User's Guide
Table Of Contents
- Payflow Fraud Protection Services User’s Guide
- Preface
- Overview
- How Fraud Protection Services Protect You
- Configuring the Fraud Protection Services Filters
- Assessing Transactions that Triggered Filters
- Activating and Configuring the Buyer Authentication Service
- Performing Buyer Authentication Transactions Using the SDK
- Testing the Buyer Authentication Service
- Buyer Authentication Transaction Overview
- Buyer Authentication Terminology
- Buyer Authentication Server URLs
- Detailed Buyer Authentication Transaction Flow
- Call 1: Verify that the cardholder is enrolled in the 3-D Secure program
- Call 2: POST the authentication request to and redirect the customer’s browser to the ACS URL
- Call 3: Validate the PARES authentication data returned by the ACS server
- Call 4: Submit the intended transaction request to the Payflow server
- Example Buyer Authentication Transactions
- Buyer Authentication Transaction Parameters and Return Values
- ECI Values
- Logging Transaction Information
- Screening Transactions Using the Payflow SDK
- Downloading the Payflow SDK (Including APIs and API Documentation)
- Transaction Data Required by Filters
- Transaction Parameters Unique to the Filters
- Existing Payflow Parameters Used by the Filters
- Response Strings for Transactions that Trigger Filters
- Accepting or Rejecting Transactions That Trigger Filters
- Logging Transaction Information
- Responses to Credit Card Transaction Requests
- Fraud Filter Reference
- Testing the Transaction Security Filters
- Good and Bad Lists
- AVS Failure Filter
- BIN Risk List Match Filter
- Country Risk List Match Filter
- Email Service Provider Risk List Match Filter
- Geo-location Failure Filter
- International IP Address Filter
- International Shipping/Billing Address Filter
- IP Address Match Filter
- Shipping/Billing Mismatch Filter
- Total Item Ceiling Filter
- Total Purchase Price Ceiling Filter
- Total Purchase Price Floor Filter
- USPS Address Validation Failure Filter
- ZIP Risk List Match Filter
- Deactivating Fraud Protection Services
- Index
How Fraud Protection Services Protect You
Special Considerations
2
16 Fraud Protection Services User’s Guide
Example Filter
The Total Purchase Price Ceiling filter compares the total amount of the transaction to a
maximum purchase amount (the ceiling) that you specify. Any transaction amount that
exceeds the specified ceiling triggers the filter.
Configuring the Filters
Through PayPal Manager, you configure each filter by specifying the action to take whenever
the filter identifies a suspicious transaction (either set the transaction aside for review or reject
it). See PayPal Manager online help for detailed filter configuration procedures.
Typically, you specify setting the transaction aside for review. For transactions that you deem
extremely risky (for example, a known bad email address), you might specify rejecting the
transaction outright. You can turn off any filter so that it does not screen transactions.
For some filters, you also set the value that triggers the filter—for example the dollar amount
of the ceiling price in the Total Purchase Price Ceiling filter.
Reviewing Suspicious Transactions
As part of the task of minimizing the risk of fraud, you review each transaction that triggered a
filter through PayPal Manager to determine whether to accept or reject the transaction. See
PayPal Manager online help for details.
Special Considerations
Merchants With an Instant Fulfillment Model
For businesses with instant fulfillment business models (for example, software or digital goods
businesses), the Review option does not apply to your business—you do not have a period of
delay to review transactions before fulfillment to customers. Only the Reject and Accept
options are applicable to your business model.
In the event of server outage, Fraud Protection Services is designed to queue transactions for
online processing. This feature also complicates an instant fulfillment business model.
Merchants using the Recurring Billing Service
To avoid charging you to filter recurring transactions that you know are reliable, Fraud
Protection Services filters do not screen recurring transactions.
To screen a prospective recurring billing customer, submit the transaction data using PayPal
Manager’s Virtual Terminal. The filters screen the transaction in the normal manner. If the
transaction triggers a filter, then you can follow the normal process to review the filter results.