User's Guide
Table Of Contents
- Payflow Fraud Protection Services User’s Guide
- Preface
- Overview
- How Fraud Protection Services Protect You
- Configuring the Fraud Protection Services Filters
- Assessing Transactions that Triggered Filters
- Activating and Configuring the Buyer Authentication Service
- Performing Buyer Authentication Transactions Using the SDK
- Testing the Buyer Authentication Service
- Buyer Authentication Transaction Overview
- Buyer Authentication Terminology
- Buyer Authentication Server URLs
- Detailed Buyer Authentication Transaction Flow
- Call 1: Verify that the cardholder is enrolled in the 3-D Secure program
- Call 2: POST the authentication request to and redirect the customer’s browser to the ACS URL
- Call 3: Validate the PARES authentication data returned by the ACS server
- Call 4: Submit the intended transaction request to the Payflow server
- Example Buyer Authentication Transactions
- Buyer Authentication Transaction Parameters and Return Values
- ECI Values
- Logging Transaction Information
- Screening Transactions Using the Payflow SDK
- Downloading the Payflow SDK (Including APIs and API Documentation)
- Transaction Data Required by Filters
- Transaction Parameters Unique to the Filters
- Existing Payflow Parameters Used by the Filters
- Response Strings for Transactions that Trigger Filters
- Accepting or Rejecting Transactions That Trigger Filters
- Logging Transaction Information
- Responses to Credit Card Transaction Requests
- Fraud Filter Reference
- Testing the Transaction Security Filters
- Good and Bad Lists
- AVS Failure Filter
- BIN Risk List Match Filter
- Country Risk List Match Filter
- Email Service Provider Risk List Match Filter
- Geo-location Failure Filter
- International IP Address Filter
- International Shipping/Billing Address Filter
- IP Address Match Filter
- Shipping/Billing Mismatch Filter
- Total Item Ceiling Filter
- Total Purchase Price Ceiling Filter
- Total Purchase Price Floor Filter
- USPS Address Validation Failure Filter
- ZIP Risk List Match Filter
- Deactivating Fraud Protection Services
- Index
Fraud Protection Services User’s Guide 15
2
How Fraud Protection Services
Protect You
This chapter describes the security tools that make up the Fraud Protection Services.
In This Chapter
“The Threats” on page 15
“Protection Against the Threats—Fraud Filters” on page 15
“Special Considerations” on page 16
The Threats
There are two major types of fraud—hacking and credit card fraud.
Hacking
Fraudsters hack when they illegally access your customer database to steal card information or
to take over your Payflow account to run unauthorized transactions (purchases and credits).
Fraud Protection software filters minimize the risk of hacking by enabling you to place
powerful constraints on access to and use of your PayPal Manager and Payflow accounts.
Credit Card Fraud
Fraudsters can use stolen or false credit card information to perform purchases at your Web
site, masking their identity to make recovery of your goods or services impossible. To protect
you against credit card fraud, the Fraud Protection filters identify potentially fraudulent
activity and let you decide whether to accept or reject the suspicious transactions.
Protection Against the Threats—Fraud Filters
Configurable filters screen each transaction for evidence of potentially fraudulent activity.
When a filter identifies a suspicious transaction, the transaction is marked for review.
Fraud Protection Services offers two levels of filters: Basic and Advanced. The filters are
described in Appendix A, “Fraud Filter Reference.”