Fraud Prevention Guide. Version 3.0 January 2013
|
|
- Avice Powers
- 8 years ago
- Views:
Transcription
1 Version 3.0 January 2013
2 Introduction... 3 What are Card-Not-Present (CNP) Transactions?... 3 Transaction Process Diagram for Form and Server... 4 Do I need to worry about CNP Fraud?... 5 The Internet Transaction Process... 6 AVS/CV AVS/CV2 Responses... 9 AVS/CV2 Rules Common AVS/CV2 Rules D Secure American Express SafeKey D Secure Responses D Secure Liability Shift D Secure Rules Common 3D Secure Rules The 3rd Man Fraud Analysis Viewing 3rd Man Fraud Results Restrictions Delaying Settlement of Funds The Chargeback Process Manual Checks Additional Fraud Prevention Advice Page 2 of 30
3 Introduction This document is a Sage Pay merchants guide to online fraud protection. Sage Pay is an Internet Payment Service Provider. We provide the software to enable your website to take secure online credit and debit card payments. In order to take secure online payments, you must have an internet merchant account which is provided by your Merchant bank. Although Sage Pay provides the software facility to allow you to trade online and to ensure that your customer s details remain secure throughout the transaction process, we cannot guarantee against fraudulent transactions. It is important to note that Authorisation does not guarantee against chargebacks. You will need to ensure that you have carried out all the necessary checks to minimise the risk that the transaction is fraudulent. Sage Pay provides several tools to help you in your fight against fraud. These tools are detailed later in this document. What are Card-Not-Present (CNP) Transactions? CNP transactions are transactions where the card and cardholder are not present at the point-of-sale. This applies to the following: Internet orders Mail order Telephone orders Fax orders When a CNP transaction is processed, Sage Pay requests authorisation from the card issuer via your acquiring bank. The card issuer will then confirm that the card has not been reported lost or stolen, and that the cardholder has sufficient funds in their account. Because the card and cardholder are not present, you are unable to physically check the card or the identity of the cardholder. You therefore need to be particularly careful about CNP transactions, because it is much easier for the fraudster to disguise their true identity. Page 3 of 30
4 Transaction Process Diagram for Form and Server IMPORTANT NOTE: The transaction process differs slightly for Direct and Terminal transactions. For further information, please create a login to the Sage Pay website where you can access the full suite of online technical help and user guides in our Help Centre. Page 4 of 30
5 Do I need to worry about CNP Fraud? The internet is currently the fastest growing area for making CNP purchases. Because the internet enables an individual to disguise their identity, it gives them much greater confidence when using card details fraudulently. Some of the factors which make the internet a higher risk for CNP transactions include: Overseas orders No centralised standards or legal authority Weak customer identification mechanisms The table below shows annual fraud losses on UK issued cards for card-not-present transactions. All figures in millions Although card-not-present fraud accounts for more than half of all card fraud, it fell by 3% to million in This recent decline in fraud is even more impressive when the massive growth in CNP spending over the past ten years - especially over the internet - is taken into account. The reasons behind the continued decrease include the increasing use of sophisticated fraud screening detection tools, as well as the growth in the use of MasterCard SecureCode and Verified by Visa by both online retailers and cardholders. (source Financial Fraud ActionUK) The internet has opened the international market to UK businesses. With overseas orders come extra risks which can be difficult to tackle and you should pay particular attention to these orders. You are responsible for ensuring that CNP transactions are not fraudulent. If a transaction is fraudulent, you will be liable for the loss. You need to ensure that you have procedures in place to protect your business against fraud. Page 5 of 30
6 The Internet Transaction Process Sage Pay, you as the merchant and the customer (card holder) are not the only parties involved in the transaction process for internet CNP transactions. There are actually several parties involved. Merchant The merchant or retailer is the party selling goods or services via the internet. In this case it would likely be you. If you are new to trading on the Internet you need to obtain permission from your acquiring bank. You are responsible for ensuring that transactions are placed by the genuine cardholder and are therefore liable if the genuine cardholder disputes the transaction. Acquiring Bank The acquiring bank provides you with an internet merchant number to allow you to take credit and debit card transactions online. The acquiring bank deals with the processing and settlement of funds for each transaction. They will help you to process a chargeback with the card issuer (see page 26 for details). Sage Pay are currently approved with the following acquiring banks: Lloyds TSB Cardnet Barclaycard Merchant Services NatWest Streamline HSBC First Data American Express Diners Club JCB Elavon (Bank of Ireland/Alliance & Leicester) Allied Irish Bank Chase Payment Tech If you would like advice about merchant accounts or merchant banks, please visit the link below; Card Issuer The card issuer is the financial institution that provides the cardholder with their credit or debit card. The card issuer is contacted by the acquiring bank during the transaction process. The following details are confirmed: That the card number exists That the expiry date is correct (not for all transactions) That the card has not been reported lost or stolen That there are sufficient funds in the account at that given moment in time The card issuer will also check the AVS/CV2 details (see page 8 for details) if this information has been provided in the transaction message. Card issuers will also notify you of chargebacks and will deal with any subsequent disputes. Page 6 of 30
7 Card Schemes The card schemes provide the branding and infrastructure to enable credit and debit cards to be used internationally and provide the rules for card acceptance. The card schemes also provide a mechanism for acquiring banks and card issuers to talk to one another during authorisation. Visa/MasterCard Directory The Visa/MasterCard Directory provides information about each card and its current 3D Secure status. (see page 13 for details) Payment Service Provider The Payment Service Provider (Sage Pay) provides the software for merchants to take online credit and debit card payments in a secure environment. The Payment Service Provider software sits between the merchant s acquiring bank and their website. Page 7 of 30
8 AVS/CV2 The banking industry introduced AVS and CV2 to help combat the growing problems with verifying the shopper during a CNP transaction (Cardholder Not Present). AVS and CV2 checking is an electronic notification service that is provided by most card issuers. AVS and CV2 checks can be carried out on all ecommerce and Mail Order/Telephone Order transactions placed through your Sage Pay account. The aim of these security checks is to provide additional information on each transaction which arms you, the merchant, with information to reduce the risk of fraudulent transactions. Address Verification Service (AVS) This allows you to check the numerical details in the cardholder s address and postcode with their card issuer. Although the results are split, the response is combined and it is not possible to apply rules against just the post code result or just the address result. AVS is available for all UK issued credit and debit cards. AVS is not checked for overseas orders and the characters in the billing address are not checked, only the numerical details. IMPORTANT NOTE: It is possible for a cardholder to change their billing address details when they reach the Sage Pay site. If you would like to prevent the cardholder from being able to do so you should change the payment page template in the Settings area of My Sage Pay. Card Verification Value (CV2) This allows you to check the additional 3 or 4 digit security code found on the signature strip on the back of the card. American Express cards have a 4 digit security code found on the front of the card just above the card number. CV2 can be checked on all cards issued within the EU and the majority of international cards. AVS/CV2 checking is active by default on all new Sage Pay accounts. You can control this through the AVS/CV2 section in the Settings area of My Sage Pay. IMPORTANT NOTE: Although AVS/CV2 is set up on all new accounts, Sage Pay does not reject a transaction based on the response unless you have added an AVS/CV2 rule base to your account (see AVS/CV2 Rules section for details). Page 8 of 30
9 AVS/CV2 Responses Sage Pay will send an AVS/CV2 response in the AVSCV2 field for all transactions. The following responses can be returned: ALL MATCH: SECURITY CODE MATCH ONLY: ADDRESS MATCH ONLY: NO DATA MATCHES: The numerics of the billing address and the CV2 matched with the card issuer. Only the security code (CV2) matched with the card issuer. Only the numerics of the card holder address and post code matched with the card issuer. Neither the numerics of the billing address nor the CV2 matched with the card issuer. DATA NOT CHECKED: AVS/CV2 checking was turned off or disabled. The transaction is through PayPal. It s an AUTHENTICATED transaction. The card issuer is unable to check both AVS/CV2 details at this time. You will also receive the following fields which give a more detailed breakdown of the AVS/CV2 response: AddressResult: PostCodeResult: CV2Result: The specific result of the checks on the cardholder s address numeric from the AVS/CV2 checks. The specific result of the checks on the cardholder s post code numeric from the AVS/CV2 checks. The specific result of the checks on the cardholder s CV2 code from the AVS/CV2 checks. All of the fields can contain one of the following four responses which populate My Sage Pay in the following format: MATCHED NOTMATCHED NOTCHECKED NOTPROVIDED Result matches Result doesn t match The card issuer has not been able to verify the AVS/CV2 values. AVS/CV2 values were not passed to the card issuer for checking. Page 9 of 30
10 AVS/CV2 Rules A rule base allows you to tailor the way in which AVS/CV2 authentication responses are handled by your Sage Pay account. When a rule base is set up on your account you will be rejecting transactions that don t pass your specified rules. This contributes to the prevention of fraudulent transactions from being authorised. Without any AVS/CV2 rules applied to your account, the AVS/CV2 result will not affect the authorisation of a transaction. If you wish to decline a transaction based on the AVS/CV2 result, you should set up AVS/CV2 rules on your account. An AVS/CV2 rule base is applied after the transaction has been sent to your merchant bank for authorisation. This is because the transaction must be sent to the card issuing bank to check the card holders address, post code and CV2 details. After the transaction has been sent to your merchant bank for authorisation, your merchant bank returns the AVS/CV2 response from the card issuer for that transaction. After the AVS/CV2 response has been returned to Sage Pay, the response is checked against your AVS/CV2 rule base. If the transaction has been authorised and the AVS/CV2 response is not allowed through your AVS/CV2 rule base, a reversal request is sent to your merchant bank to request that the authorisation is reversed and the transaction is cancelled. IMPORTANT NOTE: AVS/CV2 rules will be applied to American Express Cards, however as American Express do not support online reversals; it is likely that a shadow will be left on the shopper s account if a transaction is rejected by the rule base. Some other card issuing banks may not reverse the transaction which can leave an authorisation shadow on the card for up to 10 working days. The transaction will never be settled by Sage Pay and will appear as a failed transaction in your My Sage Pay Admin area. For further information on Bank Shadows and how they can be removed, please visit our website using the link below. To set up an AVS/CV2 rule base on your account, access the AVS/CV2 section in the Settings area of My Sage Pay. Page 10 of 30
11 If you have AVS/CV2 switched on, you can add a rule base by selecting the Add Rule button. Enter the Start value and End value to set the range of transactions based on their amount you want the rule to apply. If you want this rule to apply to all transactions we recommended entering a value of 0 to It is possible to add multiple rules provided the value range doesn t overlap. For example you may want to add a more stringent rule base for higher value transactions. Once a range has been entered tick the boxes next to the rules you wish to allow. When you are happy you should click the Add rule button to add this rule base to your account. To determine which AVS/CV2 rule you should apply to allow each AVS/CV2 response, please refer to the table below. The table lists some of the possible My Sage Pay AVS/CV2 response flag combinations, AVS/CV2 response returned to your site, and the AVS/CV2 Rule you should use to allow a transaction with that AVS/CV2 response to be successfully authorised. Page 11 of 30
12 CV2 Add PC AVS/CV2 Response AVS/CV2 Rule(s) To Allow ALL MATCH SECURITY CODE MATCH ONLY SECURITY CODE MATCH ONLY SECURITY CODE MATCH ONLY SECURITY CODE MATCH ONLY ADDRESS MATCH ONLY ADDRESS MATCH ONLY NO DATA MATCHES NO DATA MATCHES NO DATA MATCHES DATA NOT CHECKED None Accept SECURITY CODE MATCH ONLY Accept SECURITY CODE MATCH ONLY Accept SECURITY CODE MATCH ONLY Accept SECURITY CODE MATCH ONLY Accept ADDRESS MATCH ONLY Accept ADDRESS MATCH ONLY Accept NO DATA MATCHES Accept NO DATA MATCHES Accept NO DATA MATCHES Accept DATA NOT CHECKED Page 12 of 30
13 Common AVS/CV2 Rules Strict rule base The strictest rule base you can apply for AVS/CV2 is shown below. This rule base will only allow a transaction to be authorised if the AVS/CV2 response returns ALL DATA MATCHED for a price range of 0.00 to 100, This is the best possible result for AVS/CV2 responses. However, if you apply a rule base as strict as this, you may well be declining genuine cardholders. For example, this rule would decline cardholders whose address could not be checked because they have a card issued outside of the UK. Medium rule base The example rule base shown below shows the use of multiple rules. It will allow most low value transactions to be authorised, whilst at the same time applying a stricter rule against higher value transactions. This rule base will only allow transactions through if the AVS/CV2 response returns ALL DATA MATCHED, ADDRESS MATCH ONLY, SECURITY CODE MATCH ONLY, or DATA NOT CHECKED for a price range of 0.00 to It will require a response of ALL DATA MATCHED for all other transactions over If you wish to implement a Minimum AVS/CV2 rule base we recommend simply turn on the AVS CV2 checking and not apply a rule base to reject any transactions. This will mean no transactions will be rejected based on the results returned, but still gives you visibility of the result. Page 13 of 30
14 3D Secure Verified by Visa (VbV), MasterCard SecureCode (MSC) and American Express SafeKey, which use 3D Secure technology, are an added fraud prevention initiative launched by the card schemes as a more secure method for authenticating the cardholder at the time of the transaction. VbV, MSC and American Express Safekey require the cardholder to enter a password during the transaction process. The cardholder will first need to register their password for VbV or SecureCode with their card issuer. 3D Secure is an online version of Chip and PIN, which is why 3D Secure is not applicable for MOTO or Repeat transactions. In the same way a shopper would not provide the merchant with their PIN number over the phone, the shopper should not provide their 3D Secure password over the phone either. IMPORTANT NOTE: MasterCard have issued a rule which states that all International Maestro cards MUST have a full 3D Secure Authentication in order for the transaction to be authorised. They have also issued a rule which states that for domestic Maestro cards, you must attempt to authenticate the transaction under the scheme. Upon generation of your account, Sage Pay will request that all applicable merchant numbers are enrolled in 3D Secure, with the exception of Barclays merchants*. Once this has been completed by your merchant bank the service will be added to your Sage Pay account. In most cases, 3D Secure takes up to 14 days to set up. There is no charge from Sage Pay to setup 3D Secure. *Barclays merchants will need to contact Barclays directly to set up 3D Secure and the enrolment details to Sage Pay. While we re waiting for confirmation that your merchant number has been enrolled for 3D Secure the message below will display in the Settings > 3D Secure section of the My Sage Pay admin area. Sage Pay will advise you when we are notified that your merchant number is enrolled and the service has been enabled on your account. Once we have done this, the above message will change to the one displayed below. We recommend that you turn on 3D Secure straightaway. IMPORTANT NOTE: Sage Pay will only enable the ability to use 3D Secure on your account. It is your responsibility to turn 3D Secure on. Visa, MasterCard and American Express require cardholders to enrol for VbV, SecureCode and Safekey via their card issuing bank. Card issuers may prompt cardholders to enrol at the time of the transaction, or may use a separate enrolment process. Page 14 of 30
15 Once the cardholder has enrolled, they will be prompted to enter their password whenever placing a transaction through a 3D Secure enabled site. This password is then sent to the cardholder s issuing bank and checked against their system. If the password matches, the cardholder is authenticated and the payment process continues in the normal way. A fully 3D authenticated transaction allows for a liability shift protecting you against customer chargebacks (see page 17 for more information on gaining liability shift). If the password does not match, it is possible for you to implement a rule base to stop the transaction from being sent to the bank for authorisation, therefore avoiding a potentially fraudulent transaction from being processed. (see page 18 for more information on setting up a 3D Secure rule base). To streamline the 3D Secure process and reduce the amount of dropouts at this stage in the transaction, a lot of the card issuing banks are implementing their own screening process. Below is an example of Halifax Secure. The service will assess each transaction and the shoppers 3D Secure details are either automatically verified or, in some cases, they ll be required to provide a password. The service will look for trends such as whether the cardholder has used this IP address before, ordered from your website before and a host of other things before determining if 3D Secure will be automatically authorised. Below is an example screen shot from Halifax Secure where 3D Secure is authorised on behalf of the shopper. These 3D authorisations receive the same responses and observe the same liability shift rules. IMPORTANT NOTE: Sage Pay has no control over the contents of 3D Secure pages, or password details. These are regulated and controlled by the card issuing banks. Page 15 of 30
16 American Express SafeKey American Express SafeKey is a fraud prevention tool designed to protect American Express merchants and card members from the growing problem of fraudulent online transactions. American Express SafeKey has been designed using 3D Secure specifications to ensure industry consistent processes and functionality. As a merchant, you can benefit from a number of critical advantages by implementing American Express SafeKey for customers purchasing online with you: It acts as a deterrent to fraudsters, helping to prevent fraudulent transactions before they are cleared. It may shift fraud liability away from your business. It demonstrates a higher level of security for your customers, offering reassurance that you are taking all possible steps to combat fraud. There are no extra charges and if you re already using 3D Secure you won t need to make any major changes to your website or checkout process. If you wish to enrol in American Express SafeKey, please support@sagepay.com and our support team will be in touch with the next steps. Page 16 of 30
17 3D Secure Responses Sage Pay will send a 3D Secure response in the 3DSecureStatus field for all ecommerce transactions. The table below shows the possible responses, their corresponding flag displayed in My Sage Pay and how it s interpreted. OK ATTEMPTONLY INCOMPLETE NOTAUTHED MALFORMED INVALID ERROR NOAUTH CANTAUTH NOTCHECKED (OK) The 3D-Authentication step completed successfully. (ATTEMPTONLY) The cardholder attempted to authenticate themselves but the process did not complete. A CAVV is returned, therefore a liability shift may occur for non-maestro cards. Check your merchant agreement. (INCOMPLETE) 3D Secure authentication was unable to complete (normally at the card issuer site). No authentication occurred. (NOTAUTHED) The cardholder failed to authenticate themselves with their Issuing Bank. (ERROR) These statuses indicate a problem with creating or receiving the 3D Secure data. These should not occur on the live environment. (NOTAVAILABLE) This means the card is not in the 3D Secure scheme. (NOTAVAILABLE) This normally means the card issuer is not part of the scheme. (NOTCHECKED) No 3D Authentication was attempted for this transaction. Always returned if 3D Secure is not active on your account. More information around the 3D Secure response can be found within the Fraud Results tab of each transaction. ECI Ecommerce Indicator. Provides the security level used in an Internet transaction. The tables below provide a definition of the ECI values used by each card scheme. Visa: Value Description 05 Authentication is successful 06 Authentication is attempted but the process did not complete Page 17 of 30
18 MasterCard and Maestro: Value Description 02 Authentication is successful. Full UCAF 01 Authentication is attempted but the process did not complete. Merchant UCAF XID Transaction Identifier. CAVV Cardholder Authentication Verification Value. Unique reference generated by Visa card issuers to prove authentication took place or was attempted. UCAF Universal Cardholder Authentication Field. The data field used by MasterCard and Maestro issuers to send the Accountholder Authentication Value proving that authentication took place. There are two stages to 3D Secure. An enrolment stage which checks to see if the card holder is part of the scheme, and an authentication stage which verifies the details entered by the card holder. The tables below show the possible responses at each stage, the associated ECI value and 3D Secure Status. Enrolment Status Y N U E Description Transaction progresses to authentication stage. This means the card is not in the 3D Secure scheme. This normally means the card issuer is not part of the scheme. Indicates a problem with creating or receiving the 3D Secure data. 3D Secure Status - Yes NOAUTH CANTAUTH ERROR Proceed with 3D Authentication No No No Authentication Status Visa ECI MC ECI Description Y Authentication successful OK A N - - U E - - The cardholder attempted to authenticate themselves but the process did not complete. The cardholder failed to authenticate themselves with their Issuing Bank. 3D Secure authentication was unable to complete (normally at the card issuer site). No response returned. Either the browser was closed or the back button clicked whilst on the 3D Secure page. Indicates a problem with creating or receiving the 3D Secure data. 3D Secure Status ATTEMPTONLY NOTAUTHED INCOMPLETE INCOMPLETE ERROR Page 18 of 30
19 3D Secure Liability Shift The major benefit to you as the merchant is that you are likely to experience a liability shift for a fully 3D Secure authenticated transaction. Meaning if it later turns out to be fraudulent you will not be responsible. You are protected by the card issuer against such chargebacks because the bank themselves assume the liability. IMPORTANT NOTE: The simplified tables below are for guidance only and do no guarantee that a liability shift will occur. Different conditions such as the card issuer, card type and location can alter the possibility of a liability shift. You should contact your merchant bank for exact terms and conditions for a liability shift. The tables below show when you may receive a liability shift. Visa: Status CAVV ECI Description Y Yes 05 A Optional 06 MasterCard: Status UCAF ECI Description Y Yes 02 A Optional 01 Maestro: Status CAVV ECI Description Y Yes 02 A Optional 01 Authentication successful by cardholder. Issuer generated CAVV. Authentication attempted but cardholder not enrolled. Issuer optionally generates CAVV. Authentication successful by cardholder. Issuer generated UCAF. Authentication attempted but cardholder not enrolled. Issuer optionally generates UCAF. Authentication successful by cardholder. Issuer generated UCAF. Authentication attempted but cardholder not enrolled. Issuer optionally generates UCAF. Liability Shift? Yes Yes Liability Shift? Yes Yes Liability Shift? Yes Yes (only for cards issued in the UK) My Sage Pay My Sage Pay My Sage Pay Page 19 of 30
20 3D Secure Rules A rule base allows you to tailor the way in which 3D Secure responses are handled by your Sage Pay account. When a rule base is set up on your account you will be rejecting transactions that don t pass your specified rules. This contributes to the prevention of fraudulent transactions from being authorised. With 3D Secure turned on and no rules applied to your account, the only transactions where the password is entered incorrectly will be rejected. If you wish to decline a transaction based on whether or not a card is enrolled or if you wish to allow failed authentications, you should set 3D Secure rules on your account. A 3D Secure rule base is applied before the transaction is sent to the card issuer for authorisation. The responses for enrolment and authentication are checked against your 3D Secure rule base and the transaction is either failed or continues for authorisation. To set up a 3D Secure rule base on your account, access the 3D Secure section in the Settings area of My Sage Pay. If you have 3D Secure switched on, you can add a rule base by selecting the Add Rule button. Page 20 of 30
21 Enter the Start value and End value to set the range of transactions based on their amount you want the rule to apply. If you want this rule to apply to all transactions we recommended entering a value of 0 to It is possible to add multiple rules provided the value range doesn t overlap. For example you may want to add a more stringent rule base for higher value transactions. Once a range has been entered tick the boxes next to the rules you wish to allow. When you are happy you should click the Add rule button to add this rule base to your account. To determine which 3D Secure rule you should apply to allow each type of 3D Secure response, please refer to the table below. The table lists the rule base option and the response you will allow by selecting it. Responses can vary depending on the method of integration you use with Sage Pay. Rule Base FORM Server Direct Perform 3D Secure Authentication OK ATTEMPTONLY OK ATTEMPTONLY OK ATTEMPTONLY Accept non-3d secure cards to be authorised NOTAVAILABLE INCOMPLETE NOTAVAILABLE INCOMPLETE NOAUTH Accept authorisations when MPI errors occur Accept cards from non-3d secure issuers to be authorised Accept 3D secure failures to continue for authorisation ERROR ERROR ERROR MALFORMED INVALID NOTAVAILABLE NOTAVAILABLE CANTAUTH NOTAUTHED NOTAUTHED NOTAUTHED Page 21 of 30
22 Common 3D Secure Rules Strict rule base The strictest rule base you can apply for 3D Secure is shown below. This rule base will only allow a transaction to be authorised if the card holder is enrolled in the scheme and a response of OK or ATTEMPTONLY is returned for a price range of 0.00 to 100, This is the best possible result for 3D Secure. However, if you apply a rule base as strict as this, you may well be declining genuine cardholders. For example, this rule would decline cardholders whose are yet to enrol in the 3D Secure scheme with their card issuing bank. Medium rule base The example rule base shown below shows the use of multiple rules. It still applies 3D Secure to all transactions but will allow low value transactions to be authorised if the card holder isn t enrolled in the scheme or an error occurs during the process, whilst at the same time applying a stricter rule against higher value transactions. This rule base will only allow transactions over through if the transaction is 3D Authenticated with the response OK or ATTEMPTONLY, limiting your risk of being liable for a chargeback. Transactions under can be processed if the card holder is not part of the 3D Secure scheme. Page 22 of 30
23 The 3rd Man Fraud Analysis Sage Pay work in conjunction with The 3rd Man to provide Verified Payment Data Query (VPDQ), an extensive risk management tool that screens all your transactions for fraud. Each transaction is screened by The 3rd Man, the results are returned within an hour and displayed in My Sage Pay. This can be viewed within the My Sage Pay daily transaction list alongside the AVS, CV2 and 3D Secure fraud screening results in the T3M column. IMPORTANT NOTE: The 3rd Man is an independent company from Sage Pay and we cannot always guarantee that results will be returned. If we receive a result, it will be display in the My Sage Pay admin area. Each transaction is given a risk rating of high, medium or low, depending on the overall score, and colour-coded red, amber or green respectively so that merchants can see at a glance the level of risk associated with each transaction. Transactions are scored between and Scores are calculated by starting at 0 and increase when factors such as delivery address, address or telephone number are deemed as irregular or risky and decrease when factors are consistent or verified. The 3rd Man analyses transaction data through their suite of risk management tools looking for behavioural trends, patterns and abnormalities. High Risk (Reject) 50 to 1000 Medium Risk (Hold) 30 to 49 Low Risk (OK) to 29 No Result Awaiting result or result not applicable (i.e. Refund) Factors that will influence The 3rd Man score include: Value of the transaction AVS/CV2 results Country of issuing bank History of the card (card holder name, transaction values, addresses used, contact telephone numbers)* IP address (location and history)* Billing and Delivery address (location and history)* address (history)* Names (card, billing and delivery) Telephone number (history)* PAF check Postcode Address File ER check Electoral Roll *history is populated by transactions through the Sage Pay gateway only. Page 23 of 30
24 Viewing 3rd Man Fraud Results Once a result has been returned it can be reviewed in the My Sage Pay admin area. Select the Transactions tab and click on the relevant transaction. Within the Fraud Results tab you are shown an overview of the 3rd Man result. Clicking on the result ( OK, Hold or Reject ) will give you a more detailed breakdown of the score. For further information relating to risk assessment of any transaction, call Sage Pay Customer Services on and quote your T3M ID number. We re available 24 hours a day, 7 days a week. IMPORTANT NOTE: Our fraud detection system gives an indication of risk only and does not give you any guarantees against fraud. When contacting Sage Pay Customer Service regarding your T3M results, we offer an advisory service only. We are more than happy to explain why certain factors have scored highly or look at historical trends. However, as a third party company we cannot take responsibility for whether you choose to fulfil an order. This is ultimately your discretion and you should not be directing your customers to us or The 3rd Man in regards to transactions that you have chosen not to proceed with, regardless of the fraud advice received. Page 24 of 30
25 Restrictions If you notice any trend to fraudulent attempts through your site, we offer the ability to set restrictions on certain criteria. These restrictions can also be used to pre-empt any potential fraudulent transactions such as blocking countries that are notorious for fraud. The following Restrictions can be applied: IP Addresses Countries Card Ranges Issuing Countries You can add these through the Restrictions section in the Settings area of My Sage Pay. You can use this section to add a specific IP address that you want to block from being able to process a transaction through your Sage Pay account. You can use this section to add a country that you want to block from being able to process a transaction through your Sage Pay account. Every customer with an IP address located in this country will be blocked from ordering. Page 25 of 30
26 You can use this section to add a specific card range that you want to block from ordering through your Sage Pay account. You can use this section to add an issuing country that you want to block from ordering through your Sage Pay account. Every customer with a card issued in this country will be blocked from ordering. Page 26 of 30
27 Delaying Settlement of Funds You may wish to perform your own manual fraud checks on the cardholder to ensure that they are genuine (see page 27 for more information). After you have completed these checks you can arrange for funds from each transaction to be settled on request, as opposed to them automatically being settled on a daily basis. It is also useful to delay settlement if you don t always have the goods in stock. The two options for delaying settlement of funds are: Deferred: A deferred transaction shadows the card for the full amount of the transaction. The funds are not settled until you choose to send the release message to Sage Pay to settle the funds. A Deferred transaction will remain active for 30 days for you to Release. However, the bank's authorisation 'shadow' will usually only remain active for up to 6 days. For more information about Deferred transactions, please refer to the link below: Authenticate/Authorise: Authenticated transactions do not obtain an authorisation at the time the order is placed. Instead the card and card holder are validated using the 3D Secure authentication provided by the card-schemes and card issuing banks. A Transaction will ONLY be AUTHENTICATED if it is fully 3D Secured. If the Card Issuer/Merchant is not in the 3D Secure scheme, a transaction will return a status of REGISTERED. After a transaction has been Authenticated or Registered, you have up to 90 days (30 days for Maestro) in which to Authorise the transaction and take the funds, enabling you to delay settlement until you are ready to ship the goods. The Authenticate DOES NOT reach the banks; it only reaches the 3D Secure stage. Once you are ready to fulfil the order, you can then Authorise the payment for the full amount of the transaction, or for multiple Authorisations up to 115% of the original Authenticated amount. For more information about Authenticate transactions, please refer to the link below: Page 27 of 30
28 The Chargeback Process Generally a fraudulent online transaction will result in a chargeback for which you (the merchant) will be liable, unless you have 3D Secure Authentication set up on your account. For more information about 3D Secure Authentication and receiving a shift in liability for certain chargebacks please refer to the 3D Secure section included in this guide. A chargeback can occur for a number of reasons. The main reason is when the genuine cardholder reports an unknown transaction on their card statement to their card issuer. You may not be made aware of a chargeback until up to 6 months after the original transaction. You have 14 days to process a chargeback and will be required to provide all of the necessary paperwork related to the transaction. You will need to supply any details which can help you prove that the cardholder participated in the transaction. This paperwork can include receipts, details of telephone conversations, and any other correspondence which may be relevant. Once the card issuer has received the paperwork, they will investigate further. This will enable the card issuer to confirm if the cardholder did participate in the transaction. If you don t receive any further contact from the card issuer that chargeback may be closed. However, if the chargeback does proceed, you will be required to provide further information to defend the chargeback. After this process is complete, the card issuer will go back to the cardholder, obtain a response from them and then decide on the appropriate course of action. The onus of proof will always lie with you as the merchant. You should contact your merchant bank for more information and a comprehensive explanation of their chargeback rules. Page 28 of 30
29 Manual Checks You may wish to perform manual checks on a transaction to ensure that the customer is the true cardholder. Normally, you would only need to perform manual checks on transactions if you are worried that the transaction may be fraudulent. Some fraud indicators are given below. The value of the order is higher than you would normally expect. The AVS/CV2 response is not ALL MATCH The order is from a country which is listed as high fraud risk: (source Elavon) o Balkans o Iraq o Belarus o Ivory Coast (Côte d Ivoire) o Burma/Myanmar o Lebanon o Cuba o Liberia o Democratic Republic of Congo o North Korea o Eritrea o Republic of Guinea o Federal Republic of Yugoslavia o Somalia and Serbia o Sudan o International Criminal Tribunal for o Syria The Former Yugoslavia o Zimbabwe o Iran The customer has ordered more than once in a day The customer has attempted to make payment several times with the first few transactions failing The country of issue for the card does not match the delivery address The customer refuses to confirm their card details The customer alters the delivery address at short notice The customer demands next day delivery without regard for the extra costs involved The 3rd Man returned a high risk fraud screening result The 3D Secure Authentication result returned a yellow or red flag. If your fraud screening processes have flagged a transaction for further investigation, you may want to perform the following manual checks: Send an to the address supplied by the customer to confirm that it exists. Check the area code of the phone number matches the address by using one of the free web based tools. Check the customer s name with directory enquiries to verify the address against the telephone number. Ring the customer on their landline number to confirm the order details and check that the telephone number and customer exist. Check the IP Address of the customer at to confirm that the IP Country matches the billing address. You will be able to find the customer s IP Address on the Transaction Detail in the My Sage Pay Admin screens. Page 29 of 30
30 Additional Fraud Prevention Advice High value goods and overseas transactions should be treated with extreme caution. You should consider delivery through a courier company who can obtain a signature upon delivery. Delivery Usually goods ordered via the internet will be delivered to the customer. However, in some cases the customer may collect the goods in person. If the customer does collect the goods in person, you should obtain a signature and ask the customer to show the card that they used during the transaction. You should then process the transaction as a cardholder present transaction and refund the transaction placed through the internet. You may want to consider the following: Only deliver goods to the cardholder s permanent billing address. Avoid sending goods to hotels or guest houses. Only send goods by registered or recorded post or by a reputable courier. Insist on a signed and dated delivery note. Couriers should return goods if they are unable to deliver to the address specified. My Sage Pay Admin You should use the My Sage Pay Admin area to examine your transactions on a regular basis. You will need to look for fraud patterns as detailed previously. You may also want to consider using The 3rd Man fraud screening service which can perform these checks for you. Transaction Security All transaction information passed between merchant sites and Sage Pay s systems is encrypted using 128-bit SSL certificates. No cardholder information is ever passed unencrypted and any messages sent to your servers from Sage Pay are signed using MD5 hashing to prevent tampering. You can be completely assured that nothing you pass to Sage Pay s servers can be examined, used or modified by any third parties attempting to gain access to sensitive information. Encryption and Data Storage Once on the Sage Pay systems, all sensitive data is secured using the same internationally recognised 256-bit encryption standards used by, among others, the US Government. The encryption keys are held on state-of-the-art, tamper proof systems in the same family as those used to secure VeriSign's Global Root certificate, making them all but impossible to extract. The data held by Sage Pay is extremely secure and Sage Pay is regularly audited by the banks and banking authorities to ensure it remains so. For more information on Sage Pay s security policies please refer to the link below: Page 30 of 30
Sage Pay Fraud Prevention Guide
Sage Pay Fraud Prevention Guide April 2014 Table of Contents 1.0 Introduction to fraud prevention 3 1.1 What are the fraud prevention tools 3 2.0 AVS/CV2 4 2.1 What is AVS/CV2 4 2.2 How it works 5 2.3
More informationMy Sage Pay User Manual
My Sage Pay User Manual Page 1 of 32 Contents 01. About this guide..4 02. Getting started.4 Online help Accessing My Sage Pay Test Servers Live Servers The Administrator account Creating user accounts
More informationMySagePay. User Manual. Page 1 of 48
MySagePay User Manual Page 1 of 48 Contents About this guide... 4 Getting started... 5 Online help... 5 Accessing MySagePay... 5 Supported browsers... 5 The Administrator account... 5 Creating user accounts...
More informationInternet Authentication Procedure Guide
Internet Authentication Procedure Guide Authenticating cardholders successfully V10.0 Released May 2012 Software Version: Internet Authentication Protocol COPYRIGHT NOTICE No part of this publication may
More informationForm Protocol and Integration Guideline. Form Protocol and Integration Guideline (Protocol v3.00)
Form Protocol and Integration Guideline (Protocol v3.00) Published Date 30/01/2014 Document Index Version History... 3 LEGAL NOTICE... 3 Welcome to the Sage Pay Form integration method... 4 Overview of
More informationincrease your resistance How card not present gaming companies can minimise the risk of losing money through chargebacks
increase your resistance How card not present gaming companies can minimise the risk of losing money through chargebacks payment acceptance protect yourself We know that receiving a chargeback can cause
More informationAccepting Ecommerce Payments & Taking Online Transactions
Accepting Ecommerce Payments & Taking Online Transactions Accepting credit and debit cards is mandatory for Ecommerce websites. This method is fast and efficient for you and your customers and with the
More informationServer Protocol and Integration Guideline (Protocol v3.00) Published Date 27/08/2013
Server Protocol and Integration Guideline (Protocol v3.00) Published Date 27/08/2013 Document Index Version History... 3 LEGAL NOTICE... 3 Welcome to the Sage Pay Server integration method... 4 Overview
More informationElavon Payment Gateway- Reporting User Guide
Elavon Payment Gateway- Reporting User Guide Version: v1.1 Contents 1 About This Guide... 4 1.1 Purpose... 4 1.2 Audience... 4 1.3 Prerequisites... 4 1.4 Related Documents... 4 1.5 Terminology... 4 1.6
More informationRisk Management Service Guide. Version 4.2 August 2013 Business Gateway
Risk Management Service Guide Version 4.2 August 2013 Business Gateway This page is intentionally blank. Table Of Contents About this Guide... 1 Change History... 1 Copyright... 1 Introduction... 3 What
More informationVisa Merchant Best Practice Guide for Cardholder Not Present Transactions
Visa Merchant Best Practice Guide for Cardholder Not Present Transactions Table of Contents Section 1 About This Guide 03 Section 2 Merchant Procedures 05 Section 3 Authorisation 07 Authorisation Procedures
More informationGuide to credit card security
Contents Click on a title below to jump straight to that section. What is credit card fraud? Types of credit card fraud Current scams Keeping your card and card details safe Banking and shopping securely
More informationFraud Detection. Configuration Guide for the Fraud Detection Module v.4.2.0. epdq 2014, All rights reserved.
Configuration Guide for the Fraud Detection Module v.4.2.0 Table of Contents 1 What is the... Fraud Detection Module? 4 1.1 Benefits 1.2 Access 1.3 Contents... 4... 4... 4 2 Fraud detection... activation
More informationBWA Merchant Services. Credit Card Fraud Protection User Guide
1 BWA Merchant Services Credit Card Fraud Protection User Guide 2 Contents: 1. How to reduce the risk of card present fraud... 3 2. How to reduce the risk of card not present fraud... 5 3. Delivering the
More informationIntegrated EFTPOS User Guide
business Integrated EFTPOS User Guide www.bendigobank.com.au Table of contents Keypad layout....3 Debit card purchase...4 Credit and charge card purchase...5 Processing a tip (restaurants only)...6 Pre-authorisation
More informationCardholder Authentication Guide. Version 4.3 August 2013 Business Gateway
Cardholder Authentication Guide Version 4.3 August 2013 Business Gateway ii This page is intentionally blank Table of Contents About this Guide... 1 History... 1 Copyright... 2 Introduction... 3 What is
More informationRecurring Transactions Enquiry Service. Merchant Implementation Guide
Recurring Transactions Enquiry Service Merchant Implementation Guide April 2013 Contents Section Page Introduction 1 Benefits Of Using The Recurring Transactions Enquiry Service 1 Requirements Of Using
More informationElavon Payment Gateway Integration Guide 3D Secure
Elavon Payment Gateway Integration Guide 3D Secure Version: v1.1 Table of Contents 1 About This Guide 3 1.1 Purpose 3 1.2 Audience 3 1.3 Prerequisites 3 1.4 Related Documents 3 2 Introduction 4 3 3D Secure
More informatione Merchant Plug-in (MPI) Integration & User Guide
e Merchant Plug-in (MPI) Integration & User Guide Enabling merchants to integrate their payment processing with SECPay s 3-D Secure Merchant Plug In (MPI) solution. This document provides the details of
More informationSage Pay Direct Integration and Protocol Guidelines 3.00. Published: 01/08/2014
Sage Pay Direct Integration and Protocol Guidelines 3.00 Published: 01/08/2014 Table of Contents Document Details 4 Version History 4 Legal Notice 4 1.0 Introduction 5 2.0 Overview of Direct Integration
More informationStreamline Cardholder Authentication. Avoid being the target of online fraud
Streamline Cardholder Authentication Avoid being the target of online fraud Streamline Cardholder Authentication helps protect your business and your customers Streamline Cardholder Authentication shifts
More informationMERCHANT MANAGEMENT SYSTEM
MERCHANT MANAGEMENT SYSTEM Version: 1.2-1 - Welcome to the Retail Merchant Services Merchant Management System (MMS) user guide. In this guide we will look at the different sections of the MMS and explain
More informationProcessing credit card payments over the internet. The business of getting paid.
Processing credit card payments over the internet. The business of getting paid. X Tap into the vast potential of the Internet today with WIPS Plus. The internet is a huge opportunity for businesses large
More informationElavon Payment Gateway- 3D Secure
Elavon Payment Gateway- 3D Secure Service Overview April 2013 Payer Authentication Service What Is Payer Authentication? When selling on the internet and accepting payments by credit and debit card it
More informationMail & Telephone Order Payments Service (WorldAccess) Guide. Version 4.3 February 2014 Business Gateway
Mail & Telephone Order Payments Service (WorldAccess) Guide Version 4.3 February 2014 Business Gateway Table Of Contents About this Guide... 1 Update History... 1 Copyright... 1 Introduction... 2 What
More informationFREQUENTLY ASKED QUESTIONS - CHARGEBACKS
FREQUENTLY ASKED QUESTIONS - CHARGEBACKS # Questions Answer 1 What is a Chargeback? A Chargeback is the term used by Banks for debiting a merchant s bank account due to successful return of a transaction
More informationYOUR GUIDE TO SAFER, SMARTER CREDIT CARD PAYMENTS. What you need to know about chargebacks and fraud on mail, telephone, IVR and Internet orders
YOUR GUIDE TO SAFER, SMARTER CREDIT CARD PAYMENTS What you need to know about chargebacks and fraud on mail, telephone, IVR and Internet orders Contents HELPING YOU PROTECT YOUR BUSINESS AND YOUR PROFITS
More informationRealex Payments Integration Guide - Ecommerce Remote Integration. Version: v1.1
Realex Payments Integration Guide - Ecommerce Remote Integration Version: v1.1 Document Information Document Name: Realex Payments Integration Guide Ecommerce Remote Integration Document Version: 1.1 Release
More informationEFTPOS Merchant Facilities Quick Reference Guide
EFTPOS Merchant Facilities Quick Reference Guide How to Use this Guide This handy Quick Reference Guide has been designed to give you step-by-step, easy-to-follow instructions on how to correctly use your
More informationYour Guide. to doing business with American Express
Your Guide to doing business with American Express Contact Information Internet General Information Point-of-Purchase Materials Online Merchant Services Marketing Opportunities americanexpress.co.uk/ondisplay
More informationOnline Payment Processing Definitions From Credit Research Foundation (http://www.crfonline.org/)
Online Payment Processing Definitions From Credit Research Foundation (http://www.crfonline.org/) The following glossary represents definitions for commonly-used terms in online payment processing. Address
More informationRealex Payments Resource Document. Version: v1.1
Realex Payments Resource Document Version: v1.1 Document Information Document Name: Realex Payments Resource Document Document Version: 1.0 Release Date: 30 August 2010 Legal Statement This guide, in addition
More informationElavon Payment Gateway Integration Guide- Remote
Elavon Payment Gateway Integration Guide- Remote Version: v1.1 Table of Contents 1 About This Guide 3 1.1 Purpose 3 1.2 Audience 3 1.3 Prerequisites 3 1.4 Related Documents 3 2 Elavon Payment Gateway Remote
More informationDIRECT INTEGRATION GUIDE DIRECT INTEGRATION GUIDE. Version: 9.16
DIRECT Version: 9.16-1 - 1 Direct HTTP Integration... 4 1.1 About This Guide... 4 1.2 Integration Disclaimer... 4 1.3 Terminology... 5 1.4 Pre-Requisites... 6 1.5 Integration Details... 7 1.6 Authentication...
More informationMerchant Operating Guide
PB 1 Merchant Operating Guide ANZ FastPay MOBILE PAYMENT SOLUTION Contents 1. Welcome 4 1.1 Merchant Agreement 4 1.2 Contact Details 4 1.3 How to get started 4 1.4 Authorisation 4 1.4.1 Authorisation Declined
More informationMerchant Account Set-up Guide
Merchant Account Set-up Guide The payment process and your merchant account There are two major components necessary to accept card from your customers. The first is a merchant bank account and the second
More informationFraud Detection Module (basic)
Table of contents 1. Introduction 1.1 Benefits 1.2 Contents 2. Activation and configuration 2.1 Blocking rules 2.1.1 Card country 2.1.2 IP address country 2.1.3 Country consistency 2.1.4 3-D Secure 2.2
More informationPowering e-commerce Globally. What Can I Do to Minimize E-Commerce Chargebacks?
Powering e-commerce Globally What Can I Do to Minimize E-Commerce Chargebacks? Chargebacks are not going away. And now there are new rules. Selling products and services online and using credit cards for
More informationA: This will depend on a number of factors. Things to consider and discuss with a member of our ANZ Merchant Services team are:
1 ANZ egate FAQ s Contents Section 1 General information: page 1 Section 2 Technical information for ANZ egate Merchants: page 5 November 2010 Section 1 General information Q: What is ANZ egate? A: ANZ
More informationYour Guide. to doing business with American Express
Your Guide to doing business with American Express Contact Information Internet General Information Point-of-Purchase Materials Online Merchant Services Marketing Opportunities americanexpress.co.uk/signage
More informationPayPoint.net Gateway Guide to Identifying Fraud Risks
PayPoint.net Gateway Guide to Identifying Fraud Risks Copyright PayPoint.net 2010 This document contains the proprietary information of PayPoint.net and may not be reproduced in any form or disclosed to
More informationMagento Extension User Guide: Payment Pages. This document explains how to install the official Secure Trading extension on your Magento store.
This document explains how to install the official Secure Trading extension on your Magento store. Module version: 3.5 Published: 6 August 2015 Table of Contents 1 Introduction... 3 1.1 Features... 3 1.2
More informationOXY GEN GROUP. pay. payment solutions
OXY GEN GROUP pay payment solutions hello. As UK CEO, I m delighted to welcome you to Oxygen8. We ve been at the forefront of multi-channel solutions since 2000. Headquartered in Birmingham, UK, we have
More informationA multi-layered approach to payment card security.
A multi-layered approach to payment card security. CARD-NOT-PRESENT 1 A recent research study revealed that Visa cards are the most widely used payment method at Canadian websites, on the phone, or through
More informationFor Card Not Present (CNP) Merchants. Card Acceptance Operating Guide
For Card Not Present (CNP) Merchants Card Acceptance Operating Guide Card Acceptance Operating Guide For Card Not Present (CNP) Merchants With EMS, mail, telephone and Internet card acceptance is a simple
More informationMiGS Merchant Administration User Manual. MiGS User Manual
MiGS Merchant Administration User Manual MiGS User Manual June 2006 MasterCard International Copyright The information contained in this manual is proprietary and confidential to MasterCard International
More informationDolphin's Automatic Credit Card Authorisation and Fund Transfer - Servebase
Dolphin Dynamics Dolphin's Automatic Credit Card Authorisation and Fund Transfer - Servebase Copyright 2009 Dolphin Dynamics Ltd. The information contained herein is the property of Dolphin Dynamics Ltd.
More informationAccount Management System Guide
Account Management System Guide Version 2.2 March 2015 Table of Contents Introduction...5 What is the Account Management System?...5 Accessing the Account Management System...5 Forgotten Password...5 Account
More informationCRM4M Accounting Set Up and Miscellaneous Accounting Guide Rev. 10/17/2008 rb
CRM4M Accounting Set Up and Miscellaneous Accounting Guide Rev. 10/17/2008 rb Topic Page Chart of Accounts 3 Creating a Batch Manually 8 Closing a Batch Manually 11 Cancellation Fees 17 Check Refunds 19
More informationMerchant Business Solutions. Protecting business against credit card fraud.
Merchant Business Solutions. Protecting business against credit card fraud. Version 4.0 May 2011 Contents Protect your business 3 Authorisation 4 Chargebacks 5 Verification of Purchaser 6 Types of goods
More informationMerchant Best Practices & Guidelines
National Bank of Abu Dhabi Merchant Best Practices & Guidelines Merchant Advice Version 1.0 January 24, 2016 Table of Content 1. Guidelines to reduce Merchant Risks... 3 1.1 Card Present Transactions...
More informationWhat is Interchange. How Complex is Interchange?
What is Interchange The foundation of the entire Bankcard Processing industry s cost structure. Interchange is the wholesale price, charged by Card Issuing Bank, for Authorization and Settlement of a credit
More informationRealex Payments. Magento Community / Enterprise Plugin. Configuration Guide. Version: 1.1
Realex Payments Magento Community / Enterprise Plugin Configuration Guide Version: 1.1 Document Information Document Name: Magento Community / Enterprise Plugin Configuration Guide Document Version: 1.1
More informationCREDIT CARD FRAUD PROTECTION. how to protect your business and your customers
CREDIT CARD FRAUD PROTECTION how to protect your business and your customers INTRODUCTION It is an unfortunate fact that many businesses will encounter a customer who presents a credit card or a credit
More informationGuide to BBPS and BBMS Blackbaud Payment Services and Blackbaud Merchant Services explained.
For etapestry Customers www.blackbaud.co.uk Guide to BBPS and BBMS Blackbaud Payment Services and Blackbaud Merchant Services explained. What is BBPS/BBMS? Blackbaud Payment Services (BBPS) is Blackbaud
More informationMiGS Virtual Payment Client Integration Guide. July 2011 Software version: MR 27
MiGS Virtual Payment Client Integration Guide July 2011 Software version: MR 27 Copyright MasterCard and its vendors own the intellectual property in this Manual exclusively. You acknowledge that you must
More informationCOMMERCIAL-IN-CONFIDENCE
CardEaseMPI a technical manual describing the use of CardEaseMPI 3-D Secure Merchant Plug-In. Authors: Nigel Jewell Issue 2.9. November 2014. COMMERCIAL-IN-CONFIDENCE Copyright CreditCall Limited 2007-2014
More informationAddress Verification and Security Code Guide. AVS Guide
Address Verification and Security Code Guide AVS Guide Copyright SecureTrading 2008. All rights reserved. No part of this document may be photocopied, reproduced, stored in a retrieval system or transmitted
More informationHow to Resolve Dispute with a Card issuer
Disputes Management Guide Version 4.0 December 2011 Business Gateway Dispute Management Guide Table Of Contents About This Guide... 3 Update History... 3 Copyright... 3 Introduction to Dispute Management...
More informationPayDollar. Merchant User Guide
PayDollar Merchant User Guide (Leave Blank Intentionally) PayDollar Merchant User Guide Page 1 Copyright Information AsiaPay (HK) Limited Room 1702, 17/F K. Wah Centre 191 Java Road Hong Kong. Telephone
More informationCard Sales & Refunds Quick Guide VeriFone Vx520
Card s & Refunds Quick Guide VeriFone Vx520 1. Chip & PIN s 2. Contactless (Where active) 3. Card Not Present (CNP) s 4. Refund Process 5. Receipts For full details, also refer to your main Vx520 User
More information2015-11-02. Electronic Payments Part 1
Electronic Payments Part Card transactions Card-Present Smart Cards Card-Not-Present SET 3D Secure Untraceable E-Cash Micropayments Payword Electronic Lottery Tickets Peppercoin Bitcoin EITN4 - Advanced
More informationCredit cards explained
Credit cards explained What is a credit card? As its name suggests, a credit card lets you buy things on credit meaning that you don t need to have the money upfront to pay for your purchases. If large,
More informationVirtual Terminal User Guide
Payment solutions for online commerce Virtual Terminal User Guide Copyright PayPoint.net 2010 This document contains the proprietary information of PayPoint.net and may not be reproduced in any form or
More informationE-Commerce Applications E-payment
Ecommerce Applications 2009/10 E-Commerce Applications E-payment Session 3 1 Overview Payment process Credit card payment online Payment systems Risks and challenges Chargeback Internet fraud Session 3
More informationDrive your fraud rates down
Drive your fraud rates down Drive your fraud rates down To a greater or lesser extent, fraud concerns almost everyone involved in e-business. With margins tight and competition fierce, the prospect of
More informationYour guide to epdq moto
Your guide to epdq moto Contents Introduction Login details for epdq Back Office Configuration, Advanced and Operations Taking a payment Payment response Authorised transactions View transactions Downloading
More informationVerifone User Guide. VX 820 VX 680.
Verifone User Guide. VX 820 VX 680. Table of contents. Terminal layout 3 Purchase transactions 4 Purchase transactions Restaurants only. 5 Pre-authorisation 7 Processing a void transaction 8 Processing
More informationFraud Mitigation and Identity Verification for Card Not Present Transactions Overview
Fraud Mitigation and Identity Verification for Card Not Present Transactions Overview Credit card fraud costs businesses over $11 Billion dollars annually. The percentage of revenue lost to fraud is rising;
More informationE-Commerce Applications E-payment
E-Commerce Applications E-payment Session 3 1 Overview Payment process Credit card payment online Payment systems Risks and challenges Chargeback Internet fraud Session 3 2 E-commerce overview Buying and
More informationFrequently Asked Questions (FAQ) on HSBC Chip Credit Cards
Frequently Asked Questions (FAQ) on HSBC Chip Credit Cards Cards issued by The HongKong and Shanghai Banking Corporation Limited, India (HSBC) 1. What is EMV Chip Card? EMV (Europay MasterCard Visa) is
More informationRefer to the Integration Guides for the Connect solution and the Web Service API for integration instructions and issues.
Contents 1 Introduction 4 2 Processing Transactions 5 2.1 Transaction Terminology 5 2.2 Using Your Web Browser as a Virtual Point of Sale Machine 6 2.2.1 Processing Sale transactions 6 2.2.2 Selecting
More informationBinBase.com REPORT: credit card fraud
BinBase.com REPORT: credit card fraud Whether you are a security specialist, an e-commerce web developer, or an online merchant, a knowledge of how credit card fraud works and what you can do to prevent
More informationMerchant Integration Guide
Merchant Integration Guide Card Not Present Transactions Authorize.Net Customer Support support@authorize.net Authorize.Net LLC 071708 Authorize.Net LLC ( Authorize.Net ) has made efforts to ensure the
More informationCard and Account Security. Important information about your card and account.
Card and Account Security. Important information about your card and account. 2 Card and Account Security 1. Peace of mind As a Bendigo Bank customer you can bank with confidence knowing that, if you take
More informationPlastic Cards: A Guide to Consumer Protection in the UK
Plastic Cards: A Guide to Consumer Protection in the UK One of the key benefits of using a UK-issued credit, debit or pre-paid card, is that your transactions can benefit from consumer protection that
More informationApril 12, 2004. To: Verified by Visa Merchants Verified by Visa Acquirers Verified by Visa Merchant Service Providers
April 12, 2004 To: Verified by Visa Merchants Verified by Visa Acquirers Verified by Visa Merchant Service Providers The year 2003 was an active one for the Verified by Visa program, and 2004 promises
More informationYahoo! Merchant Solutions. Order Processing Guide
Yahoo! Merchant Solutions Order Processing Guide Credit Card Processing How It Works The following charts provide an overview of how online credit card processing works. Credit Card processing for Yahoo!
More information2 Scroll button 8 Power button
PAX User Guide. 1 Table of contents. Keypad layout 3 Debit card purchase 4 Credit and charge card purchase 5 Processing a purchase when tipping is enabled 6 Processing a purchase with cash out when tipping
More informationCyberSource Payer Authentication
Title Page CyberSource Payer Authentication Using the Simple Order API September 2015 CyberSource Corporation HQ P.O. Box 8999 San Francisco, CA 94128-8999 Phone: 800-530-9095 CyberSource Contact Information
More informationBe*PINWISE Cardholder FAQs
Be*PINWISE Cardholder FAQs 1. Who is behind the BuySafe initiative? The Industry Security Initiative (ISI)/BuySafe initiative comprises representatives of ten Australian financial institutions including
More informationVisa Debit processing. For ecommerce and telephone order merchants
Visa Debit processing For ecommerce and telephone order merchants Table of contents About this guide 3 General procedures 3 Authorization best practices 3 Status check transactions 4 Authorization reversals
More informationCard Not Present Fraud Webinar Transcript
Card Not Present Fraud Webinar Transcript All right let s go ahead and get things started, and to do that, I d like to turn it over to Fae Ghormley. Fae? Thank you for giving us this opportunity to share
More informationMerchant Guide to the Visa Address Verification Service
Merchant Guide to the Visa Address Verification Service Merchant Guide to the Visa Address Verification Service TABLE OF CONTENTS Table of Contents Merchant Guide to the Visa Address Verification Service
More informationCardsave Payment Gateway
Cardsave Payment Gateway Cart Implementation David McCann Cardsave Online Version 1 1 st August 2010 Contents Page Overview 3-4 o Integration Types 3 Direct/Integrated (Preferred Method) Re-direct/Hosted
More informationOrder Processing Guide
Yahoo! Merchant Solutions Order Processing Guide Version 1.0 PROCESSING CREDIT CARD ORDERS 1 PROCESSING CREDIT CARD ORDERS Contents Note: If your store already has online credit card processing set up,
More informationAn introduction to CashFlows and the provision of on-line card acceptance services we provide to Young Enterprise companies
An introduction to CashFlows and the provision of on-line card acceptance services we provide to Young Enterprise companies Q. What is CashFlows? A. CashFlows is a Financial Services company that provides
More informationVersion 15.3 (October 2009)
Copyright 2008-2010 Software Technology, Inc. 1621 Cushman Drive Lincoln, NE 68512 (402) 423-1440 www.tabs3.com Portions copyright Microsoft Corporation Tabs3, PracticeMaster, and the pinwheel symbol (
More informationSending money abroad. Plain text guide
Sending money abroad Plain text guide Contents Introduction 2 Ways to make international payments 3 Commonly asked questions 5 What is the cost to me of sending money abroad? 5 What is the cost to the
More informationMASTERCARD PAYMENT GATEWAY SERVICES
MASTERCARD PAYMENT GATEWAY SERVICES OVERVIEW MAKING PAYMENTS SAFE, SIMPLE & SMART What are MasterCard Payment Gateway Services? Our Solutions Making payments safe, simple & smart for your customers, for
More informationAIB Merchant Services AIB Merchant Services Quick Reference Guide Ingenico
AIB Merchant Services AIB Merchant Services Quick Reference Guide Ingenico AIB Merchant Services AIBMS Quick Reference Guide This quick reference guide has been designed to answer the most common queries
More informationFraud Minimisation Guide ANZ Merchant Business Solutions
Fraud Minimisation Guide ANZ Merchant Business Solutions INTRODUCTION Fraud can occur in and is a risk for any business that accepts credit cards and it can have a significant financial impact on your
More informationOnline Payment Processing What You Need to Know. PayPal Business Guide
Online Payment Processing What You Need to Know PayPal Business Guide PayPal Business Guide Online Payment Processing 2006 PayPal, Inc. All rights reserved. PayPal, Payflow, and the PayPal logo are registered
More informationimportant for me Postbank P.O.S. Transact
important for me Smooth, secure processing of card payments online, by phone or by fax. The benefits of being a Postbank partner for distance selling. Postbank P.O.S. Transact 2 At a glance The benefits
More informationConsumer FAQs. 1. Who is behind the BuySafe initiative? 2. Why should I use a PIN? 3. Do all transactions need a PIN?
Consumer FAQs 1. Who is behind the BuySafe initiative? The Industry Security Initiative (ISI)/BuySafe initiative comprises representatives of ten Australian financial institutions including all of the
More informationGlobal Iris Integration Guide ecommerce Remote Integration
Global Iris Integration Guide ecommerce Remote Integration February 2013 Table Of Contents 1 About This Guide... 3 1.1 Purpose... 3 1.2 Audience... 3 1.3 Prerequisites... 3 1.4 Related Documents... 3 2
More informationThe Comprehensive, Yet Concise Guide to Credit Card Processing
The Comprehensive, Yet Concise Guide to Credit Card Processing Written by David Rodwell CreditCardProcessing.net Terms of Use This ebook was created to provide educational information regarding payment
More informationPROCESS TRANSACTION API
PROCESS TRANSACTION API Document Version 8.7 May 2015 For further information please contact Digital River customer support at (888) 472-0811 or support@beanstream.com. 1 TABLE OF CONTENTS 2 Lists of tables
More informationVerified by Visa. Acquirer and Merchant Implementation Guide. U.S. Region. May 2011
Verified by Visa Acquirer and Merchant Implementation Guide U.S. Region Verified by Visa Acquirer and Merchant Implementation Guide U.S. Region VISA PUBLIC DISCLAIMER: THE RECOMMENDATIONS CONTAINED HEREIN
More information