Difference between revisions of "X-Cart:Antifraud"
(→Using the Results of 'Antifraud service' Check-up) |
(→Using the Results of 'Antifraud service' Check-up) |
||
Line 79: | Line 79: | ||
The results of an Antifraud service check-up most probably look as follows: | The results of an Antifraud service check-up most probably look as follows: | ||
+ | |||
[[Image:antifraud_check1.gif|584px|center]] | [[Image:antifraud_check1.gif|584px|center]] | ||
+ | |||
<u>Fraud risk factor</u> is a number from 1 to 10 reflecting the risk of fraud associated with the order. | <u>Fraud risk factor</u> is a number from 1 to 10 reflecting the risk of fraud associated with the order. |
Revision as of 19:24, 25 January 2010
Contents
Overview
For better merchant protection from online credit card fraud X-Cart has an integrated fraud screening facility. Antifraud service is a subscription based service; however with X-Cart license we offer a free trial for antifraud screening.
Antifraud service runs on the servers of our company. We are utilizing MaxMind's GeoIP/minFraud service for Antifraud service. GeoIP databases are 99% accurate on a country level, 85% accurate on a state level, and 80% accurate for the US within a 25 mile radius. But the risk factor is assessed by our unique algorithms based on our substantial experience in online credit card processing and which are specially adapted to be used in X-Cart shopping cart system. No sensitive private customer's information (like name, email address, CC numbers) is sent to our screening servers during antifraud checks.
If fraud screening is enabled, X-Cart transfers non personal data about a placed order to our antifraud service, where the request is processed and estimated risk factor for the order is returned. If risk factor exceeds the specified threshold then the order is delayed for manual check (phone call to a buyer, asking for additional evidence of authenticity etc.). Antifraud system provides a detailed report with an explanation what was suspicious about the order. This functionality is particularly useful when selling goods with immediate electronic delivery (like software, music, content etc.) because this kind of goods are most often ordered using stolen credit cards.
More information about Antifraud service is available at http://www.x-cart.com/antifraud_service.html.
Roles in Antifraud module management
If you are an X-Cart GOLD administrator/provider or an X-Cart PRO administrator:
- You can enable/disable Antifraud service module and adjust its configuration settings (Check out Enabling and Configuring 'Antifraud service').
- You can view the results of screening of an order by Antifraud service in the order details (Study Using the Results of 'Antifraud service' Check-up).
- You can use the 'IP Lookup' service to trace the actual physical location of a customer by the IP address from which an order was placed and, if necessary, to measure the distance between the customer's location and any other location, for example, the location of your company, or the billing address provided in an order (See Using the 'IP Lookup' Service).
If you are an X-Cart PRO provider:
- You do not have access to the results of order screening and 'IP Lookup' service.
Enabling and Configuring
To begin using the module:
1. Obtain a subscription key for Antifraud service module (Check out the 'Purchase services' page in your X-Cart Account)
2. Enable Antifraud service module (Administration menu->Modules).
When the module is enabled, you can see Antifraud options section in General settings/Modules options. If you already have some orders at your store, you can see a new section in the 'Order details' form titled 'Antifraud checking result'. There should also be a Lookup address button in the 'Order details' form before the 'Order details (not visible to customer and provider)' field.
3. Adjust the module settings via General settings/Modules options->Antifraud Service.
- a) Provide the following information:
- General Antifraud service options
- Antifraud module subscription key: Your Antifraud module subscription key.
- Fraud risk factor threshold value (Antifraud module). If fraud risk factor is greater than this limit, order status will be 'Queued': The desired Fraud risk factor threshold value. Orders with a Fraud risk factor greater than the value specified in this field will not be processed automatically.
- Antifraud safe distance (km): The distance between a billing address location and an IP address location that you wish to be treated as safe. Any order originating from an IP address located within the Antifraud safe distance from the address provided by the customer at checkout will be processed as non-fraudulent.
- Order total threshold: The order subtotal amount starting from which an order must be considered 'large'. Antifraud service believes large orders to provide a greater risk for store owners, so it uses an additional coefficient to increase the Fraud risk factor of an order if its subtotal exceeds the value provided in this field.
- Run anti-fraud check on orders with zero 'order total': This option allows you to specify whether you wish orders whose order total amount has been calculated as '0' (zero) to be screened by Antifraud service.
- Force to use the "Auth only" mode if the fraud risk factor exceeds: Define the maximum allowed value of the fraud risk factor. When exceeded, X-Cart will force to perform the transaction in the "Auth only" mode even if the payment module is set up to use a different mode.
- The "Auth only" mode means that the system will only freeze the order total but not withdraw it until the store administrator decides to capture the money manually.
- If the payment method you use does not allow for authorize-only transactions, the transaction will not be performed and the order will be placed with the Queued status.
- Email notifications
- 'Antifraud service key is invalid' notification to orders department: This option allows you to specify whether you wish an email notification to be sent to the store's Orders department if the value entered into the 'Antifraud module subscription key' field is not a valid subscription key.
- 'Antifraud service key is expired' notification to orders department: This option allows you to specify whether you wish an email notification to be sent to the store's Orders department when your Antifraud module subscription key expires.
- b) Click the Save button.
4. Define on which orders AntiFraud check should be performed:
- a) Log in to your store's Admin area.
- b) Go to the 'Payment methods' page.
- c) Select the 'Check' check-box of the payment methods for which you want to use the AntiFraud check feature.
- d) Click Update to apply the changes.
AntiFraud check will be performed on orders placed using payment methods which have the 'Check' setting enabled.
Using the Results of 'Antifraud service' Check-up
The results of screening of an order by Antifraud service can be found in the 'Antifraud checking result' subsection of the 'Order details' form.
The results of an Antifraud service check-up most probably look as follows:
Fraud risk factor is a number from 1 to 10 reflecting the risk of fraud associated with the order.
Important: Fraud risk factor is formed in the following way:
- an order total is greater than the order total threshold - fraud risk factor is multiplied by 2
- a customer has processed orders - fraud risk factor is divided by 2
- a customer has cancelled orders - fraud risk factor is multiplied by 1,5
- a customer from the same IP address is trying to place an order under a different name - fraud risk factor is multiplied by 2.
If two or more of these events occur in one order, the fraud risk factor is multiplied using all the applied coefficients.
Total requests - a total number of requests to Antifraud service that you are allowed to make with your current Antifraud subscription key.
Used requests - a number of requests to Antifraud service that is already used.
Antifraud additional fields (optional) - Antifraud service module service flags.
If Antifraud service is unable to provide any information about the IP address used to place an order, you are informed about it by the following message: 'No information regarding requested IP is found'. Such a message does not necessarily mean fraud, it can be caused by the fact that the customer came to your store from an intranet environment. However, the potential fraud risk of orders, the origin of which is unknown, is very high.
As orders get screened by Antifraud service at the time of placement, it is natural that orders placed when Antifraud service module is turned off will not have any Antifraud service check-up results in their details. A warning will be displayed in the place of the order's Antifraud check-up results: 'The order has not been checked by Antifraud service because Antifraud module was turned off at the time of order placement'.
If, for some reason, an order was not checked by Antifraud, or if you failed to get the results of the check-up (for example, because of a connection failure just after the order was placed), you can request another check-up of the order by Antifraud. To do so, click the Check order in Antifraud service link. Your request will be re-sent to the Antifraud service server.
Antifraud service subscription key is valid for a limited number of times. As soon as your Antifraud service subscription key expires, you will be notified about it by a warning message in the 'Antifraud checking results' subsection of the 'Order details' form: 'Warning! Antifraud service key expired! You can purchase Antifraud Service subscription here or get your free trial key here (if it has not been used)'. If you get this message and want to continue using Antifraud, order a new Antifraud service subscription key from X-Cart.
If the key entered into the 'Antifraud module subscription key' field of the 'Antifraud options' form is not a valid Antifraud module subscription key, you will be informed that your Antifraud service key is invalid: 'Warning! Antifraud service key is invalid! You can purchase Antifraud Service subscription here or or get your trial key here (if it has not been used)'. If you get this message, make sure the Antifraud module subscription key in the 'Antifraud options' form is entered correctly.
If you wish to get email notifications in the event that your Antifraud module subscription key becomes invalid or expired, enable the corresponding email notifications on the General settings/Modules options->Antifraud options page.