Difference between revisions of "X-Cart:Antifraud"

From X-Cart 4 Classic
Jump to: navigation, search
(What is Fraud Risk Factor and how it is calculated?)
(What is Fraud Risk Factor and how it is calculated?)
Line 191: Line 191:
 
2) The fraud risk factor calculated is then passed from the Antifraud service to X-Cart, and adjusted by X-Cart in the following way:
 
2) The fraud risk factor calculated is then passed from the Antifraud service to X-Cart, and adjusted by X-Cart in the following way:
  
* if the order total is greater than the [[X-Cart:Antifraud#Enabling_and_Configuring | Order total threshold]] - 'order_limit_excess' becomes 1 (true), and the fraud risk factor is multiplied by 2;
+
* if the order total is greater than the <u>[[X-Cart:Antifraud#Enabling_and_Configuring | Order total threshold]]</u> value - 'order_limit_excess' becomes 1 (true), and the fraud risk factor is multiplied by 2;
 
* if the customer has processed orders - 'completed orders' takes value 1 (true), and the fraud risk factor is divided by 2;
 
* if the customer has processed orders - 'completed orders' takes value 1 (true), and the fraud risk factor is divided by 2;
 
* if the customer has cancelled orders - 'declined_orders' takes value 1 (true), and the fraud risk factor is multiplied by 1,5;
 
* if the customer has cancelled orders - 'declined_orders' takes value 1 (true), and the fraud risk factor is multiplied by 1,5;

Revision as of 15:06, 13 December 2011

Overview

For better merchant protection from online credit card fraud X-Cart has an integrated fraud screening facility. Antifraud service is a subscription based service; however with X-Cart license we offer a free trial for antifraud screening.

Antifraud service runs on the servers of our company. We are utilizing MaxMind's GeoIP City Database and minFraud service for our Antifraud service. GeoIP databases are 99% accurate on a country level, 85% accurate on a state level, and 80% accurate for the US within a 25 mile radius. But the fraud risk factor is assessed by our unique algorithms based on our substantial experience in online credit card processing and which are specially adapted to be used in X-Cart shopping cart system. The following customer information is sent to our screening servers during antifraud checks:

  • IP address
  • proxy IP address
  • email
  • country (billing address)
  • state (billing address)
  • city (billing address)
  • ZIP code (billing address)
  • phone

If fraud screening is enabled, X-Cart transfers the following data about a placed order to our antifraud service, where the request is processed and estimated risk factor for the order is returned. If risk factor exceeds the specified threshold then the order is delayed for manual check (phone call to a buyer, asking for additional evidence of authenticity etc.). Antifraud system provides a detailed report with an explanation what was suspicious about the order. This functionality is particularly useful when selling goods with immediate electronic delivery (like software, music, content etc.) because this kind of goods are most often ordered using stolen credit cards.

More information about Antifraud service is available at http://www.x-cart.com/antifraud_service.html.

Roles in Antifraud module management

If you are an X-Cart GOLD administrator/provider or an X-Cart PRO administrator:

  • You can enable/disable Antifraud service module and adjust its configuration settings (Check out Enabling and Configuring 'Antifraud service').
  • You can view the results of screening of an order by Antifraud service in the order details (Study Using the Results of 'Antifraud service' Check-up).
  • You can use the 'IP Lookup' service to trace the actual physical location of a customer by the IP address from which an order was placed and, if necessary, to measure the distance between the customer's location and any other location, for example, the location of your company, or the billing address provided in an order (See Using the 'IP Lookup' Service).

If you are an X-Cart PRO provider:

  • You do not have access to the results of order screening and 'IP Lookup' service.

Enabling and Configuring

To begin using the module:

1. Obtain a subscription key for Antifraud service module (Check out the 'Purchase services' page in your X-Cart Account)

2. Enable Antifraud service module (Administration menu->Modules).

When the module is enabled, you can see Antifraud options section in General settings/Modules options. If you already have some orders at your store, you can see a new section in the 'Order details' form titled 'Antifraud checking result'. There should also be a Lookup address button in the 'Order details' form before the 'Order details (not visible to customer and provider)' field.

3. Adjust the module settings via General settings/Modules options->Antifraud Service.

Antifraud opts.gif
a) Provide the following information:
General Antifraud service options
  • Antifraud module subscription key: Your Antifraud module subscription key.
  • Fraud risk factor threshold value (Antifraud module). If fraud risk factor is greater than this limit, order status will be 'Queued': The desired Fraud risk factor threshold value. Orders with a Fraud risk factor greater than the value specified in this field will not be processed automatically.
Note: A Fraud risk factor value that will be calculated by Antifraud service module with reference to a certain order will represent a number from 1 to 10 (the greater the number, the higher the probability of fraud from the corresponding IP address). The field 'Fraud risk factor threshold value' allows you to specify, how great a Fraud risk factor of an order must be for the order to be considered fraudulent. For example, if you set the Fraud risk factor threshold value to '5' (which corresponds to 50% risk of fraud), all the orders with Fraud risk factor rates from 6 to 10 will be considered potentially fraudulent. X-Cart will not process such orders automatically: they will be placed with the status 'Queued', so you will be able to review them personally at a later time and decide, whether you want to process them or not. If you find a certain order to be fraudulent, you will be able to report the IP address from which the order originated to the Antifraud service server as a source of fraudulent orders. This will prevent further fraudulent orders coming from this IP.
  • Antifraud safe distance (km): The distance between a billing address location and an IP address location that you wish to be treated as safe. Any order originating from an IP address located within the Antifraud safe distance from the address provided by the customer at checkout will be processed as non-fraudulent.
Note: For all the users outside the safe distance, the risk of fraud will be defined based on the Fraud risk factor.
  • Order total threshold: The order subtotal amount starting from which an order must be considered 'large'. Antifraud service believes large orders to provide a greater risk for store owners, so it uses an additional coefficient to increase the Fraud risk factor of an order if its subtotal exceeds the value provided in this field.
  • Run anti-fraud check on orders with zero 'order total': This option allows you to specify whether you wish orders whose order total amount has been calculated as '0' (zero) to be screened by Antifraud service.
  • Force to use the "Auth only" mode if the fraud risk factor exceeds: Define the maximum allowed value of the fraud risk factor. When exceeded, X-Cart will force to perform the transaction in the "Auth only" mode even if the payment module is set up to use a different mode.
The "Auth only" mode means that the system will only freeze the order total but not withdraw it until the store administrator decides to capture the money manually.
If the payment method you use does not allow for authorize-only transactions, the transaction will not be performed and the order will be placed with the Queued status.
Email notifications
  • 'Antifraud service key is invalid' notification to orders department: This option allows you to specify whether you wish an email notification to be sent to the store's Orders department if the value entered into the 'Antifraud module subscription key' field is not a valid subscription key.
  • 'Antifraud service key is expired' notification to orders department: This option allows you to specify whether you wish an email notification to be sent to the store's Orders department when your Antifraud module subscription key expires.
b) Click the Save button.

4. Define on which orders AntiFraud check should be performed:

a) Log in to your store's Admin area.
b) Go to the 'Payment methods' page.
c) Select the 'Check' check-box of the payment methods for which you want to use the AntiFraud check feature.
d) Click Update to apply the changes.

AntiFraud check will be performed on orders placed using payment methods which have the 'Check' setting enabled.

Using the Results of 'Antifraud service' Check-up

The results of screening of an order by Antifraud service can be found in the 'Antifraud checking result' subsection of the 'Order details' form.

The results of an Antifraud service check-up most probably look as follows:


Antifraud check1.gif


Fraud risk factor - a number from 1 to 10 reflecting the risk of fraud associated with the order.

Total requests - a total number of requests to Antifraud service that you are allowed to make with your current Antifraud subscription key.

Used requests - a number of requests to Antifraud service that is already used.

Antifraud additional fields (optional) - Antifraud service module service flags.

If Antifraud service is unable to provide any information about the IP address used to place an order, you are informed about it by the following message: 'No information regarding requested IP is found'. Such a message does not necessarily mean fraud, it can be caused by the fact that the customer came to your store from an intranet environment. However, the potential fraud risk of orders, the origin of which is unknown, is very high.

As orders get screened by Antifraud service at the time of placement, it is natural that orders placed when Antifraud service module is turned off will not have any Antifraud service check-up results in their details. A warning will be displayed in the place of the order's Antifraud check-up results: 'The order has not been checked by Antifraud service because Antifraud module was turned off at the time of order placement'.

If, for some reason, an order was not checked by Antifraud, or if you failed to get the results of the check-up (for example, because of a connection failure just after the order was placed), you can request another check-up of the order by Antifraud. To do so, click the Check order in Antifraud service link. Your request will be re-sent to the Antifraud service server.

Note: If the 'Check order in Antifraud service' link does not appear on the page, make sure Antifraud service module is enabled and Antifraud module subscription key is entered on the General settings/Modules options->Antifraud options page.

Antifraud service subscription key is valid for a limited number of times. As soon as your Antifraud service subscription key expires, you will be notified about it by a warning message in the 'Antifraud checking results' subsection of the 'Order details' form: 'Warning! Antifraud service key expired! You can purchase Antifraud Service subscription here or get your free trial key here (if it has not been used)'. If you get this message and want to continue using Antifraud, order a new Antifraud service subscription key from X-Cart.

If the key entered into the 'Antifraud module subscription key' field of the 'Antifraud options' form is not a valid Antifraud module subscription key, you will be informed that your Antifraud service key is invalid: 'Warning! Antifraud service key is invalid! You can purchase Antifraud Service subscription here or or get your trial key here (if it has not been used)'. If you get this message, make sure the Antifraud module subscription key in the 'Antifraud options' form is entered correctly.

If you wish to get email notifications in the event that your Antifraud module subscription key becomes invalid or expired, enable the corresponding email notifications on the General settings/Modules options->Antifraud options page.

Using the 'IP Lookup service' tool

Antifraud service module comes with an 'IP Lookup service' tool that allows you to to find out the actual location of a customer who placed an order by his or her IP address. It also allows you to compare this location with other known addresses.

To find out the IP address of a customer who placed an order:

1. Open the order (Management menu->Search for orders, search for the necessary order using the 'Search for orders' form, view the order details). 2. In the 'Order details' form, find the section 'IP'.


Ip.gif


The sequence of four decimal numbers separated by dots that is displayed in this section is the IP address from which the order originated.

To look up a customer's location by his or her IP address and to find out, how far this location is from the customer's billing address:

1. Click on the Lookup button below the customer's IP address in the 'Order details' form. A window will be opened with a dialog titled 'Lookup address'.


Lookup addr.gif


In the 'Lookup address' dialog, the fields 'City', 'State', 'Country' and 'Zip/Postal code' will show the customer's billing address, the 'IP' field will show the IP address of your customer.

2. Click the Lookup address button. This should induce Antifraud service to find out the actual location of the computer whose IP address is provided. The address received from Antifraud service will appear below the 'IP' field:


Lookup addr1.gif


This should be the location of your customer at the time of order placement.

3. After having Antifraud service look up the actual location of the computer from which the order was placed, click the Measure distance button. Antifraud will calculate the distance between the two locations:


Lookup addr2.gif


If you would like to check some other address, simply type the desired address into the address fields of the 'Lookup address' dialog and click the Measure distance button.

If you are sure that the IP address from which the order originated was used by a malicious person, you can report this IP to Antifraud service. Use the 'Send IP' subsection of the order details page to describe the reason why you believe this IP to be a source of fraudulent orders, then click on Send.


Antifraud send ip.gif


What is Fraud Risk Factor and how it is calculated?

Fraud risk factor is a number from 1 to 10 reflecting the risk of fraud associated with the order.

The fraud risk factor calculation is performed in two steps:

1) Originally, the fraud risk factor is calculated by our Antifraud service based on the customer information. This is a number from 1 to 10.

The value of the fraud risk factor calculated depends on the following parameters assessed by our Antifraud service:

  • country_doesnot_match (binary value, 1 or 0)
  • city_doesnot_match (binary value, 1 or 0)
  • is_free_email (binary value, 1 or 0)
  • is_anonymous_proxy (binary value, 1 or 0)
  • fraudulent_ip (binary value, 1 or 0)
  • proxy_score (decimal value, from 0 to 10)
  • spam_score (decimal value, from 0 to 10)
  • CHECK_IP_DISTANCE (integer value, distance in km)

The original value of the fraud risk factor is 0, then it is calculated as follows:

- If any of the binary parameters takes value 1 ('true'), it increases the fraud risk factor by some value;
- If 'proxy_score' or 'spam_score' exceeds 4, it increases the fraud risk factor by some value.
- If 'CHECK_IP_DISTANCE' exceeds the Antifraud safe distance value, it increases the fraud risk factor by some value.

Finally, if the total value is above 10, the fraud risk factor is limited to 10.

2) The fraud risk factor calculated is then passed from the Antifraud service to X-Cart, and adjusted by X-Cart in the following way:

  • if the order total is greater than the Order total threshold value - 'order_limit_excess' becomes 1 (true), and the fraud risk factor is multiplied by 2;
  • if the customer has processed orders - 'completed orders' takes value 1 (true), and the fraud risk factor is divided by 2;
  • if the customer has cancelled orders - 'declined_orders' takes value 1 (true), and the fraud risk factor is multiplied by 1,5;
  • if a customer from the same IP address is trying to place an order under a different name - 'foreign_ip_address takes value 1 (true), and the fraud risk factor is multiplied by 2;
  • if the customer's billing address is considered to be a high risk country - 'is_high_risk_country' takes value 1 (true), and the fraud risk factor is incremented by 7.

If two or more of these events occur in one order, the fraud risk factor is adjusted using all the applied coefficients and increment.

Finally, if the total value is above 10, the fraud risk factor is limited to 10.