Preventing card misuse without affecting customer experience
Netaxept provides essential antifraud services to prevent card misuse in online environment without affecting your customers' buying experience. The use of antifraud services is voluntary but highly recommended. General Antifraud services are available for all merchants, whereas the advanced version is an additional service that screens all transactions in real time and rates them on a fraud scale, based on the configured thresholds.
General Antifraud services
General Antifraud services are available for all merchants in Netaxept Admin and/or via API. For each transaction the following information is provided:
- IP address for the buyer's browser connection
- Country where the card used for the transaction was issued
- Information if the country of customer's IP address doesn't match the country of card issuer
- The result of the 3DS authentication
Also, you can activate the following features either via Netaxept Admin or API:
- Activity filter allows you to set a maximum sum or a maximum number of transactions that will be accepted for a specific card or a specific IP address.
- Country filter allows you to limit transactions based on the country where the card used for the transactions was issued.
- Card type filter allows you to prevent transactions done by credit cards so that debit cards can still be used for payment.
- IP address check for API calls will activate a second security layer for API calls to let through only the calls from the specified IP addresses or ranges.
- Force 3DS parameter allows you to accept only transactions that have been successfully 3DS authenticated.
Advanced Antifraud services
The advanced version is an additional service that screens all transactions in real time and rates them on a fraud scale, based on the configured thresholds. Transactions are then either passed or rejected automatically or set for review before further processing.
- Device fingerprinting collects information during the payment process for identification. It identifies individual users and devices even when cookies are turned off.
- Geo localization identifies BIN and IP countries, and compares IP country to card issuing country.
- Velocity checks identifies transactions that are repeatedly done with same card, device, IP address and/or email address.
- Use of blacklists of proxies, devices and IP addresses and a wide range of other abnormal transaction indicators to detect abnormal and high-risk transactions.
- With Dynamic 3DS you can skip 3DS authentication for certain transactions. Only transactions with a certain risk score or specific characteristics will be redirected to 3DS authentication. Dynamic 3DS can be used with or without other advanced Antifraud service features. If you want to utilize Dynamic 3DS, you need first get approval for the use of Dynamic 3DS from your chosen acquirer before creating any rules. It should be also noted that using Dynamic 3DS doesn't change merchant's regular liability shift rules.
Steps to get started
To be able to utilize advanced version, besides the technical API integration towards Netaxept, you need to have the correct additional service chosen in your Netaxept agreement. Default ruleset can be used as a turnkey solution, while unique ruleset will be set based on your business needs and fraud experience. In both cases, to be able to offer the best solution for you, we kindly ask you to deliver us more information, such as
- Description of your webshop implementation and business
- What you are looking for, is there some particular problem you want to solve
- Situations when you want to skip 3DS authentication (if Dynamic 3DS is wanted)
- What kind of fraud situations you are facing currently
- Also, if Dynamic 3DS is wanted, first you need to get approval from your chosen acquirer to use of Dynamic 3DS
2. Implementing device profiling / fingerprinting
Although optional, this step is strongly recommended. Device profiling is at the heart of many of the rules used to check for fraud and will greatly increase the likelihood of detecting fraudulent cases, but basic use of advanced Antifraud service is not dependent on using this functionality. Fingerprinting process happens in the background while the buyer is interacting with your webshop. This is the only step that requires changes in your API integration towards Netaxept.
3. Transaction fraud scoring
The next step in the process is the transaction fraud scoring. Transaction is rated on a fraud scale and will be given recommendations based on the configured thresholds for the merchant. For example, a score < -80 could trigger a recommendation to stop the transaction immediately, while a score between -80 and -50 could trigger a requirement for the merchant to manually approve the transaction before it can be captured.
4. Transaction assessment
Based on threshold limits there are three possible outcomes of a transaction assessment: pass, review or reject. The exact risk scores as well as reasons and transaction status are available in Netaxept Admin and can be fetched via API.