS responses Result Meaning Y The submitted information matches information on file with the account holder's bank. N The submitted information does not match information on file with the account holder's bank. X The account holder's bank does not support AVS checking for this information. (Null) In some cases banks return no value at all.
Fraud Filter Reference High-risk Payment Filters A How does the filter protect me? Buyers who can provide the street number and ZIP code on file with the issuing bank are more likely to be the actual account holder. AVS matches, however, are not a guarantee. Use card security code and Buyer Authentication in addition to AVS to increase your certainty.
A Fraud Filter Reference High-risk Payment Filters TABLE A.3 Card security code responses Result Meaning X Account holder's bank does not support this service. (Null) In some cases banks return no value at all. Card Security Code Failure Filter Action The specified action is taken whenever the card security code response is the value that you specified. The Best Practices action is to review all transactions with responses other than Y.
Fraud Filter Reference High-risk Payment Filters A Buyer Authentication returns one of the following responses in the AUTHENTICATION_STATUS name-value pair (values are for Visa USA region): TABLE A.4 Responses in the AUTHENTICATION_STATUS name-value pair Result Description Liability Impact (Subject to Change) Y Successful authentication—the password was correct. Both Visa and MasterCard shift liability for fraud from the merchant.
A Fraud Filter Reference High-risk Address Filters BIN Risk List Match Filter What does the filter do? The Bank Identification Number (BIN) makes up the first six digits of a credit card number. The BIN identifies the bank that issued the card. This filter screens every credit card number for BINs on the high-risk list. The specified action is taken whenever a BIN matches one on the list.
Fraud Filter Reference High-risk Address Filters A ZIP Risk List Match Filter What does the filter do? This filter compares the Ship To and Bill To ZIP codes (US only) against the high-risk list. High-risk ZIP codes are determined based on analysis of millions of e-commerce transactions. The specified action is taken whenever a submitted ZIP code appears in the risk list. N OTE : Fraud tends to correlate to densely populated areas like major cities.
A Fraud Filter Reference High-risk Address Filters The specified action is taken whenever the address cannot be validated (it does not exist or is incorrect in some way). N OTE : The filter does not validate that the person named in the transaction data lives at that address or even that the address is currently occupied—only that the address exists in the database. How does the filter protect me? To trick a merchant’s filters, fraudsters sometimes deliberately misspell or make up street names.
Fraud Filter Reference High-risk Address Filters A N OTE : Fraudsters most often use free services at which they do not need to provide traceable billing information. (Free services are also popular among legitimate shoppers— because they are free.) It is therefore a good practice to check whether the billing name appears in some form in the e-mail address. For example, Tina Johnson should have an e-mail address of TinaJohnson@hotmail.com or Johnson42@hotmail.com, or some similar variant.
A Fraud Filter Reference High-risk Customer Filters All three elements should match one realistic customer profile. For example, a customer with a billing address in New York would typically shop from a computer in New York, and request delivery to a New York address. While there may be some minor inconsistencies in the overall profile, it should generally fit together. Remember, however, that gift purchases sent to another part of the country will not fit this profile.
Fraud Filter Reference International Order Filters N OTE : Unlike A the Risk lists managed by PayPal, you, solely, manage and update the Bad Lists. Any transaction that is an exact match with an entry in one of your bad lists triggers the filter. If you enable this filter, then your next step will be to set up lists of bad email addresses and bad card numbers. Be sure to type the e-mail addresses and credit card numbers accurately. Enter only numerals in the credit card number list—no spaces or dashes.
A Fraud Filter Reference International Order Filters States of America, America, and so on) in the country fields. Any other country name triggers the filter. How does the filter protect me? Orders from customers in foreign countries are more likely to be fraudulent than orders from domestic customers. This is due to the difficulty of authenticating foreign citizens and the difficulty of cross-border legal enforcement against fraudulent activities.
Fraud Filter Reference Accept Filters A Special Requirements You must use Payflow Pro client version 3.06 or newer to use the IAVS filter. International AVS is not currently widely supported by processors. Check to see if your processor supports international AVS. – FDMS Nashville and NOVA return IAVS responses for all card types. – EDS Aurora and FDMS South return IAVS responses for VISA cards only. – All other processors always return N or X.
A Fraud Filter Reference Custom Filters IMPO RTANT: The Good Lists do not authenticate individuals. If a fraudster were to steal e-mail addresses or credit card account numbers from this list, then they would be able to bypass the filter. How does the filter protect me? To ensure that loyal repeat customers are not held up by your fraud review process, you may want to create lists of e-mail addresses and card numbers that should be accepted.
B Testing the Transaction Security Filters Each example transaction shown in this chapter is designed to test the operation of a single filter. To test a filter, disable all other filters and submit the transaction. The filter should be triggered and display its results in the Transaction Details page. In the examples, the critical transaction data is shown in bold red type.
B Testing the Transaction Security Filters AVS Failure Filter AVS Failure Filter "TRXTYPE=A&ACCT=5105105105105100&AMT[4]=1.02&BILLTOPHONE2=650-5550123&BROWSERCOUNTRYCODE=203&BROWSERTIME[22]=July 11, 2002 12:12:12&BROWSERUSERAGENT=B ROWSERUSERAGENT&CITY=Campbell&COMMENT1=Automated testing from AdminTester&COUNTRY=US& CUSTIP=194.213.32.220&CUSTREF=CUSTREF&DESC=DESC&DL=CA111111&DOB=CA123456&EMAIL[17]=Ad min@merchant.com&EXPDATE=1209&FIRSTNAME=John&FREIGHTAMT=1.11&LASTNAME=Johnson&L_COST0 =11.
Testing the Transaction Security Filters Country Risk List Match Filter B Expected Response Message resp mesg=RESULT=125&PNREF=VB0A25033363&RESPMSG=Declined by Fraud Service&PREFPSMSG=Reject HighRiskBinCheck !!ERROR 15:52:54 result=125 TRXTYPE=A!! Country Risk List Match Filter Pass in the specified country or country code. "TRXTYPE=A&ACCT=5105105105105100&AMT[8]=$1000.
B Testing the Transaction Security Filters Freight Forwarder Risk List Match Filter "TRXTYPE=A&ACCT=5105105105105100&AMT[8]=$1000.00&BROWSERCOUNTRYCODE=203&BROWSERTIME[2 2]=July 11, 2002 12:12:12&BROWSERUSERAGENT=BROWSERUSERAGENT&CITY=No City&COMMENT1=Aut omated testing from AdminTester&COUNTRY=AD&COUNTRYCODE=AD&CUSTIP=172.131.193.25&CUSTR EF=CUSTREF&DESC=DESC&DL=CA111111&DOB=CA123456&EMAIL[18]=fraud@asiamail.com&EXPDATE=12 09&FIRSTNAME=John&FREIGHTAMT=1.11&LASTNAME=Johnson&L_COST0=11.
Testing the Transaction Security Filters Geo-location Failure Filter B Geo-location Failure Filter Pass in the specified Shipping address, billing address, and IP address. "TRXTYPE=A&ACCT=5105105105105100&AMT[8]=$1000.00&BILLTOPHONE2=650-5550123&BROWSERCOUNTRYCODE=203&BROWSERTIME[22]=July 11, 2002 12:12:12&BROWSERUSERAGENT=BROWSERUSERAGENT&CITY=Campbell&COMMENT1=Automated testing from AdminTester&COUNTRY=US&CUSTIP=192.6.165.40&CUSTREF=CUSTREF&DESC=DESC&DL=CA111111&DOB= CA123456&EMAIL[18]=fraud@asiamail.
B Testing the Transaction Security Filters International IP Address Filter International IP Address Filter Pass in the specified IP address. "TRXTYPE=A&ACCT=5105105105105100&AMT[8]=$1000.00&BROWSERCOUNTRYCODE=203&BROWSERTIME[2 2]=July 11, 2002 12:12:12&BROWSERUSERAGENT=BROWSERUSERAGENT&CITY=Campbell&COMMENT1=Au tomated testing from AdminTester&COUNTRY=US&COUNTRYCODE=US&CUSTIP=194.213.32.220&CUST REF=CUSTREF&DESC=DESC&DL=CA111111&DOB=CA123456&EMAIL[18]=fraud@asiamail.
Testing the Transaction Security Filters IP Address Match Filter B IP Address Match Filter "TRXTYPE=A&ACCT=5105105105105100&AMT[6]=$75.00&BILLTOPHONE2=650-5551234&BILLTOSTREET2=&BROWSERCOUNTRYCODE=203&BROWSERTIME[22]=July 11, 2002 12:12:12&BRO WSERUSERAGENT=BROWSERUSERAGENT&CITY=No City&COMMENT1=Test to trigger rules&COUNTRY=US &CUSTIP=172.131.193.25&CUSTREF=CUSTREF&DESC=DESC&DL=CA111111&DOB=CA123456&EMAIL[21]=l astName@paypal.com&EXPDATE=1209&FIRSTNAME=FirstName&FREIGHTAMT=1.
B Testing the Transaction Security Filters Total Purchase Price Ceiling Filter "TRXTYPE=A&ACCT=3528000000000015&AMT[4]=1000&BROWSERCOUNTRYCODE=203&BROWSERTIME[22]=J uly 11, 2002 12:12:12&BROWSERUSERAGENT=BROWSERUSERAGENT&CITY=No City&COMMENT1=Automat ed testing from AdminTester&COUNTRY=203&COUNTRYCODE=203&CUSTIP=255.255.255.255&CUSTRE F=CUSTREF&DESC=DESC&DL=CA111111&DOB=CA123456&EMAIL[20]=admin@merchant.com&EXPDATE=120 9&FIRSTNAME=John&FREIGHTAMT=1.11&LASTNAME=Johnson&L_COST0=11.
Testing the Transaction Security Filters Total Purchase Price Floor Filter B Total Purchase Price Floor Filter To test the Total Purchase Price Floor filter, submit a transaction with an amount lower than the trigger amount. USPS Address Validation Failure Filter "TRXTYPE=A&ACCT=5105105105105100&AMT[8]=$1000.00&BROWSERCOUNTRYCODE=203&BROWSERTIME[2 2]=July 11, 2002 12:12:12&BROWSERUSERAGENT=BROWSERUSERAGENT&CITY=No City&COMMENT1=Aut omated testing from AdminTester&COUNTRY=US&COUNTRYCODE=US&CUSTIP=203.81.
B Testing the Transaction Security Filters ZIP Risk List Match Filter ZIP Risk List Match Filter Pass in the specified ZIP codes. "TRXTYPE=A&ACCT=5105105105105100&AMT[8]=$1000.00&BROWSERCOUNTRYCODE=203&BROWSERTIME[2 2]=July 11, 2002 12:12:12&BROWSERUSERAGENT=BROWSERUSERAGENT&CITY=No City&COMMENT1=Aut omated testing from AdminTester&COUNTRY=203&COUNTRYCODE=203&CUSTIP=172.131.193.25&CUS TREF=CUSTREF&DESC=DESC&DL=CA111111&DOB=CA123456&EMAIL[20]=admin@merchant.com&EXPDATE= 1209&FIRSTNAME=John&FREIGHTAMT=1.
C Deactivating Fraud Protection Services This appendix describes the process of deactivating Fraud Protection Services. Deactivating Fraud Protection Services removes the Security menu and Transaction Review functions (making it impossible to settle transactions). Therefore, before deactivating the service, you must first perform the following steps: 1. Turn off filters so that no new transactions are sent to the Fraud review queue. 2.
C 102 Deactivating Fraud Protection Services Fraud Protection Services User’s Guide
Index Index A E Accepted transactions 20 Account Number Velocity Filter 82 Active mode 15 APIs documentation 49 downloading 49 AUTHCODE 64 authentication status 32 AVS Failure Filter 77 AVSADDR 64 AVSZIP 64 ECI 32 ECI values 44 E-mail Service Provider Risk List Match Filter 84 enrollment requirements 11 B BIN Risk List Match Filter 82 Buyer Authentication examples 37 logging results 46 parameters 40 Buyer Authentication Failure Filter 74, 80 Buyer Authentication server 33 Buyer Authentication Service 3
Index H hacking 13 High-risk Address Filters 82 High-risk Payment Filters 77 I RESULT 63 RESULT value 65 RESULT values communication errors 71 Reviewed transactions 20 reviewing transactions 20 risk lists 74 instant fulfillment 14 IP Address Match Filter 84 IP Address Velocity Filter 86 S L T libraries, .
Index Z ZIP Risk List Match Filter 83 Fraud Protection Services User’s Guide 105
Index 106 Fraud Protection Services User’s Guide
