User's Guide
Table Of Contents
- Payflow Fraud Protection Services User’s Guide
- Preface
- Overview
- How Fraud Protection Services Protect You
- Configuring the Fraud Protection Services Filters
- Assessing Transactions that Triggered Filters
- Activating and Configuring the Buyer Authentication Service
- Performing Buyer Authentication Transactions Using the SDK
- Testing the Buyer Authentication Service
- Buyer Authentication Transaction Overview
- Buyer Authentication Terminology
- Buyer Authentication Server URLs
- Detailed Buyer Authentication Transaction Flow
- Call 1: Verify that the cardholder is enrolled in the 3-D Secure program
- Call 2: POST the authentication request to and redirect the customer’s browser to the ACS URL
- Call 3: Validate the PARES authentication data returned by the ACS server
- Call 4: Submit the intended transaction request to the Payflow server
- Example Buyer Authentication Transactions
- Buyer Authentication Transaction Parameters and Return Values
- ECI Values
- Logging Transaction Information
- Screening Transactions Using the Payflow SDK
- Downloading the Payflow SDK (Including APIs and API Documentation)
- Transaction Data Required by Filters
- Transaction Parameters Unique to the Filters
- Existing Payflow Parameters Used by the Filters
- Response Strings for Transactions that Trigger Filters
- Accepting or Rejecting Transactions That Trigger Filters
- Logging Transaction Information
- Responses to Credit Card Transaction Requests
- Fraud Filter Reference
- Testing the Transaction Security Filters
- Good and Bad Lists
- AVS Failure Filter
- BIN Risk List Match Filter
- Country Risk List Match Filter
- Email Service Provider Risk List Match Filter
- Geo-location Failure Filter
- International IP Address Filter
- International Shipping/Billing Address Filter
- IP Address Match Filter
- Shipping/Billing Mismatch Filter
- Total Item Ceiling Filter
- Total Purchase Price Ceiling Filter
- Total Purchase Price Floor Filter
- USPS Address Validation Failure Filter
- ZIP Risk List Match Filter
- Deactivating Fraud Protection Services
- Index
Fraud Protection Services User’s Guide 63
Screening Transactions Using the Payflow SDK
Accepting or Rejecting Transactions That Trigger Filters
7
Description><action>R</action><triggeredMessage>The IP address is from: CZ<
/triggeredMessage></rule></triggeredRules>&POSTFPSMSG=Review: More than one
rule was triggered for Review&FPS_POSTXMLDATA[682]=<triggeredRules><rule
num="1"><ruleId>1</ruleId><ruleAlias>AVS</ruleAlias><ruleDescription>AVS
Failure</ruleDescription><action>R</action><triggeredMessage>AVS check
failed: Full Security</triggeredMessage><rulevendorparms><ruleParameter
num="1"><name>Value</name><value type="String">Full</value></ruleParameter>
</rulevendorparms></rule><rule num="2"><ruleId>23</ruleId><ruleAlias>CSCFai
lure</ruleAlias><ruleDescription>CSC Failure</ruleDescription><action>R</ac
tion><triggeredMessage>CSC check failed, returned X</triggeredMessage><rule
vendorparms><ruleParameter num="1"><name>Value</name><value type="String">F
ull</value></ruleParameter></rulevendorparms></rule></triggeredRules>
Accepting or Rejecting Transactions That Trigger Filters
You can submit a transaction request that either accepts or rejects a transaction that triggered a
filter (Result code 126). This is the functional equivalent of the operations discussed in
“Acting on Transactions that Triggered Filters” on page 24.
Accept: Submit the transaction for normal processing.
Reject: Do not submit the transaction for processing. See “Rejecting Transactions” on
page 24.
NOTE: You must contact Customer Service to enable this feature. Telephone: 1-888-883-
9770. E-mail: payflow-support@paypal.com
To accept or reject a transaction, include the following values in the transaction request:
TRXTYPE=U
ORIGID=<PNREF returned for the original transaction>
UPDATEACTION=APPROVE (to accept)
— or —
UPDATEACTION=FPS_MERCHANT_DECLINE (to reject)
Logging Transaction Information
A record is maintained of all transactions executed on your account. Use PayPal Manager to
view the record and use the information to help reconcile your accounting records.
NOTE: This record is not the official bank statement. The activity on your account is the
official record.
In addition, it is strongly recommends that you log all transaction results (except for check
information) on your own system. At a minimum, log the following data:
PNREF (called the Transaction ID in PayPal Manager reports)