User's Guide
Table Of Contents
- Payflow Fraud Protection Services User’s Guide
- Preface
- Overview
- How Fraud Protection Services Protect You
- Configuring the Fraud Protection Services Filters
- Assessing Transactions that Triggered Filters
- Activating and Configuring the Buyer Authentication Service
- Performing Buyer Authentication Transactions Using the SDK
- Testing the Buyer Authentication Service
- Buyer Authentication Transaction Overview
- Buyer Authentication Terminology
- Buyer Authentication Server URLs
- Detailed Buyer Authentication Transaction Flow
- Call 1: Verify that the cardholder is enrolled in the 3-D Secure program
- Call 2: POST the authentication request to and redirect the customer’s browser to the ACS URL
- Call 3: Validate the PARES authentication data returned by the ACS server
- Call 4: Submit the intended transaction request to the Payflow server
- Example Buyer Authentication Transactions
- Buyer Authentication Transaction Parameters and Return Values
- ECI Values
- Logging Transaction Information
- Screening Transactions Using the Payflow SDK
- Downloading the Payflow SDK (Including APIs and API Documentation)
- Transaction Data Required by Filters
- Transaction Parameters Unique to the Filters
- Existing Payflow Parameters Used by the Filters
- Response Strings for Transactions that Trigger Filters
- Accepting or Rejecting Transactions That Trigger Filters
- Logging Transaction Information
- Responses to Credit Card Transaction Requests
- Fraud Filter Reference
- Testing the Transaction Security Filters
- Good and Bad Lists
- AVS Failure Filter
- BIN Risk List Match Filter
- Country Risk List Match Filter
- Email Service Provider Risk List Match Filter
- Geo-location Failure Filter
- International IP Address Filter
- International Shipping/Billing Address Filter
- IP Address Match Filter
- Shipping/Billing Mismatch Filter
- Total Item Ceiling Filter
- Total Purchase Price Ceiling Filter
- Total Purchase Price Floor Filter
- USPS Address Validation Failure Filter
- ZIP Risk List Match Filter
- Deactivating Fraud Protection Services
- Index
Fraud Filter Reference
High-risk Payment Filters
A
82 Fraud Protection Services User’s Guide
Card Security Code Failure Filter Action
The specified action is taken whenever the card security code response is the value that you
specified.
The Best Practices action is to review all transactions with responses other than Y. You set the
“strength” of the filter as follows:
Full: Take action if a value of N or X is returned.
Medium: Take action only if a value of N is returned.
Buyer Authentication Failure Filter
You must enroll for the Buyer Authentication Service in the Fraud Protection Services suite to
make use of the Buyer Authentication Failure filter. The filter is grayed out on configuration
pages if you are not enrolled.
Buyer Authentication refers to the card-sponsored authentication services such as Verified by
Visa and MasterCard Secure Code that make use of the 3-D Secure protocol. These
authentication methods prompt buyers to provide a password to their card issuer before being
allowed to execute a credit card purchase.
What does the filter do?
The filter is triggered when the customer’s identity is not adequately authenticated, according
to criteria that you specify.
Buyer Authentication Results
Although MasterCard and Visa both use the underlying 3-D Secure protocol to implement the
Buyer Authentication service, they have different liability rules regarding buyer authentication
results. Those rules appear in Table A.4.
MasterCard converts 3-D Secure results into UCAF fields. To simplify for the merchant, all
responses are normalized into the values listed in Table A.4.
X Account holder's bank does not support this service.
(Null) In some cases banks return no value at all.
T
ABLE A.3 Card security code responses
Result Meaning