Table of Contents
Overview
iSpyFraud is a rule-based transaction scrubber that will block transactions from fully processing if they trigger one or more rules set within the software. iSpyFraud touches all sources of processing on the Gateway, and can be set on a “per processor” basic, or all processors as needed.
iSpyFraud will not stop a card spinner from attacking a website, and cannot keep users from accessing a website; the service requires the transactions to reach the NMI gateway in order to scrub them against the Merchant’s set rules, and block or mark them for review accordingly.
The service can be used to enforce a minimum/maximum transaction amount, block or whitelist IPs, email addresses, countries, credit card numbers, and more. It can also be set to adhere to daily, weekly or monthly usage thresholds such as restricting a consumer from changing their credit card number over a certain number of times during a specific time range.
How to use iSpyFraud
iSpyFraud has three sections in which a Merchant can access rules and thresholds, and two sections to review the results of those rules and thresholds.
Thresholds: This page allows you to set the parameters of your fraud protection, based on the amount of money charged per transaction, the number of transactions charged, etc.
User Ban: This page allows you to ban specific users, by the IP address of their computer, by their credit card number, by country, or by their user information in your system.
Exceptions: This page allows you to make exceptions to the fraud ban system for users you know are legitimate.
Waiting Review: Transactions that have been flagged as possibly fraudulent will appear on this page, waiting for your review. If you find them harmless, do nothing. If you believe the transactions are fraudulent, you may cancel the charges put through by going to your gateway.
History Log: This page allows you to see recent transactions performed, with a color-coding chart for easy reference as to whether the transaction was accepted, denied, etc.
Frequently Asked Questions
Q: What types of merchants need iSpyFraud?
A: Though all merchants can benefit from the reassurance a fraud scrubbing utility offers, it’s true that some merchants are more likely to be targeted by fraudsters than others. For example, merchants
who process international transactions are considered higher risk, as are those in certain verticals,
such as online gambling, online dating, membership-only websites with adult content, or even
unexpected ones like consumer electronics. Non-profits that accept donations are also at risk and
can benefit from iSpyFraud, as they are often used by fraudsters for card testing/spinning schemes.
It’s also anticipated that as EMV cards become standard in card present transactions, there will be a
rise in card not present fraud, meaning more e-commerce merchants will be at risk. iSpyFraud is an
ideal solution to combat the predicted spike in online credit card fraud.
Q: Does iSpyFraud work in card present transactions?
A: Although iSpyFraud was originally designed for e-commerce, it works equally well for card present transactions. The software’s thresholds and rules do not discriminate between retail and keyed
transactions, nor is the utility’s scrubbing ability restricted by transaction origin (API, Virtual
Terminal, Batch Upload, etc.).
Q: Can iSpyFraud block someone from coming to my website?
A: No, iSpyFraud can only take action on transactions sent to the Gateway. It cannot block activity happening on a website prior to data being sent to the Gateway. Merchants can speak to their
hosting provider or web developer if they need to block an individual from accessing their website
entirely.
Q: I’d like to use iSpyFraud on my website, but I don’t want to use the Gateway to process. Is this
possible?
A: No, iSpyFraud is an additional service that can be added onto a Gateway account to scrub
transactions processing through it. It cannot be used as a standalone service. Merchants must be processing through the Gateway to take advantage of the iSpyFraud scrubbing service.
Approval Rate Requirement
Found in Settings of the merchant account if iSpy Fraud is enabled.
iSpyFraud, AVS Verification, and CVV Verification are good tools for preventing unwanted credit card transactions from processing on your account, and should provide sufficient fraud protection for most merchants, but some merchants want more aggressive restrictions. Setting an Approval Rate Requirement allows you to set a specific percentage you want to always stay above (approval rate calculation does not include recurring transactions). There will be a slight delay in determining the failed transactions once they start hitting the account.
If your account ever drops below the value you select, your account will toggle to a "restricted" status. This will mean you will be able to log into your account and view your account, but no new transactions will be allowed to process. If this ever happens you will receive an email notification at the email address associated with the primary user on your account.
Once your account is restricted, please return to this page to unrestrict your account and resume processing.
The admin on the merchant account and ISO will receive an email when the account is restricted
Email Subject Line: '{{merchant_company}} Account Restricted: Approval Rate Requirement'