1. Home
2. Security
3. Fraud Prevention
4. Fraud Detection Module

1. Introduction

The online payment landscape can be complex. Today, businesses need to move quickly to stay one step ahead of fraudsters. That’s why Paypage has the perfect solution for you. Boost your business line of defense with our Fraud Detection Module (FDM). How? We offer you a flexible range of features that you can customise to suit your needs.

For example, you can:

• Block transactions by IP addresses or by location from where the cards were issued
• Control and configure how 3-D Secure (3DS) transactions are handled if and when they go wrong
• Easily set minimum and maximum limits per transaction, per card and/or per period

Fight off fraudulent transactions in real-time and accept payment with confidence. Use our Fraud Detection Module today.

2. Before we begin

At the end of the guide, you will be able to do configure your 3-D Secure (also known as 3DS) settings of your payment methods, manage and set conditions for your transactions.

To get started, make sure that your FDM (ID: CAP) is activated. You can do this by going to Configuration > Account > Your options in your account.

3. Manage 3DS settings

3-D Secure (3DS) is an anti-fraud protocol designed to enhance security for both you and your customers. Learn more about 3DS in our FAQ. 

Manage 3DS settings 

Once your fraud subscription is active, you can now configure your 3DS settings. Go to Advanced > Fraud Detection. 3DS will have to be configured individually for each payment method. Under 3-D Secure, select a payment method by clicking on EDIT. You will see a list of actions that you can choose from.

The table below provides an overview on actions listed on the page and what they mean.

Actions	Explanation
You can either continue or interrupt the transaction if a technical problem prevents connection to the respective acquirer during the 3D-Secure registration check.	You may want to do configure this option in case we cannot connect to the 3DS directory of the related scheme/card brand.
You can either continue or interrupt the transaction if the cardholder identification service is temporarily unavailable.	You may want to configure this option in case the 3DS verification URL is not working.
You can either activate or deactivate 3D-Secure for all cards.	If you decide to deactivate 3DS, it will not be rolled out at all.
You can process 3D-Secure depending on the Global Fraud Score.	3DS will be processed based on your fraud settings and our Fraud Expert assessment if it has been activated.

4. Set conditions for Merchant Fraud lists

Merchant Fraud lists are lists that allow you to set conditions for your payments. For example, you may want to block illegitimate transactions based on their IP addresses or even the card’s country of issue! In this chapter, you will learn how to manage these lists.

There are two types of lists.

• Whitelists allow you set conditions for when a transaction should be accepted.
• Blacklists allow you to set conditions for when a transaction should be blocked.

View lists

View these lists by going to Advanced > Fraud Detection in your account. Under Blacklist / Greylist / Whitelist, select an item that you would like to configure and click EDIT. 

Manage lists

If a transaction matches any of the conditions that you have set on these lists, it will be then accepted or blocked accordingly.

Depending on the action that you choose to take, you might also need to send some parameters to our platform. Below is an overview of the list types (which are conditions you can set), what they mean and parameters that would need to be sent.

List type	Explanation	Parameters to be sent
Card blacklist	You will need the full credit card. For Direct debits, you will need the full bank account.	CARDNO
BIN blacklist	A Bank Identification Number (BIN) consists of the first six digits of a credit card linked to an issuer in a specific country. This allows you to block all credit cards that share the same BIN	CARDNO
IP blacklist	Our system will accept both specific IPs or IP ranges according to the formatting a.b.c-d.0-255 or a.b.c-d.* or a.b.c.d-e.	REMOTE_ADDR
IP address whitelist	Our system will accept both specific IPs or IP ranges according to the formatting a.b.c-d.0-255 or a.b.c-d.* or a.b.c.d-e.	REMOTE_ADDR (For Directlink, this is the buyer’s IP address)

Add new items to a list

If you would like to add items to one of the list types above, select the respective list type and click EDIT.

To add items to a list,

1. Enter data in the Enter the item
2. Select either Actual Fraud / Commercial Dispute / Suspicion of Fraud.
3. Optional: Add some information in the Comment field if you have any.

Manage existing list items

If you would like to manage items in a list, you can either:

• Delete: Remove one or more items by flagging All
• Fraud type: Modify the original entry to FRA (Actual Fraud) / COM (Commercial Dispute) / SOF (Suspicion of Fraud). 
• Comment:Delete or change the original comment of your item by clicking on "..."

Our platform also allows you to put already processed transactions to this list. To do so, follow these steps:

1. Log in to the Back Office. Go to Operations > View transactions and look up the transaction
2. In the table displaying all maintenance operations for this transaction, click on any Pay ID button
   
   
   
3. On the maintenance operation overview page, click on the “DISPUTE” button
4. In the table, select either “Add to the blacklist” / “Add to the greylist” for any of the selectable transaction parameters. Flag then transaction as either "Actual fraud” / “Commercial dispute" / "Suspicion of fraud". Confirm your selection by clicking on the "Save" button
   

5. Set up Merchant Fraud checklist

The principle of a fraud checklist is to match each transaction with a list criteria based on various parameters and their respective weighting in a risk assessment. This means that depending on the individual settings, you can define one of the following actions to be applied:

• None (the criteria is ignored for fraud assessment): the transaction is accepted, provided that the acquirer / issuer will not reject it for any other reason
• Review: A 3DS check will be performed. If the check fails, the transaction will be blocked. If it is successful, we will go for the authorization
• Block: The transaction will be blocked

 This chapter will teach you how you can set and manage this checklist in your account.

View your checklist by going to Advanced > Fraud Detection in your account. Under Fraud detection activation and configure, select a payment method that you would like to configure and click EDIT. 

On the page, you will see criteria that you can define freely.  Each criterion requires you to define one or more of the following settings: 

• None (the criteria is ignored and no assessment will be made)
• Review (a 3DS check will be performed)
• Override blocking / review
• Block
• Whitelist / greylist / blacklist management
• Edit usage limit

Depending on the criteria that you wish to define, you might need to send some parameters with the transaction to our platform. Below is an overview of the most important criteria, their respective parameters and our possible settings to define to effectively optimise your fraud protection.

Category	Criteria	Actions	Parameter(s) to be sent
Trusted data / whitelists	3-DS Secure identification OK	·       Block / Review / Override blocking & review except card blacklist rule ·       Edit whitelist: CUI ·       Edit whitelist: E-mail	-
	CUI whitelist identification		CUID
	E-mail on whitelist		EMAIL
Card data	Card country high / medium risk	·       Review Configure Card country groups	CARDNO
	Max amount / card high / medium threshold	·       Block / Review ·       Edit usage limits > Maximum utilization per card, per period x day(s) > Total amount of transactions per card > Number of transactions per card	CARDNO
IP data	IP country high / medium risk	·       Configure IP country groups ·       Block / Review	REMOTE_ADDR
	Anonymous proxy	Block / Review	REMOTE_ADDR
	IP cty differs from CC cty	Block / Review	REMOTE_ADDR / CARDNO
	Unauthorised card country / IP country combination high / medium risk	·       Edit IP/CC country pairs ·       Block / Review	REMOTE_ADDR
	Max utilisation / IP	·       Block / Review ·       Edit usage limits > Maximum utilisation per IP address, per period x day(s) > Number of successful transactions per IP address > Number of transactions (accepted or refused) per IP address	REMOTE_ADDR
Contact data	Max e-mail utilisation	·       Block / Review ·       Edit usage limits > Maximum utilisation per e-mail address, per period of x day(s) > number of utilisations for the e-mail address	REMORE_ADDR
Address data	Invoicing address different to delivery address	Review	ADDMATCH
Miscellaneous data	Number of different countries	Block / Review	-
	Amount lower / higher than range	·       Edit min max amount ·       Block / Review	AMOUNT
	Time of order high - / medium risk period	·       Review ·       Edit risky periods	-
	Data in generic blacklist / greylist	·       Block / Review ·       Edit blacklist / greylist: generic data	GENERIC_BL
	Shipping Method high / medium / low risk	·       Block / Review ·       Edit risky Shipping Methods	ECOMSHIPMETHODTYPE
	Shipping Method Details High / medium / low risk	·       Block / Review ·       Edit risky Shipping Method Details	ECOMSHIPMETHODDETAILS
	Product Category High / medium / low risk	·       Block / Review ·       Edit risky Product Categories	ITEMFDMPRODUCTCATEGx ITEMIDx ITEMNAMEx ITEMPRICEx ITEMQUANTx
	Time to Delivery	·       Strictly less than X hours ·       Block / Review	ECOM_SHIPMETHODSPEED
Automatic address verification by the acquirer	result OK / KO ZIP KO, Address OK ZIP OK, Address KO Result not received or unknown	Block (Review if in Direct Sale) / Review	OWNERZIP OWNERADDRESS
Card verification code check	result OK / KO	Block (Review if in Direct Sale) / Review	CVC

Configure travel data (for airline industry only)

If your business model involves handling airline data, you will also need to send the following parameters need to be sent to us along with the transaction to be taken into consideration.

Parameters to be sent
AIPASNAME
AIEXTRAPASNAME*XX*
AIORCITY*XX*
AIORCITYL*XX*
AIDESTCITY*XX*
AIDESTCITYL*XX*
AISTOPOV*XX*
AIFLDATE*XX*

For more information on these parameters, you can refer to our Parameter Cookbook in your account. Go to Support > Integration and User Manuals > Technical Guides to access it!

Apply list items as Merchant Fraud Rules

Once you have managed items in your white/grey/black lists, you need to instruct our platform once a match occurs.

To do so, follow these steps:

1. Log in to the Back Office. Go to Advanced > Fraud Detection. Select the payment method for which you want to configure Merchant Fraud Rules via "Fraud detection activation and configuration"
2. Select any of the settings in column "Action" to define how a match should impact the scoring of the transaction in question
3. You may edit the list corresponding to the setting by selecting the option "Edit list xxx" on the right hand-side of the setting

Identify fraud with Device Fingerprinting 

Device Fingerprinting is a technology that enables us to uniquely identify a device used during a transaction. This means that if fraudsters use the same device for different transactions, our system will be able to detect this and block the transaction immediately. We use the parameter tag, DEVICEID to identify the device used for each transaction.

Depending on your integration with us, there are some actions that you can take to activate Device Fingerprinting.

• If you are using our eCommerce integration, this data will be captured on our payment page. Thus, this is done automatically for you.

• If you are using our DirectLink or FlexCheckout integration, you will need to add a tracking code to your integration. The code will need to be added into the header of one of your webpages which will be loaded when the cardholder’s device visits the site. We recommend adding it to your payment page.The code is in HTML and consists of CSS, Javascript and Flash:

<script type="text/javascript" asycn ="true" src ="https://elistva.c om/api/script.js?  aid=10376&sid=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"></script>  <noscript><p style="background:url(//elistva.c om/api/assets/c lear.png?  aid=10376&sid=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)"></p></noscript>  <object type="application/x-shockwave-flash" data="//elistva.c om/api/udid.swf?  aid=10376&sid=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" width="1" height="1">  <param name="movie" value="//elistva.c om/api/udid.swf?  aid=10376&sid=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" />  </object> 

You will need to update the XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX in the code snippet with a unique user session identifier in MD5 format. 

This HTML code is associated with a unique temporary and random session identifier (SID), which is generated by you as described in the table below.

Parameter(s) to be sent	Explanation	Format
sid	SID is the unique identifier of a user session. The c concatenation of the values of respectively the  PSPID and ORDERID are calculated in the MD5 format, resulting a 32-digit hexadecimal hash string.	Série de dièses hexadécimale à 32 chiffres  Example : ec 4dfe7e880e374071e2728c  3711c 3a8
aid	The ID of Tracker Application Account	Valeur fixe : 10376

Note: This feature will only work when a Fraud Export Scoring category (Green, Orange, or Red) is successfully returned by Fraud Expert. Learn more about Fraud Expert below.