PayTrace is committed to your security, and in an ongoing effort to combat fraud, we've compiled a list of actions you can take to recognize and prevent fraud. This information will equip your company with the knowledge to prevent fraud in the payment industry.
Table of Contents | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Detecting and preventing fraudulent activity
As with any fraudulent activity, there is no magic bullet to detect and prevent all fraudulent activity. We suggest implementing a layered payment review process, including the following features and activities:
Review and monitor transactions daily
PayTrace provides several reporting options to review your transaction activity. Some of these reporting options can be emailed to members of your organization.
Reviewing daily transaction activity lets your organization detect unusual activity within your payment processes and systems.
Support/Merchant Admin-enabled Security Settings
An account admin can manage these security settings, or you can contact our Support department to enable a combination of the Security Settings below.
Info |
---|
For how to update and manage these settings, please review our Help Documentation - Security Settings Page. |
Duplicate transaction time
A filter that will prevent a transaction from being processed if a transaction with the same card number, for the same amount, and with the same invoice number has already been approved within the specified time range.
You can specify the number of minutes between 0 and 999 to have the filter prevent a duplicate transaction within that time frame.
Enable Phishing Filter
A filter that will disable a card on the fourth failed attempt to process a transaction and block any additional attempts in a rolling 24 hours.
Required Billing Address
A setting that requires a Billing Address to be submitted for transactions processed by your PayTrace account. Highly recommended for merchants who process e-commerce and card-not-present transactions.
Require Billing Zip Code
A setting that requires a billing zip code to be submitted for transactions processed by your PayTrace account. Highly recommended for merchants who process e-commerce and card-not-present transactions.
Require CSC
A setting that requires a CSC Code to be submitted for transactions processed by your PayTrace account. Highly recommended for merchants who process e-commerce and card-not-present transactions.
Address Verification System (AVS) Auto Void
A setting that will automatically void transactions on your PayTrace account if the transaction response from the cardholder’s bank does not return with a match value for the billing address and/or Billing Zip Code.
There are two options.
No Match: Will void an approved transaction in which the bank returns a No Match response.
Partial or No Match: Will void any approved transactions in which the bank does not return a Full Exact Match response.
CSC Auto Void
A setting that will automatically void an approved transaction if the CSC response from the cardholder’s bank is “No Match.”
Manage IP Rules
One way to enhance the security of your PayTrace account is by limiting access to specific IP addresses.
Info |
---|
To review this feature in-depth please review our Help Documentation - Manage IP Rules. |
Suggestions for detecting and preventing e-commerce fraud
To add another level of security when processing e-commerce transactions, we recommend verifying if your e-commerce provider provides security settings and tools that will protect your transactions when cardholders enter them.
Below are some features or settings that may be available by your e-commerce provider.
Require customer sign-up
Requiring someone to sign up for an account helps deter rapid card testing with different identities. See the Velocity information below for more information.
Restrict countries
It is possible to prevent transactions from certain countries from being processed.
Google ReCaptcha
An advanced risk analysis engine and adaptive challenges to keep malicious software from engaging in abusive activities on your website.
A way to stop automated payment attempts is by using reCAPTCHA. This puzzle requires human input to solve and forces fraudulent attempts to process cards manually, which helps deter bots or bad actors from rapidly attempting transactions on a large number of stolen cards.
IP geolocation checks
IP address geolocation is the process of uncovering an online user's geographic location based on the IP address of their computer or mobile device.
Doing IP geolocation checks is a way to match the IP that the user is accessing your website from against the billing address that they provide when they check out. In addition to checking the IP against the billing address, you should check if the user is accessing your website using a proxy IP. A proxy IP is generated through free or paid services that make it appear that the user is accessing your website from a location other than where they are. If the user's billing address is in one state (such as Nebraska), but their IP is in another state (such as Florida), they may be traveling, but this should not be assumed. This type of mismatch warrants a closer look at the user's information.
Velocity checks on your shopping cart
Refers to
Info |
---|
Monitoring this activity is important. Even with donation sites, making low-dollar payments in rapid succession may be unusual for a user. |
checks you do on your website, not through the
PayflowPayfloy velocity fraud filters. Velocity is the number or speed of payments made within a certain period of time on your account.
Info |
---|
Monitoring this activity is important. Even with donation sites, making low-dollar payments in rapid succession may be unusual for a user. |
For example, ten payments are sent from the same customer within seconds or minutes of each other.
Payment velocity can be monitored by dollar amount, user IP, billing address, BIN, or device.
Please contact your 3rd-party integration to confirm how they can monitor velocity just in case there are they offer other options they offer.
Shopping cart session velocity
Refers to the number of times a buyer can attempt to complete an order in one shopping cart session. By limiting the attempts in one checkout session, you have visibility into the number of shopping cart declines, which may assist in identifying a possible card-testing situation.
Related Pages
Protect yourself from card testing fraud
Need more help?
Our support team will be happy to assist you.
If you are unsure where to go, try the search bar on the top right of any page.
If you cannot find the documentation you are looking for, please let our support team know so we can continue to improve this documentation.