Fraud Modules
Overview
This page will detail all of the optional fraud modules that the Newtek Gateway cloud platform allows to secure sales transactions. The modules are designed to allow merchants of all application spaces to fit the platform to their needs. Fraud modules can be enabled at the global level or custom tailored to a specific API key.
Fraud Modules List
| Module | Description |
|---|---|
| AVS Response | Block transactions based on the result of the AVS verification. |
| Bin Ranges | Block transactions based on the credit card number's BIN. |
| Bin Type Blocker | Accept or block cards by a combination of issuer (Visa, MasterCard, etc..) and type (credit, debit, etc...) |
| Card Level Results | Accept transactions based on the result of the card level (Traditional, Business, Healthcare, etc..) |
| Card Type | Block transactions based on card type (Visa, MasterCard, etc..) |
| Card ID Checker | Accept transactions based on result of Card ID verification (CVV2, CID, etc..) |
| Duplicate Detection | Detect and block duplicate transactions. |
| Email Blocker | Accept or block transactions based on email address or email provider (Yahoo, Hotmail, etc..) |
| Fraud Profiler | Performs real-time fraud risk assessment of transactions. |
| Block By Host or IP | Block transactions based on IP or Host the transaction was processed from. |
| Country Blocker | Accept or block transactions based on the country of origin based on the location of transaction IP. |
| Block by Card Country | Accept or block transactions based on the country of origin based on BIN. |
| Credit Card Blocker | Blocks transactions from known bad/stolen credit card numbers. |
| Multiple Credit Cards | Block people from using the merchant account to test stolen credit card numbers. |
| Transaction Amount | Reject transaction if amount is outside of predefined range. |
| Zip Code Verifier | Verify that the shipping and/or billing zip codes are valid and consistent with other shipping/billing information. |
| Required Fields | Require certain fields to process a transaction. |
AVS Response
The Address Verification System (AVS) verifies that the AVS (Billing) Street and AVS (Billing) Zip matches what the customer’s issuing bank has on file for their card. When a transaction is processed, the customer’s issuing bank will respond with an Approval/Decline response along with one of the AVS Result Codes listed in this module (even when no AVS data was entered for the transaction). When enabled, this module accepts transactions with the AVS Result codes you have selected and returns an error for all others.
Bin Ranges
This module allows you to block transactions based on the credit card number’s BIN. The BIN is the first 6 digits of the card number and typically corresponds to the bank that issued the card. To use this module, enter each BIN range you would like to block on its own line. All cards within the BIN range(s) you have specified will return an error. For example, if you enter 400010, then all cards beginning with 400010 will be blocked.
Bin Type Blocker
This module allows you to accept or block cards by a combination of their type (credit, debit, prepaid, and unknown) and their credit card issuer (Visa, MasterCard, American Express, and Discover). All BIN types you choose to reject will return an error. For example, to reject ALL Amex and Discover cards, select the ‘Accepts All Cards Except For’ option and then check the ‘All’ boxes corresponding with Amex and Discover. Or if you would like to accept ONLY debit card transactions, select the ‘Decline All Cards Except For’ option and check the ‘Debit’ boxes underneath Visa and MasterCard (Amex and Discover do not offer debit).
Card Level Results
This module allows you to select which transactions to accept based on the result of the Card Level (Traditional, Business, Healthcare, Rewards, Corporate, etc.). When a transaction is processed, the customer’s issuing bank will respond with an Approval/Decline response along with one of the Card Level Result Codes listed in this module. When enabled, this module accepts transactions with the Card Level Result codes you have selected and returns an error for all others.
Card Type
This module allows you to block transactions based on the Card Type (Visa, MasterCard, Discover, American Express). When enabled, this module accepts transactions with card types you have selected and returns an error for all others. NOTE: This module does NOT affect whether your merchant account supports a specific card type. For example, if you allow Discover transactions in this module, but you are not set up to take Discover with your merchant service provider, then Discover transactions will still be declined by your processor. Check with your merchant service provider for more information about which card types you accept.
Card ID Checker
This module allows you to select which transactions to accept based on the result of the Card ID verification (CVV2, CID, etc). When a transaction is processed, the customer’s issuing bank will respond with an Approval/Decline response along with one of the CVV2 Result Codes listed in this module (even when no CVV2 data was entered for the transaction). When enabled, this module accepts transactions with the CVV2 Result codes you have selected and returns an error for all others.
Duplicate Detection
This module can be used to detect and block duplicate transactions. It’s often used to prevent double charges in shopping carts when a user/customer accidentally double clicks the ‘Order’ button or a customer clicks the ‘Back’ button when processing on a payment form. The system blocks transactions when the following criteria are identical:
- Last 4 digits of the card number
- Transaction amount
- Invoice number (optional)
AND the transactions are processed within the allotted time frame. To use this module, enter in the length of time to check back for duplicate transactions and check the ‘Ignore Invoice #’ if desired. A situations in which you may want to ignore the invoice number might be if your transactions do not have invoice numbers, or when the invoice numbers are automatically generated. When enabled, the module will reject duplicate transactions that meet the criteria and happen within the allotted time frame. For example, if you set the ‘Time Period’ to 5 minutes and do not check the ‘Ignore Invoice #’ box and then run 3 transactions with the same card number, amount, and invoice number within a 5-minute time period then the first transaction will be accepted, but the second and third will return an error.
Email Blocker
This module allows you to block or accept transactions based on the customer’s specific email address or domain (Yahoo, Hotmail, etc.). If you enter emails/domains in the ‘Allowed Emails’ section, then transactions with these specific emails/domains will NOT be blocked by this fraud module. If you enter emails/domains in the ‘Blocked Emails’ section, then all transactions where the customer email matches the email/domain on the list will return an error.
Fraud Profiler
This module performs a real time fraud risk assessment of transactions.
Block By Host or IP
This module allows you to block transactions based on the IP or Host the transaction was processed from. An IP address is a numerical label that shows what device (computer) sent the payment information to the gateway. You can block based on:
- single IP addresses (192.0.0.1)
- a range of IP addresses (192.0.0.0-192.0.0.255)
- host addresses (hacker.fraud.com)
- an entire tlds (.jp), domains (fraud.jp)
- subdomains (*.more.fraud.jp)
To use this module, list each IP or Host you would like to block. All transactions coming from the locations listed will return an error. NOTE: When using this module with a 3rd party software or shopping cart, you must be sure the software passes through the Client IP to the gateway. To check if the Client IP is being passed correctly, look at the details of a transaction that was processed on the software. If an IP is listed in the ‘Client IP’ field, then this module is compatible with the software.
Country Blocker
This module allows you to block or accept transactions based on the country from which they originate. The country is determined by matching the customer’s IP address against our GeoIP database. To block all transactions from certain locations, select the ‘Accept All Except’ mode and add the country/countries you would like to block. To accept transactions from only certain locations, select ‘Deny All Except’ and add the country/countries you would like to accept payments from, all other countries will return an error. NOTE: Because the gateway uses the IP Address to determine which country transactions originate from, it’s important to be sure that 3rd party software and shopping carts pass through the Client IP to the gateway. To check if the Client IP field is being passed correctly, look at the details of a transaction that was processed on the software. If an IP is listed in the ‘Client IP’ field, then this module is compatible with your software.
Block by Card Country
This module allows you to accept or block transactions based on the credit card's country of origin. The country of origin is determined by the card's bin number. First, choose the default security level for this module. You can choose from one of two options:
- Accept All Except- This option accepts cards from all countries by default. It only blocks cards from countries added to the list below.
- Deny All Except- This option blocks cards from all countries by default. It only accepts cards from the countries added to the list below.
After you have chosen one of the options above, add countries to your list.
Credit Card Blocker
The gateway maintains a list of known bad/stolen credit card numbers. To prevent fraud on your account, cards on this master list are automatically blocked from processing transactions when the 'Use System List' option is enabled. This module allows you to create your own custom list of bad card numbers you would like to block. When enabled, the cards on your custom list will be blocked IN ADDITION to the cards that are already on our system list. You can add cards to the custom list by clicking the ‘Block Card’ button in the transaction details or by adding card numbers in the ‘Credit Card Block List’ section of the ‘Fraud Manager Tab’. NOTE: Cards on the system list and your custom block list will only be blocked when this module is enabled.
Multiple Credit Cards
This module is often used to block people from using your merchant account to test stolen credit card numbers. It allows you to block transactions when multiple cards are processed/declined within a specified amount of time. To use this module, you must specify four different fields:
- 1) ‘Time Period’- you will not be able to process more than the maximum ‘Number of Cards’ or maximum ‘Number of Declines’ within this time period
- 2) ‘Number of Cards’- the maximum number of unique cards allowed within the time period (approved AND declined transactions will be counted)
- 3) ‘Number of Declines’- the maximum number of declines on a single card allowed within the time period
- 4) ‘Block by’- the field you would like to group transactions by. You can choose from Invoice #, Order ID, or Client IP.
When enabled, the module will return an error for transactions after the ‘Number of Cards’ requirement OR the ‘Number of Declines’ requirement has been met (whichever happens first). For example, if the module is set to ‘Time Period: 30 min’, ‘Number of Cards: 4’, ‘Number of Declines: 2’, and ‘Block by: Client IP’, then transactions begin to return an error after 4 cards have been processed on the same IP Address within 30 minutes (even if all of the processed cards were approved). The module would also error out transactions after 2 declines were received on the SAME CARD on the same IP within the 30-minute time frame.
Transaction Amount
This module allows you to reject transactions if they are outside a maximum or minimum amount. Any transactions that are outside the range you have specified will return an error. If you only want to specify a minimum but no maximum, enter an * in the maximum field. If you only want to specify a maximum but no minimum, enter a * in the minimum field.
Zip Code Verifier
This module allows you to verify that either the shipping and/or the billing zip code is valid and consistent with the other billing/shipping information (State, City, Area Code) provided. This module does NOT verify that the shipping/billing address is the address associated with the card being used, but instead prevents the use of garbage data. To use this module, select which fields you would like to verify the zip code against. You can choose one or more fields including State, City, and Area Code. You can choose to verify the shipping AND billing zip code or just one. When the transaction is run, the system verifies in our database that the zip code entered is valid and that the state, city, and/or area code that was entered is within the boundaries of that zip code. All transactions in which the specified zip code(s) or other specified fields (state, city, zip) are not valid, will return an error.
Required Fields
This module allows you to set which fields will be required to process a transaction. When you first add this module, the default required fields are Invoice, Description, Card Holder, AVS Street, and AVS Zip. Switch 'ON' to require the field, and switch 'OFF' if you do NOT want the field to be required. When a transaction is run, the system verifies that all required fields have been entered. All transactions that do not contain the required fields will return an error.
Remember to verify the field is available on all sources you set to require it. For example, if you set Shipping Street to 'ON' for all sources, transactions processed through the Simple Charge tab will always return an error, because Shipping Street is not an available field in this section.
Change Log
| Date | Change |
|---|---|
| 2017-08-01 | Added page. |