Payflow Fraud Protection Services User’s Guide For Professional Use Only Currently only available in English. A usage Professional Uniquement Disponible en Anglais uniquement pour l’instant.
Payflow Fraud Protection Services User’s Guide Document Number: 200011.en_US-201301 © 2013 PayPal, Inc. All rights reserved. PayPal is a registered trademark of PayPal, Inc. The PayPal logo is a trademark of PayPal, Inc. Other trademarks and brands are the property of their respective owners. The information in this document belongs to PayPal, Inc. It may not be used, reproduced or disclosed without the written approval of PayPal, Inc. Copyright © PayPal. All rights reserved. PayPal (Europe) S.à r.l.
Content Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Document Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Document Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Customer Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Revision History . . . . . . . . . . . .
Content Acting on Transactions that Triggered Filters . . . . . . . . . . . . . . . . . . . . . . 24 Rejecting Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Fine-tuning Filter Settings—Using the Filter Scorecard . . . . . . . . . . . . . . . . . . . 25 Ensuring Meaningful Data on the Filter Scorecard . . . . . . . . . . . . . . . . . . . 26 Re-running Transactions That Were Not Screened . . . . . . . . . . . . . . . . . . . . .
Content Logging Transaction Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Audit Trail and Transaction Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Chapter 7 Screening Transactions Using the Payflow SDK . . . . . . 51 Downloading the Payflow SDK (Including APIs and API Documentation) . . . . . . . . . . 51 Transaction Data Required by Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Transaction Parameters Unique to the Filters . . . . .
Content Product Watch List Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 High-risk Payment Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 AVS Failure Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Card Security Code Failure Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 Buyer Authentication Failure Filter. . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 BIN Risk List Match Filter . .
Content Total Item Ceiling Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Total Purchase Price Ceiling Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100 Total Purchase Price Floor Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100 USPS Address Validation Failure Filter . . . . . . . . . . . . . . . . . . . . . . . . . . .100 ZIP Risk List Match Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Content 8
Preface This document describes Fraud Protection Services and explains how you can use the Payflow SDK to perform transactions that will be screened by Fraud Protection Services filters. For details on how to configure and use Fraud Protection Services and to generate Buyer Authentication reports through PayPal Manager, see PayPal Manager online help. Intended Audience This document is intended for Payflow merchants who subscribe to any Fraud Protection Services options.
Preface Customer Service Appendix A, “Fraud Filter Reference,” describes the Transaction filters that make up part of the Fraud Protection Services. Appendix B, “Testing the Transaction Security Filters,” provides Payflow SDK transactions that you can use to test the filters. Appendix C, “Deactivating Fraud Protection Services,” describes the process of deactivating Fraud Protection Services.
Preface Revision History TABLE 3.1 Revision History Date Description February 2007 Updated AVS responses rules. Added return codes: 51, 110, 119, 120, 121, 132, 133, 200, 201, 402, 403, 404, 600, and 601. December 2006 Updated buyer auth test URL to pilot-buyerauth.verisign.
Preface Revision History 12 Fraud Protection Services User’s Guide
1 Overview This chapter discusses how fraud can affect you the merchant and provides an overview of Fraud Protection Services. In This Chapter “Growing Problem of Fraud” on page 13 “Reducing the Cost of Fraud” on page 13 Growing Problem of Fraud Online fraud is a serious and growing problem.
1 14 Overview Reducing the Cost of Fraud Fraud Protection Services User’s Guide
2 How Fraud Protection Services Protect You This chapter describes the security tools that make up the Fraud Protection Services. In This Chapter “The Threats” on page 15 “Protection Against the Threats—Fraud Filters” on page 15 “Special Considerations” on page 16 The Threats There are two major types of fraud—hacking and credit card fraud.
2 How Fraud Protection Services Protect You Special Considerations Example Filter The Total Purchase Price Ceiling filter compares the total amount of the transaction to a maximum purchase amount (the ceiling) that you specify. Any transaction amount that exceeds the specified ceiling triggers the filter.
3 Configuring the Fraud Protection Services Filters This chapter describes how to configure the Fraud Filters for your Payflow account. The chapter explains a phased approach to implementing the security of transactions. You are not required to use the approach described in this chapter. However it enables you to fine tune your use of filters before you actually deploy them in a live environment. You first make and fine-tune filter settings in a test environment.
3 Configuring the Fraud Protection Services Filters Phase 1: Run Test Transactions Against Filter Settings on Test Transaction Security Servers Phase 1: Run Test Transactions Against Filter Settings on Test Transaction Security Servers In this phase of implementation, you configure filter settings for test servers that do not affect the normal flow of live transactions. You then run test transactions against the filters and review the results offline to determine whether the integration was successful.
Configuring the Fraud Protection Services Filters Phase 2: Run Live Transactions on Live Transaction Servers in Observe Mode 3 Phase 2: Run Live Transactions on Live Transaction Servers in Observe Mode In this phase, you configure filters on live servers to the settings that you had fine-tuned on the test servers. In Observe mode, filters examine each live transaction and mark the transaction with the filter results.
3 Configuring the Fraud Protection Services Filters Phase 3: Run All Transactions Through the Live Transaction Security Servers Using Active Mode Phase 3: Run All Transactions Through the Live Transaction Security Servers Using Active Mode Once you have configured all filters to optimum settings, you convert to Active mode. Filters on the live servers examine each live transaction and take the specified action. 7. Click Move Test Filter Settings to Live.
4 Assessing Transactions that Triggered Filters As part of the task of minimizing the risk of fraud, you review each transaction that triggered a filter. You decide, based on the transaction’s risk profile, whether to accept or reject the transaction. This chapter describes how to review transactions that triggered filters, and provides guidance on deciding on risk.
4 Assessing Transactions that Triggered Filters Reviewing Suspicious Transactions FIGURE 4.1 Fraud Transactions Report page 2. Specify the date range of the transactions to review. 3. Specify a Transaction Type: TABLE 4.1 Transaction types Transaction Type Description Reject Transactions that the filters rejected. These transactions cannot be settled. The type of filter that took this action is called a Reject filter. Review Transactions that the filters set aside for your review.
Assessing Transactions that Triggered Filters Reviewing Suspicious Transactions 4 N OTE : If filters are deployed in Observe mode, then all transactions have been submitted for processing and are ready to settle. Transactions are marked with the action that the filter would have taken had the filters been deployed in Active mode. The following information appears in the report: TABLE 4.2 Transactions Report field descriptions Heading Description Report Type The type of report created.
4 Assessing Transactions that Triggered Filters Reviewing Suspicious Transactions Acting on Transactions that Triggered Filters The Fraud Details page displays the data submitted for a single transaction. The data is organized to help you to assess the risk types and to take action (accept, reject, or continue in the review state). The following notes describe data in the Fraud Details page shown in the figure. 1. This transaction was set aside because it triggered the AVS Failure filter. 2.
Assessing Transactions that Triggered Filters Fine-tuning Filter Settings—Using the Filter Scorecard 4 Fine-tuning Filter Settings—Using the Filter Scorecard The Filter Scorecard displays the number of times that each filter was triggered and the percentage of all transactions that triggered each filter during a specified time period. This information is especially helpful in fine-tuning your risk assessment workflow.
4 Assessing Transactions that Triggered Filters Re-running Transactions That Were Not Screened Ensuring Meaningful Data on the Filter Scorecard The Scorecard shows the total number of triggered transactions for the time period that you specify, so if you had changed a filter setting during that period, the Scorecard result for the filter might reflect transactions that triggered the filter at several different settings.
5 Activating and Configuring the Buyer Authentication Service This chapter describes how to enroll, configure, test, and activate the Buyer Authentication Service.
5 Activating and Configuring the Buyer Authentication Service Downloading the Payflow SDK (Including APIs and API Documentation) Downloading the Payflow SDK (Including APIs and API Documentation) The Payflow SDK (software development kit) is available from the PayPal Manager Downloads page as a .NET or Java library, or you can build your own API by posting directly to the Payflow servers via HTTPS. IMPO RTANT: Full API documentation is included with each SDK.
Activating and Configuring the Buyer Authentication Service Configuring Buyer Authentication 5 8. Download the Gateway Developer’s Guide and Reference (PDF). 9. Configure the Payflow SDK as described in the developer’s guide. Generate Transaction Request Software 1. Submit a Verify Enrollment transaction request (type E) to determine whether the cardholder is enrolled in either the Verified by Visa or MasterCard SecureCode service. See the example on page 40. 2.
5 Activating and Configuring the Buyer Authentication Service Configuring Buyer Authentication 5. When the customer enters their password and clicks Submit, the ACS verifies the password and posts a response to the TermURL (the page on your site that is configured to receive ACS responses). 6.
Activating and Configuring the Buyer Authentication Service Testing and Activating the Service 5 Testing and Activating the Service 1. Make these other required UI modifications: Payment page pre-messaging. The example text shown below and in the red boxes in the figure must appear on your payment page to advise the customer that authentication may take place.
5 Activating and Configuring the Buyer Authentication Service Testing and Activating the Service Failure messaging. The example text in the red box handles cases where customers cannot successfully authenticate themselves. The text requests another form of payment. Consumer Messaging for Failed Authentication: Please submit new form of payment. 2. Testing Buyer Authentication is not available at this time. 3.
6 Performing Buyer Authentication Transactions Using the SDK This chapter describes the process of performing Buyer Authentication transactions using the Payflow SDK. For information on using the SDK and on transaction syntax see Gateway Developer’s Guide and Reference (PDF). The content and format of responses to transaction requests are described in “Buyer Authentication Transaction Parameters and Return Values” on page 42.
6 Performing Buyer Authentication Transactions Using the SDK Buyer Authentication Terminology 2. If the cardholder is enrolled, then your program redirects the customer to the issuing bank’s buyer authentication page. The customer submits their username and password. The issuing bank authenticates the customer’s identity by returning a payer authentication response value to your program. 3. Your program then validates the authentication response. 4.
Performing Buyer Authentication Transactions Using the SDK Buyer Authentication Server URLs 6 Buyer Authentication Server URLs IMPO RTANT: URLs listed here are used only for buyer authentication transactions: Verify Enrollment (TRXNTYPE=E) and Validate Authentication (TRXNTYPE=Z). The production Buyer Authentication server URL is buyerauth.verisign.com Detailed Buyer Authentication Transaction Flow A buyer authentication transaction involves the following four program calls.
6 Performing Buyer Authentication Transactions Using the SDK Detailed Buyer Authentication Transaction Flow Generate the data for the intended transaction Merchant Web Store 510551055105 $42.02 Transaction Data AMT=42.02 DESCRIPTION=case ACCT=5105510551055555 EXPDATE=0306 NAME=johnson BUY "Is this cardholder enrolled?" TRXTYPE=E ACCT=5105510551055555 EXPDATE=0308 1 Verify Enrollment call RESULT=0 AUTH_STATUS=E AUTH_ID=1A3D4G PAREQ=J84H+To4vv6K ACSURL=www.issuer.
Performing Buyer Authentication Transactions Using the SDK Detailed Buyer Authentication Transaction Flow "Please authenticate this customer." 2 HTTP method="POST" PaReq=J84H+To4vv6K TermUrl=http://merchantpage.
6 Performing Buyer Authentication Transactions Using the SDK Detailed Buyer Authentication Transaction Flow
Click Submit to continue processing your 3-D Secure transaction.
Performing Buyer Authentication Transactions Using the SDK Example Buyer Authentication Transactions 6 the standard sale or authorization transaction data, you include buyer authentication data, as follows: (Standard values:) "Here's a Sale transaction, and I've included Buyer Authentication data" TRXTYPE=S TENDER=C AMT=42.
6 Performing Buyer Authentication Transactions Using the SDK Example Buyer Authentication Transactions Example Verify Enrollment Transaction Use TRXTYPE=E to submit a Verify Enrollment request transaction. The following is an example name-value pair parameter string. "TRXTYPE=E&ACCT=5105105105105100&AMT=19.
Performing Buyer Authentication Transactions Using the SDK Example Buyer Authentication Transactions 6 Example Validate Authentication Response RESULT[1]=0&RESPMSG[2]=OK&AUTHENTICATION_ID[20]=8d4d5ed66ac6e6faac6d&AUTHEN TICATION_STATUS[1]=Y&CAVV[28]=OTJlMzViODhiOTllMjBhYmVkMGU=&ECI[1]=5&XID[28] =YjM0YTkwNGFkZTI5YmZmZWE1ZmY Displaying the ACS Form The Issuer ACS page presents transaction information to the cardholder.
6 Performing Buyer Authentication Transactions Using the SDK Buyer Authentication Transaction Parameters and Return Values CAVV Is Valid RESULT=0&PNREF=VXYZ01234567&RESPMSG=APPROVED&AUTHCODE=123456&AVSADDR=Y&A VSZIP=N&IAVS=Y&CVV2MATCH=Y&CARDSECURE=Y CAVV Is Invalid RESULT=0&PNREF=VXYZ01234567&RESPMSG=APPROVED&AUTHCODE=123456&AVSADDR=Y&A VSZIP=N&IAVS=Y&CVV2MATCH=Y&CARDSECURE=N Buyer Authentication Transaction Parameters and Return Values The Buyer Authentication server accepts the parameters listed
Performing Buyer Authentication Transactions Using the SDK Buyer Authentication Transaction Parameters and Return Values 6 TABLE 6.2 Verify enrollment parameters Name Description CURRENCY Required ISO 3-number Currency Code (The code for US dollars is 840) PUR_DESC Optional purchase description Type Max. Length Verify Enrollment Return Values TABLE 6.3 Verify Enrollment response values Name Description Type Max. Length RESULT 0: successful transaction, otherwise error.
6 Performing Buyer Authentication Transactions Using the SDK Buyer Authentication Transaction Parameters and Return Values Validate Authentication Transaction Name-Value Pairs TABLE 6.4 Validate Authentication parameters Name Description Type Max. Length TRXTYPE Z alpha 1 VENDOR Vendor name USER User name PARTNER Partner name PWD Merchant’s password PARES The complete XML PARES message generated by the ACS Validate Authentication Return Values TABLE 6.
Performing Buyer Authentication Transactions Using the SDK Buyer Authentication Transaction Parameters and Return Values 6 TABLE 6.
6 Performing Buyer Authentication Transactions Using the SDK Buyer Authentication Transaction Parameters and Return Values Standard Payflow Sale or Authorization Transaction In addition to the parameters described in the Gateway Developer’s Guide and Reference (PDF), you submit the following parameters that are specific to the buyer authentication functionality: TABLE 6.
Performing Buyer Authentication Transactions Using the SDK ECI Values 6 ECI Values TABLE 6.
6 Performing Buyer Authentication Transactions Using the SDK ECI Values RESULT Values for Transaction Declines or Errors A RESULT value greater than zero indicates a decline or error. For this type of error, a RESPMSG name-value pair is included. The exact wording of the RESPMSG may vary. Sometimes a colon appears after the initial RESPMSG followed by more detailed information. TABLE 6.
Performing Buyer Authentication Transactions Using the SDK Logging Transaction Information 6 Logging Transaction Information A record is maintained of all transactions executed on your account. Use PayPal Manager to view the record and use the information to help reconcile your accounting records. N OTE : This record is not the official bank statement. The activity on your account is the official record.
6 50 Performing Buyer Authentication Transactions Using the SDK Logging Transaction Information Fraud Protection Services User’s Guide
7 Screening Transactions Using the Payflow SDK This chapter describes the process of using the Payflow SDK to perform transactions that will be screened by the Fraud Protection Services filters. For information on using the SDK, and on transaction syntax, see the Gateway Developer’s Guide and Reference (PDF). IMPO RTANT: Recurring Billing transactions are not screened by Fraud Protection Services filters. Response Values.
7 Screening Transactions Using the Payflow SDK Transaction Data Required by Filters TABLE 7.
Screening Transactions Using the Payflow SDK Transaction Data Required by Filters 7 TABLE 7.
7 Screening Transactions Using the Payflow SDK Transaction Parameters Unique to the Filters Transaction Parameters Unique to the Filters The Payflow server accepts the parameters listed in this section. Standard Payflow parameters, parameters that you can pass for reporting purposes, and return values are described in Gateway Developer’s Guide and Reference (PDF). TABLE 7.2 Parameters accepted by the Payflow server Max. Length Example Alphanumeric String 30 Apt.
Screening Transactions Using the Payflow SDK Existing Payflow Parameters Used by the Filters 7 Transaction Information TRXTYPE TENDER ACCT EXPDATE AMT Billing Information FIRSTNAME MIDDLENAME LASTNAME STREET BILLTOSTREET2 CITY STATE ZIP COUNTRY PHONENUM BILLTOPHONE2 EMAIL Shipping Information SHIPTOFIRSTNAME SHIPTOLASTNAME SHIPTOMIDDLENAME SHIPTOSTREET SHIPTOSTREET2 SHIPTOCITY SHIPTOSTATE SHIPTOZIP COUNTRYCODE SHIPTOPHONE SHIPTOPHONE2 SHIPTOEMAIL Order Information DOB DL SS CUSTIP BROWSERUSERAGENT BRO
7 Screening Transactions Using the Payflow SDK Response Strings for Transactions that Trigger Filters CUSTREF PONUM Line Item (each item is appended with the line item number) L_COST0 L_UPC0 L_QTY0 L_DESC0 L_SKU0 L_TYPE0 Response Strings for Transactions that Trigger Filters In the response string to a transaction that triggered filters, you have the option to view either a summary statement or a detailed list of each triggered filter’s response.
Screening Transactions Using the Payflow SDK Response Strings for Transactions that Trigger Filters 7 VERBOSITY=MEDIUM: Returns all of the values returned for a LOW setting, plus the following values: TABLE 7.4 Medium VERBOSITY parameters Parameter Type FPS_PREXMLDATA char HOSTCODE char 7 Response code returned by the processor. This value is not normalized. RESPTEXT char 17 Text corresponding to the response code returned by the processor. This text is not normalized.
7 Screening Transactions Using the Payflow SDK Response Strings for Transactions that Trigger Filters TABLE 7.4 Medium VERBOSITY parameters 58 Parameter Type Length Description TRANSSTATE Integer 10 State of the transaction.
Screening Transactions Using the Payflow SDK Response Strings for Transactions that Trigger Filters 7 TABLE 7.4 Medium VERBOSITY parameters Parameter Type Length Description BATCHID Integer 10 Value available only after settlement has assigned a Batch ID. SETTLE_DATE Date format YYYY-MMDD HH:MM:SS 19 Value available only after settlement has completed. N OTE : If you use Nashville, TeleCheck, or Paymentech, then you must use a client version newer than 2.
7 Screening Transactions Using the Payflow SDK Response Strings for Transactions that Trigger Filters TABLE 7.6 Transaction RESULTs/RESPMSGs(Continued) RESULT RESPMSG and Explanation 128 Fraud Protection Services Filter — Declined by merchant after being flagged for review by filters 131 Version 1 Payflow client no longer supported. Upgrade to the most recent version of the Payflow client.
Screening Transactions Using the Payflow SDK Response Strings for Transactions that Trigger Filters 7 ion>Total Purchase Price CeilingRThe purchase amount of 7501 is greater than the ceiling value set of 7500CeilingValue75.
7 Screening Transactions Using the Payflow SDK Response Strings for Transactions that Trigger Filters is from: CZPOSTFPSMSG=Review:More than one rule w as triggered for Review&FPS_POSTXMLDATA[682]=< ruleId>1AVSAVS FailureRAVS check failed: Full Se curityValue F
Screening Transactions Using the Payflow SDK Accepting or Rejecting Transactions That Trigger Filters 7 Description>RThe IP address is from: CZ< /triggeredMessage>&POSTFPSMSG=Review: More than one rule was triggered for Review&FPS_POSTXMLDATA[682]=1AVSAVS FailureRAVS check failed: Full Security
7 Screening Transactions Using the Payflow SDK Logging Transaction Information Transaction Date Transaction Amount If you have any questions regarding a transaction, use the PNREF to identify the transaction.
8 Responses to Credit Card Transaction Requests This chapter describes the contents of a response to a credit card transaction request. In This Chapter “An Example Response String” on page 65 “Contents of a Response to a Credit Card Transaction Request” on page 65 “PNREF Value” on page 66 “RESULT Codes and RESPMSG Values” on page 67 An Example Response String When a transaction finishes, the server returns a response string made up of name-value pairs.
8 Responses to Credit Card Transaction Requests PNREF Value TABLE 8.1 Transaction response values (Continued) Field Description Type Length CVV2MATCH Result of the card security code (CVV2) check. The issuing bank may decline the transaction if there is a mismatch. In other cases, the transaction may be approved despite a mismatch. Alpha Y, N, X, or no response 1 RESPMSG The response message returned with the transaction result. Exact wording varies.
Responses to Credit Card Transaction Requests RESULT Codes and RESPMSG Values 8 The PNREF value is used as the ORIGID value (original transaction ID) in delayed capture transactions (TRXTYPE=D), credits (TRXTYPE=C), inquiries (TRXTYPE=I), and voids (TRXTYPE=V). The PNREF value is used as the ORIGID value (original transaction ID) value in reference transactions for authorization (TRXTYPE=A) and Sale (TRXTYPE=S).
8 Responses to Credit Card Transaction Requests RESULT Codes and RESPMSG Values TABLE 8.2 Payflow transaction RESULT values and RESPMSG text 68 RESULT RESPMSG and Explanation 0 Approved. 1 User authentication failed. Error is caused by one or more of the following: Login information is incorrect. Verify that USER, VENDOR, PARTNER, and PASSWORD have been entered correctly. VENDOR is your merchant ID and USER is the same as VENDOR unless you created a Payflow user. All fields are case sensitive.
Responses to Credit Card Transaction Requests RESULT Codes and RESPMSG Values 8 TABLE 8.2 Payflow transaction RESULT values and RESPMSG text (Continued) RESULT RESPMSG and Explanation 22 Invalid ABA number 23 Invalid account number. Check credit card number and re-submit. 24 Invalid expiration date. Check and re-submit. 25 Invalid Host Mapping.
8 Responses to Credit Card Transaction Requests RESULT Codes and RESPMSG Values TABLE 8.2 Payflow transaction RESULT values and RESPMSG text (Continued) 70 RESULT RESPMSG and Explanation 104 Timeout waiting for processor response. Try your transaction again. 105 Credit error. Make sure you have not already credited this transaction, or that this transaction ID is for a creditable transaction. (For example, you cannot credit an authorization.
Responses to Credit Card Transaction Requests RESULT Codes and RESPMSG Values 8 TABLE 8.2 Payflow transaction RESULT values and RESPMSG text (Continued) RESULT RESPMSG and Explanation 125 Fraud Protection Services Filter — Declined by filters 126 Fraud Protection Services Filter — Flagged for review by filters Important Note: Result code 126 indicates that a transaction triggered a fraud filter. This is not an error, but a notice that the transaction is in a review status.
8 Responses to Credit Card Transaction Requests RESULT Codes and RESPMSG Values TABLE 8.2 Payflow transaction RESULT values and RESPMSG text (Continued) 72 RESULT RESPMSG and Explanation 1014 Buyer Authentication Service — Merchant is not enrolled for Buyer Authentication Service (3-D Secure). 1016 Buyer Authentication Service — 3-D Secure error response received. Instead of receiving a PARes response to a Validate Authentication transaction, an error response was received.
Responses to Credit Card Transaction Requests RESULT Codes and RESPMSG Values 8 RESULT Values for Communications Errors A RESULT value less than zero indicates that a communication error occurred. In this case, no transaction is attempted. A value of -1 or -2 usually indicates a configuration error caused by an incorrect URL or by configuration issues with your firewall. A value of -1 or -2 can also be possible if the PayPal servers are unavailable, or an incorrect server/socket pair has been specified.
8 Responses to Credit Card Transaction Requests RESULT Codes and RESPMSG Values TABLE 8.
A Fraud Filter Reference This appendix describes the filters that make up part of the Fraud Protection Services. Filters analyze transactions and act on those that show evidence of potential fraudulent activity. Filters can set such transactions aside for your review or reject them outright, depending on settings that you specify. Filters are grouped to help you to assess the risk types and to take action (accept, reject, or continue in the review state).
A Fraud Filter Reference About the Fraud Risk Lists “USPS Address Validation Failure Filter” on page 85 “IP Address Velocity Filter” on page 87 Filters Included with the Advanced Fraud Protection Services Option All Basic filters plus: “Special Case: Buyer Authentication Failure Filter” on page 76 “USPS Address Validation Failure Filter” on page 85 “Email Service Provider Risk List Match Filter” on page 86 “IP Address Match Filter” on page 85 “Account Number Velocity Filter” on
Fraud Filter Reference Unusual Order Filters A Filters Applied After Processing Most filters are applied to the transaction request before forwarding the request to the processor.
A Fraud Filter Reference Unusual Order Filters Total Item Ceiling Filter What does the filter do? This filter compares the total number of items (or volume for bulk commodities) to the maximum count (the ceiling) that you specify. The specified action is taken whenever the item count in a transaction exceeds the specified ceiling. How does the filter protect me? An unusually high item count (compared to the average for your business) can indicate potential fraudulent activity.
Fraud Filter Reference High-risk Payment Filters A is using a stolen identity to complete a purchase (and having the items sent to another address from which they can retrieve the stolen items). To help to distinguish between legitimate and fraudulent orders, review all mismatches by cross-checking other purchase information such as AVS and card security code.
A Fraud Filter Reference High-risk Payment Filters If AVS information is not submitted with the transaction, then the response is NN. TABLE A.1 AVS responses Result Meaning Y The submitted information matches information on file with the account holder's bank. N The submitted information does not match information on file with the account holder's bank. X The account holder's bank does not support AVS checking for this information. (Null) In some cases banks return no value at all.
Fraud Filter Reference High-risk Payment Filters A How does the filter protect me? Buyers who can provide the street number and ZIP code on file with the issuing bank are more likely to be the actual account holder. AVS matches, however, are not a guarantee. Use card security code and Buyer Authentication in addition to AVS to increase your certainty.
A Fraud Filter Reference High-risk Payment Filters TABLE A.3 Card security code responses Result Meaning X Account holder's bank does not support this service. (Null) In some cases banks return no value at all. Card Security Code Failure Filter Action The specified action is taken whenever the card security code response is the value that you specified. The Best Practices action is to review all transactions with responses other than Y.
Fraud Filter Reference High-risk Payment Filters A Buyer Authentication returns one of the following responses in the AUTHENTICATION_STATUS name-value pair (values are for Visa USA region): TABLE A.4 Responses in the AUTHENTICATION_STATUS name-value pair Result Description Liability Impact (Subject to Change) Y Successful authentication—the password was correct. Both Visa and MasterCard shift liability for fraud from the merchant.
A Fraud Filter Reference High-risk Address Filters BIN Risk List Match Filter What does the filter do? The Bank Identification Number (BIN) makes up the first six digits of a credit card number. The BIN identifies the bank that issued the card. This filter screens every credit card number for BINs on the high-risk list. The specified action is taken whenever a BIN matches one on the list.
Fraud Filter Reference High-risk Address Filters A ZIP Risk List Match Filter What does the filter do? This filter compares the Ship To and Bill To ZIP codes (US only) against the high-risk list. High-risk ZIP codes are determined based on analysis of millions of e-commerce transactions. The specified action is taken whenever a submitted ZIP code appears in the risk list. N OTE : Fraud tends to correlate to densely populated areas like major cities.
A Fraud Filter Reference High-risk Address Filters level of the IP address indicates the region or country from which the computer is connecting, and is thus relatively fixed. Therefore the IP Address risk list is most effective as a screen for overseas fraud. The specified action is taken whenever a submitted IP address appears in the risk list. How does the filter protect me? A customer’s IP address identifies a country, region, state, or city.
Fraud Filter Reference High-risk Address Filters A addresses. IP (Internet protocol) addresses are unique identifiers for computers that can often be mapped to a specific city or area code. The specified action is taken whenever the IP address, shipping address, and billing address do not fall within a 100 mile radius.
A Fraud Filter Reference High-risk Customer Filters fraudster making repeated attacks on a system. Legitimate customers do not typically perform multiple transactions in quick succession. How does the filter protect me? Fraudsters often submit multiple purchases using an automated script that tests unknown card numbers. Alternatively, the fraudster may attempt to bypass other filters by making multiple small purchases with multiple stolen account numbers.
Fraud Filter Reference International Order Filters A Country Risk List Match Filter What does the filter do? This filter screens the customer’s shipping and billing address information for matches with countries on the list of high-risk countries. The specified action is taken whenever any of the information matches a country on the risk list. How does the filter protect me? Orders from customers in foreign countries are more likely to be fraudulent than orders from domestic customers.
A Fraud Filter Reference Accept Filters The International IP Address filter sets aside transactions from customers in foreign countries so that you can evaluate them more fully. International AVS Filter What does the filter do? International Address Verification Service (IAVS), determines whether the issuer is domestic (US) or international. TABLE A.5 AVS filter results Result Meaning Y The card number is associated with an international issuer. N The card number is associated with a US issuer.
Fraud Filter Reference Custom Filters A Good Lists What does the filter do? This filter compares the customer’s e-mail address and credit card number against lists (that you create) of addresses and numbers for known good customers. You create the lists. Any transaction for which the e-mail address or credit card number is an exact match with an entry in one of your good lists is accepted and no other filters are applied. Enter only numerals in the credit card number list—no spaces or dashes.
A Fraud Filter Reference Custom Filters amount, buyer location, and shipping location). For this reason, fewer legitimate transactions are unnecessarily held for review. For example, a Custom filter that triggers only when both the Card Security Code Failure and AVS Failure filters trigger will set aside transactions that are quite suspicious. N OTE : You can create a combined maximum (test plus live) of 15 Custom Filters.
B Testing the Transaction Security Filters Each example transaction shown in this chapter is designed to test the operation of a single filter. To test a filter, disable all other filters and submit the transaction. The filter should be triggered and display its results in the Transaction Details page. In the examples, the critical transaction data is shown in bold red type.
B Testing the Transaction Security Filters AVS Failure Filter AVS Failure Filter "TRXTYPE=A&ACCT=5105105105105100&AMT[4]=1.02&BILLTOPHONE2=650-5550123&BROWSERCOUNTRYCODE=203&BROWSERTIME[22]=July 11, 2002 12:12:12&BROWSERUSERAGENT=B ROWSERUSERAGENT&CITY=Campbell&COMMENT1=Automated testing from AdminTester&COUNTRY=US& CUSTIP=194.213.32.220&CUSTREF=CUSTREF&DESC=DESC&DL=CA111111&DOB=CA123456&EMAIL[17]=Ad min@merchant.com&EXPDATE=1209&FIRSTNAME=John&FREIGHTAMT=1.11&LASTNAME=Johnson&L_COST0 =11.
Testing the Transaction Security Filters Country Risk List Match Filter B Expected Response Message resp mesg=RESULT=125&PNREF=VB0A25033363&RESPMSG=Declined by Fraud Service&PREFPSMSG=Reject HighRiskBinCheck !!ERROR 15:52:54 result=125 TRXTYPE=A!! Country Risk List Match Filter Pass in the specified country or country code. "TRXTYPE=A&ACCT=5105105105105100&AMT[8]=$1000.
B Testing the Transaction Security Filters Geo-location Failure Filter "TRXTYPE=A&ACCT=5105105105105100&AMT[8]=$1000.00&BROWSERCOUNTRYCODE=203&BROWSERTIME[2 2]=July 11, 2002 12:12:12&BROWSERUSERAGENT=BROWSERUSERAGENT&CITY=No City&COMMENT1=Aut omated testing from AdminTester&COUNTRY=AD&COUNTRYCODE=AD&CUSTIP=172.131.193.25&CUSTR EF=CUSTREF&DESC=DESC&DL=CA111111&DOB=CA123456&EMAIL[18]=fraud@asiamail.com&EXPDATE=12 09&FIRSTNAME=John&FREIGHTAMT=1.11&LASTNAME=Johnson&L_COST0=11.
Testing the Transaction Security Filters International IP Address Filter B International AVS Filter Pass in the specified ZIP codes and billing address. "TRXTYPE=A&ACCT=5105105105105100&AMT[8]=$1000.00&BROWSERCOUNTRYCODE=203&BROWSERTIME[2 2]=July 11, 2002 12:12:12&BROWSERUSERAGENT=BROWSERUSERAGENT&CITY=No City&COMMENT1=Aut omated testing from AdminTester&COUNTRY=US&COUNTRYCODE=USA&CUSTIP=66.218.71.93&CUSTRE F=CUSTREF&DESC=DESC&DL=CA111111&DOB=CA123456&EMAIL[20]=admin@merchant.
B Testing the Transaction Security Filters International Shipping/Billing Address Filter International Shipping/Billing Address Filter Pass in a non-US Country code to either the billing or shipping address. "TRXTYPE=A&ACCT=5105105105105100&AMT[8]=$1000.00&BROWSERCOUNTRYCODE=203&BROWSERTIME[2 2]=July 11, 2002 12:12:12&BROWSERUSERAGENT=BROWSERUSERAGENT&CITY=No City&COMMENT1=Aut omated testing from AdminTester&COUNTRY=CZ&COUNTRYCODE=USA&CUSTIP=66.218.71.
Testing the Transaction Security Filters Total Item Ceiling Filter B "TRXTYPE=A&ACCT=3528000000000015&AMT[4]=1000&BROWSERCOUNTRYCODE=203&BROWSERTIME[22]=J uly 11, 2002 12:12:12&BROWSERUSERAGENT=BROWSERUSERAGENT&CITY=No City&COMMENT1=Automat ed testing from AdminTester&COUNTRY=203&COUNTRYCODE=203&CUSTIP=255.255.255.255&CUSTRE F=CUSTREF&DESC=DESC&DL=CA111111&DOB=CA123456&EMAIL[20]=admin@merchant.com&EXPDATE=120 9&FIRSTNAME=John&FREIGHTAMT=1.11&LASTNAME=Johnson&L_COST0=11.
B Testing the Transaction Security Filters Total Purchase Price Ceiling Filter Total Purchase Price Ceiling Filter First, set the filter to trigger at 1000.00. For testing, pass in an amount higher than 1000, as shown here. "TRXTYPE=A&ACCT=3528000000000015&AMT[7]=1000.01&BROWSERCOUNTRYCODE=203&BROWSERTIME[22 ]=July 11, 2002 12:12:12&BROWSERUSERAGENT=BROWSERUSERAGENT&CITY=No City&COMMENT1=Auto mated testing from AdminTester&COUNTRY=203&COUNTRYCODE=203&CUSTIP=255.255.255.
Testing the Transaction Security Filters USPS Address Validation Failure Filter B Expected Response Message resp mesg=RESULT=125&PNREF=VB0A25032101&RESPMSG=Declined by Fraud Service&PREFPSMSG=Reject BillUSPostalAddressCheck !!ERROR 14:39:3 result=125 TRXTYPE=A!! Fraud Protection Services User’s Guide 101
B Testing the Transaction Security Filters ZIP Risk List Match Filter ZIP Risk List Match Filter Pass in the specified ZIP codes. "TRXTYPE=A&ACCT=5105105105105100&AMT[8]=$1000.00&BROWSERCOUNTRYCODE=203&BROWSERTIME[2 2]=July 11, 2002 12:12:12&BROWSERUSERAGENT=BROWSERUSERAGENT&CITY=No City&COMMENT1=Aut omated testing from AdminTester&COUNTRY=203&COUNTRYCODE=203&CUSTIP=172.131.193.25&CUS TREF=CUSTREF&DESC=DESC&DL=CA111111&DOB=CA123456&EMAIL[20]=admin@merchant.com&EXPDATE= 1209&FIRSTNAME=John&FREIGHTAMT=1.
C Deactivating Fraud Protection Services This appendix describes the process of deactivating Fraud Protection Services. Deactivating Fraud Protection Services removes the Security menu and Transaction Review functions (making it impossible to settle transactions). Therefore, before deactivating the service, you must first perform the following steps: 1. Turn off filters so that no new transactions are sent to the Fraud review queue. 2.
C 104 Deactivating Fraud Protection Services Fraud Protection Services User’s Guide
Index Index A E Accepted transactions 22 Account Number Velocity Filter 84 Active mode 17 APIs documentation 51 downloading 51 AUTHCODE 66 authentication status 34 AVS Failure Filter 79 AVSADDR 66 AVSZIP 66 ECI 34 ECI values 47 E-mail Service Provider Risk List Match Filter 86 enrollment requirements 13 B BIN Risk List Match Filter 84 Buyer Authentication examples 39 logging results 49 parameters 42 Buyer Authentication Failure Filter 76, 82 Buyer Authentication server 35 Buyer Authentication Service 3
Index H hacking 15 High-risk Address Filters 84 High-risk Payment Filters 79 I RESULT 65 RESULT value 67 RESULT values communication errors 73 Reviewed transactions 22 reviewing transactions 22 risk lists 76 instant fulfillment 16 IP Address Match Filter 85 IP Address Velocity Filter 87 S L T libraries, .
Index Z ZIP Risk List Match Filter 85 Fraud Protection Services User’s Guide 107
Index 108 Fraud Protection Services User’s Guide
