User's Guide
Table Of Contents
- Payflow Fraud Protection Services User’s Guide
- Preface
- Overview
- How Fraud Protection Services Protect You
- Configuring the Fraud Protection Services Filters
- Assessing Transactions that Triggered Filters
- Activating and Configuring the Buyer Authentication Service
- Performing Buyer Authentication Transactions Using the SDK
- Testing the Buyer Authentication Service
- Buyer Authentication Transaction Overview
- Buyer Authentication Terminology
- Buyer Authentication Server URLs
- Detailed Buyer Authentication Transaction Flow
- Call 1: Verify that the cardholder is enrolled in the 3-D Secure program
- Call 2: POST the authentication request to and redirect the customer’s browser to the ACS URL
- Call 3: Validate the PARES authentication data returned by the ACS server
- Call 4: Submit the intended transaction request to the Payflow server
- Example Buyer Authentication Transactions
- Buyer Authentication Transaction Parameters and Return Values
- ECI Values
- Logging Transaction Information
- Screening Transactions Using the Payflow SDK
- Downloading the Payflow SDK (Including APIs and API Documentation)
- Transaction Data Required by Filters
- Transaction Parameters Unique to the Filters
- Existing Payflow Parameters Used by the Filters
- Response Strings for Transactions that Trigger Filters
- Accepting or Rejecting Transactions That Trigger Filters
- Logging Transaction Information
- Responses to Credit Card Transaction Requests
- Fraud Filter Reference
- Testing the Transaction Security Filters
- Good and Bad Lists
- AVS Failure Filter
- BIN Risk List Match Filter
- Country Risk List Match Filter
- Email Service Provider Risk List Match Filter
- Geo-location Failure Filter
- International IP Address Filter
- International Shipping/Billing Address Filter
- IP Address Match Filter
- Shipping/Billing Mismatch Filter
- Total Item Ceiling Filter
- Total Purchase Price Ceiling Filter
- Total Purchase Price Floor Filter
- USPS Address Validation Failure Filter
- ZIP Risk List Match Filter
- Deactivating Fraud Protection Services
- Index
3
Content
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Document Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Document Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Customer Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Revision History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Chapter 1 Overview. . . . . . . . . . . . . . . . . . . . . . . . . . .13
Growing Problem of Fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Reducing the Cost of Fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Chapter 2 How Fraud Protection Services Protect You . . . . . . . .15
The Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Hacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Credit Card Fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Protection Against the Threats—Fraud Filters . . . . . . . . . . . . . . . . . . . . . . . . 15
Example Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Configuring the Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Reviewing Suspicious Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Special Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Merchants With an Instant Fulfillment Model . . . . . . . . . . . . . . . . . . . . . . 16
Merchants using the Recurring Billing Service . . . . . . . . . . . . . . . . . . . . . 16
Chapter 3 Configuring the Fraud Protection Services Filters . . . . .17
Phase 1: Run Test Transactions Against Filter Settings on Test Transaction Security Servers .
18
Phase 2: Run Live Transactions on Live Transaction Servers in Observe Mode . . . . . . 19
Phase 3: Run All Transactions Through the Live Transaction Security Servers Using Active
Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Chapter 4 Assessing Transactions that Triggered Filters . . . . . . .21
Reviewing Suspicious Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21