LiteCommerce:AntiFraud

From X-Cart 4 Classic
Jump to: navigation, search
Warning.png This article refers to LiteCommerce 2.x only. For user manual to LiteCommerce 3.x, please visit this website.


Introduction

LiteCommerce AntiFraud add-on module introduces a sophisticated antifraud mechanism with high level of configuration flexibility. It is a powerful and efficient tool, which adds extra reliability to your online store.

In order to understand how the module works, some basic terms need to be discussed first:

  • Antifraud Service: A secure online service provided by Qualiteam. The service is available upon subscription (See the Subscribing to Antifraud Service section of this manual for details on Antifraud Service subscription).
  • Risk Factor: Every order placed is evaluated for likelihood of being a fraudulent one. Risk factor is a numeric value, which serves as a cumulative indicator of whether an order can present a fraud risk. Risk Factor of 1 is a low risk, while 10 should be considered a high risk. The store administrator can modify the Risk Factor calculations formula to a certain extent and define the acceptable risk level (See the Configuring the Module section of this manual for further details).
  • Risk Factor threshold: This is also a numeric value, which defines the maximum acceptable risk level. If an order has a Risk Factor, which is lower than the Risk Factor threshold, the order is considered to be trust-worthy and can be processed automatically, otherwise the order is considered suspicious (potentially fraudulent).
  • Antifraud Safe Distance: LiteCommerce antifraud mechanism measures the distance between the location of the customer's IP and his billing address as part of the fraud risk evaluation procedure. This distance is then compared to Antifraud Safe Distance defined by the store administrator. If the distance is greater than the safe distance, fraud Risk Factor of a purchase increases.

Once the customer submits an order, his Internet environment data (IP address, domain name, etc.), billing address, purchase history and order total are examined to determine the Risk Factor of the order. This data is collected by the AntiFraud module during the checkout process, and then sent to the Antifraud Service for processing. The report is then sent back to the originating online store where the AntiFraud module calculates the Risk Factor of the order. Depending on AntiFraud module configuration, suspicious orders are set for manual processing.

Installing the Module

To successfully install and use AntiFraud add-on module your shopping system requires LiteCommerce shopping cart software version 2.1 Service Pack 1 or later to be installed at your online store.

To install a module (AntiFraud in our case) select the 'Modules' section in the 'Settings' menu of the Administrator Zone. The list of installed modules will appear. Click on the 'Browse…' button, select the module's '.tar' file and click on the 'Install' button to add the module to your store setup.


 New module installation


'AntiFraud' module will appear in the list and will be activated automatically.


 AntiFraud module installed


To deactivate the module, unselect the 'Active' checkbox against the module title and click on the 'Update' button. To completely uninstall the module, click on the 'Uninstall' button.

Subscribing to Antifraud Service

The Antifraud Service is used to evaluate order credibility and is available upon subscription. To subscribe to the service, take the following steps:

  • Sign in to your X-Cart Account
  • Click on the 'Buy products/services' link.
  • Choose 'LiteCommerce Services' section.
  • Select 'Antifraud Service subscription' and follow the checkout procedures.

Your 'Antifraud Service License key' will be sent to you via e-mail. This key must be entered in the AntiFraud module settings page in order to enable the service. The license key is valid for a certain number of order check-ups. Every time an order is processed, the number of check-ups left available under the license decreases by one. Once the license key is used up, it must be refilled in order to continue using the service. To refill your license key follow the same procedure you used to subscribe to the service.

Your HelpDesk area can also be used to check how many requests are left available under your license key. The procedure is as follows:

  • Sign in to your X-Cart Account
  • Choose 'Antifraud Service' tab in the 'Communication center' menu.
  • You will see your license keys for Antifraud Screening service with the following details: 'Date' of license key creation, 'Subscription key' – the key itself, 'Available requests' – the number of service requests left available under the license key, and 'Used requests' – the number of requests already used.

Configuring the Module

After you have successfully installed the AntiFraud module, click on the AntiFraud module link to enter the module's settings page.

 Configuring AntiFraud module settings

The following settings are to be configured here:

  • Antifraud Service URL: this setting contains the URL of the Antifraud Service provided to you by Qualiteam.biz. The URL is predefined; however it can be edited in case you get informed by the Qualiteam.biz of the service URL change.
  • Antifraud Service License key: enter here the License key provided to you when you purchased Antifraud Service subscription.
  • Antifraud Safe Distance (km): see the 'Understanding LiteCommerce Antifraud protection' section of this manual for details on this parameter; please note that the distance is defined in kilometers (1km = 5/8 mile, 1 mile = 1.609km).
  • Risk Factor threshold: this is a numeric value, which defines the minimal Risk Factor of potentially fraudulent orders. Orders that have a lower Risk Factor are considered trust-worthy. This parameter should normally be assigned a value between 2 and 10. See the [#Introduction] section of this manual for details on this parameter.
  • Order total threshold: this parameter defines the minimal order total (measured in the store's default currency) that is to be considered a high-risk purchase.
  • Suspicious order handling: here you can specify whether orders with a Risk Factor exceeding the Risk Factor threshold are to be processed manually or automatically. 'Manual processing' means that an order is assigned a 'Queued' (not 'Processed') status and further investigation can be performed before processing the order.

Advanced options:

  • Risk factor multiplier for orders exceeding order total threshold;
  • Risk factor multiplier for IP addresses used by multiple customers;
  • Risk factor multiplier for customers who have declined orders in their order histories;
  • Risk factor divider for customers with reliable order histories;
  • Risk factor extra points for customers coming from fraud-risk countries.

You can mark some countries as "high risk" in the 'Countries' section of the Admin menu and the value of the "Risk factor extra points for customers coming from fraud-risk countries" option will be added to the risk factor value for an order from those countries.

These settings define a coefficient or extra points that should be applied to the Risk Factor calculated by the Antifraud Service, provided that the condition is met.

Example:

You set the following parameter values (refer to Figure 3):

  • Risk factor multiplier for orders exceeding order total threshold = 2
  • Risk factor divider for customers with reliable order histories = 3
  • Risk factor extra points for customers coming from fraud-risk countries = 4

Your old trust-worthy customer from a fraud-risk country decides to buy a big amount of products and his order total exceeds the order total threshold you defined. Antifraud Service evaluates his Risk Factor to be equal to 6. His adjusted Risk Factor will be:

((6 * 2) / 3)+4 = 8

After you finish modifying the module settings, click on the 'Update' button to save them. You can click on the 'Restore settings' link to restore the default settings of the module.

Operating the Store with Antifraud Capabilities

When AntiFraud add-on module is enabled, each online order undergoes a fraud check-up after the customer clicks on the 'Submit order' button to submit the order. Order details are sent to the Antifraud Service and order Risk Factor is calculated. If Risk Factor value is higher than the Risk Factor threshold, the order is considered to be potentially fraudulent. If the store administrator configures so, the potentially fraudulent order is automatically marked as 'Queued'. To see the detailed antifraud service report on the order, choose the 'Orders' section in the 'Management' menu and find the order using the standard 'Search orders' form. Note that order search results table now contains a new field titled 'Risk Factor'.


 Sample order search results


Click on the 'details >>' link to see order details. Order details now include an 'Antifraud Service' section.


 Antifraud section on the order details page


'Antifraud Service' section contains all the details of the fraud check-up. Only fraud Risk Factor value is visible by default. It is colored green if the value does not exceed the Risk Factor threshold, otherwise it is marked in red. You can click on the 'See details' link to review the conditions that affect the risk factor calculations. Every component that increases the risk factor value is marked in red, every component that contributes to order trustworthiness is marked in green.


Fraud check-up details


If you click on the 'Track IP address' link you can also see the location of the customer's IP address. This opens a separate window where you can type in any IP address and click on the 'Lookup IP' button to see the location of the IP address. Click on the 'Measure distance' button to calculate the distance from the IP address location to the customer's billing address.


 Tracking IP address


Note: Each additional IP address location or distance estimation request takes up one point from your store's Antifraud Service license.

When you return to the order details page, you can report the IP address to the Antifraud Service as a fraudulent one if you have a suspicion that this IP address is being used by a fraudster. To do so, click on the 'Notify Antifraud Service about fraudulent IP' link, enter the IP address, describe the reason why you report this IP as a source of fraudulent orders, and then click on the 'Send' button. Doing so helps to avoid further fraudulent orders coming from this IP.

 Reporting fraudulent IP address