- 1 Overview
- 2 Roles in Antifraud module management
- 3 Enabling and Configuring
- 4 Using the Results of 'Antifraud service' Check-up
- 5 Using the 'IP Lookup service' tool
- 6 What is Fraud Risk Factor and how it is calculated?
- 7 Troubleshooting
For better merchant protection from online credit card fraud X-Cart has an integrated fraud screening facility. Antifraud service is a subscription based service; however with X-Cart license we offer a free trial for antifraud screening.
Antifraud service runs on the servers of our company. We are utilizing MaxMind's GeoIP City Database and minFraud service for our Antifraud service. GeoIP databases are 99% accurate on a country level, 85% accurate on a state level, and 80% accurate for the US within a 25 mile radius. But the fraud risk factor is assessed by our unique algorithms based on our substantial experience in online credit card processing and which are specially adapted to be used in X-Cart shopping cart system. The following customer information is sent to our screening servers during antifraud checks:
- IP address
- proxy IP address
- country (billing address)
- state (billing address)
- city (billing address)
- ZIP code (billing address)
If fraud screening is enabled, X-Cart transfers the following data about a placed order to our antifraud service, where the request is processed and estimated risk factor for the order is returned. If risk factor exceeds the specified threshold then the order is delayed for manual check (phone call to a buyer, asking for additional evidence of authenticity etc.). Antifraud system provides a detailed report with an explanation what was suspicious about the order. This functionality is particularly useful when selling goods with immediate electronic delivery (like software, music, content etc.) because this kind of goods are most often ordered using stolen credit cards.
More information about Antifraud service is available at http://www.x-cart.com/antifraud_service.html.
Roles in Antifraud module management
If you are an X-Cart GOLD or GOLD PLUS administrator/provider or an X-Cart PLATINUM or PRO administrator:
- You can enable/disable Antifraud service module and adjust its configuration settings (Check out Enabling and Configuring 'Antifraud service').
- You can view the results of screening of an order by Antifraud service in the order details (Study Using the Results of 'Antifraud service' Check-up).
- You can use the 'IP Lookup' service to trace the actual physical location of a customer by the IP address from which an order was placed and, if necessary, to measure the distance between the customer's location and any other location, for example, the location of your company, or the billing address provided in an order (See Using the 'IP Lookup' Service).
If you are an X-Cart PLATINUM or PRO provider:
- You do not have access to the results of order screening and 'IP Lookup' service.
Enabling and Configuring
To begin using the module:
1. Obtain a subscription key for Antifraud service module (Check out the 'Purchase services' page in your X-Cart Account)
2. Enable Antifraud service module (Administration menu->Modules).
When the module is enabled, you can see Antifraud options section in General settings/Modules options. If you already have some orders at your store, you can see a new section in the 'Order details' form titled 'Antifraud checking result'. There should also be a Lookup address button in the 'Order details' form before the 'Order details (not visible to customer and provider)' field.
3. Adjust the module settings via General settings/Modules options->Antifraud Service.
- a) Provide the following information:
- General Antifraud service options
- Antifraud module subscription key: Your Antifraud module subscription key.
- Fraud risk factor threshold value (Antifraud module). If fraud risk factor is greater than this limit, order status will be 'Queued': The desired Fraud risk factor threshold value. Orders with a Fraud risk factor greater than the value specified in this field will not be processed automatically.
- Antifraud safe distance (km): The distance between a billing address location and an IP address location that you wish to be treated as safe. Any order originating from an IP address located within the Antifraud safe distance from the address provided by the customer at checkout will be processed as non-fraudulent.
- Order total threshold: The order subtotal amount starting from which an order must be considered 'large'. Antifraud service believes large orders to provide a greater risk for store owners, so it uses an additional coefficient to increase the Fraud risk factor of an order if its subtotal exceeds the value provided in this field.
- Run anti-fraud check on orders with zero 'order total': This option allows you to specify whether you wish orders whose order total amount has been calculated as '0' (zero) to be screened by Antifraud service.
- Force to use the "Auth only" mode if the fraud risk factor exceeds: Define the maximum allowed value of the fraud risk factor. When exceeded, X-Cart will force to perform the transaction in the "Auth only" mode even if the payment module is set up to use a different mode.
- The "Auth only" mode means that the system will only freeze the order total but not withdraw it until the store administrator decides to capture the money manually.
- If the payment method you use does not allow for authorize-only transactions, the transaction will not be performed and the order will be placed with the Queued status.
- Email notifications
- 'Antifraud service key is invalid' notification to orders department: This option allows you to specify whether you wish an email notification to be sent to the store's Orders department if the value entered into the 'Antifraud module subscription key' field is not a valid subscription key.
- 'Antifraud service key is expired' notification to orders department: This option allows you to specify whether you wish an email notification to be sent to the store's Orders department when your Antifraud module subscription key expires.
- b) Click the Save button.
4. Define on which orders AntiFraud check should be performed:
- a) Log in to your store's Admin area.
- b) Go to the 'Payment methods' page.
- c) Select the 'Check' check-box of the payment methods for which you want to use the AntiFraud check feature.
- d) Click Update to apply the changes.
AntiFraud check will be performed on orders placed using payment methods which have the 'Check' setting enabled.
Using the Results of 'Antifraud service' Check-up
The results of screening of an order by Antifraud service can be found in the 'Antifraud checking result' subsection of the 'Order details' form.
The results of an Antifraud service check-up most probably look as follows:
Fraud risk factor - a number from 1 to 10 reflecting the risk of fraud associated with the order.
Total requests - a total number of requests to Antifraud service that you are allowed to make with your current Antifraud subscription key.
Used requests - a number of requests to Antifraud service that is already used.
Antifraud additional fields (optional) - Antifraud service module service flags.
If Antifraud service is unable to provide any information about the IP address used to place an order, you are informed about it by the following message:
'No information regarding requested IP is found'
Such a message does not necessarily mean fraud, it can be caused by the fact that the customer came to your store from an intranet environment. However, the potential fraud risk of orders, the origin of which is unknown, is very high.
As orders get screened by Antifraud service at the time of placement, it is natural that orders placed when Antifraud service module is turned off will not have any Antifraud service check-up results in their details. A warning will be displayed in the place of the order's Antifraud check-up results:
'The order has not been checked by Antifraud service because Antifraud module was turned off at the time of order placement'
If, for some reason, an order was not checked by Antifraud, or if you failed to get the results of the check-up (for example, because of a connection failure just after the order was placed), you can request another check-up of the order by Antifraud. To do so, click the Check order in Antifraud service link. Your request will be re-sent to the Antifraud service server.
Antifraud service subscription key is valid for a limited number of times. As soon as your Antifraud service subscription key expires, you will be notified about it by a warning message in the 'Antifraud checking results' subsection of the 'Order details' form:
'Warning! Antifraud service key expired! You can purchase Antifraud Service subscription here or get your free trial key here (if it has not been used)'
If you get this message and want to continue using Antifraud, order a new Antifraud service subscription key from X-Cart.
If the key entered into the 'Antifraud module subscription key' field of the 'Antifraud options' form is not a valid Antifraud module subscription key, you will be informed that your Antifraud service key is invalid:
'Warning! Antifraud service key is invalid! You can purchase Antifraud Service subscription here or or get your trial key here (if it has not been used)'
If you get this message, make sure the Antifraud module subscription key in the 'Antifraud options' form is entered correctly.
If you wish to get email notifications in the event that your Antifraud module subscription key becomes invalid or expired, enable the corresponding email notifications on the General settings/Modules options->Antifraud options page.
Using the 'IP Lookup service' tool
Antifraud service module comes with an 'IP Lookup service' tool that allows you to to find out the actual location of a customer who placed an order by his or her IP address. It also allows you to compare this location with other known addresses.
To find out the IP address of a customer who placed an order:
1. Open the order (Management menu->Search for orders, search for the necessary order using the 'Search for orders' form, view the order details). 2. In the 'Order details' form, find the section 'IP'.
The sequence of four decimal numbers separated by dots that is displayed in this section is the IP address from which the order originated.
To look up a customer's location by his or her IP address and to find out, how far this location is from the customer's billing address:
1. Click on the Lookup button below the customer's IP address in the 'Order details' form. A window will be opened with a dialog titled 'Lookup address'.
In the 'Lookup address' dialog, the fields 'City', 'State', 'Country' and 'Zip/Postal code' will show the customer's billing address, the 'IP' field will show the IP address of your customer.
2. Click the Lookup address button. This should induce Antifraud service to find out the actual location of the computer whose IP address is provided. The address received from Antifraud service will appear below the 'IP' field:
This should be the location of your customer at the time of order placement.
3. After having Antifraud service look up the actual location of the computer from which the order was placed, click the Measure distance button. Antifraud will calculate the distance between the two locations:
If you would like to check some other address, simply type the desired address into the address fields of the 'Lookup address' dialog and click the Measure distance button.
If you are sure that the IP address from which the order originated was used by a malicious person, you can report this IP to Antifraud service. Use the 'Send IP' subsection of the order details page to describe the reason why you believe this IP to be a source of fraudulent orders, then click on Send.
What is Fraud Risk Factor and how it is calculated?
Fraud risk factor is a number from 1 to 10 estimating the riskiness of accepting a credit card for a certain order (the higher the number the higher the risk). The calculation is performed in two steps:
1) The first step is done by Antifraud server depending on the following parameters:
- country_doesnot_match (binary value, 1 or 0)
- city_doesnot_match (binary value, 1 or 0)
- is_free_email (binary value, 1 or 0)
- is_anonymous_proxy (binary value, 1 or 0)
- fraudulent_ip (binary value, 1 or 0)
- proxy_score (decimal value, from 0 to 10)
- spam_score (decimal value, from 0 to 10)
- CHECK_IP_DISTANCE (integer value, distance in km)
using this algorithm:
- First the fraud risk factor is assigned 0 value;
- If any of the binary parameters takes value 1 ('true'), the fraud risk factor is increased by some ("know how") value;
- If 'proxy_score' or 'spam_score' exceeds 4, the fraud risk factor is increased by some ("know how") value;
- If 'CHECK_IP_DISTANCE' exceeds the Antifraud safe distance value, the fraud risk factor is increased by some ("know how") value;
- Finally, if the fraud risk factor value is above 10, it becomes equal 10;
2) Once the first step is done the calculated value is passed to X-Cart to be adjusted according to all of following rules:
- If the order total is greater than the Order total threshold value - 'order_limit_excess' becomes 1 (true), and the fraud risk factor is multiplied by 2;
- If the customer has processed orders - 'completed orders' takes value 1 (true), and the fraud risk factor is divided by 2;
- If the customer has cancelled orders - 'declined_orders' takes value 1 (true), and the fraud risk factor is multiplied by 1,5;
- If the IP address being checked has been already used to place orders under a different user account - 'foreign_ip_address' takes value 1 (true), and the fraud risk factor is multiplied by 2;
- If the customer's billing address is considered to be a high risk country - 'is_high_risk_country' takes value 1 (true), and the fraud risk factor is incremented by 7.
Finally, if the fraud risk factor value is above 10, it becomes equal 10.
Whenever we try and use the Antifraud check, it is saying: Warning! Antifraud service is not available! I still have available requests to Antifraud service in my Helpdesk account. How do I solve the problem?
This problem is probably related to the change of our Antifraud service URL. If you experience this problem, open the file modules/Anti_Fraud/config.php for viewing/editing and check the line defining the Antifraud service URL. If this line says:
define ('ANTIFRAUD_URL', 'https://secure.qualiteam.biz:443');
define ('ANTIFRAUD_URL', 'https://secure.qtmsoft.com:443';);
replace it with the following:
define ('ANTIFRAUD_URL', 'https://secure.x-cart.com:443');