Fraud Management Filters For Professional Use Only Currently only available in English. A usage Professional Uniquement Disponible en Anglais uniquement pour l’instant.
Fraud Management Filters Document Number: 10060.en_US-200906 © 2009 PayPal, Inc. All rights reserved. PayPal is a registered trademark of PayPal, Inc. The PayPal logo is a trademark of PayPal, Inc. Other trademarks and brands are the property of their respective owners. The information in this document belongs to PayPal, Inc. It may not be used, reproduced or disclosed without the written approval of PayPal, Inc. PayPal (Europe) Ltd.
Contents Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Revision History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Chapter 1 Introducing Fraud Management Filters . . . . . . . . . . . 7 Fraud Management Filters Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Fraud Management Filters Examples . . . . . . . . . . . . .
Contents Detecting Pending Transactions Using the PayPal API . . . . . . . . . . . . . . . . . . . 36 Handling FMF Errors in Payment API Operations . . . . . . . . . . . . . . . . . . . . . . 37 Migration From Risk Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Chapter 5 Fraud Management Filters Summary . . . . . . . . . . . . 41 Kinds of Fraud Management Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Basic Fraud Management Filters . . . . . . . . . . .
Preface This document describes Fraud Management Filters. Intended Audience This document is intended for merchants implementing the PayPal Fraud Management Filters. Revision History Revision history for Fraud Management Filters. TABLE P.1 Revision History Date Description 06/23/09 Updated to note that configuration of Fraud Management Filters is required before they take effect. 01/31/09 Updated to show correct filters and include IPN and API programming examples.
Revision History 6 June 23, 2009 Fraud Management Filters
1 Introducing Fraud Management Filters PayPal Fraud Management Filters enable you to identify potentially fraudulent transactions. You must configure Fraud Management Filters to meet your needs; they are not active until you configure them.
Introducing Fraud Management Filters Fraud Management Filters Examples 1. Configure your Fraud Management Filters to flag, hold for review, or deny riskier payments. 2. Based on your settings, your filters review incoming payments. 3.
Introducing Fraud Management Filters Fraud Management Filters Examples The Maximum Transaction Amount filter and the Country Monitor filters are examples of basic filters, which are available to business account holders and Website Payments Pro merchants. The Total Purchase Price Minimum filter and Card Security Code Mismatch filter are examples of advanced filters, which are available to Website Payments Pro merchants at additional cost.
Introducing Fraud Management Filters Fraud Management Filters Examples You can review a transaction and accept or deny a payment z z z from the PayPal website. You examine the transaction details. from your website or application, by using the ManagePendingTransactionStatus API operation; for more information, see the Name-Value Pair API Developer Guide and Reference or SOAP API Developer Reference. from your shopping cart vendor, if they provide this feature for you.
Introducing Fraud Management Filters Fraud Management Filters Examples Filtering stops if the payment is denied. If the transaction originates from a country not on the list, filtering continues. Flagging Transactions With Invalid Card Security Codes In this example, consider a scenario in which your experience indicates that customers routinely mistype their credit card security code; however, in some cases, it is not an honest mistake and can indicate fraud.
Introducing Fraud Management Filters Fraud Management Filters Examples Using Multiple Filters If you enable more than one filter, the filters are applied in the order determined by the kind of payment method until one of them causes the payment to be accepted or denied. If all filters have been applied and the transaction has not been pended for review, it is automatically accepted. For information about the order in which filters are applied, see Fraud Management Filters Operating Principles.
Introducing Fraud Management Filters Fraud Management Filters Examples 1. If the total amount of the transaction is less than the amount specified by the Total Purchase Price Minimum filter, the payment is accepted and processing stops; otherwise, the next filter is applied.
Introducing Fraud Management Filters Merchants With Third-Party Shopping Carts 2. If the total amount of the transaction is greater than the amount specified by the Maximum Transaction Amount filter, the transaction is pended awaiting review; regardless of whether the transaction is pended, the next filter is applied. 3. If the transaction’s country of origin matches a country specified by the Country Monitor filter, the payment is denied and processing stops; otherwise, the next filter is applied. 4.
2 Setting Up Fraud Management Filters You must set up Fraud Management Filters after you sign up for them. z Configuring Your Fraud Management Filters z Fraud Management Filter Settings z Fraud Management Filters Setup Strategy Configuring Your Fraud Management Filters Configuring Fraud Management Filters to enable filters that are predictive of fraud requires both experimentation and iteration. By default, Fraud Management filters are not configured to identify potentially fraudulent transactions.
Setting Up Fraud Management Filters Configuring Your Fraud Management Filters NOTE: 16 The available filters are determined by agreement between the merchant and PayPal. You may not be granted access to all filters.
Setting Up Fraud Management Filters Fraud Management Filter Settings Fraud Management Filter Settings You can configure Fraud Management Filters to accept or deny a payment and to review or flag a transaction. Setting Description Accept Accept the payment. This setting is only used by the Total Price Minimum filter, which causes PayPal to accept transactions that fall below a minimum transaction amount, regardless of the setting of any other filter. Deny Deny the payment.
Setting Up Fraud Management Filters Fraud Management Filters Setup Strategy z Deny the payment. This operation is automatic; however, because the action results in the loss of revenue if the payment is actually legitimate, you should choose this action only after careful consideration. In the case of the size of the transaction, and with many other filters, can choose a threshold for which the specified action applies; for example, you can flag, review, or deny transactions over a specified amount.
3 Using Fraud Management Filters You can use PayPal to monitor transactions for fraud and determine the effectiveness of your Fraud Management Filters. z Accepting and Denying Payments z Monitoring Fraud Management Filters Performance z Using Fraud Management Filters with Virtual Terminal z Using Payment Fraud Search Accepting and Denying Payments You can use the Fraud Management Filters-related features from the Transaction History page.
Using Fraud Management Filters Accepting and Denying Payments 20 June 23, 2009 Fraud Management Filters
Using Fraud Management Filters Monitoring Fraud Management Filters Performance Monitoring Fraud Management Filters Performance You can monitor the effect of choosing various Fraud Management Filters. The Fraud Management Filters Performance Monitor enables you to graphically view the monetary effect of your filter settings. You can use the monitor to quickly review the effect of your filter settings and make decisions to balance risk and convenience.
Using Fraud Management Filters Using Fraud Management Filters with Virtual Terminal Using Fraud Management Filters with Virtual Terminal You can use Fraud Management Filters to manage risk while using Virtual Terminal.
Using Fraud Management Filters Using Fraud Management Filters with Virtual Terminal NOTE: You are not required to accept or deny the payment immediately. You can start a new transaction, in which case, you can view the transaction history or details and accept or deny the original payment later.
Using Fraud Management Filters Using Fraud Management Filters with Virtual Terminal If you deny the payment, Virtual Terminal does not process the transaction.
Using Fraud Management Filters Using Fraud Management Filters with Virtual Terminal Consider another Virtual Terminal transaction, this one in which the total payment amount is $110: Fraud Management Filters June 23, 2009 25
Using Fraud Management Filters Using Fraud Management Filters with Virtual Terminal In this example, the maximum amount filter automatically denies the payment because it exceeds $100.
Using Fraud Management Filters Using Payment Fraud Search Using Payment Fraud Search You can use the Fraud Management Filters transaction search capability to help detect payment fraud. You can search the transaction history for filtered transactions.
Using Fraud Management Filters Using Payment Fraud Search The following search presents the results of a search for potentially fraudulent payments detected by the Maximum Transaction Amount filter, including both those that have been denied or pended for your review: 28 June 23, 2009 Fraud Management Filters
Using Fraud Management Filters Using Payment Fraud Search You can examine the transaction details of these payments in the same way as any other transaction. You can also accept or deny pended payments listed in the history.
Using Fraud Management Filters Using Payment Fraud Search 30 June 23, 2009 Fraud Management Filters
4 Customizing Websites to use Fraud Management Filters You can detect and manage Fraud Management Filter results using IPN and the PayPal API. All merchants using IPN or the PayPal API must ensure that their systems can handle transactions pended by Fraud Management Filters.
Customizing Websites to use Fraud Management Filters Using Fraud Management Filters With IPN txn_type = virtual_terminal payment_date = 17:11:42 Jul 15, 2008 PDT last_name = receipt_id = 3075-7371-4622-1677 residence_country = US pending_reason = address item_name = payment_gross = 3.33 mc_currency = USD business = acqrte_1215804264_biz@gmail.com payment_type = instant verify_sign = APYUGJhXGkUmvFnZf4I5co6CedKKAowZjfT4T7GXWJMDnZ0uFLkcq.
Customizing Websites to use Fraud Management Filters Using Fraud Management Filters With IPN txn_type = virtual_terminal payment_date = 17:11:42 Jul 15, 2008 PDT last_name = receipt_id = 3075-7371-4622-1677 residence_country = US item_name = payment_gross = 3.33 mc_currency = USD business = acqrte_1215804264_biz@gmail.com payment_type = instant verify_sign = AFcWxV21C7fd0v3bYYYRCpSSRl31AjcbYkD.VCCBmpD4lZq.
Customizing Websites to use Fraud Management Filters Fraud Management Filters API Prerequisites txn_type = virtual_terminal payment_date = 17:09:40 Jul 15, 2008 PDT last_name = receipt_id = 0739-3836-3393-2098 residence_country = US item_name = payment_gross = 2.11 mc_currency = USD business = acqrte_1215804264_biz@gmail.
Customizing Websites to use Fraud Management Filters Fraud Management Filters API Prerequisites Any of these APIs could return a SuccessWithWarning status indicating that the transaction was pended. IMPORTANT: z z You may lose payment transactions if you do not handle SuccessWithWarning acknowledgements. You must capture and evaluate the return code associated with a SuccessWithWarning acknowledgement.
Customizing Websites to use Fraud Management Filters Detecting Pending Transactions Using the PayPal API SOAP Example The SOAP response would contain PaymentStatus set to Pending and the response would also contain the following fields: ... <__value__> SuccessWithWarning ...
Customizing Websites to use Fraud Management Filters Handling FMF Errors in Payment API Operations ... String strNVPResponse = (String) caller.call( strNVPString); NVPDecoder decoder = new NVPDecoder(); decoder.decode(strNVPResponse); String strAck = decoder.get("ACK"); // BEGIN CHANGES FOR FRAUD MANAGEMENT FILTERS String strErrorCode = decode.get("L_ERRORCODE0"); String strPaymentStatus = decode.get("PAYMENTSTATUS"); if (strAck.equals("SuccessWithWarning") && strPaymentStatus.
Customizing Websites to use Fraud Management Filters Handling FMF Errors in Payment API Operations z If the acknowledgement status is not Success or SuccessWithWarning, check for error code 11611, which indicates that one or more filters caused the transaction to be denied The following SOAP example shows typical error handling for Fraud Management Filters: 38 June 23, 2009 Fraud Management Filters
Customizing Websites to use Fraud Management Filters Handling FMF Errors in Payment API Operations ... if (DPRes.Ack == AckCodeType.Success) // No error { // Run success code // Let buyer know, mark the order as complete in database, etc. } else if (DPRes.Ack == AckCodeType.SuccessWithWarning) // May be pended { // Test for pended transaction bool isFMFPended = false; for (int z = 0; z < DPRes.Errors.Length; z++) { if (DPRes.Errors[z].
Customizing Websites to use Fraud Management Filters Migration From Risk Controls { // // // // Useful information to be kept: DPRes.FMFDetails.DenyFilters[x].Description; DPRes.FMFDetails.DenyFilters[x].Id; DPRes.FMFDetails.DenyFilters[x].Name; } } } } else { // Unexpected ACK type. Log response and inform the buyer that the // transaction must be manually investigated.
5 Fraud Management Filters Summary Fraud Management Filters includes both basic and advanced filters. z Kinds of Fraud Management Filters z Basic Fraud Management Filters z Advanced Fraud Management Filters Kinds of Fraud Management Filters The filters you can use are determined by agreement between you and PayPal.
Fraud Management Filters Summary Advanced Fraud Management Filters maximum amount trigger this filter. An unusually high total amount can indicate potential fraudulent activity because fraudsters generally aren’t price sensitive as they aren't paying with their own money. The Maximum Transaction Amount filter applies to all payments.
Fraud Management Filters Summary Advanced Fraud Management Filters compares the street number and zip code entered by the customer with information maintained by the card issuer. An AVS match helps verify that the customer using the credit card is the owner of the card. Failure to match may indicate that the address provided by the customer is fraudulent; however, no match may simply be the result of a typographical error.
Fraud Management Filters Summary Advanced Fraud Management Filters A billing/shipping address mismatch may indicate that the customer is shipping to an address different from the one the bill is sent to. A mismatch could be due to a fraudster using a stolen identity to complete a purchase; however, there are also legitimate reasons why a customer’s shipping and billing address might not match.
Fraud Management Filters Summary Advanced Fraud Management Filters IP Address Range Filter This filter screens for payments from IP addresses with historically high instances of fraud. IPs are checked against a “Risk List” maintained by PayPal. Historically, fraud is more likely to originate from compromised networks because fraudsters launch attacks from compromised computers or networks. To use this filter, you must send the customer’s IP address along with the rest of the transaction information.
Fraud Management Filters Summary Advanced Fraud Management Filters PayPal Fraud Model Filter This filter screens for payments that would have been declined by PayPal’s fraud model. PayPal’s fraud model identifies potentially risky transactions. It is updated dynamically to combat trends and patterns in fraudulent activity around the world. The PayPal fraud model filter applies to Direct Credit Card and Virtual Terminal payments. Not all merchants are eligible for this filter.
6 Fraud Management Filters Operating Principles In addition to how you set up Fraud Management Filters, the operation of Fraud Management Filters depends on the kind of flow, the payment method, such as by Express Checkout, Direct Credit Card, or Virtual Terminal, and interaction with other PayPal fraud protection services.
Fraud Management Filters Operating Principles Fraud Management Filters Operation With Other Payment Transactions 15.Address Verification Service Partial Match filter 16.Address Verification Service Unavailable or Not Supported filter 17.Card Security Code Mismatch filter NOTE: For Canadian merchants, the Zip Code and Suspected Freight Forwarder filters only operate on US addresses. These filters are not available to UK merchants.
Fraud Management Filters Operating Principles Fraud Management Filters Pending State Operation Supported Transaction Flows for Review Action The kind of flow determines whether a payment can be marked as pending your review; not all flows support the Review action. Only payments made during specific transaction flows can be set aside for review. Payments occurring outside of these flows are either accepted or denied.
Fraud Management Filters Operating Principles Fraud Management Filters Pending State Operation 50 June 23, 2009 Fraud Management Filters
Index A accept setting for filter 11, 17 address verification service no match filter 42 address verification service partial match filter 43 address verification service unavailable or not supported filter 43 advanced fraud management filters 42 API prerequisites 34 B bank identification number filter 44 billing/shipping address mismatch filter 43 C capturing pendend payments 49 card security code mismatch filter 11, 43 country monitor filter 10, 42 credit card processing 47 customizing websites 31 D d
Index IPN messages for FMF 31 K kinds of filters 41 transaction details, reviewing 19 transaction flows 49 U unconfirmed address filter 42 L large order number filter 45 V Virtual Terminal processing 22, 47 M maximum transaction amount filter 41 maximum trasaction amount filter 9 migration from Risk Controls 40 multiple filters 12 P W Website Payments Pro 42 websites, customizing 31 Z zip code filter 44 Payment Receiving Preferences 49 PayPal fraud model filter 46 pending state 48 and capture 49