Payeezy Gateway implements various fraud controls that allow you to monitor potentially fraudulent transactions, set filters and velocity controls, automatically accept or reject transactions based on those filters, and receive fraud reports.
Fraud Controls are configured through the Payeezy Gateway Realtime Payment Manager (RPM) Administration tab.
Unlike AVS and CVV filters, the Fraud Control filters will block transactions before any authorization attempt is made.
In addition to the transaction statuses of Approved, Declined, and Error, a Fraudulent status has been added when a certain trigger is hit.
This page allows merchants to create customizable one-click checkout buttons that can be embedded on web pages, allowing customers to make a payment quickly and easily.
For example, if you have a $25 item in your store, you can create a button for the specific $25 amount to allow the customer to checkout immediately. You can create multiple buttons as appropriate.
It is highly recommended that Velocity Controls be configured when using Pay Now/Donate Now.
It should also be noted that Velocity Controls are a risk management tool and not a fraud prevention tool. Velocity Controls can be used to avoid repeat transactions that might seem suspicious to the Merchant.
Velocity settings determine which transactions Payeezy Gateway allows to proceed to authorization. A single transaction can be controlled by maximum or minimum sale amount. Groups of transactions can be evaluated by time period or total dollar amount thresholds that, when exceeded, Payeezy Gateway will prevent all future transactions from processing. These controls allow a merchant to monitor / restrict transaction flow by IP address, by card number, and amount right down to the hour, per transaction type.
Note: Velocity Control is performed before a transaction is sent for authorization and the comparison threshold is based on “Approved” transactions (default) or “All Transactions.”
See more details on setting these controls at https://firstdata.zendesk.com/entries/27721878-Velocity-Controls
Fraud Controls are available to all Payeezy Gateway Merchants and it is strongly recommended that they be set. To access these settings, log into the Realtime Payment Manager (RPM) settings and navigate to Terminals and Velocity Controls.
The filters can help reduce fraudulent transactions which in turn reduces chargebacks. These new features allow you to create both positive lists (which always allow) and negative lists (which always decline) for:
- IP Address
- Credit Card Number (that is not tokenized)
- Email Address or Domain
- Reference Number
- Billing Address
These filters give merchants the ability to enable various transaction filters using the AVS and CVV2 fraud prevention systems. If the conditions for one of these filters are met when a transaction is submitted, the transaction will be declined.
Fraudulent Transaction Report
Along with your daily settlement and activity reports, a new Fraud report has been added to the Report Menu. As you monitor your daily activity, It is recommended as best practice to monitor this report to help manage your Fraud Filters
This will list all the transactions that have been marked as fraudulent for the selected merchant and timeframe. The report will be sorted by Merchant > Terminal > Card Type. Reports can be exported in CSV format. Note that full card numbers are not included on CSV reports.
Note: The Fraudulent transaction report will only show transactions that have the status of Fraudulent. Transactions that fail for other reasons, such as declines, AVS or CVV Filters, or errors will not be included.
If you suspect fraudulent activity on your account and you are using the Hosted Checkout Payment Page's Pay Now/Donate Now HTML button code please follow these steps:
- Delete the existing Payment Page and create a new Payment Page.
- Reset your password inside of the RPM. It is recommended each Merchant Administrator also reset their passwords.
- Code your site using our Sample Code using a scripting language like PHP, JSP, ASP, C# over straight HTML for better security.
- Set up the Velocity Controls, AVS, and CVV filters on their account outlined above- links provided.
- Code your website to include extra security like a CAPTCHA or Account Login.
Duplicate Status is used to enable or disable duplicate checking. Default is “Unrestricted,” which performs no checks. “Deny All” enables duplicate checking and will reject duplicate transactions once the specified configuration have been met. The merchant has the option to have the duplicate checking calculated (Query) from “Approved Only” transactions (default) or “All Transactions.”
“Refund Status” is used to enable or disable refund volume checking. Default is “Unrestricted,” which performs no checks. “Volume” enables the feature and will prevent Refunds once the specified configuration has been met.
See more details on these controls at https://support.payeezy.com/hc/en-us/articles/203731279-Payeezy-Gateway-Real-time-Payment-Manager-RPM-Restrictions