User's Guide
Table Of Contents
- Payflow Fraud Protection Services User’s Guide
- Preface
- Overview
- How Fraud Protection Services Protect You
- Configuring the Fraud Protection Services Filters
- Assessing Transactions that Triggered Filters
- Activating and Configuring the Buyer Authentication Service
- Performing Buyer Authentication Transactions Using the SDK
- Testing the Buyer Authentication Service
- Buyer Authentication Transaction Overview
- Buyer Authentication Terminology
- Buyer Authentication Server URLs
- Detailed Buyer Authentication Transaction Flow
- Call 1: Verify that the cardholder is enrolled in the 3-D Secure program
- Call 2: POST the authentication request to and redirect the customer’s browser to the ACS URL
- Call 3: Validate the PARES authentication data returned by the ACS server
- Call 4: Submit the intended transaction request to the Payflow server
- Example Buyer Authentication Transactions
- Buyer Authentication Transaction Parameters and Return Values
- ECI Values
- Logging Transaction Information
- Screening Transactions Using the Payflow SDK
- Downloading the Payflow SDK (Including APIs and API Documentation)
- Transaction Data Required by Filters
- Transaction Parameters Unique to the Filters
- Existing Payflow Parameters Used by the Filters
- Response Strings for Transactions that Trigger Filters
- Accepting or Rejecting Transactions That Trigger Filters
- Logging Transaction Information
- Responses to Credit Card Transaction Requests
- Fraud Filter Reference
- Testing the Transaction Security Filters
- Good and Bad Lists
- AVS Failure Filter
- BIN Risk List Match Filter
- Country Risk List Match Filter
- Email Service Provider Risk List Match Filter
- Geo-location Failure Filter
- International IP Address Filter
- International Shipping/Billing Address Filter
- IP Address Match Filter
- Shipping/Billing Mismatch Filter
- Total Item Ceiling Filter
- Total Purchase Price Ceiling Filter
- Total Purchase Price Floor Filter
- USPS Address Validation Failure Filter
- ZIP Risk List Match Filter
- Deactivating Fraud Protection Services
- Index
Fraud Protection Services User’s Guide 91
Fraud Filter Reference
Custom Filters
A
Good Lists
What does the filter do?
This filter compares the customer’s e-mail address and credit card number against lists (that
you create) of addresses and numbers for known good customers. You create the lists.
Any transaction for which the e-mail address or credit card number is an exact match with an
entry in one of your good lists is accepted and no other filters are applied. Enter only numerals
in the credit card number list—no spaces or dashes.
NOTE: Unlike the Risk lists that PayPal manages, you, solely, manage and update the Good
Lists.
Items that you enter in the test Good lists are not carried over to your configuration for
the live servers, so do not spend time entering a complete list for the test configuration.
If you activate this filter, then you must set up lists of good email addresses and good card
numbers. Be sure to type the e-mail addresses and credit card numbers accurately.
IMPORTANT:The Good Lists do not authenticate individuals. If a fraudster were to steal
e-mail addresses or credit card account numbers from this list, then they
would be able to bypass the filter.
How does the filter protect me?
To ensure that loyal repeat customers are not held up by your fraud review process, you may
want to create lists of e-mail addresses and card numbers that should be accepted. This ensures
that an abnormal shopping pattern on the part of a loyal customer (for example making a
purchase while on vacation overseas) does not trigger a filter and delay the transaction.
Total Purchase Price Floor Filter
What does the filter do?
This filter screens the total amount of a transaction (including tax, shipping and handling fees).
If a transaction amount is below the price set for this filter, then the transaction is accepted and
no other filters are applied.
How does the filter protect me?
Merchants with an especially high transaction volume can use this filter to reduce the number
of transactions that their staff must review—transactions below the specified price level are
accepted without further analysis.
Custom Filters
You create Custom filters by combining up to five existing filters. A well-designed Custom
filter can more accurately identify suspicious transactions because it is fine-tuned to the
unique needs of your business (for example, you can specify a particular combination of