Fraud Modules
To access your Fraud Modules, click on ‘Fraud Manager’ on the side menu bar from your Dashboard then select ‘Fraud Modules’ from the drop down menu.
The Fraud Module Center, as shown in the image above, allows you view and change Fraud Module in order to control various security aspects and prevent credit card fraud.
In the Fraud Module Center, you can set:
- Universal Fraud Modules - Universal modules will apply to all sources. See below for more detail.
- Per Source Modules - Per source modules will apply to only one source. See below for more detail.
To add a Fraud Module, click on the Universal Fraud Module table or on one of the individual sources listed.
A pop up window will appear where you can select modules to add and apply to your account. This pop up window will display a slider where you can view and navigate through all the fraud modules available.
Click on or to navigate and select through the Fraud Module slider menu.
To select the fraud module you wish to add, you can do one of the following:
- #1 Click on on the bottom of the fraud module type tab.
- #2 Click located under the description of the fraud module.
- #3 Click on the tab then click located at the lower right hand side of the pop up window.
Universal Modules
When you add a fraud module under the Universal Modules section, it will apply the module and the settings to all sources (you can choose to make a few exceptions in the Transaction Origin Settings). If you apply a module in this section, do NOT apply it to an individual source as well.
Transaction Origin Settings
The transaction origin settings will appear in the settings of all modules you apply in the Universal modules settings.
By default, the settings will apply to module to all source types. If you choose you can disable the module for the following source types:
- Console- Transactions processed through the Virtual Terminal Transactions tab including: New Order, Simple Charge, Auth Only, etc. It also includes Quick Sale transactions.
- Recurring- Transactions processed through recurring billing schedules set up in the Customer Database.
- Payment Form- Transactions processed through Payment Forms.
- API- Transactions processed through an API Key. This also includes transactions coming from iOS and Android mobile applications, and payments your customers pay through invoices.
Entry Mode Settings
You will also see the entry mode settings.
.
These settings will apply the module to all entry types by default. If you choose you can disable the module for the following entry modes:
- Swiped
- Dipped
- Tapped
- Keyed
To apply settings and enable module, click .
Per Source Modules
When you add a fraud module to one source, the settings will only apply to that particular source. When you add a module to a source key, you essentially choose the transaction origin. This means the Transaction Origin settings will not show when adding source keys per module.
Entry Mode Settings
You will see the entry mode settings.
.
These settings will apply to module to all entry types by default. If you choose you can disable the module for the following entry modes:
- Swiped
- Dipped
- Tapped
- Keyed
To apply settings and enable module, click .
Module Descriptions
Descriptions of the Fraud Modules and settings for each are described below.
- Advanced Transaction Filter
- AVS Response
- Bin Ranges
- Bin Type Blocker
- Block by Card Country
- Block By Host or IP
- Card ID Checker
- Card Level Results
- Card Type
- Country Blocker
- Credit Card Blocker
- Duplicate Detection
- Email Blocker
- Fraud Profiler
- Multiple Credit Cards
- Required Fields
- Transaction Amount
- Zip Code Verifier
Advanced Transaction Filter
The Advanced Transaction Filter allows the merchant to block transactions by a custom rule set, either by requiring or rejecting data. You can create more rules by clicking 'Add New Rule', but there is a limit of 100 rules that can be added to the module. These rules are not case-sensitive.
If you enter a custom message into the 'Optional Custom Error' field then the gateway will reply with that message when the module blocks a transaction from being processed. If no 'Optional Custom Error' is entered, transactions blocked by this module will return:
- The value of field "[Name of Field]" was blocked.
Selected Fields | ||
---|---|---|
Invoice | Billing First Name | Shipping First Name |
Description | Billing Last Name | Shipping Last Name |
Customer Email | Billing Street | Shipping Street |
OrderID | Billing Street 2 | Shipping Street 2 |
PO Number | Billing City | Shipping City |
Cvv2 | Billing State | Shipping State |
Card Holder | Billing Zip | Shipping Zip |
AVS Street | Billing Country | Shipping Country |
AVS Zip | Billing Phone | Shipping Phone |
Subtotal | ||
Tax | ||
Discount | ||
Tip | ||
Shipping Amount |
Tests | Description |
---|---|
Equals | Will block all transactions when the value in the selected field does not match the value in the rule. |
Does Not Equal | Will only block a transaction when the value in the selected field does match the value in the rule. |
Contains | Will block all transactions when the value in the selected field does not contain the value in this rule. The value could be part of another word or phrase, such as the domain of an email address (@gmail.com, @yahoo.com, etc.) |
Does Not Contain | Will only block a transaction when the value in the selected field does contain the value in the rule. The value could be part of another word or phrase, such as the domain of an email address (@gmail.com, @yahoo.com, etc.) |
Starts With | Will block all transactions that do not have the value in the rule at the start of the selected field. For example, you can use this to make sure an invoice number begins with the certain prefix. |
Ends With | Will block all transactions that do not have the value in the rule at the end of the selected field. For example, you can use this to only allow certain email domains to be used in the Customer Email field. |
Is Greater Than | Will block all transactions who's value in the selected field is not greater than the value in the rule. This will error if the value in the selected field matches the value in the rule. |
Is Less Than | Will block all transactions who's value in the selected field is not less than the value in the rule. This will error if the value in the selected field matches the value in the rule. |
In List | Will block all transactions when the value in the selected field does not contain one or more of the exact values in the list. This list must be separated by commas if there is more than one value. |
Not In List | Will only block a transaction when the value in the selected field does contain one or more of the exact values in the list. This list must be separated by commas if there is more than one value. |
AVS Response
The Address Verification System (AVS) verifies that the AVS (Billing) Street and AVS (Billing) Zip matches what the customer’s issuing bank has on file for their card. When a transaction is processed, the customer’s issuing bank will respond with an Approval/Decline response along with one of the AVS Result Codes listed in this module (even when no AVS data was entered for the transaction). When enabled, this module accepts transactions with the AVS Result codes you have selected and returns an error for all others.
A pop up window will appear giving a list of all the possible AVS responses. The first four AVS codes or responses (YYY, YYX, NYW, and NYZ) are enabled by default.
To enable an AVS response, switch the button to
To disable an AVS response, switch it back to
Transactions blocked by this module will return this error message:
- Your billing information does not match your credit card. Please check with your bank. (34)
Please Note: Do NOT re-run the transaction unless the customer provides new address verification information. Multiple errors can generate multiple authorizations.
AVS Pre-Check
AVS Pre-Check allows merchants to verify that the billing address the customer provides matches the card the customer has provided BEFORE the transaction is authorized. This means the customer should not see a pending transaction when their transaction is rejected by the AVS Response module. Only certain transactions are eligible for AVS Pre-Check. For the feature to work correctly, the following must be true:
- The merchant's processor must support this feature.
- The card holder's bank must support this feature. If the customer's bank does not participate then the customer may see a pending transaction on their account for transactions rejected by the AVS module.
- The merchant industry cannot be set to Retail(Swipe).
Enabling the AVS Pre-Check will NOT effect transactions that have been declined by the bank. These transactions will still be declined regardless of the AVS result. Enabling the AVS Pre-Check will NOT effect approved transactions where the AVS Result is accepted by the module. These transactions will still be approved.
Enabling Pre-Check will only effect transactions where the bank approves the transaction, but returns an AVS result that you have chosen to reject in the settings of the module.
When Pre-Check AVS is enabled, the gateway will verify the AVS response BEFORE requesting authorization. If the bank approves the transaction, but returns an AVS result that you have chosen to reject:
- The transaction result will be: Your billing information does not match your credit card. Please check with your bank.
- No authorization will be issued by the bank
- No funds will be held on the customer's account
When Pre-Check AVS is disabled, the gateway will request AVS responses and authorization at the same time. If the bank approves the transaction but the AVS response is one you have chosen to reject:
- The transaction result will be: Your billing information does not match your credit card. Please check with your bank.
- The bank may have issued an authorization.
- The bank may have put a hold for funds on the customer's account.
Essentially, on the merchants end, the transaction was rejected by the gateway (and will NOT be funded for the transaction), but on the customer's end, they may see a pending transaction on their account (this authorization will eventually drop off). If you do encounter a situation in which a transaction has been rejected for fraud reasons, but the bank still issued an authorization code then there are three ways to resolve the situation:
- Wait for the authorization to fall off on its own. For this option, no further steps need to be taken. The gateway will not settle this authorization and the transaction will NOT appear on the customer’s monthly statement at the end of the month. It could take up to a week for the pending transaction to drop-off the customer's account, depending on the customer's issuing bank.
- Make an exception and choose accept this transaction, despite the AVS Result. For this option, locate the transaction in the 'Errors by Date' report and capture the transaction from the transaction details. Click here for more detailed instructions.
- Void the transaction to remove the pending transaction from the customer’s bank account as soon as possible. For this option, locate the transaction in the 'Errors by Date' report and void the transaction from the transaction details. Make sure you select the 'Release Funds Immediately' option. Click here for more detailed instructions.
Bin Ranges
This module allows you to block transactions based on the credit card number’s BIN. The BIN is the first 6 digits of the card number and typically corresponds to the bank that issued the card. By blocking specific BINs, you can block cards from certain countries or card types (such as gift or reward cards).
To use this module, enter each BIN range you would like to block on its own line. All cards within the BIN range(s) you have specified will return an error. For example, if you enter 400010 then all cards beginning with 400010 will be blocked.
Transactions blocked by this module will return this error message:
- Merchant has blocked card issuer, please try a different card.
Bin Type Blocker
This module allows you to accept or block cards by a combination of their type (credit, debit, prepaid, and unknown) and their credit card issuer (Visa, MasterCard, American Express, and Discover). All BIN types you choose to reject will return an error.
For example, to reject ALL Amex and Discover cards, select the ‘Accepts All Cards Except For’ option and then check the ‘All’ boxes corresponding with Amex and Discover. Or if you would like to accept ONLY debit card transactions, select the ‘Decline All Cards Except For’ option and check the ‘Debit’ boxes underneath Visa and MasterCard (Amex and Discover do not offer debit).
By default, the ‘Accept All Cards Except For’ option is enabled. To switch to the ‘Decline All Cards Except For’ by clicking to turn that option on.
If you enter a custom message into the 'Decline Message' field then the gateway will reply with that message when the module blocks a card from being processed. If no 'Decline Message' is entered, transactions blocked by this module will return one of these error messages:
- Card not accepted by merchant, Bin Type Blocked.
- Card not accepted by merchant, please try a different card.
Block by Card Country
This module allows you to accept or block transactions based on the credit card's country of origin. The country of origin is determined by the card's bin number. First, choose the default security level for this module. You can choose from one of two options:
- Accept All Except- This option accepts cards from all countries by default. It only blocks cards from countries added to the list below.
- Deny All Except- This option blocks cards from all countries by default. It only accepts cards from the countries added to the list below.
After you have chosen one of the options above, add countries to your list. Transactions blocked by this module will return this error message:
- Merchant does not accept this card due to its country of origin.
Block by Host or IP
This module allows you to block transactions based on the IP or Host the transaction was processed from. An IP address is a numerical label that shows what device (computer) sent the payment information to the gateway. You can block based on:
- single IP addresses (192.0.0.1)
- a range of IP addresses (192.0.0.0-192.0.0.255)
- host addresses (hacker.fraud.com)
- entire tlds (*.jp)
- domains (*fraud.jp)
- subdomains (*.more.fraud.jp)
When using this module with a 3rd party software or shopping cart, you must be sure the software passes through the Client IP to the gateway. To check if the Client IP is being passed correctly, look at the details of a transaction that was processed on the software. If an IP is listed in the ‘Client IP’ field, then this module is compatible with the software.
Enter each IP or host to block on its own line. To block an entire network, you may enter just the class-c or class-b. For example, to block '192.168.1.0' you would enter '192.168.1.*'. To block the domain 'domain.com,' you would enter 'domain.com'.
Please Note: Blocking on host or domain is strongly discouraged, as this lookup will add significant time to each transaction.
Transactions blocked by this module will return this error message:
- IP (XXXXX) blocked by fraud stopper. (c)
Card ID Checker
This module allows you to select which transactions to accept based on the result of the Card ID verification (CVV2, CID, etc). When a transaction is processed, the customer’s issuing bank will respond with an Approval/Decline response along with one of the CVV2 Result Codes listed in this module (even when no CVV2 data was entered for the transaction). When enabled, this module accepts transactions with the CVV2 Result codes you have selected and returns an error for all others.
As shown in the image below, all enabled responses must be switched . All disabled responses should be switched to .
Transactions blocked by this module will return this error message:
- Unable to verify card ID number.
Like the AVS Response module when Pre-Check is disabled, when transactions are approved by the customer's issuing bank, but rejected by the gateway, the customer may see a pending transaction on their account, even when you are seeing an error on your end. Please Note: Do NOT re-run the transaction unless the customer provides a new CVV2 code. Multiple errors will generate multiple authorizations. There are three ways to resolve the situation:
- Wait for the authorization to fall off on its own. For this option, no further steps need to be taken. The gateway will not settle this authorization and the transaction will NOT appear on the customer’s monthly statement at the end of the month. It could take up to a week for the pending transaction to drop-off the customer's account, depending on the customer's issuing bank.
- Make an exception and choose accept this transaction, despite the CVV Result. For this option, locate the transaction in the 'Errors by Date' report and capture the transaction from the transaction details. Click here for more detailed instructions.
- Void the transaction to remove the pending transaction from the customer’s bank account as soon as possible. For this option, locate the transaction in the 'Errors by Date' report and void the transaction from the transaction details. Make sure you select the 'Release Funds Immediately' option. Click here for more detailed instructions.
Card Level Results
This module allows you to select which transactions to accept based on the result of the Card Level (Traditional, Business, Healthcare, Rewards, Corporate, etc.). When a transaction is processed, the customer’s issuing bank will respond with an Approval/Decline response along with one of the Card Level Result Codes listed in this module. When enabled, this module accepts transactions with the Card Level Result codes you have selected and returns an error for all others.
To enable a card level response, switch the button to . All responses that are switched to will be declined. See image below.
Transactions blocked by this module will return this error message:
- Card not accepted by merchant, please try a different card.
Card Type
This module allows you to block transactions based on the Card Type (Visa, MasterCard, Discover, American Express). When enabled, this module accepts transactions with card types you have selected and returns an error for all others.
Please Note: This module does NOT affect whether your merchant account supports a specific card type. For example, if you allow Discover transactions in this module, but you are not set up to take Discover with your merchant service provider, then Discover transactions will still be declined by your processor. Check with your merchant service provider for more information about which card types you accept.
As shown in the image below, you have a list of all the possible card types you can accept. To enable a card type, switch to . To disable a card type, switch to .
Transactions blocked by this module will return this error message:
- Merchant does not accept card type.
Country Blocker
This module allows you to block or accept transactions based on the country from which they originate. The country is determined by matching the customer’s IP address against our GeoIP database. To use this module your shopping cart must pass the ip address to the gateway.
To block all transactions from certain locations, select the ‘Accept All Except’ mode and add the country/countries you would like to block. To accept transactions from only certain locations, select ‘Deny All Except’ and add the country/countries you would like to accept payments from, all other countries will return an error.
Because the gateway uses the IP Address to determine the country transactions originate from, it’s important to be sure that 3rd party software and shopping carts pass through the Client IP to the gateway. To check if the Client IP field is being passed correctly, look at the details of a transaction that was processed on the software. If an IP is listed in the ‘Client IP’ field, then this module is compatible with your software. There are a few options in terms of checking the IP Address:
- Client IP (Auto): IP detected automatically (select if not certain which setting to choose).
- Local Client IP: Customers connecting directly to the gateway such as a payment form. (This setting is enabled by default)
- Remote Client IP: Customers connecting to a third party software such as a shopping cart.
- Server IP: Third party server IP address, this would be where a shopping cart is hosted
If the country is unknown you have the option to deny it by check the 'Deny if country is unknown' box.
You also have the option to select which countries to accept or deny.
Transactions blocked by this module will return this error message:
- Merchant does not accept transactions from this location.
Credit Card Blocker
The gateway maintains a list of known bad/stolen credit card numbers. If you would like to block credit cards using only the system list, turn the 'Use System List' setting . If you would like to block using only your custom list of cards, turn the 'Use System List' setting . You can add cards to the custom list by clicking the ‘Block Card’ button in the transaction details or by adding card numbers manually to the Credit Card Block List page. If you would like to block cards on the system list AND in your custom list, turn the 'Use System List' setting and add cards to your custom list in the Credit Card Block List tab. All cards on the specified list(s) will return an error.
Please Note: Cards on your custom block list will only be blocked when this module is enabled.
If you enter a custom message into the 'Error Message' field then the gateway will reply with that message when the module blocks a card from being processed. If no 'Decline Message' is entered, transactions blocked by this module will return this message:
- Merchant does not accept this card, try a different card.
Duplicate Detection
This module can be used to detect and block duplicate transactions. It’s often used to prevent double charges in shopping carts when a user/customer accidentally double clicks the ‘Order’ button or a customer clicks the ‘Back’ button when processing on a payment form. The system blocks transactions when the last 4 digits of the card number, the transaction amount, and the invoice number (invoice number is optional) are identical AND the transactions are processed within the allotted time frame. The maximum time frame is 2880 minutes (48 hours). If greater than 2880 minutes is entered, the maximum amount will be saved instead.
To use this module, enter in the length of time to check back for duplicate transactions and check the ‘Ignore Invoice #’ if desired. You many want to select the 'Ignore Invoice #' options if your transactions do not have invoice numbers or when the invoice numbers are automatically generated. When enabled, the module will reject duplicate transactions that meet your criteria and happen within the allotted time frame. For example, if you set the ‘Time Period’ to 5 minutes and do not enable ‘Ignore Invoice #’ and then run 3 transactions with the same card number, amount, and invoice number within a 5-minute time period then the first transaction will be accepted, but the second and third will return an error.
Please Note: If you are using the Duplicate Transaction Handling feature within the source key do not enable this module. Combining the two will cause a system error.
Transactions blocked by this module will return this error message:
- Duplicate Transaction, wait at least (XX) minutes before trying again.
Email Blocker
This module allows you to block or accept transactions based on the customer’s specific email address or domain (Yahoo, Hotmail, etc.). If you enter emails/domains in the ‘Allowed Emails’ section, then transactions with these specific emails/domains will NOT be blocked by this fraud module. If you enter emails/domains in the ‘Blocked Emails’ section, then all transactions where the customer email matches the email/domain on the list will return an error. You may add a single email address or multiple email addresses to be blocked or allowed. Enter the email address on the corresponding fields.
Once you have entered the emails, click . This will apply the fraud module setting to the source key.
Transactions blocked by this module will return this error message:
- Email address (XXXX) blocked by merchant. Please use a different email address.
Fraud Profiler
From the fraud module slider menu, select ‘Fraud Profiler’. The Fraud Profiler module performs a real time fraud risk assessment of transactions. If the resulting score is over a set threshold, the transaction is blocked. The risk assessment is a combination of automated and human traffic pattern analysis. Any sudden charges in the number of transactions, the dollar amounts, the countries of the customers or decline rate received by a merchant are flagged and used to build a blacklist of customers by IP address.
You have the ability to pick the percentage of the threshold you wish to set.
You can choose the option to skip the module for sources secured by pin and to enter a decline message.
If you enter a custom message into the 'Decline Message' field then the gateway will reply with that message when the module blocks a card from being processed. If no 'Decline Message' is entered, transactions blocked by this module will return this message:
- Transaction declined (fp).
Multiple Credit Cards
This module is often used to block people from using your merchant account to test stolen credit card numbers. It allows you to block transactions when multiple cards are processed/declined within a specified amount of time. To use this module, you must specify four different fields:
- Time Period- you will not be able to process more than the maximum ‘Number of Cards’ or maximum ‘Number of Declines’ within this time period
- Number of Cards- the maximum number of unique cards allowed within the time period (approved AND declined transactions will be counted)
- Number of Declines- the maximum number of declines on a single card allowed within the time period
- Block by- the field you would like to group transactions by. You can choose from Invoice #, Order ID, or Client IP (see description of the Block by Host or IP for more information about verifying that 3rd party softwares and shopping carts are passing through this information).
When enabled, the module will return an error for transactions after the ‘Number of Cards’ requirement OR the ‘Number of Declines’ requirement has been met (whichever happens first).
For example, if the module is set up with the following parameters:
- ‘Time Period: 30 min’
- ‘Number of Cards: 4’
- ‘Number of Declines: 2’
- ‘Block by: Client IP’
The gateway will begin to return an error for all transactions coming from an IP Address after 4 cards have been processed on the same IP Address within 30 minutes (even if all of the processed cards were approved, all cards were declined, or a mixture of the two). Transactions from other IP addresses will continue to process without error. The module would also error out transactions after 2 declines were received on the SAME CARD on the same IP within the 30-minute time frame.
Transactions blocked by this module will return this error message:
- You have tried too many card numbers, please contact merchant.
Required Fields
This module allows you to set which fields will be required to process a transaction. When you first add this module, the default required fields are:
- Invoice
- Description
- Card Holder
- AVS Street
- AVS Zip
Switch to to require the field, and switch to if you do NOT want the field to be required. When a transaction is run, the system verifies that all required fields have been entered. All transactions that do not contain the required fields will return an error.
Remember to verify the field is available on all sources you set to require it. For example, if you set Shipping Street to for all sources, transactions processed through the Simple Charge tab will always return an error, because Shipping Street is not an available field in this section.
Transactions blocked by this module will return the error message below. The (XXX) will be replaced with a list of the missing fields:
- The required fields (XXX) are missing.
Transaction Amount
This module allows you to reject transactions if they are outside a maximum or minimum amount. Any transactions that are outside the range you have specified will return an error.
To specify a minimum but no maximum, enter a * in the maximum field. To specify a maximum but no minimum, enter a * in the minimum field.
Transactions blocked by this module will return this error message:
- The (minimum/maximum) order amount is $(XXX).
Zip Code Verifier
This module allows you to verify that either the shipping and/or the billing zip code is valid and consistent with the other billing/shipping information (State, City, Area Code) provided. This module does NOT verify that the shipping/billing address is the address associated with the card being used, but instead prevents the use of garbage data.
To use this module, select which fields you would like to verify the zip code against. You can choose one or more fields including State, City, and Area Code. You can choose to verify the shipping AND billing zip code or just one. When the transaction is run, the system verifies in our database that the zip code entered is valid and that the state, city, and/or area code that was entered is within the boundaries of that zip code. All transactions in which the specified zip code(s) or other specified fields (state, city, zip) are not valid, will return an error.
To verify against the billing and shipping zip code State, City or Area code switch the button to You may also choose the option of accepting and declining a transaction with zip code that is not in your database (ex. A non-US postal code).
Transactions blocked by this module will return on of these error messages:
- (Billing/Shipping) (state/city/area code) does not match (billing/shipping) zip code.
- Invalid shipping zip code.
- Invalid billing zip code.