User's Guide
Table Of Contents
- Payflow Pro Fraud Protection Services User’s Guide
- Preface
- Overview
- How Fraud Protection Services Protect You
- Configuring the Fraud Protection Services Filters
- Assessing Transactions that Triggered Filters
- Activating and Configuring the Buyer Authentication Service
- Performing Buyer Authentication Transactions Using the SDK
- Testing the Buyer Authentication Service
- Buyer Authentication Transaction Overview
- Buyer Authentication Terminology
- Buyer Authentication Server URLs
- Detailed Buyer Authentication Transaction Flow
- Call 1: Verify that the cardholder is enrolled in the 3-D Secure program
- Call 2: POST the authentication request to and redirect the customer’s browser to the ACS URL
- Call 3: Validate the PARES authentication data returned by the ACS server
- Call 4: Submit the intended transaction request to the Payflow server
- Example Buyer Authentication Transactions
- Buyer Authentication Transaction Parameters and Return Values
- ECI Values
- Logging Transaction Information
- Screening Transactions Using the Payflow SDK
- Downloading the Payflow SDK (Including APIs and API Documentation)
- Transaction Data Required by Filters
- Transaction Parameters Unique to the Filters
- Existing Payflow Parameters Used by the Filters
- Response Strings for Transactions that Trigger Filters
- Accepting or Rejecting Transactions That Trigger Filters
- Logging Transaction Information
- Responses to Credit Card Transaction Requests
- Fraud Filter Reference
- Testing the Transaction Security Filters
- Good and Bad Lists
- AVS Failure Filter
- BIN Risk List Match Filter
- Country Risk List Match Filter
- Email Service Provider Risk List Match Filter
- Freight Forwarder Risk List Match Filter
- Geo-location Failure Filter
- International IP Address Filter
- International Shipping/Billing Address Filter
- IP Address Match Filter
- Shipping/Billing Mismatch Filter
- Total Item Ceiling Filter
- Total Purchase Price Ceiling Filter
- Total Purchase Price Floor Filter
- USPS Address Validation Failure Filter
- ZIP Risk List Match Filter
- Deactivating Fraud Protection Services
- Index
Fraud Protection Services User’s Guide 89
Fraud Filter Reference
Accept Filters
A
Special Requirements
You must use Payflow Pro client version 3.06 or newer to use the IAVS filter.
International AVS is not currently widely supported by processors. Check to see if your
processor supports international AVS.
– FDMS Nashville and NOVA return IAVS responses for all card types.
– EDS Aurora and FDMS South return IAVS responses for VISA cards only.
– All other processors always return N or X.
How does the filter protect me?
Orders from customers in foreign countries are more likely to be fraudulent than orders from
domestic customers. This is due to the difficulty of authenticating foreign citizens as well as
the difficulty of cross-border legal enforcement against fraudulent activities.
The International AVS filter sets aside transactions from customers with cards issued in
foreign countries so that you can evaluate them more fully.
Accept Filters
Accept Filters immediately approve transactions that meet characteristics that you specify. If a
filter in this group is triggered, then the transaction is accepted regardless of Review filter
results.
IMPORTANT:The Accept filters are designed to reduce the load on your staff by reducing
the number of transactions set aside for review. The Accept filters do not
reduce risk.
Good Lists
What does the filter do?
This filter compares the customer’s e-mail address and credit card number against lists (that
you create) of addresses and numbers for known good customers. You create the lists.
Any transaction for which the e-mail address or credit card number is an exact match with an
entry in one of your good lists is accepted and no other filters are applied. Enter only numerals
in the credit card number list—no spaces or dashes.
NOTE: Unlike the Risk lists that PayPal manages, you, solely, manage and update the Good
Lists.
Items that you enter in the test Good lists are not carried over to your configuration for
the live servers, so do not spend time entering a complete list for the test configuration.
If you activate this filter, then you must set up lists of good email addresses and good card
numbers. Be sure to type the e-mail addresses and credit card numbers accurately.