Fraud Prevention

Table of Contents

1. Overview
2. Prerequisites
3. How to use Fraud Prevention
4. Frequently Asked Questions
5. Approval Rate Requirement Feature
6. User Email Notifications
7. Notification Badges
8. Video

Overview

Fraud Prevention is a rule-based transaction scrubber that will block transactions from fully processing if they trigger one or more rules set within the software. Fraud Prevention touches all sources of processing on the Gateway, and can be set on a “per processor” basic, or all processors as needed.

Fraud Prevention will not stop a card spinner from attacking a website, and cannot keep users from accessing a website; the service requires the transactions to reach the NMI gateway in order to scrub them against the Merchant’s set rules, and block or mark them for review accordingly.

The service can be used to enforce a minimum/maximum transaction amount, block or whitelist IPs, email addresses, countries, credit card numbers, and more. It can also be set to adhere to daily, weekly or monthly usage thresholds such as restricting a consumer from changing their credit card number over a certain number of times during a specific time range.

Prerequisites

To access the Fraud Protection program page, the merchant will need to have Fraud Prevention active as a service. The merchants user account will need to have the 'Access Fraud Prevention^™' user permission enabled to be able to view the Fraud Prevention configuration page. Once Fraud Prevention is active and the user permission enabled, in the Merchant Portal, head over to the left side panel → click on Other Services → click on Fraud Prevention™. This will take you to the Fraud Prevention configuration page.

How to use Fraud Prevention

Fraud Prevention has three sections in which a merchant can access and configure rules and thresholds:

1. Thresholds - this page allows you to set any daily, weekly, monthly or yearly rules that can be set for both transaction value and transaction volume; you can apply rules to all the processors or just one. 
   
   • Attempted Rules - thresholds using 'Attempted' rules, count all transactions that are submitted, regardless of their status. For example, any declined transactions, transactions with processor errors, and successful transactions all count against these type of rules. 
   • Approved Rules - only count previously successful transactions.
   • Flag for Review - selecting this will allow a transaction to process, but will filter the transaction into a list of transactions the merchant will need to review before settlement.
   • Deny Transaction - selecting this will block a transaction from processing entirely. A rejection or banned message from Fraud Prevention is: REJECTED CONTACT CUST SERV (see History Log below for more information on denied transactions). 
     
2. User Ban - this page allows you to ban specific users, by the IP address of their computer, by their credit card number, by country, or by their user information in your system.

   User Information
   a. Merchants can ban/flag specific customers based on customer user IDs, which
   merchants can assign via the use of Customer Vault. User IDs outside of Customer Vault
   can also be submitted by the merchant via API or by providing the billing email in the
   transaction
   b. Merchants can specify a timeframe (number of days) in which to ban/flag certain users,
   or make the ban/flag indefinite

    
   • Default Banned Countries- there are 21 default countries that are banned. To see a full list go to Fraud Prevention → User Ban tab → under the Geographical Information section click on the button that reads View (21). Note, if the merchant has added additional banned countries, the number will read the total count, e.g. View (23) if they added 2 additional countries to the list. 
3. Exceptions - this page allows you to make exceptions to the fraud ban system for users you know are legitimate.

Fraud Prevention has two sections to review the results of those rules and thresholds:

1. Waiting Review - transactions that have been flagged as possibly fraudulent will appear on this page, waiting for your review. If you find them harmless, do nothing. If you believe the transactions are fraudulent, you may cancel the charges put through by going to your gateway.
2. History Log - this page allows you to see recent transactions performed, with a color-coding chart for easy reference as to whether the transaction was accepted, denied, etc.
   
   • Merchants can find what threshold triggered the transaction to be denied by going to Other Services →  Fraud Prevention → History Log tab → enter the transaction ID and search → click on the magnifying glass under the "Response" column:
     

Frequently Asked Questions

Q: What types of merchants need Fraud Prevention?

A: Though all merchants can benefit from the reassurance a fraud scrubbing utility offers, it’s true that some merchants are more likely to be targeted by fraudsters than others. For example, merchants who process international transactions are considered higher risk, as are those in certain verticals, such as online gambling, online dating, membership-only websites with adult content, or even unexpected ones like consumer electronics. Non-profits that accept donations are also at risk and can benefit from Fraud Prevention, as they are often used by fraudsters for card testing/spinning schemes.

It’s also anticipated that as EMV cards become standard in card present transactions, there will be a rise in card not present fraud, meaning more e-commerce merchants will be at risk. Fraud Prevention is an ideal solution to combat the predicted spike in online credit card fraud.

Q: Does Fraud Prevention work in card present transactions?

A: Although Fraud Prevention was originally designed for e-commerce, it works equally well for card present transactions. The software’s thresholds and rules do not discriminate between retail and keyed transactions, nor is the utility’s scrubbing ability restricted by transaction origin (API, Virtual Terminal, Batch Upload, etc.).

Q: Can Fraud Prevention block someone from coming to my website?

A: No, Fraud Prevention can only take action on transactions sent to the Gateway. It cannot block activity happening on a website prior to data being sent to the Gateway. Merchants can speak to their hosting provider or web developer if they need to block an individual from accessing their website entirely.

Q: I’d like to use Fraud Prevention on my website, but I don’t want to use the Gateway to process. Is this possible?

A: No, Fraud Prevention is an additional service that can be added onto a Gateway account to scrub transactions processing through it. It cannot be used as a standalone service. Merchants must be processing through the Gateway to take advantage of the Fraud Prevention scrubbing service.

Approval Rate Requirement Feature

The Approval Rate Requirement feature will be visible if Fraud Prevention is active. In the Merchant Portal head over to Settings → Security Options → Approval Rate Requirement.

Fraud Prevention, AVS Verification, and CVV Verification are good tools for preventing unwanted credit card transactions from processing on your merchant account, and should provide sufficient fraud protection for most merchants, but some merchants want more aggressive restrictions. Setting an Approval Rate Requirement allows the merchant to set a specific percentage they want to always stay above (approval rate calculation does not include recurring transactions). There will be a slight delay in determining the failed transactions once they start hitting the account.

If your merchant account ever drops below the value they've select, their account will toggle to a "restricted" status. This will mean your merchant will be able to log into their account and view their account, but no new transactions will be allowed to process. If this ever happens your merchant will receive an email notification at the email address associated with the primary user on their account. Once their account is restricted, please have them return to this page to unrestrict their account and resume processing.

• Note - the admin on the merchant account and ISO will receive an email when the account is restricted.
• The Email Subject Line will be: '{{merchant_company}} Account Restricted: Approval Rate Requirement'

Do these reports happen to include the fraud rules we set up and the AVS/CVV mismatch declines in the Approval Percentage rating count? Right now the rules for AVS and CVV over rule the Approval Rate rules. So if the AVS or CVV = ‘N' it will return an error message instead of a decline message. Error messages are not picked up by the Fraud Prevention Approval Rate feature by design. 

User Email Notifications

Merchants can sign-up to receive email notifications when Fraud Prevention blocks or flags transactions. The setting for this is called 'Receive Fraud Prevention^™ Notifications' and is on a per-user basis. It can be found in the “Email Notifications” section of user permissions. Log in to the merchant portal and head over to Settings → General Options → User Accounts → select the Username → scroll down to the bottom where Notifications are and check the setting. Don't forget to Save. 

When this is turned on, it will trigger an email for every single transaction Fraud Prevention flags or blocks. The subject line will indicate “flagged” or “blocked” so that the merchant can more easily set up rules in their email client to filter out one or the other if they would like. Additionally, the body of the message will show the Fraud Prevention rule that was activated, as well as relevant information about the transaction itself. The screenshot shows the most information that can appear, and anything with no value (ex: a transaction processes without a customer email address) will be skipped and not show in this table.

The email includes links to both the merchant’s reporting and Fraud Prevention pages, which should let them get into their account quickly if they want to handle something right away (they will of course still have to log in). 

Notification Badges

The notification badge are here to help merchants better know when they should check for “waiting review” transactions. Merchant can now see how many transactions are awaiting review in the main menu of the merchant portal with the number of transactions awaiting review. If there are over 99 waiting transactions, then the badge will stop counting and just show “99+”.

Video