Fraud Modules

To access your Fraud Modules, click on ‘Fraud Manager’ on the side menu bar from your Dashboard then select ‘Fraud Modules’ from the drop down menu.

Overview

The Fraud Module Center, as shown in the image above, allows you view an change the settings of each transaction source key in order to control various security aspects and prevent credit card fraud from occurring in your account.

Please Note: A transaction source key is a 16 alphanumeric digit that allows merchants to integrate with shopping carts and 3rd party softwares. Such source keys are generated from your payment forms, API keys, or application keys. For example: When you create a payment form, the source key of that payment form will automatically be in your Fraud Module Center. This allows you to add specific fraud modules into that payment form’s source key to be able to process payments securely.

Adding A Fraud Module

In the Fraud Module Center, you can set Universal Fraud Modules or set each source key’s fraud modules separately.

To add a Fraud Module, click Overview on the Universal Fraud Module table or in each source key table. See image below. Please Note: Setting a Universal Fraud Module affects all of your sources keys used to conduct transactions.

Overview

A pop up window will appear where you can select modules to add and apply to your account. This pop up window will display a slider where you can view and navigate through all the fraud modules available.

Click on Overview or Overview to navigate and select through the Fraud Module slider menu.

Overview

To select the fraud module you wish to add to a specific source key, you can do one of the following:

  • Click on Overview on the bottom of the fraud module type tab.
  • Click Overview located under the description of the fraud module.
  • Click on the tab then click Overview located at the lower right hand side of the pop up window.

Overview

Adjust the settings of the module to your specifications and click Overview to apply the fraud module setting to the source key. Descriptions of each Fraud Module and settings for each are described below.

AVS Response

The Address Verification System (AVS) verifies that the AVS (Billing) Street and AVS (Billing) Zip matches what the customer’s issuing bank has on file for their card. When a transaction is processed, the customer’s issuing bank will respond with an Approval/Decline response along with one of the AVS Result Codes listed in this module (even when no AVS data was entered for the transaction). When enabled, this module accepts transactions with the AVS Result codes you have selected and returns an error for all others.

A pop up window will appear giving a list of all the possible AVS responses. The first four AVS codes or responses (YYY, YYX, NYW, and NYZ) are enabled by default.

Overview

To enable an AVS response, switch the button to Overview

To disable an AVS response, switch it back to Overview

Transactions blocked by this module will return this error message:

  • Your billing information does not match your credit card. Please check with your bank.

Please Note: Do NOT re-run the transaction unless the customer provides new address verification information. Multiple errors can generate multiple authorizations.

AVS Pre-Check

AVS Pre-Check allows merchants to verify that the billing address the customer provides matches the card the customer has provided BEFORE the transaction is authorized. This means the customer should not see a pending transaction when their transaction is rejected by the AVS Response module. Only certain transactions are eligible for AVS Pre-Check. For the feature to work correctly, the following must be true:

  • The merchant's processor must support this feature.
  • The card holder's bank must support this feature. If the customer's bank does not participate then the customer may see a pending transaction on their account for transactions rejected by the AVS module.
  • The merchant industry cannot be set to Retail(Swipe).

Enabling the AVS Pre-Check will NOT effect transactions that have been declined by the bank. These transactions will still be declined regardless of the AVS result. Enabling the AVS Pre-Check will NOT effect approved transactions where the AVS Result is accepted by the module. These transactions will still be approved.

Enabling Pre-Check will only effect transactions where the bank approves the transaction, but returns an AVS result that you have chosen to reject in the settings of the module.

When Pre-Check AVS is enabled, the gateway will verify the AVS response BEFORE requesting authorization. If the bank approves the transaction, but returns an AVS result that you have chosen to reject:

  • The transaction result will be: Your billing information does not match your credit card. Please check with your bank.
  • No authorization will be issued by the bank
  • No funds will be held on the customer's account

When Pre-Check AVS is disabled, the gateway will request AVS responses and authorization at the same time. If the bank approves the transaction but the AVS response is one you have chosen to reject:

  • The transaction result will be: Your billing information does not match your credit card. Please check with your bank.
  • The bank may have issued an authorization.
  • The bank may have put a hold for funds on the customer's account.

Essentially, on the merchants end, the transaction was rejected by the gateway (and will NOT be funded for the transaction), but on the customer's end, they may see a pending transaction on their account (this authorization will eventually drop off). If you do encounter a situation in which a transaction has been rejected for fraud reasons, but the bank still issued an authorization code then there are three ways to resolve the situation:

  • Wait for the authorization to fall off on its own. For this option, no further steps need to be taken. The gateway will not settle this authorization and the transaction will NOT appear on the customer’s monthly statement at the end of the month. It could take up to a week for the pending transaction to drop-off the customer's account, depending on the customer's issuing bank.
  • Make an exception and choose accept this transaction, despite the AVS Result. For this option, locate the transaction in the 'Errors by Date' report and capture the transaction from the transaction details. Click here for more detailed instructions.
  • Void the transaction to remove the pending transaction from the customer’s bank account as soon as possible. For this option, locate the transaction in the 'Errors by Date' report and void the transaction from the transaction details. Make sure you select the 'Release Funds Immediately' option. Click here for more detailed instructions.

Bin Ranges

This module allows you to block transactions based on the credit card number’s BIN. The BIN is the first 6 digits of the card number and typically corresponds to the bank that issued the card. By blocking specific BINs, you can block cards from certain countries or card types (such as gift or reward cards).

To use this module, enter each BIN range you would like to block on its own line. All cards within the BIN range(s) you have specified will return an error. For example, if you enter 400010 then all cards beginning with 400010 will be blocked.

Overview

Transactions blocked by this module will return this error message:

  • Merchant has blocked card issuer, please try a different card.

Bin Type Blocker

This module allows you to accept or block cards by a combination of their type (credit, debit, prepaid, and unknown) and their credit card issuer (Visa, MasterCard, American Express, and Discover). All BIN types you choose to reject will return an error.

For example, to reject ALL Amex and Discover cards, select the ‘Accepts All Cards Except For’ option and then check the ‘All’ boxes corresponding with Amex and Discover. Or if you would like to accept ONLY debit card transactions, select the ‘Decline All Cards Except For’ option and check the ‘Debit’ boxes underneath Visa and MasterCard (Amex and Discover do not offer debit).

By default, the ‘Accept All Cards Except For’ option is enabled. To switch to the ‘Decline All Cards Except For’ by clicking Overview to turn that option on.

Overview

If you enter a custom message into the 'Decline Message' field then the gateway will reply with that message when the module blocks a card from being processed. If no 'Decline Message' is entered, transactions blocked by this module will return one of these error messages:

  • Card not accepted by merchant, Bin Type Blocked.
  • Card not accepted by merchant, please try a different card.

Card Level Results

This module allows you to select which transactions to accept based on the result of the Card Level (Traditional, Business, Healthcare, Rewards, Corporate, etc.). When a transaction is processed, the customer’s issuing bank will respond with an Approval/Decline response along with one of the Card Level Result Codes listed in this module. When enabled, this module accepts transactions with the Card Level Result codes you have selected and returns an error for all others.

To enable a card level response, switch the button to Overview. All responses that are switched to Overview will be declined. See image below.

Overview

Transactions blocked by this module will return this error message:

  • Card not accepted by merchant, please try a different card.

Card Type

This module allows you to block transactions based on the Card Type (Visa, MasterCard, Discover, American Express). When enabled, this module accepts transactions with card types you have selected and returns an error for all others.

Please Note: This module does NOT affect whether your merchant account supports a specific card type. For example, if you allow Discover transactions in this module, but you are not set up to take Discover with your merchant service provider, then Discover transactions will still be declined by your processor. Check with your merchant service provider for more information about which card types you accept.

As shown in the image below, you have a list of all the possible card types you can accept. To enable a card type, switch to Overview. To disable a card type, switch to Overview.

Overview

Transactions blocked by this module will return this error message:

  • Merchant does not accept card type.

Card ID Checker

This module allows you to select which transactions to accept based on the result of the Card ID verification (CVV2, CID, etc). When a transaction is processed, the customer’s issuing bank will respond with an Approval/Decline response along with one of the CVV2 Result Codes listed in this module (even when no CVV2 data was entered for the transaction). When enabled, this module accepts transactions with the CVV2 Result codes you have selected and returns an error for all others.

As shown in the image below, all enabled responses must be switched Overview. All disabled responses should be switched to Overview.

Overview

Transactions blocked by this module will return this error message:

  • Unable to verify card ID number.

Like the AVS Response module when Pre-Check is disabled, when transactions are approved by the customer's issuing bank, but rejected by the gateway, the customer may see a pending transaction on their account, even when you are seeing an error on your end. Please Note: Do NOT re-run the transaction unless the customer provides a new CVV2 code. Multiple errors will generate multiple authorizations. There are three ways to resolve the situation:

  • Wait for the authorization to fall off on its own. For this option, no further steps need to be taken. The gateway will not settle this authorization and the transaction will NOT appear on the customer’s monthly statement at the end of the month. It could take up to a week for the pending transaction to drop-off the customer's account, depending on the customer's issuing bank.
  • Make an exception and choose accept this transaction, despite the CVV Result. For this option, locate the transaction in the 'Errors by Date' report and capture the transaction from the transaction details. Click here for more detailed instructions.
  • Void the transaction to remove the pending transaction from the customer’s bank account as soon as possible. For this option, locate the transaction in the 'Errors by Date' report and void the transaction from the transaction details. Make sure you select the 'Release Funds Immediately' option. Click here for more detailed instructions.

Duplicate Detection

This module can be used to detect and block duplicate transactions. It’s often used to prevent double charges in shopping carts when a user/customer accidentally double clicks the ‘Order’ button or a customer clicks the ‘Back’ button when processing on a payment form. The system blocks transactions when the last 4 digits of the card number, the transaction amount, and the invoice number (invoice number is optional) are identical AND the transactions are processed within the allotted time frame.

Overview

To use this module, enter in the length of time to check back for duplicate transactions and check the ‘Ignore Invoice #’ if desired. You many want to select the 'Ignore Invoice #' options if your transactions do not have invoice numbers or when the invoice numbers are automatically generated. When enabled, the module will reject duplicate transactions that meet your criteria and happen within the allotted time frame. For example, if you set the ‘Time Period’ to 5 minutes and do not enable ‘Ignore Invoice #’ and then run 3 transactions with the same card number, amount, and invoice number within a 5-minute time period then the first transaction will be accepted, but the second and third will return an error.

Please Note: If you are using the Duplicate Transaction Handling feature within the source key do not enable this module. Combining the two will cause a system error.

Transactions blocked by this module will return this error message:

  • Duplicate Transaction, wait at least (XX) minutes before trying again.

Email Blocker

This module allows you to block or accept transactions based on the customer’s specific email address or domain (Yahoo, Hotmail, etc.). If you enter emails/domains in the ‘Allowed Emails’ section, then transactions with these specific emails/domains will NOT be blocked by this fraud module. If you enter emails/domains in the ‘Blocked Emails’ section, then all transactions where the customer email matches the email/domain on the list will return an error. You may add a single email address or multiple email addresses to be blocked or allowed. Enter the email address on the corresponding fields.

Overview

Once you have entered the emails, click Overview. This will apply the fraud module setting to the source key.

Transactions blocked by this module will return this error message:

  • Email address (XXXX) blocked by merchant. Please use a different email address.

Fraud Profiler

From the fraud module slider menu, select ‘Fraud Profiler’. The Fraud Profiler module performs a real time fraud risk assessment of transactions. If the resulting score is over a set threshold, the transaction is blocked. The risk assessment is a combination of automated and human traffic pattern analysis. Any sudden charges in the number of transactions, the dollar amounts, the countries of the customers or decline rate received by a merchant are flagged and used to build a blacklist of customers by IP address.

You have the ability to pick the percentage of the threshold you wish to set.

You can choose the option to skip the module for sources secured by pin and to enter a decline message.

Overview

If you enter a custom message into the 'Decline Message' field then the gateway will reply with that message when the module blocks a card from being processed. If no 'Decline Message' is entered, transactions blocked by this module will return this message:

  • Transaction declined (fp).

Block by Host or IP

This module allows you to block transactions based on the IP or Host the transaction was processed from. An IP address is a numerical label that shows what device (computer) sent the payment information to the gateway. You can block based on:

  • single IP addresses (192.0.0.1)
  • a range of IP addresses (192.0.0.0-192.0.0.255)
  • host addresses (hacker.fraud.com)
  • entire tlds (*.jp)
  • domains (*fraud.jp)
  • subdomains (*.more.fraud.jp)

When using this module with a 3rd party software or shopping cart, you must be sure the software passes through the Client IP to the gateway. To check if the Client IP is being passed correctly, look at the details of a transaction that was processed on the software. If an IP is listed in the ‘Client IP’ field, then this module is compatible with the software.

Enter each IP or host to block on its own line. To block an entire network, you may enter just the class-c or class-b. For example, to block '192.168.1.0' you would enter '192.168.1.*'. To block the domain 'domain.com,' you would enter 'domain.com'.

Overview

Please Note: Blocking on host or domain is strongly discouraged, as this lookup will add significant time to each transaction.

Transactions blocked by this module will return this error message:

  • IP (XXXXX) blocked by fraud stopper. (c)

Country Blocker

This module allows you to block or accept transactions based on the country from which they originate. The country is determined by matching the customer’s IP address against our GeoIP database. To block all transactions from certain locations, select the ‘Accept All Except’ mode and add the country/countries you would like to block. To accept transactions from only certain locations, select ‘Deny All Except’ and add the country/countries you would like to accept payments from, all other countries will return an error.

Because the gateway uses the IP Address to determine the country transactions originate from, it’s important to be sure that 3rd party software and shopping carts pass through the Client IP to the gateway. To check if the Client IP field is being passed correctly, look at the details of a transaction that was processed on the software. If an IP is listed in the ‘Client IP’ field, then this module is compatible with your software. There are a few options in terms of checking the IP Address:

  • Client IP automatically: IP detected automatically (select if not certain which setting to choose).
  • Local Client IP: Customers connecting directly to the gateway such as a payment form.
  • Remote Client IP: Customers connecting to a third party software such as a shopping cart.

If the country is unknown you have the option to deny it by check the 'Deny if country is unknown' box.

You also have the option to select which countries to accept or deny.

Overview

Transactions blocked by this module will return this error message:

  • Merchant does not accept transactions from this location.

Block by Card Country

This module allows you to accept or block transactions based on the credit card's country of origin. The country of origin is determined by the card's bin number. First, choose the default security level for this module. You can choose from one of two options:

  • Accept All Except- This option accepts cards from all countries by default. It only blocks cards from countries added to the list below.
  • Deny All Except- This option blocks cards from all countries by default. It only accepts cards from the countries added to the list below.

Overview

After you have chosen one of the options above, add countries to your list. Transactions blocked by this module will return this error message:

  • Merchant does not accept this card due to its country of origin.

Credit Card Blocker

The gateway maintains a list of known bad/stolen credit card numbers. To prevent fraud on your account, cards on this master list are automatically blocked from processing transactions (even when this module is NOT enabled). This module allows you to create your own custom list of bad card numbers. When enabled, the cards on your custom list will be blocked IN ADDITION to the cards that are already on our system list. You can add cards to the custom list by clicking the ‘Block Card’ button in the transaction details or by adding card numbers in the ‘Credit Card Block List’ section of the ‘Fraud Manager Tab’.

Overview

If you wish to add to your credit card block list, click Overview and you will be taken to your Credit Card Block List page.

Please Note: Cards on your custom block list will only be blocked when this module is enabled.

If you enter a custom message into the 'Error Message' field then the gateway will reply with that message when the module blocks a card from being processed. If no 'Decline Message' is entered, transactions blocked by this module will return this message:

  • Merchant does not accept this card, try a different card.

Multiple Credit Cards

This module is often used to block people from using your merchant account to test stolen credit card numbers. It allows you to block transactions when multiple cards are processed/declined within a specified amount of time. To use this module, you must specify four different fields:

  • Time Period- you will not be able to process more than the maximum ‘Number of Cards’ or maximum ‘Number of Declines’ within this time period
  • Number of Cards- the maximum number of unique cards allowed within the time period (approved AND declined transactions will be counted)
  • Number of Declines- the maximum number of declines on a single card allowed within the time period
  • Block by- the field you would like to group transactions by. You can choose from Invoice #, Order ID, or Client IP (see description of the Block by Host or IP for more information about verifying that 3rd party softwares and shopping carts are passing through this information).

Overview

When enabled, the module will return an error for transactions after the ‘Number of Cards’ requirement OR the ‘Number of Declines’ requirement has been met (whichever happens first).

For example, if the module is set up with the following parameters:

  • ‘Time Period: 30 min’
  • ‘Number of Cards: 4’
  • ‘Number of Declines: 2’
  • ‘Block by: Client IP’

The gateway will begin to return an error for all transactions coming from an IP Address after 4 cards have been processed on the same IP Address within 30 minutes (even if all of the processed cards were approved, all cards were declined, or a mixture of the two). Transactions from other IP addresses will continue to process without error. The module would also error out transactions after 2 declines were received on the SAME CARD on the same IP within the 30-minute time frame.

Transactions blocked by this module will return this error message:

  • You have tried too many card numbers, please contact merchant.

Transaction Amount

This module allows you to reject transactions if they are outside a maximum or minimum amount. Any transactions that are outside the range you have specified will return an error.

To specify a minimum but no maximum, enter a * in the maximum field. To specify a maximum but no minimum, enter a * in the minimum field.

Overview

Transactions blocked by this module will return this error message:

  • The (minimum/maximum) order amount is $(XXX).

Zip Code Verifier

This module allows you to verify that either the shipping and/or the billing zip code is valid and consistent with the other billing/shipping information (State, City, Area Code) provided. This module does NOT verify that the shipping/billing address is the address associated with the card being used, but instead prevents the use of garbage data.

To use this module, select which fields you would like to verify the zip code against. You can choose one or more fields including State, City, and Area Code. You can choose to verify the shipping AND billing zip code or just one. When the transaction is run, the system verifies in our database that the zip code entered is valid and that the state, city, and/or area code that was entered is within the boundaries of that zip code. All transactions in which the specified zip code(s) or other specified fields (state, city, zip) are not valid, will return an error.

Overview

To verify against the billing and shipping zip code State, City or Area code switch the button to Overview You may also choose the option of accepting and declining a transaction with zip code that is not in your database (ex. A non-US postal code).

Transactions blocked by this module will return on of these error messages:

  • (Billing/Shipping) (state/city/area code) does not match (billing/shipping) zip code.
  • Invalid shipping zip code.
  • Invalid billing zip code.
 

For inquiries contact us at (720) 277-0648