Fraud Prevention
Fraud is part of the daily challenges within the online payment ecosystem.
A substantial part of this challenge are increasingly sophisticated fraud attacks. These make real-time data analysis a necessity to detect anomalies and behaviour patterns.
To offer the best fraud protection possible, we have partnered with Microsoft, one of the industry leading AI and Fraud solution providers. Thanks to our extensive fraud protection network, you profit from a broad awareness of fraud activities across the globe.
By capitalising on advanced machine learning technology, our hybrid fraud screening approach combines:
- Artificial intelligence risk scoring
- Learnings from billions of transactions
- Custom rules for optimal performance
- Integrated Device Fingerprinting
To identify suspicious activities and automate response actions, we offer our Fraud Prevention Silver and Fraud Prevention Gold solution. Contact us to get started right away!
- Both Fraud Prevention Silver / Fraud Prevention Gold are available for the following payment methods
Cards (debit and credit)
PayPal
via all integration methods - Fraud Silver/Gold can be used together with our Exemption Engine solution.
Fraud Prevention Silver/Gold
To offer you the best solution for your business needs, we offer two versions of our Fraud Prevention solution. Regardless of your transaction volume or revenue, both will become an indispensable asset to your daily operations.
Both Fraud Prevention Silver and Fraud Prevention Gold are based on two pillars:
- Risk score calculation: Using a gigantic data pool of billions of transactions, our solutions compares your transaction data with known fraud patterns. These so-called velocity checks form the basis for (proposed) follow-up actions defined in the rule engine decision.
- Rule Engine Decision: Using the preceding risk score calculation, our platform applies (pre-defined) rules to treat transactions accordingly. Every incoming transaction is looped through these rules. If a condition is met, our platform will accept, review or decline the transaction. If there is no match or the transaction is accepted, we will send the transaction data to your acquirer for the actual payment.
Fraud Prevention Silver predefines the Rule Engine Decision, allowing you to use this solution without any preparations or maintenance. If your business requires customisation of these rules, we recommend the Gold solution. Learn more about the possibilities and required effort in the dedicated chapter.
Both the score calculation and the rule application are merged seamlessly into the payment flow:
- Your customers finalise an order in your shop.
- You send a CreateHostedCheckout/CreatePayment (including some additional optional properties) request to our platform.
- Our platform sends the transaction data to the Microsoft platform.
- Microsoft performs the Risk score calculation and applies the Rule Engine Decision. Depending on the outcome, these scenarios are possible:
a) Low risk: We submit the transaction to the acquirer. The flow continues at step 5)
b) Medium risk: We challenge the transaction. The flow continues at step 5)
c) High risk: We decline the transaction, ending the flow. You can request the transaction/fraud prevention check result as described in step 6) - We process the transaction and receive the result from the acquirer
- You request the transaction/fraud prevention check result from our platform via GetPaymentDetails or receive the result via webhooks
6'(optional). For transactions in status "challenged", you perform a manual review. Depending on your assessment, you accept/decline the transaction.
This is a high-level payment flow covering only the basic steps. Learn in our dedicated guides the individual differences for the integration methods and the individual payment methods.
Integration
Depending on your choice, difference apply to merge the fraud check seamlessly with your current integration.
Integrate Fraud Prevention Silver
As an autonomous service, this worry-free plug-and-play solution offers high performance without any maintenance needed.
Once it is active, it is fully operational! Keep your existing integration as-is and enjoy the highest protection possible instantly! The properties of your standard CreateHostedCheckout/CreatePayment request are sufficient: Both the risk score calculation and the rule decision engine are executed automatically and autonomously.
To refine the risk score calculation, you may send any and as many properties as possible. We strongly recommend including at least these:
order
customer
billingAddress
contactDetails
personalInformation
shipping
address
emailAddress
Contact us to activate Fraud Prevention Silver for you.
Integrate Fraud Prevention Gold
A vastly customisable, scalable solution, Fraud Prevention Gold allows you to
- Fine-tune your fraud strategy and risk appetite.
- Get extensive training and consultancy.
- Get comprehensive reporting.
Although the way this solution handles incoming requests just like Fraud Prevention Silver, there is one difference: Fraud Prevention Gold requires you to set up and manage the Rule Engine Decision on your own. Therefore, you need to define appropriate reactions (decline/accept/challenge) for any incoming transaction. Learn in the dedicated chapter all about it.
To refine the risk score calculation, you may send any and as many properties as possible. We strongly recommend including at least these:
order
customer
billingAddress
contactDetails
personalInformation
shipping
address
emailAddress
Contact us to prepare the setup and activation of Fraud Prevention Gold together.
Use Fraud Prevention Silver / Fraud Prevention Gold for e-Terminal/Pay-by-link
You can also use our Fraud Prevention together with the e-Terminal/Pay-by-link feature as well. This does not require any integration effort or changes in the way you process transactions. The Merchant Portal allows you to easily
Configuration
In contrast to Fraud Prevention Silver, Fraud Prevention Gold bases the fraud analysis (step 4 in the payment flow) on three pillars:
- Pre-filtering out transactions: Once our platform transfers your CreatePayment/CreateHostedCheckout request to the Microsoft platform, you can filter out specific transactions right away via "Prior-to-scoring" rules. You can base them on
a) Properties fraudFields.blackListData/fraudFields.productCategories in your CreatePayment/CreateHostedCheckout request. Find detailed information about these properties in our CreatePayment/CreateHostedCheckout APIs.
b) Support/custom lists. - Risk score calculation: For all transactions left after step 1, Microsoft calculates a @riskScore, using
a) Using a gigantic data pool of billions of transactions
b) Velocity checks to identify known fraud patterns
c) AI/Machine learning evaluations
This step does not require any input from you. However, you can look up the "Reason codes" via the "Search tab" in the Microsoft Portal, giving an indication for the risk score calculation result. - Rule Decision Engine: By applying "Post-risk-scoring" rules you have defined, you can
decline/accept/challenge the request. You can base them on
a) Microsoft’s calculated @riskScore from the previous step
b) Specific properties from the CreatePayment/CreateHostedCheckout request
c) Velocity rules
d) Support/custom lists
Learn in the subsequent chapters how to define and manage the pre-filtering / Rule Engine Decision in the Microsoft portal.
Set up and manage fraud prevention
The centrepiece of setting up Fraud Prevention Gold is the Microsoft Portal. There you define how to categorise all incoming CreatePayment/CreateHostedCheckout requests to either accept/review/decline them. This requires you to
- Configure "Prior-to-scoring rules" for pre-filtering out transactions before the actual Risk Score Calculation and applying the Rule Decision Engine.
- Configure "Post-risk-scoring" rules to apply the Rule Decision Engine.
Configure "Prior-to-scoring" rules
These rules allow you to pre-filter out specific transactions before the actual fraud check (Risk Score Calculation/Rule Decision Engine) takes place. You may
- Include any property from the incoming CreatePayment/CreateHostedCheckout request.
- Loop support and/or custom lists.
We offer trade-specific rules to get you started. Configure these rules in the Microsoft Portal via Rules Configuration > Rules.
Configure "Post-risk-scoring" rules
These rules allow you to decline/accept/challenge transactions after the applying the "Prior-to-scoring" rules and calculating the risk score. You may
- Include any property from the incoming CreatePayment/CreateHostedCheckout request.
- Loop support and/or custom lists.
- Include the @riskScore.
- Apply your own velocity checks.
Mind that transactions you want to challenge require a manual follow-up. Learn more in the dedicated chapter.
Configure these rules in the Microsoft Portal via Rules Configuration > Rules. Find detailed information about rules and the Fraud Protection Language (FPL) they are based on in Microsoft's dedicated guides:
Configure velocities
Velocity rules register the occurrence of certain events within a specific time frame. Specific events might indicate possible fraudulent activities, which is helpful for filtering out impacted transactions.
We offer default velocity checks to get you started. Configure these velocities in the Microsoft Portal via Rules Configuration > Velocities.
Find detailed information about velocities and the Fraud Protection Language (FPL) they are based on in Microsoft's dedicated guides:
Configure lists
By setting up dedicated trust/block lists (with i.e. e-mail or IP addresses or any other parameter), you can refine your fraud prevention strategy.
Microsoft supports both custom (to be created from scratch) and support (predefined and non-deletable) lists. Manage these lists in the Microsoft Portal via Rules Configuration > Lists > Custom / Support.
Find detailed information about lists in Microsoft's dedicated guides:
Testing
It is not possible to configure the Fraud Prevention Silver/Fraud Prevention Gold in our or Microsoft's test environment. Use the JSONs mentioned below to simulate your system's the expected behaviour based on the fraud check result (Accepted/Declined/Challenge). Use them only for your account in our test environment.
For Fraud Prevention Gold, we perform extensive live tests in our/Microsoft’s live environment together with you. Contact us to plan this step in your go-live roadmap.
Use the following JSONs to test Fraud Prevention Silver / Fraud Prevention Gold in our test environment to produce the desired result:
Result | Server-to-server |
---|---|
Low risk (Accepted) statusOutput.statusCode=5/9 |
|
High risk (Declined) statusOutput.statusCode=2 |
|
Medium risk (Challenge) statusOutput.statusCode=2 |
|
Make sure to use the right endpoint and switch back to the live URL as soon as you have finished your tests.
Fraud check results
Our platform and the Microsoft portal offer you various possibilities to look up fraud check results:
Reports by e-mail
Our platform sends you a monthly fraud report via e-mail. Contact us to define the report's recipients.
This feature is available for Fraud Prevention Silver.
Direct API responses
For every transaction, both a GetPaymentDetails request and a webhooks event return the fraud check result in properties:
paymentOutput.cardPaymentMethodSpecificOutput.
fraudResults
avsResult
cvvResult
paymentOutput.mobilePaymentMethodSpecificOutput.
fraudResults
avsResult
cvvResult
paymentOutput.redirectPaymentMethodSpecificOutput.mobilePaymentMethodSpecificOutput.fraudResults
paymentOutput.sepaDirectDebitPaymentMethodSpecificOutput.fraudResults
This feature is available for both Fraud Prevention Silver / Fraud Prevention Gold.
Merchant Portal
Look up the fraud check result via the "Transactions" tab. Check either the table listing all transactions ("Fraud") or the detailed overview for individual transactions ("Fraud score"). Possible results are:
"Fraud" "Fraud score" |
Description |
---|---|
"N/A" | No fraud check rolled out. |
Three green dots |
Low risk (Accepted). statusOutput.statusCode=5/9 |
Two orange dots |
Medium risk (Challenge). statusOutput.statusCode=50 Make sure to follow-up on these transactions. |
One red dot |
High risk (Declined). statusOutput.statusCode=2 |
This feature is available for both Fraud Prevention Silver / Fraud Prevention Gold.
Microsoft Portal
Look up the fraud check result for any transaction via the "Search" tab. For a specific transaction, enter our Direct API's payment.id via attribute "Purchase ID". Possible results are:
"Status" | Description |
---|---|
Approved | Low risk (Accepted). |
Pending review |
Medium risk (Challenge). Make sure to follow-up on these transactions. |
N/A. Instead, "Rule decision" will be "Reject". | High risk (Declined). |
This feature is available for both Fraud Prevention Gold.
Virtual Fraud Analysis
This tool offers you an extensive, global overview of your fraud checks, including
- Historical views of the transaction/fraud data.
- Various dedicated, in-deep reports, such as rule/score/threat analyses.
Find detailed information about the Virtual Fraud Analysis in Microsoft's dedicated guide.
This feature is available for Fraud Prevention Gold.
"Challenged" transactions
Fraud Prevention Silver / Fraud Prevention Gold puts transactions in "Challenged" status based on the "Post-risk-scoring" rules. A transaction in "Challenge" status will have statusOutput.statusCode=50 / fraudServiceResult="challenged", allowing you to finally accept or decline the transaction.
Every transaction in "Challenged" status requires you to perform a manual review. After having reviewed the transaction, you can either
- Accept the transaction: Send either a CapturePayment request or manually capture it in the Merchant Portal.
- Decline the transaction: Send either a CancelPayment requestor manually capture it in the Merchant Portal.
Fraud Prevention Gold offers you to adapt the "Post-risk-scoring" rules, allowing you to define which transactions will get a "Challenged" status.