User's Guide
Table Of Contents
- Payflow Fraud Protection Services User’s Guide
- Preface
- Overview
- How Fraud Protection Services Protect You
- Configuring the Fraud Protection Services Filters
- Assessing Transactions that Triggered Filters
- Activating and Configuring the Buyer Authentication Service
- Performing Buyer Authentication Transactions Using the SDK
- Testing the Buyer Authentication Service
- Buyer Authentication Transaction Overview
- Buyer Authentication Terminology
- Buyer Authentication Server URLs
- Detailed Buyer Authentication Transaction Flow
- Call 1: Verify that the cardholder is enrolled in the 3-D Secure program
- Call 2: POST the authentication request to and redirect the customer’s browser to the ACS URL
- Call 3: Validate the PARES authentication data returned by the ACS server
- Call 4: Submit the intended transaction request to the Payflow server
- Example Buyer Authentication Transactions
- Buyer Authentication Transaction Parameters and Return Values
- ECI Values
- Logging Transaction Information
- Screening Transactions Using the Payflow SDK
- Downloading the Payflow SDK (Including APIs and API Documentation)
- Transaction Data Required by Filters
- Transaction Parameters Unique to the Filters
- Existing Payflow Parameters Used by the Filters
- Response Strings for Transactions that Trigger Filters
- Accepting or Rejecting Transactions That Trigger Filters
- Logging Transaction Information
- Responses to Credit Card Transaction Requests
- Fraud Filter Reference
- Testing the Transaction Security Filters
- Good and Bad Lists
- AVS Failure Filter
- BIN Risk List Match Filter
- Country Risk List Match Filter
- Email Service Provider Risk List Match Filter
- Geo-location Failure Filter
- International IP Address Filter
- International Shipping/Billing Address Filter
- IP Address Match Filter
- Shipping/Billing Mismatch Filter
- Total Item Ceiling Filter
- Total Purchase Price Ceiling Filter
- Total Purchase Price Floor Filter
- USPS Address Validation Failure Filter
- ZIP Risk List Match Filter
- Deactivating Fraud Protection Services
- Index
Fraud Protection Services User’s Guide 83
Fraud Filter Reference
High-risk Payment Filters
A
Buyer Authentication returns one of the following responses in the
AUTHENTICATION_STATUS name-value pair (values are for Visa USA region):
Actions
You set the “strength” of the filter as follows:
Full: Trigger if a value of N, U, or F is returned.
Medium: Trigger only if a value of N is returned.
NOTE: To enforce the minimum Visa regulations, set the filter to Medium strength with an
action of Reject. This setting rejects N responses, however, so there is no liability
benefit.
How does the filter protect me?
Buyer Authentication is the only screening tool that promises to shift fraud liability from the
merchant. The password used with Verified by Visa and MasterCard Secure Code is the
digital equivalent to a shopper’s handwritten signature.
NOTE: Make use of Buyer Authentication if your processor and acquirer support it. The use
of the password protects merchants from some chargebacks when a customer claims
not to have authorized the purchase.
Widespread account holder enrollment in Buyer Authentication programs may take some time
and depends on the card issuers supporting and marketing the option.
TABLE A.4 Responses in the AUTHENTICATION_STATUS name-value pair
Result Description Liability Impact (Subject to Change)
Y Successful authentication—the password
was correct.
Both Visa and MasterCard shift liability for
fraud from the merchant.
A The merchant attempted to authenticate the
buyer, but the issuer does not support buyer
authentication.
Visa shifts liability for fraud from the
merchant.
MasterCard does not shift liability for fraud
from the merchant.
N Unsuccessful authentication—the
password was not correct.
Neither Visa nor MasterCard shift liability
for fraud from the merchant.
U Authentication could not be completed due
to network error.
Neither Visa nor MasterCard shift liability
for fraud from the merchant.
F Card issuers authentication credentials
could not be validated.
Neither Visa nor MasterCard shift liability
for fraud from the merchant