Merchant Console Fraud Center
The Fraud Center allows you to view and change the settings of each transaction source in order to control various security aspects and prevent credit card fraud from occurring in your Merchant account. You can set Universal Fraud Modules (to affect all of the sources used to conduct transactions), or set each source's fraud modules separately.
Adding a New Module
To add or delete modules from any of the sources listed in the Fraud Center, click on the Add Module button beside the source you wish to edit. A list of all of the available modules will appear, and you can add any one or more of them, by clicking on the Select button to the right of the module's description. The setting options for the selected module will load and you can customize the fraud module settings to fit your needs.
In addition to individual fraud module settings, all universal modules will show Transaction Origin settings, and all modules (including universal modules) will show Entry Mode Settings.
Transaction Origin and Entry Mode Settings
By default, the settings will apply the module to all source key types. You can disable the module for the following source types using the Transaction Origin settings:
- Console- Transactions processed through the Virtual Terminal tab.
- Recurring- Transactions processed through recurring billing schedules set up in the Customer Database.
- Payment Form- Transactions processed through Payment Forms.
- API- Transactions processed through an API Key. This also includes transactions coming from the iOS mobile application, and the Android mobile application.
You will also see the entry mode settings. These settings will apply the module to all entry types by default. If you choose you can disable the module for the following entry modes:
When you are finished, click the Apply button at the bottom of the screen to apply the new fraud module settings to the source you have selected.
Changing Your Settings
Once you have applied your changes, the new module will appear on the Fraud Center page of your Merchant Console, under the heading of the source to which it has been applied. Beside the module is a Settings button and a Remove button which you can use at any time to alter or delete the fraud module from the source.
Advanced Transaction Filter
The Advanced Transaction Filter allows the merchant to block transactions by a custom rule set, either by requiring or rejecting data. You can create more rules by clicking 'Add', but there is a limit of 100 rules that can be added to the module. These rules are not case-sensitive.
If you enter a custom message into the 'Optional Custom Error' field then the gateway will reply with that message when the module blocks a transaction from being processed. If no 'Optional Custom Error' is entered, transactions blocked by this module will return:
- The value of field "[Name of Field]" was blocked.
|Invoice||Billing First Name||Shipping First Name|
|Description||Billing Last Name||Shipping Last Name|
|Customer Email||Billing Street||Shipping Street|
|OrderID||Billing Street 2||Shipping Street 2|
|PO Number||Billing City||Shipping City|
|Cvv2||Billing State||Shipping State|
|Card Holder||Billing Zip||Shipping Zip|
|AVS Street||Billing Country||Shipping Country|
|AVS Zip||Billing Phone||Shipping Phone|
|Equals||Will block all transactions when the value in the selected field does not match the value in the rule.|
|Does Not Equal||Will only block a transaction when the value in the selected field does match the value in the rule.|
|Contains||Will block all transactions when the value in the selected field does not contain the value in this rule. The value could be part of another word or phrase, such as the domain of an email address (@gmail.com, @yahoo.com, etc.)|
|Does Not Contain||Will only block a transaction when the value in the selected field does contain the value in the rule. The value could be part of another word or phrase, such as the domain of an email address (@gmail.com, @yahoo.com, etc.)|
|Starts With||Will block all transactions that do not have the value in the rule at the start of the selected field. For example, you can use this to make sure an invoice number begins with the certain prefix.|
|Ends With||Will block all transactions that do not have the value in the rule at the end of the selected field. For example, you can use this to only allow certain email domains to be used in the Customer Email field.|
|Is Greater Than||Will block all transactions who's value in the selected field is not greater than the value in the rule. This will error if the value in the selected field matches the value in the rule.|
|Is Less Than||Will block all transactions who's value in the selected field is not less than the value in the rule. This will error if the value in the selected field matches the value in the rule.|
|In List||Will block all transactions when the value in the selected field does not contain one or more of the exact values in the list. This list must be separated by commas if there is more than one value.|
|Not In List||Will only block a transaction when the value in the selected field does contain one or more of the exact values in the list. This list must be separated by commas if there is more than one value.|
This module allows you to select which transactions to accept based on the address verification system response. Check off the responses that you will accept. All others will be declined. The following is a list of all of the possible AVS response codes.
|YYY||Y, YYA, YYD||Address: Match & 5 Digit Zip: Match|
|NYZ||Z||Address: No Match & 5 Digit Zip: Match|
|YNA||A, YNY||Address: Match & 5 Digit Zip: No Match|
|NNN||N, NN||Address: No Match & 5 Digit Zip: No Match|
|YYX||X||Address: Match & 9 Digit Zip: Match|
|NYW||W||Address: No Match & 9 Digit Zip: Match|
|XXW||Card Number Not On File|
|XXU||Address Information not verified for domestic transaction|
|XXR||R, U, E||Retry / System Unavailable|
|XXS||S||Service Not Supported|
|XXE||Address Verification Not Allowed For Card Type|
|XXG||G,C,I||Global Non-AVS participant|
|YYG||B, M||International Address: Match & Zip: Not Compatible|
|GGG||D||International Address: Match & Zip: Match|
|YGG||P||International Address: No Compatible & Zip: Match|
Bin Range Blocker
This module allows you to block transactions based on the first 6 digits of the credit card number (the card's BIN). The "Bank Identification Number" (BIN) is used to identify the bank which issued the credit card. By blocking specific BINs a merchant can block cards from certain countries or card types (such as gift or reward cards).
Bin Type Blocker
The BIN is the first few digits of a credit card which identifies that type of the card. The BIN Type blocker allows for the system to review the type and block based on whether the card is a Credit or Debit card. This review is done before the card is authorized for the charge amount.
Block By Host or IP Address
This module will block transactions based on a single IP address (192.0.0.1), a range of IPs (192.0.0.0-184.108.40.206), a host address (hacker.fraud.com) or an entire tld (*.jp), domain (*.fraud.jp) or subdomain (*.more.fraud.jp). To use this module your shopping cart software must pass the client ip correctly. To check if your cart is passing the client ip, view the details on a transaction. If an ip is listed next to "Client IP" then you will be able to use this module.
Card ID Checker
This module allows you to select which transactions to accept based on the result of the card id verification (CVV2, CID, etc). Check off the responses that you will accept. All others will be declined.
Card Level Result
This module allows you to select which card level result to accept. Check off the responses that you will accept. All others will be declined.
Only allow credit card types listed. Transactions that are not listed will be blocked. Please note that this does not affect whether your merchant account has support for a specific card type. If you allow a transaction in this fraud module but you do not have support for it, the transaction will still be declined by the processor. Please check with your merchant account provider for more information on which card types you may accept.
This module allows you to block or accept transactions based on the country from which they originate. The country is determined by matching the customer’s IP address against our GeoIP database. To use this module your shopping cart must pass the ip address to the gateway.
To block all transactions from certain locations, select the ‘Accept All Except’ mode and add the country/countries you would like to block. To accept transactions from only certain locations, select ‘Deny All Except’ and add the country/countries you would like to accept payments from, all other countries will return an error.
Because the gateway uses the IP Address to determine the country transactions originate from, it’s important to be sure that 3rd party software and shopping carts pass through the Client IP to the gateway. To check if the Client IP field is being passed correctly, look at the details of a transaction that was processed on the software. If an IP is listed in the ‘Client IP’ field, then this module is compatible with your software. There are a few options in terms of checking the IP Address:
- Client IP (Auto): IP detected automatically (select if not certain which setting to choose).
- Local Client IP: Customers connecting directly to the gateway such as a payment form. (This setting is enabled by default)
- Remote Client IP: Customers connecting to a third party software such as a shopping cart.
- Server IP: Third party server IP address, this would be where a shopping cart is hosted
If the country is unknown you have the option to deny it by check the 'Deny if country is unknown' box.
You also have the option to select which countries to accept or deny.
Transactions blocked by this module will return this error message:
- Merchant does not accept transactions from this location.
Block by Card Country
This module allows you to accept or block transactions based on the credit card's country of origin. The country of origin is determined by the card's bin number. First, choose the default security level for this module. You can choose from one of two options:
- Accept All Except- This option accepts cards from all countries by default. It only blocks cards from countries added to the list below.
- Deny All Except- This option blocks cards from all countries by default. It only accepts cards from the countries added to the list below.
After you have chosen one of the options above, add countries to your list.
The credit card blocker module checks the credit card number against a list of known bad card numbers and will decline the transaction if the card is found. The merchant can maintain their own list of bad cards as well as use the system provided list.
This module detects and blocks duplicate transactions. This is useful for shopping carts that do not catch when a user has (accidentally) double clicked on the order button. The system uses the last 4 digits of the card number, the transaction amount and the invoice number to determine if a duplicate transaction has been submitted. You must specify the length of time the system will check back for a duplicate transaction. The maximum time frame is 2880 minutes (48 hours). If greater than 2880 minutes is entered, the maximum amount will be saved instead.
Blocks transactions coming from free webmail servers such as Hotmail and Yahoo. It can also be configured to allow or block specific email addresses or domains.
This module performs a real time fraud risk assessment of transactions. If the resulting score is over a set threshold, the transaction is blocked.
The risk assessment is a combination of automated and human traffic pattern analysis. Any sudden changes in the number of transactions, the dollar amounts, the countries of the customers or decline rate received by a merchant are flagged and used to build a blacklist of customers by IP address.
Please note: USAePay implements this fraud module across the board for ALL merchants with the threshold that prevents large scale abuse without blocking typical transaction patters. Merchants do not need to add this module themselves unless they would like to change the error message or use a higher sensitivity.
The error reason listed in reports for transactions that are declined by this module is: "Transaction declined (fp)" By default, the end customer will see: "Your billing information does not match your credit card. Please check with your bank."
Multiple Credit Cards
Block transactions where more then a specified number of different card numbers are attempted on the same order number or from the same IP address. This is useful for blocking people from using your merchant account to test stolen credit card numbers. To use this module your shopping cart must pass the IP address to the gateway.
This module allows you to choose which fields are required to process a transaction. Transactions that do not contain the required fields will return an error. Please note, make sure to check if the field you are requiring is available on that source. For example, if you make Shipping Address required on the vterm, all Simple Charge transactions would be rejected. This is because the console does not allow you to enter the Shipping Address in Simple Charge.
Please note: If you are using the Required Fields feature in the source key section for a payment form, do NOT use this module. It will cause an error.
This module allows you to define allowable transaction amounts. Any transactions that are not within the defined amounts are blocked. If you only want to specify a minimum but no maximum, enter a * in the maximum field. Likewise, if you only want to specify a maximum but no minimum, enter a * in the minimum field.
Zip Code Verifier
Verifies that the billing and or shipping zip code matches the state, city and/or area code entered. This will block any garbage data and ensure that customers enter accurate address information.