Risk Management Service Guide. Version 4.2 August 2013 Business Gateway

Risk Management Service Guide Version 4.2 August 2013 Business Gateway

This page is intentionally blank.

Table Of Contents About this Guide... 1 Change History... 1 Copyright... 1 Introduction... 3 What is the Risk Management service?... 3 What Checks are made by the Risk Management service?... 3 How the Risk Management service works... 4 What Risk Results are Provided?... 5 Using Referral Lists to Block Transactions... 6 What do I do if I get a Risk Alert?... 6 Risk Management Page...7 Purpose... 7 Use... 7 Change the Configuration Setting... 7 Edit the Shopper IP Addresses Referral List... 8 Edit the Email Address Referral List... 9 Edit the Card/Account Holder Name Referral List... 10 Name Blocking Rules... 11 Screen Shot - Risk Management Page... 11 Screen Shot - Shopper IP Address Referral List Page... 12 Screen Shot - Email Address Referral List Page... 12 Screen Shot - Card / Account Holder Name Referral List Page... 13 Page Descriptions - Risk Management Page... 13 Risk Results... 17 Purpose... 17 Use... 17 Warning and Caution Alerts... 17 Address Verification Service (AVS) and Security Code (CVC/CVV) Verification Results... 19 Where Risk Results are Displayed... 21 Refused Payment Results... 25 iii

Fraud Screening Guide This page is intentionally blank. iv

About this Guide This guide provides information about the Risk Management service and explains: How the Risk Management service works. How to configure the fraud screening tools. To fully understand the fraud screening and prevention measures that are available online on the WorldPay Website and offline, read this guide in conjunction with Introduction to Fraud Guide. Change History Version Change description Date Affected Pages 4.2 Added AVS and CVC/CVV information relating to the V.me by Visa digital wallet service August 2013 AVS and CVC/CVV Results Added American Express Advanced Verification (AAV) information What Risk Results are Provided?, AVS and CVC/CVV Results, Where Risk Results are Displayed 4.1 Added information about American Express SafeKey September 2012 What Risk Results are Provided? 4.0 Gateway and guide name added to navigation path December 2011 All pages 3.0 WorldPay rebrand July 2011 All pages Copyright WorldPay (UK) Limited While every effort has been made to ensure the accuracy of the information contained in this publication, the information is supplied without representation or warranty of any kind, is subject to change without notice and does not represent a commitment on the part of WorldPay (UK) Limited. WorldPay (UK) Limited, therefore, assumes no responsibility and shall have no liability, consequential or otherwise, of any kind arising from this material or any part thereof, or any supplementary materials subsequently issued by WorldPay (UK) Limited. 1

Fraud Screening Guide 2

Introduction What is the Risk Management service? The Risk Management service is WorldPay's propriety fraud screening system. It comprises a series of automated risk checks that are applied to each transaction that is processed by our payments service. The risk checks are designed to identify transactions that have an elevated risk of fraud. All checks are pre-set by WorldPay and are based on our extensive knowledge and experience of fraud attempts. All automated risk checks are weighted by our payments service. This means that the fraud potential of each transaction is measured by examining a range of data and the final calculation of whether a transaction has an elevated risk of fraud is dependent on a broad spectrum of fraud indicators. If there are indications of potential fraud, you are informed by an alert categorised as either a 'Warning' or 'Caution' dependent on the calculated severity of the risk. This enables you to investigate and make your own checks about the shopper and order data before shipping goods or providing any services. If necessary, you can make the decision not to go ahead with the order. The Risk Management service is designed as an 'informational system' that provides details of those transactions that warrant additional checking, thereby enabling you to make the most productive use of the time you have to check transactions. The Risk Management service enables you to set up your own referral lists (negative databases) containing certain details (email addresses, cardholder names, IP addresses). You may want to add entries to referral lists when in the course of trading online you encounter shoppers who abuse their card privileges or you suspect are involved in fraud attempts. The criteria that you enter are checked by the Risk Management service each time a shopper makes a payment attempt from your website. If a match is found then processing does not continue. You should note that occasionally the Risk Management service may prevent a payment attempt from continuing where criteria is met that WorldPay has specified in global referral lists, which we maintain. The Risk Management service works with, and enhances other anti-fraud and authentication tools, such as, the Address Verification Service (AVS), Security Code Verification (CVC/CVV) and cardholder authentication (Verified by Visa, MasterCard SecureCode and American Express SafeKey). What Checks are made by the Risk Management service? The Risk Management service is a powerful anti-fraud tool. It runs multiple checks against all transactions that are processed through the WorldPay payments service. Several tests use data accumulated over a period of time from the many millions of transactions that pass through our payments service. In this way, Risk Management adapts to ever changing fraud patterns. The Risk Management service is constantly updated and new checks are automatically made available. The checks provided by the Risk Management service operate in the following areas: 3

Fraud Screening Guide Location-based checks - these checks identify inconsistencies between any transaction data that implies a location, such as the location of the shoppers PC, the payment method they are using, and address details. Activity checks - these checks determine unusual purchase patterns from a shopper or a card. Change-related checks - these checks ascertain whether certain elements of subsequent transactions from a shopper or card are inconsistent. Historical checks - these checks identify if elements of data previously associated with confirmed fraud are present in a new transaction. Consistency checks - these checks look for elements of data which when compared to previous transactions are inconsistent. Accuracy checks - these checks validate certain transaction data elements against external sources. Full details of the checks in the Risk Management service are not generally made available in order to maintain its effectiveness against fraudsters. How the Risk Management service works When a shopper makes a purchase, the pre-authorisation Risk Management checks are run. These checks are completed in less than a second, so there is virtually no delay for your shoppers. A pre-authorisation risk result is calculated at this point. If the transaction contains any element that appears in a referral list (maintained by you or WorldPay), then processing is stopped and the shopper's payment attempt does not continue. The transaction is given a payment status of REFUSED and this is reported in the Merchant Interface and in an email we send to you (if this has been set). The shopper is shown a result page that indicates the transaction was not processed. The shopper is told they may try again or use a different card. For all other transactions, our payment service makes a request of the card issuer for an authorisation, an Address Verification (AVS), and a Card Security Code (CVC/CVV) check. The card issuer returns the authorisation results together with the AVS and CVC/CVV results. These results are added to the final calculations made by our Risk Management service. If the fraud risk is calculated to be at one of the pre-defined levels set by WorldPay, then a 'Warning' or 'Caution' alert is returned. An alert is returned whether a transaction is authorised or refused by the card issuer and is reported in the Merchant Interface, the HTML Payment Response (Callback) and in the email we send you (if this has been set). If the payment is authorised by the card issuer and the fraud risk is calculated to be below the pre-defined alert levels set by WorldPay, then our Risk Management service indicates a no risk result or OK is returned depending on where the results are viewed. 4

Risk Management Page What Risk Results are Provided? Warning and Caution Alerts Warning and Caution alerts are reported in the Merchant Interface, the HTML Payment Response (Callback) and in the email we send you (if this has been set). For details of interpreting the results, refer to Warning and Caution Alerts in the Risk Results section. For screenshots, refer to Where Risk Results are Displayed. Address Verification Service (AVS), American Express Advanced Verification and Security Code (CVC/CVV) Verification Results The Address Verification Service (AVS), American Express Advanced Verification (AAV) and Security Code Verification or Card Verification Value (CVC/CVV) are checks available via the card issuers. They provide a mechanism for performing checks on the identity of the shopper by comparing information entered by the shopper during the payment process with details held by the card issuer. AVS enables elements of the billing address and postcode, entered by the shopper, to be compared against the card issuer's records during the payment process. AAV is a service set up by American Express, for American Express card transactions. It enables the cardholder name, the telephone number, and the email address entered by the shopper to be compared against the equivalent records held by American Express. CVC/CVV is a 3- or 4-digit value printed on the card (for example, on a signature strip), but not encoded on the magnetic stripe, and enables the security code entered by the shopper to be compared against the card issuer's records during the payment process. The number is generated when the card is issued, by encrypting the card number and expiration date under a key known only to the issuing bank. Supplying this code in a transaction is intended to verify that the customer has the card in their physical possession. Our Risk Management service sends the results for each transaction. The results are displayed in the Merchant Interface, and the AVS and CVC/CVV results are also displayed in the HTML Payment Response (Callback) and in the email we send you (if this has been set). For details of interpreting the results, refer to AVS and CVC/CVV Results in the Risk Results section of this guide. For screen shots, refer to Where Risk Results are Displayed. Authentication Results Cardholder authentication is where the shopper enters a password to confirm their identity directly with their card issuer. It is provided by Verified by Visa, MasterCard SecureCode for MasterCard and Maestro, and American Express SafeKey. Cardholder authentication provides you with added protection from online fraud, enabling you to ensure that the cardholder making the transaction is genuine and that they have successfully authenticated their identity with their card issuer. 5

Fraud Screening Guide Results are fed into the Risk Management service and are also displayed for each transaction in the Merchant Interface, the HTML Payment Response (Callback) and in the email we send you (if this has been set). An authenticated transaction where the shopper does not successfully authenticate will not be sent for authorisation. For details about authentication and interpreting the results, refer to the Cardholder Authentication Guide. Using Referral Lists to Block Transactions The Risk Management page in the Merchant Interface enables you to add details (IP addresses, email addresses, cardholder names) to referral lists, which act as negative databases. The details you add to referral lists are then checked against a shopper's order and payment details when a payment attempt is made from your website. If a match is found, payment processing is stopped before the authorisation request is made to the card issuer. Three referral lists are provided in the Risk Management page: Shopper IP addresses. Shopper email addresses. Card/Account holder names. Each referral list has an edit page which enables you to add or remove a block. For details about adding/deleting an entry to a referral list, refer to the Risk Management Page - Purpose and Use section. What do I do if I get a Risk Alert? Warning and Caution risk alerts are designed to give you an indication of whether a transaction has an elevated risk of fraud. If you receive a risk alert, we recommend that you carry out additional checks to help ensure that the transaction is not fraudulent before fulfilling the order or carrying out a service. If you decide not to fulfil the order, you must refund the shopper, or if you have instituted a capture delay, cancel the order. Introducing a capture delay between authorisation and capture gives you time to make additional checks, including time to check a shopper's credentials/creditworthiness before providing the goods or services. For further details, refer to the Capturing Payments section in the Payments & Orders guide. For help about additional checks you can make, refer to the Introduction to Fraud guide. For help in understanding the meaning of Warning and Cautions risk alerts, refer to Warning and Caution Alerts. 6

Risk Management Page Purpose Use the Risk Management page on the Merchant Interface to add details (IP addresses, email addresses, cardholder names) to referral lists. You may want to add entries to referral lists when in the course of trading online you encounter shoppers who abuse their card privileges or you suspect are involved in fraud attempts. When a shopper makes a purchase from your website, our Risk Management service runs automated checks, and as part of these checks, entries on your referral lists are compared with data in a shopper's payment. If a match is found then payment processing is stopped before the authorisation request is made to the card issuer and the transactions is given a payment status of REFUSED on the Merchant Interface. Use Configuration Setting - change the configuration setting (merchants with more than one merchant code). IP Address Referral List - block transactions using a particular IP address or range of IP addresses. Email Address Referral List - block transactions using a particular email address. Card/Account Holder Name Referral List - block transactions using a particular cardholder name. Screen Shots. Page Descriptions. For an introduction to our Risk Management service, refer to the Introduction of this guide. Change the Configuration Setting The following information applies only to merchants who have more than one merchant code. If you have more than one merchant code, you can choose to have the configuration of the Risk Management service set at administration code or merchant code level. The default setting for risk checks is administration code level. If the setting is at this level then any additions/deletions you make to a referral list for a particular merchant code are applied automatically across all your merchant codes. Therefore, when a shopper makes a payment attempt, the Risk Management service checks across your administration. If transaction data matches that contained in a referral list (for example, an email address), processing is stopped before the authorisation request is made to the card issuer. Please contact us if you would like to be able to configure your referral lists according to merchant code. 7

Fraud Screening Guide You can always tell whether the configuration setting for our Risk Management service is at administration or merchant code level by the wording in the Information Box at the top of the Risk Management page in the Merchant Interface (refer to figure below). Figure: Example of Configuration Setting Edit the Shopper IP Addresses Referral List This referral list enables you to add/remove an IP (Internet Protocol) address or a range of IP addresses that you suspect are associated with fraudulent transactions. The IP address is a unique number that identifies a computer. The IP addressing system requires that all publicly connected IP addresses worldwide are unique, that is, each IP address is restricted to one single computer. Note that the Payment and Order Details pop-up box (available from the payments page in the Merchant Interface) displays the relevant IP address for a transaction. An IP address comprises a series of four sets of numbers, with a maximum of three digits per set, and with each set of numbers separated by a dot, for example, 221.124.132.244. The 32 binary bits representing an IP address, such as, 221.124.132.244, are arranged in 4 fields of 8 bits separated by full stops. The edit field in the Shopper IP Addresses Referral List reflects this format. See the example below. Figure: IP Address The edit field to the right of the '/ ' symbol enables you to specify which part of the IP address to use when finding a match. Each of these fields is an 8-bit number, and each field can be identified by using the following values: 8, 16, 24 and 32 (8 for the first field of 8-bits, 16 for the first two fields, 24 for the first three fields, and 32 for all fields). And, / 0 specifies that no bits are to be used when finding a match, which means that any IP address will match. 8

Risk Management Page To block a Single IP Address 1. Login to the Merchant Interface using your user-name and password. 2. Select the Risk Management option from the left-hand menu to open the Risk Management page. Then select the Shopper IP Addresses Referral List. This opens an edit page from where you can view your referral list and add or delete entries. Note if you have more than one merchant code and have not yet selected a merchant code you will be asked to do so at this point. 3. Add the IP address you want to block. For example, 192.168.0.5. Enter the IP address in the appropriate fields, ensure that the value to the right of the / symbol is 32, as shown in the figure, then select the Block this IP button. The address will be displayed in the Shopper IP Address Referral List. To add a Range of IP Addresses: 1. You can add a range of IP addresses by using the value to the right of the / symbol. This value specifies which part of the IP address is to be used when finding a match. 2. For example, if you want to select a range of IP addresses beginning at 192.168.0.0 and ending at 192.168.0.255, then you need to specify that just the first three 8-bit fields (24 bits) are to be used in the match, that is 192.168.0, so use /24. This means that all of the 256 IP addresses that can be represented by the fourth 8-bit field (192.168.0.0 to 192.168.0.255), will match. 3. Enter the IP address to be matched in the appropriate fields, then enter the /value for the number of bits to use in the match, and then select the Block this IP button. The address and /value will be displayed in the Shopper IP Address Referral List. When the Risk Management checks are run, a shopper's payment attempt will fail this check if the IP address in the transaction details matches those held on this referral list. A payment status of REFUSED will be assigned. Details you add in this referral list will be applied immediately by our payments service. For full details of using this page, refer to Page Description - Shopper IP Addresses Referral List. Edit the Email Address Referral List This referral list enables you to add/remove email addresses that you suspect are fake or fraudulent. 1. Login to the Merchant Interface using your user-name and password. 2. Select the Risk Management option from the left-hand menu to open the Risk Management page. 3. In the Referrals List section of the page, select the pencil symbol in the Email Address Referral List row. This opens an edit page from where you can view your 9

Fraud Screening Guide referral list and add or delete entries. Note if you have more than one merchant code and have not yet selected a merchant code you will be asked to do so at this point. To insert an email address, enter an email address in the text box, select the Insert button. The email address is displayed in the Current Shopper Email Addresses Referral List below. Note you may use the wildcard '*' to block a complete email domain. For example, to block all email addresses from the smith.com domain enter *@smith.com. To delete an email address, select an email address in the Current Merchant Email Address Referral List (to highlight it) and then select the Delete button. When the Risk Management checks are run, a shopper's payment attempt will fail this check if the email address in the transaction details matches those held on this referral list. A payment status of REFUSED will be assigned. Details you add in this referral list will be applied immediately by our payments service. For full details of using this page, refer to Email Address Referral List - Page Description. Edit the Card/Account Holder Name Referral List You can create and maintain a referral list of cardholder's names that you believe could be suspicious or known to be used in fraud attempts by using the Card/Account Holder Name Referral List. 1. Login to the Merchant Interface using your user-name and password. 2. Select the Risk Management option from the left-hand menu to open the Risk Management page. 3. In the Referrals List section of the page, select the pencil symbol in the Card/Account Holder Name Referral List row. This opens an edit page from where you can view your referral list and add or delete entries. Note if you have more than one merchant code and have not yet selected a merchant code you will be asked to do so at this point. To insert a name in the referral list - enter the name you want to block in the text box, then select the Insert button. The name is displayed in the Currently Blocked Names Referral List. For rules relating to adding names to this referral list, refer to Name Blocking Rules. To delete a name in the referral list - select a word (to highlight it) in the Currently Blocked Names Referral List and then select the Delete button. The name is saved in lower case characters. When the Risk Management checks are run, a shopper's payment attempt will fail this check if the card/account holder name in the transaction details matches those held on this referral list. A payment status of REFUSED will be assigned. Details you add in this referral list will be applied immediately by the WorldPay system. 10

Risk Management Page For full details of using this page, refer to Page Description - Card/Account Holder Name. Name Blocking Rules Referral list entries are checked as complete words ending or surrounded by white space. For example, an entry of "randolf" in the referral list would match "Randolf" or "Randolf Ludvig" and an entry of "randolf ludvig" would match "Randolf Ludvig" or "Mr Randolf Ludvig". The wildcard "*" can extend the matching process so words can be matched at the beginning and end of a string. For example, an entry of "*randolf" in the referral list would match "Grandolf" or "Mr Grandolf Ludvig" and an entry of "randolf*" would match "Randolfe". Using the wildcard "*" at the beginning and end of a string would match an entry anywhere in a string with or without white text either side of it. For example, "*randolf*" would match "Grandolf" or "Mr Grandolf Ludvig" The symbol = specifies an absolute match: the referral list string must be identical to the shopper/cardholder name string (including whitespace). Entries are not case sensitive. Unlike email addresses, names are not unique so you should exercise care when adding names to a referral list. Screen Shot - Risk Management Page Figure: Example of the Risk Management Page 11

Fraud Screening Guide Screen Shot - Shopper IP Address Referral List Page Figure: Example of the Edit the Shopper IP Address Referral List Page Screen Shot - Email Address Referral List Page Figure: Example of the Edit the Email Address Referral List Page 12

Risk Management Page Screen Shot - Card / Account Holder Name Referral List Page Figure: Example of the Edit the Card/Account Holder Name Referral List Page Page Descriptions - Risk Management Page Page Description - Risk Management Page Use the Risk Management page to add details (IP addresses, email addresses, cardholder names) to referral lists. You may want to add entries to referral lists when in the course of trading online you encounter shoppers who abuse their card privileges or you suspect are involved in fraud attempts. The following table describes each element or 'item' on the page, top-to-bottom, left-to-right. page item description Information Field This field displays a warning message about the level at which the risk configuration settings operate; this can be at either the merchant or administration level. Refer to Change the Configuration Setting for further details. Description Column Describes the Risk Management check. Edit Column Select the pencil symbol parameters. to open a edit page where you may adjust the relevant check's Help Column Select the question mark symbol to open help for editing this check. 13

Fraud Screening Guide Referral Lists Referral lists contain data that you have previously identified as being associated with fraud. Shopper IP Addresses Referral List This check compares the shopper's IP address against a list of excluded IP addresses (held in the referral list). You maintain the IP Addresses referral list. Select the pencil in the Edit column to open the Shopper IP Address Referral List page to view your IP Address Referral List and add or delete shopper IP addresses. Email Address Referral List This check compares the shopper's Email address against a list of excluded addresses (held in the referral list). You maintain the Email Address referral list. Select the pencil in the Edit column to open the Edit Email Address Referral List page to view your Edit Email Address Referral List and add or delete email addresses. Card/Account Holder Name Referral List This check compares the shopper's name against a list of excluded shopper names (held in the referral list). You maintain the shopper name referral list. Select the pencil in the Edit column to open the Edit Card/Account Holder Name Referral List page. In this page you can view your card/account holder name referral list and add or delete names. Page Description - Shopper IP Address Referral List Use this referral list to add/remove an IP address or a range of IP addresses that you suspect are associated with fraudulent transactions. The IP (Internet Protocol) address is in simple terms, a number that identifies a single computer, similar to the number of a telephone in some respects. The following table describes each element or 'item' on the page, top-to-bottom, left-to-right. page item Insert a Shopper IP Address IP Address field description This section enables you to add shopper IP Addresses. Enter an IP address or range of IP addresses in the text boxes provided. Refer to Edit the IP Address Referral List for details. Note: A 0 (zero) value to the right of the / symbol specifies that no bits are to be used when finding a match. This means that any IP address will match, thus everything will be blocked. Select this button to add an IP address to the referral list. Current Shopper IP Addresses This section displays the current entries for this referral list. Shopper IP Address Referral List Shopper IP addresses are displayed in this list. To delete an entry in the Shopper IP Address referral list, select your chosen address in the referral list then select this button. 14

Page Description - Email Address Referral List Risk Management Page Use this referral list to add/remove email addresses that you suspect are fake or fraudulent. The following table describes each element or 'item' on the page, top-to-bottom, left-to-right. page item Insert an Email Address Insert an Email Address Text Box description This section enables you to add email addresses. Enter an email address in the text box. To block a complete email domain, use a * wildcard character in front of the @ character in the address. For example, to block john@smith.com and sam@smith.com from the same domain, enter *@smith.com. Note that the address is saved in lower-case characters. Select this button to add an address to the referral list. Current Merchant Email Addresses Referral List This section displays the current entries for this referral list. Displays entries on the current referral list. To delete an entry in the Shopper IP Address referral list, select your chosen address in the referral list then select this button.. 15

Fraud Screening Guide Page Description - Card / Account Holder Name Referral List Use this referral list to create and maintain a referral list of cardholder's names that you believe could be suspicious or known to be used in fraud attempts by using the Card/Account Holder Name Referral List. The following table describes each element or 'item' on the page, top-to-bottom, left-to-right. page item description Insert a Name Insert a Name text box This section enables you to add card/account holder names to the referral list. Enter a name to be added to the referral list in the text box. For details, refer to Name Blocking Rules. Also note that the name is saved in lower-case characters. Select this button to add the name to the referral list. Currently Blocked Names This section displays the current entries for this referral list. To delete an entry in the Currently Blocked Names list, select your chosen name, then select this button. 16

Risk Results Purpose To explain the risk results that our Risk Management service displays. Use Warning and Caution risk alerts - meaning of results. AVS & CVC/CVV results - meaning of results. Authentication results - meaning of results (refer to the Cardholder Authentication guide). Shopper's IP Address, IP Country and Card Issuer - meaning of results. Risk Results - where risk results are displayed. Refused Payments Results - what is displayed when a payment is refused by the Risk Management service. For an introduction to our Risk Management service, refer to the Introduction of this guide. Warning and Caution Alerts The following table provides explanations about the Warning and Caution alerts issued to you by our Risk Management service, and recommends how you should respond. Warning and Cautions are designed to help you identify payments that warrant further checks before making a decision about whether to proceed or not with the order or service. The shopper is not informed about Warning and Caution alerts. If the payment has been authorised by the card issuer, the shopper will assume that the payment is being processed. Shoppers are alerted only if a transaction is actually blocked by the Risk Management service and the payment does not proceed. Risk Result What does it mean? What do I do about it? CAUTION Risk Management checks indicate that a moderate level of risk exists. This may be as the result of failures by the shopper to obtain an authorised payment and then retrying with a different payment method or details. There may be errors in the details provided by the shopper. You may wish to carry out further checks before fulfilling the order. For example, check the supplied information for errors, such as, an incorrectly formatted email address, a postcode included in the address as well as the postcode field, country incorrectly selected etc. Refer to the Introduction to Fraud Guide for other useful checks. 17

Fraud Screening Guide Risk Result What does it mean? What do I do about it? WARNING Risk Management checks indicate that a high level of risk exists. This may be as the result of potentially significant inconsistencies in location-based information, for example, the billing address country and the country of issue of the card are different, or by unusual recent activity by either the shopper or the card. We strongly recommend that you carry out further checks before fulfilling the order. Check the supplied information to ascertain if location information is consistent, such as, IP location country, card/account holder address, delivery address, domain of the email (.uk.us etc.), format of the telephone number. Refer to the Introduction to Fraud Guide for other useful checks. The WorldPay Merchant Guarantee does not apply to transactions if you receive a 'Warning alert but still accept the order. The parameters used by the Risk Management service return alerts that might change over time. It is important that the details of its operation are protected to ensure that fraudsters cannot circumvent the system. It is therefore not always possible to provide the exact reason for an alert. Additionally, the Data Protection legislation mandates against sharing details of specific shoppers' purchasing activities with merchants other than proper authorities. Shopper's IP Address, Shopper's IP Country and Card Issuer Country Results The Shopper's IP Address, Shopper's IP Country and Card Issuer Country are displayed for each transaction in the Risk Details section of the Payment and Order Details pop-up box, available from the Payments page. Refer to screen print in Where Risk Results are Displayed. Using information held here you are able to check the country displayed in the Card Issuer Country field with the country displayed in the Customer Address field (under Payment Details) and investigate if no match is found. For further details about the checks you can make, refer to the Introduction to Fraud Guide. If you suspect transactions from a particular IP address are fraudulent, then you can use details held in the Shopper IP Address field to block further transactions from that IP address. Refer to the Purpose and Use - Risk Management page. Geographic Regions If you are having specific issues with fraud from one or more countries you can request to add specific country restrictions to our Risk Management service. A country restriction can restrict all future orders where at least one of the following shopper details matches your country criteria: Billing country. Card issue country. IP country. 18

Risk Results Note that this may only be requested as an anti-fraud measure to address a specific fraud issue. It must not be used as part of a business process, for example, to limit your orders to regions where you have shipping options available. Address Verification Service (AVS), Security Code (CVC/CVV) Verification and American Express Advanced Verification Results AVS, AAV and CVC results are displayed in the Payment and Order Details pop-up box available from the Hosted Payments page. AVS and CVV results are also in the Get Statement report, available from the Reports menu on the Merchant Interface. Address Verification Service (AVS) This table explains each possible AVS result, the meaning of the result, and a suggested way to interpret these results: AVS result Meaning of the result How to interpret the results (A) Postcode and Address Matched (B) Postcode Matched; Address not Checked (C) Postcode Matched; Address not Matched (D) Address Matched; Postcode not Checked (E) Postcode and Address not Checked (F) Address Matched; Postcode not Matched (G) Postcode not Checked; Address not Matched (H) Postcode and Address not Supplied by Shopper/Merchant (I) Address not Checked; Postcode not Matched (J ) Postcode and Address not Matched Address details are analysed in two parts: Address and Postcode. The numerics are extracted from each component, for example, 12 High Street, Town, TT1 1TT would result in an address value of '12' and a postcode value of '11'. The card issuer compares this with the cardholder records it holds, and returns a separate result for each. The WorldPay payments service merges the results. The combinations that are displayed in the Merchant Interface are displayed in the left-hand column. AVS results are presented in order of likely risk from A representing the lowest risk to J as highest. Data entry errors by shoppers for both are relatively common and the reason for mismatches are often obvious when the transaction is reviewed. For example, the shopper entered the postcode in the Address field before noticing the Postcode field. This means the address will contain erroneous data. Mismatches of both Address and Postcode where the reason is not obvious should be investigated further especially where the CVV/CVC also mismatches. Most fraudsters that have obtained card data do not have the real cardholder's address so this is a useful check. Be aware, however, that in cases such as identity theft, the fraudster may have the correct address. Therefore, a 'Matched' result should not be viewed as absolute proof that the genuine cardholder is making the transaction. Note: For V.me by Visa transactions, V.me overrides any address entered by the shopper for the purpose of checking. 19

Fraud Screening Guide CVV/CVC Results This table explains each possible CVV/CVC result, the meaning of the result, and a suggested way to interpret these results: CVV/CVC result Meaning of the result How to interpret the results (A) CVV/CVC matched Approved (B) CVV/CVC not supplied by shopper/merchant Not Supplied by Shopper (C) CVV/CVC not checked Not Sent to the Acquirer Unknown The data supplied matched the data held on the card issuer s System. Not provided by shopper or merchant indicated that CVC not present on card. Either: the card issuer does not support the check; is refused by the issuer and no results have been returned to us; the service is temporarily unavailable; CVV/CVC results are presented in order of likely risk from A representing the lowest to D as highest. The rate of errors of shoppers entering CVV/CVC is relatively low so a Not Matched result is an indicator that the shopper does not have the card available. Note: For v.me by Visa transactions, no CVV.CVC check is performed unless the shopper has updated their card details during the treansaction. Due to this, the CVV/CVC result when cards are used (and not updated) is also Not Supplied by Shopper. the transaction is high risk and has been stopped by the Risk Management service before proceeding to authorisation. (D) CVV/CVC not matched Failed The data did not match the data held on the card issuer s system or is invalid. Merchant Confirmation Email Information The Merchant Confirmation Email contains the same results in a slightly different format. A separate result is displayed for the: Security code CVV/CVC result. Postcode comparison result. Address comparison. 20

Risk Results Value Result Description 1 Not Checked The request to verify the data has not been completed for any of the following reasons: The card issuer does not support the check. The service is temporarily unavailable. The transaction is high risk and has been stopped by the Risk Management service before proceeding to authorisation. 2 Matched The data supplied matched the data held on the Card Issuer s System. 4 Not Matched The data did not match the data held on the Card Issuer s System. American Express Advanced Verification (AAV) Results This table explains each possible AAV result, the meaning of the result, and a suggested way to interpret these results. AAV result Meaning of the result How to interpret the results (A) matched (B) not supplied (C) not checked The data supplied matched the data held by American Express. The data was not provided by the shopper or merchant. Either: No results have been returned to us The service is temporarily unavailable The transaction is high risk and has been stopped by the Risk Management Service. AAV results are presented in order of likely risk from A representing the lowest to D as highest. These checks are for information purposes only, and will have no impact on your risk scores. (D) not matched The data did not match the data held on the American Express system or is invalid. Where Risk Results are Displayed Risk results are displayed in the following areas Merchant Interface Merchant Confirmation email The HTML Payment Response (callback) 21

Fraud Screening Guide Merchant Interface Warning and Caution alerts are displayed in the Risk field in the Payments page, Dispute Management page, Bulk Capture page and in the Get Statement report in the Merchant Interface. Payments Page Payment and Order Details Pop-up Box Risk results, including Address Verification Service (AVS), American Express Advanced Verification (AAV) and Card Security Code (CVC/CVV) results are displayed in the Payment and Order Details pop-up box (accessed from the Payments page in the left-hand menu of the Merchant Interface). Additionally, Shopper IP Address, IP Country and Card Issuer Country details are displayed. Get Statement Report You can also report on risk results using the Get Statement report on the Merchant Interface. This report is configurable and enables you to select the fields that you require. The report enables you to report on a number of fields relating to risk results for a payment. The Risk field displays a 'Warning' or 'Caution' alert as 'W' or 'C' respectively. If no alert has been given to a payment by the Risk Management service then the Risk field is blank. Please refer to the Reports guide for further details. 22

Risk Results 23

Fraud Screening Guide Merchant Confirmation Email Risk results are detailed in the email confirming that a transaction has been authorised. 24

Risk Results The HTML Payment Response (callback) Our Callback service sends information about each transaction back to your server when the transaction is complete. You can automate your response to the callback, depending on the fraud check results. For further details, refer to the Payment Notifications (Callback) guide. Refused Payment Results Results Displayed to Merchant Our Risk Management service enables you to set up your own referral lists (negative databases) containing certain details. The data that you enter in referral lists is checked by the Risk Management service each time a shopper makes a payment attempt from your website and if a match is found, the payment is blocked. You should note that occasionally the Risk Management service may prevent a payment attempt from continuing where criteria is met that WorldPay has specified in global referral lists, which we maintain. In both of the above cases, processing does not continue and a payment status of 'REFUSED' is displayed against the payment in the Merchant Interface. Merchant Interface The REFUSED payment status is displayed in the Merchant Interface, for example, in the Payments page. Additionally, the reason for the refusal may be displayed in Refusal Reason field in the Payment and Order Details pop-up box for the relevant payment (refer to the figure below). 25

Fraud Screening Guide Merchant Email If a payment is given a REFUSED payment status because of the Risk Management checks, then you will receive an email alerting you that the payment has not been processed. You will only receive merchant email notifications if you (or if applicable, your administrator) have set them up using the Confirmation Details page on the Profile menu on the Merchant Interface. For further details, refer to Purpose and Use - Configuration Details. The wording in the email will tell you if the payment was refused because of criteria specified by WorldPay or because you specified certain criteria using a referral list via the Risk Management page. If the automated Risk Management checks indicated the payment was fraudulent because it matched criteria specified by WorldPay, the wording is as follows: 'This transaction has not been processed, as it matches target criteria specified in WorldPay's antifraud systems.' If Risk Management checks identify a criterion that you specified using a referral list, the wording will indicate the particular criterion. In the example below it is email address. 'This transaction has not been processed as it matches the criterion (email address) that you have specified to decline. The cardholder has been advised to contact you for further information.' Results Displayed to Shopper The following message is returned to the shopper. 'This transaction has been declined. You may wish to try another card, or contact the merchant.' The message does not indicate the reason why the payment was refused. The option to retry with another card allows legitimate shoppers to consider their options. 26