worldline Direct
Sign up

  1. Introduction
  2. Understand Fraud Prevention Silver/Fraud Prevention Gold
  3. Integrate Fraud Prevention Silver/Fraud Prevention Gold
  4. Configure Fraud Prevention Gold
  5. Test Fraud Prevention Silver/Fraud Prevention Gold
  6. Get fraud check results
  7. Follow-up on transactions in "Challenged" status

Introduction

Fraud is part of the daily challenges within the online payment ecosystem.

A substantial part of this challenge are increasingly sophisticated fraud attacks. These make real-time data analysis a necessity to detect anomalies and behaviour patterns.

To offer the best fraud protection possible, we have partnered with Microsoft, one of the industry leading AI and Fraud solution providers. Thanks to our extensive fraud protection network, you profit from a broad awareness of fraud activities across the globe.

By capitalising on advanced machine learning technology, our hybrid fraud screening approach combines:

  • Artificial intelligence risk scoring
  • Learnings from billions of transactions
  • Custom rules for optimal performance
  • Integrated Device Fingerprinting

To identify suspicious activities and automate response actions, we offer our Fraud Prevention Silver and Fraud Prevention Gold solution. Contact us to get started right away!

  • Both Fraud Prevention Silver / Fraud Prevention Gold are available for the following payment methods
    Cards (debit and credit)
    PayPal
    via all integration modes
  • Fraud Silver/Gold can be used together with our Exemption Engine solution. 


Understand Fraud Prevention Silver/Fraud Prevention Gold

To offer you the best solution for your business needs, we offer two versions of our Fraud Prevention solution. Regardless of your transaction volume or revenue, both will become an indispensable asset to your daily operations.

Both Fraud Prevention Silver and Fraud Prevention Gold are based on two pillars:

  1. Risk score calculation: Using a gigantic data pool of billions of transactions, our solutions compares your transaction data with known fraud patterns. These so-called velocity checks form the basis for (proposed) follow-up actions defined in the rule engine decision.
  2. Rule Engine Decision: Using the preceding risk score calculation, our platform applies (pre-defined) rules to treat transactions accordingly. Every incoming transaction is looped through these rules. If a condition is met, our platform will accept, review or decline the transaction. If there is no match or the transaction is accepted, we will send the transaction data to your acquirer for the actual payment.

Fraud Prevention Silver predefines the Rule Engine Decision, allowing you to use this solution without any preparations or maintenance. If your business requires customisation of these rules, we recommend the Gold solution. Learn more about the possibilities and required effort in the dedicated chapter.

Both the score calculation and the rule application are merged seamlessly into the payment flow:

  1. Your customers finalise an order in your shop.
  2. You send a CreateHostedCheckout/CreatePayment (including some additional optional properties) request to our platform.
  3. Our platform sends the transaction data to the Microsoft platform.
  4. Microsoft performs the Risk score calculation and applies the Rule Engine Decision. Depending on the outcome, these scenarios are possible:
    a) Low risk: We submit the transaction to the acquirer. The flow continues at step 5)
    b) Medium risk: We challenge the transaction. The flow continues at step 5)
    c) High risk: We decline the transaction, ending the flow. You can request the transaction/fraud prevention check result as described in step 6)
  5. We process the transaction and receive the result from the acquirer
  6. You request the transaction/fraud prevention check result from our platform via GetPaymentDetails or receive the result via webhooks
    6'(optional). For transactions in status "challenged", you perform a manual review. Depending on your assessment, you accept/decline the transaction.
Customer Our platform Microsoft Acquirer Merchant Finalises order 1 Sends transaction data 3 Sends 
CreateHostedCheckout/
CreatePayment request 2 Performs 
risk score calculation &
Applies Rule Engine Decision 4 Processes transaction &
receives transaction result 5 Requests/Receives 
transaction/fraud result 6 Performs manual review 6’ Real-time Optional

This is a high-level payment flow covering only the basic steps. Learn in our dedicated guides the individual differences for the integration modes and the individual payment methods.


Integrate Fraud Prevention Silver/Fraud Prevention Gold

Depending on your choice, difference apply to merge the fraud check seamlessly with your current integration.

Integrate Fraud Prevention Silver

As an autonomous service, this worry-free plug-and-play solution offers high performance without any maintenance needed.
Once it is active, it is fully operational! Keep your existing integration as-is and enjoy the highest protection possible instantly! The properties of your standard CreateHostedCheckout/CreatePayment request are sufficient: Both the risk score calculation and the rule decision engine are executed automatically and autonomously. 

To refine the risk score calculation, you may send any and as many properties as possible. We strongly recommend including at least these:

order
     customer
          billingAddress
          contactDetails
          personalInformation
     shipping
          address
          emailAddress

Contact us to activate Fraud Prevention Silver for you.

Integrate Fraud Prevention Gold

A vastly customisable, scalable solution, Fraud Prevention Gold allows you to

  • Fine-tune your fraud strategy and risk appetite.
  • Get extensive training and consultancy.
  • Get comprehensive reporting.

Although the way this solution handles incoming requests just like Fraud Prevention Silver, there is one difference: Fraud Prevention Gold requires you to set up and manage the Rule Engine Decision on your own. Therefore, you need to define appropriate reactions (decline/accept/challenge) for any incoming transaction. Learn in the dedicated chapter all about it.

To refine the risk score calculation, you may send any and as many properties as possible. We strongly recommend including at least these:

order
     customer
          billingAddress
          contactDetails
          personalInformation
     shipping
          address
          emailAddress

Contact us to prepare the setup and activation of Fraud Prevention Gold together.

Use Fraud Prevention Silver / Fraud Prevention Gold for e-Terminal/Pay-by-link

You can also use our Fraud Prevention together with the e-Terminal/Pay-by-link feature as well. This does not require any integration effort or changes in the way you process transactions. The Merchant Portal allows you to easily


Configure Fraud Prevention Gold

In contrast to Fraud Prevention Silver, Fraud Prevention Gold bases the fraud analysis (step 4 in the payment flow) on three pillars:

  1. Pre-filtering out transactions: Once our platform transfers your CreatePayment/CreateHostedCheckout request to the Microsoft platform, you can filter out specific transactions right away via "Prior-to-scoring" rules. You can base them on
    a) Properties fraudFields.blackListData/fraudFields.productCategories in your CreatePayment/CreateHostedCheckout request. Find detailed information about these properties in our CreatePayment/CreateHostedCheckout APIs.
    b) Support/custom lists.

  2. Risk score calculation: For all transactions left after step 1, Microsoft calculates a @riskScore, using
    a) Using a gigantic data pool of billions of transactions
    b) Velocity checks to identify known fraud patterns
    c) AI/Machine learning evaluations

    This step does not require any input from you. However, you can look up the "Reason codes" via the "Search tab" in the Microsoft Portal, giving an indication for the risk score calculation result.

  3. Rule Decision Engine: By applying "Post-risk-scoring" rules you have defined, you can
    decline/accept/challenge the request. You can base them on
    a) Microsoft’s calculated @riskScore from the previous step
    b) Specific properties from the CreatePayment/CreateHostedCheckout request
    c) Velocity rules
    d) Support/custom lists

Learn in the subsequent chapters how to define and manage the pre-filtering / Rule Engine Decision in the Microsoft portal.

Our platform Transfers
CreatePayment/CreateHostedCheckout
request
 Our platform Processes fraud results # Accepted: Submit transaction
to acquirer # Challenge: Put in status 50 
for manual review # Declined: Block transaction
due to “Prior-to-scoring” or
”Post-risk-scoring” rules
 Risk score calculation # # Microsoft transaction 
data pool Microsoft velocity checks AI/Machine learning
evaluation Get a @riskScore based on # Pre-filtering out transactions # Apply “Prior-to-scoring rules“ # Check specific properties sent in request # Loop through support/custom lists Rule Decision Engine Apply @riskScore result # Apply velocity rules # Apply “Post-risk-scoring” 
rules # Check specific properties 
sent in request # Loop through support/
custom lists Microsoft Portal

Set up and manage fraud prevention

The centrepiece of setting up Fraud Prevention Gold is the Microsoft Portal. There you define how to categorise all incoming CreatePayment/CreateHostedCheckout requests to either accept/review/decline them. This requires you to

  • Configure "Prior-to-scoring rules" for pre-filtering out transactions before the actual Risk Score Calculation and applying the Rule Decision Engine.
  • Configure "Post-risk-scoring" rules to apply the Rule Decision Engine.

Configure "Prior-to-scoring" rules

These rules allow you to pre-filter out specific transactions before the actual fraud check (Risk Score Calculation/Rule Decision Engine) takes place. You may

  • Include any property from the incoming CreatePayment/CreateHostedCheckout request.
  • Loop support and/or custom lists.

We offer trade-specific rules to get you started. Configure these rules in the Microsoft Portal via Rules Configuration > Rules.

Configure "Post-risk-scoring" rules

These rules allow you to decline/accept/challenge transactions after the applying the "Prior-to-scoring" rules and calculating the risk score. You may

  • Include any property from the incoming CreatePayment/CreateHostedCheckout request.
  • Loop support and/or custom lists.
  • Include the @riskScore.
  • Apply your own velocity checks.

Mind that transactions you want to challenge require a manual follow-up. Learn more in the dedicated chapter.

Configure these rules in the Microsoft Portal via Rules Configuration > Rules. Find detailed information about rules and the Fraud Protection Language (FPL) they are based on in Microsoft's dedicated guides: 

Configure velocities

Velocity rules register the occurrence of certain events within a specific time frame. Specific events might indicate possible fraudulent activities, which is helpful for filtering out impacted transactions.

We offer default velocity checks to get you started. Configure these velocities in the Microsoft Portal via Rules Configuration > Velocities.

Find detailed information about velocities and the Fraud Protection Language (FPL) they are based on in Microsoft's dedicated guides:

Configure lists

By setting up dedicated trust/block lists (with i.e. e-mail or IP addresses or any other parameter), you can refine your fraud prevention strategy.
Microsoft supports both custom (to be created from scratch) and support (predefined and non-deletable) lists. Manage these lists in the Microsoft Portal via Rules Configuration > Lists > Custom / Support.

Find detailed information about lists in Microsoft's dedicated guides:


Test Fraud Prevention Silver/Fraud Prevention Gold

  • It is not possible to configure the Fraud Prevention Silver/Fraud Prevention Gold in our or Microsoft's test environment. Use the JSONs mentioned below to simulate your system's the expected behaviour based on the fraud check result (Accepted/Declined/Challenge). Use them only for your account in our test environment.
  • For Fraud Prevention Gold, we perform extensive live tests in our/Microsoft’s live environment together with you. Contact us to plan this step in your go-live roadmap.

Use the following JSONs to test Fraud Prevention Silver / Fraud Prevention Gold in our test environment to produce the desired result:

Result Server-to-server

Low risk (Accepted)

statusOutput.statusCode=5/9
fraudServiceResult="accepted"

{
  "cardPaymentMethodSpecificInput": {
    "authorizationMode": "SALE",
    "card": {
      "cardNumber": "4111111111111111",
      "cardholderName": "John Doe",
      "cvv": "123",
      "expiryDate": "1224"
    },
    "paymentProductId": 1,
    "threeDSecure": {
      "redirectionData": {
        "returnUrl": "https://yourReturnUrl.com"
      },
      "skipAuthentication": false
    }
  },
  "order": {
    "amountOfMoney": {
      "amount": 1100000,
      "currencyCode": "EUR"
    },
    "customer": {
      "contactDetails": {
        "emailAddress": "accept@test.com"
      },
      "device": {
        "acceptHeader": "text/html,application/xhtml+xml,application/xml;
        q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3",
        "browserData": {
          "colorDepth": 24,
          "javaEnabled": false,
          "javaScriptEnabled": false,
          "screenHeight": "1080",
          "screenWidth": "1920"
        },
        "locale": "en_EN",
        "timezoneOffsetUtcMinutes": "-180",
        "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 
        (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"
      }
    }
  }
}

High risk (Declined)

statusOutput.statusCode=2
fraudServiceResult="denied"

{
  "cardPaymentMethodSpecificInput": {
    "authorizationMode": "SALE",
    "card": {
      "cardNumber": "4111111111111111",
      "cardholderName": "John Doe",
      "cvv": "123",
      "expiryDate": "1224"
    },
    "paymentProductId": 1,
    "threeDSecure": {
      "redirectionData": {
        "returnUrl": "https://yourReturnUrl.com"
      },
      "skipAuthentication": false
    }
  },
  "order": {
    "amountOfMoney": {
      "amount": 1100000,
      "currencyCode": "EUR"
    },
    "customer": {
      "contactDetails": {
        "emailAddress": "reject@test.com"
      },
      "device": {
        "acceptHeader": "text/html,application/xhtml+xml,application/xml;
        q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3",
        "browserData": {
          "colorDepth": 24,
          "javaEnabled": false,
          "javaScriptEnabled": false,
          "screenHeight": "1080",
          "screenWidth": "1920"
        },
        "locale": "en_EN",
        "timezoneOffsetUtcMinutes": "-180",
        "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 
        (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"
      }
    }
  }
}

Medium risk (Challenge)

statusOutput.statusCode=2
fraudServiceResult="denied"

{
  "cardPaymentMethodSpecificInput": {
    "authorizationMode": "SALE",
    "card": {
      "cardNumber": "4111111111111111",
      "cardholderName": "John Doe",
      "cvv": "123",
      "expiryDate": "1224"
    },
    "paymentProductId": 1,
    "threeDSecure": {
      "redirectionData": {
        "returnUrl": "https://yourReturnUrl.com"
      },
      "skipAuthentication": false
    }
  },
  "order": {
    "amountOfMoney": {
      "amount": 1100000,
      "currencyCode": "EUR"
    },
    "customer": {
      "contactDetails": {
        "emailAddress": "challenge@test.com"
      },
      "device": {
        "acceptHeader":"text/html,application/xhtml+xml,application/xml;
        q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3",
        "browserData": {
          "colorDepth": 24,
          "javaEnabled": false,
          "javaScriptEnabled": false,
          "screenHeight": "1080",
          "screenWidth": "1920"
        },
        "locale": "en_EN",
        "timezoneOffsetUtcMinutes": "-180",
        "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) 
        AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"
      }
    }
  }
}

Make sure to use the right endpoint and switch back to the live URL as soon as you have finished your tests.


Get fraud check results

Our platform and the Microsoft portal offer you various possibilities to look up fraud check results:

Reports by e-mail

Our platform sends you a monthly fraud report via e-mail. Contact us to define the report's recipients.

This feature is available for Fraud Prevention Silver.

Direct API responses

For every transaction, both a GetPaymentDetails request and a webhooks event return the fraud check result in properties:

paymentOutput.cardPaymentMethodSpecificOutput.
     fraudResults
     avsResult
     cvvResult

paymentOutput.mobilePaymentMethodSpecificOutput.
     fraudResults
     avsResult
     cvvResult

paymentOutput.redirectPaymentMethodSpecificOutput.mobilePaymentMethodSpecificOutput.fraudResults
paymentOutput.sepaDirectDebitPaymentMethodSpecificOutput.fraudResults

This feature is available for both Fraud Prevention Silver / Fraud Prevention Gold.

Merchant Portal

Look up the fraud check result via the "Transactions" tab. Check either the table listing all transactions ("Fraud") or the detailed overview for individual transactions ("Fraud score"). Possible results are:

"Fraud"
"Fraud score"
Description
"N/A" No fraud check rolled out.
Three green dots

Low risk (Accepted).

statusOutput.statusCode=5/9
fraudServiceResult="accepted"

Two orange dots

Medium risk (Challenge).

statusOutput.statusCode=50
fraudServiceResult="challenged"

Make sure to follow-up on these transactions.

One red dot

High risk (Declined).

statusOutput.statusCode=2
fraudServiceResult="denied"

This feature is available for both Fraud Prevention Silver / Fraud Prevention Gold.

Microsoft Portal

Look up the fraud check result for any transaction via the "Search" tab. For a specific transaction, enter our Direct API's payment.id via attribute "Purchase ID". Possible results are:

"Status" Description
Approved Low risk (Accepted).
Pending review

Medium risk (Challenge).

Make sure to follow-up on these transactions.

N/A. Instead, "Rule decision" will be "Reject". High risk (Declined).

This feature is available for both Fraud Prevention Gold.

Virtual Fraud Analysis

This tool offers you an extensive, global overview of your fraud checks, including

  • Historical views of the transaction/fraud data.
  • Various dedicated, in-deep reports, such as rule/score/threat analyses.

Find detailed information about the Virtual Fraud Analysis in Microsoft's dedicated guide.

This feature is available for Fraud Prevention Gold.


Follow-up on transactions in "Challenged" status

Fraud Prevention Silver / Fraud Prevention Gold puts transactions in "Challenged" status based on the "Post-risk-scoring" rules. A transaction in "Challenge" status will have statusOutput.statusCode=50 / fraudServiceResult="challenged", allowing you to finally accept or decline the transaction.

Every transaction in "Challenged" status requires you to perform a manual review. After having reviewed the transaction, you can either

Fraud Prevention Gold offers you to adapt the "Post-risk-scoring" rules, allowing you to define which transactions will get a "Challenged" status.


Was this page helpful?

Do you have any comments?

Thank you for your response.