Complete Solutions FRAUDGUARD MERCHANT GUIDE

Complete Solutions FRAUDGUARD MERCHANT GUIDE Copyright PayPoint.net 2010 This document contains the proprietary information of PayPoint.net and may not be reproduced in any form or disclosed to any third party without the expressed written permission of a duly authorised representative of PayPoint.net Limited. Registered in England No: 3539217. VAT Reg. No: 680 1343 55

PayPoint.net Complete Solutions FRAUDGUARD - MERCHANT GUIDE 6 th April 2010 / Version 4.0 Table of Contents 1 Overview... 3 2 Getting Started... 3 3 Controls... 3 4 Fraud Scoring... 4 5 Territory Management... 6 6 Fraud Velocity Controls... 10 7 Fraud Rules Engine... 11 7.1 Managing Countries... 14 7.2 Managing Payment Limits... 15 7.3 Managing Velocity Limits... 15 7.4 Advanced Scheduling... 16 7.5 Transaction Detail... 17 7.6 Disable Rule... 17 7.7 Copy Rule... 17 8 Blacklisting & Whitelisting... 18 9 Additional Configuration... 20 10 Alternative Payment Methods... 20 11 Transaction Detail... 21 12 FraudGuard Reporting... 23 Appendix A: Manual Override... 26 IMPORTANT NOTE ABOUT OPERATION OF PAYPOINT.NET FRAUDGUARD FraudGuard operates on all transactions which are submitted to the PayPoint.net Merchant Card Payment Engine (MCPE) with sufficient detail in the transaction request to support this service. This level of detail is automatic for Merchants using the Virtual Terminal or the hosted Fast- Track solution. For Merchants using our Bank Enterprise API, the integration guide for this service advises of the necessary parameters. The MCPE Bank Enterprise integration guide may be obtained via the Merchant Extranet under Resources > Integration Guides or from our public website. IMPORTANT NOTE TO MERCHANTS WISHING TO USE PAYPOINT.NET FRAUDGUARD AS A STANDALONE SERVICE FraudGuard can be used on all transactions and not just those submitted to PayPoint.net for payment processing. This makes it simple to use these extensive fraud and risk management tools on those transactions which are not otherwise submitted to PayPoint.net. Whilst FraudGuard operates automatically on all transactions processed by PayPoint.net Merchant Card Payment Engine (MCPE) with sufficient detail in the transaction request, it is also possible to request a standalone FraudGuard check from MCPE for any transaction. This service is available to Merchants using our Bank Enterprise API. Details of the method for requesting a FraudGuard Check as a standalone service are contained in the MCPE Bank Enterprise integration guide. See the above panel for details on how to obtain this document. Page 2 of 26

1 Overview PayPoint.net FraudGuard is a comprehensive, well established fraud management solution which can be used both standalone with any type of remote transaction as well as automatically for all PayPoint.net Fast Track and Bank Enterprise merchants. The service operates in real time before payment processing and is controlled, configured and managed via the Merchant Extranet. This document provides specific guidance and information about managing all aspects of the service via the Merchant Extranet. It is designed to be accessible to everyone from casual users to dedicated risk managers. For further detail about the Merchant Extranet software itself, please consult the Merchant Extranet User Guide, available where you obtained this document. 2 Getting Started To configure FraudGuard you must login to your Fast-Track or Bank Enterprise Merchant Extranet account via the client login at http://www.paypoint.net/. FraudGuard configuration is accessed via the FraudGuard tab. If this tab is not visible you will need to refer this task to the principal account holder. They can enable your login for access to this tab via user management. On selecting Configuration from the FraudGuard tab you are prompted to choose an installation on which you wish to configure the product. Select Fast Track MCPE if you wish to configure FraudGuard on a Fast Track hosted checkout, or Virtual Terminal if you process manual transactions. If you have a Bank Enterprise account and process your transactions via our API, please select the Bank Enterprise MCPE installation to configure. Once you have selected the payment installation on which to configure the FraudGuard product, the FraudGuard control panel will appear. 3 Controls The control panel allows you to setup and manage FraudGuard via five key configurable sections: Fraud Scoring Territory Management Velocity Controls Fraud Rules Blacklisting & Whitelisting Each section of the control panel is accessed via a dedicated tab. Each tab contains clear instructions and configuration controls designed to be both simple and intuitive to configure by just point-and-click, using real-time visual feedback. Most controls can be set to reject or where appropriate place under review transactions, removing immediate liability for higher risk transactions. All payment transactions are scored according to a wide range of metrics relating to the customer and their transaction. These include personal details, geographic location, card issuer, internet connection, payment and chargeback history. Fraud Scoring allows you to manage the threat posed by higher risk transactions, using automated thresholds. FraudGuard allows you to select countries to accept or reject via your payment installation, identified definitively by location of cardholder s internet connection or their card issuer, or combination of both. The Territory Management section makes it easy to manage by selecting groups of countries from different regions and moving them to your list, whilst building your map! For controlling the risk associated with repeated attempts from a particular source perhaps a card or IP address or email you have the ability to limit this using Velocity Controls. This functionality is a free cut down version of our Fraud Rules service. Page 3 of 26

A powerful recent addition to the FraudGuard product is the Fraud Rules section. This enables you to implement bespoke rules for screening transactions based on a range of criteria. A detailed but neatly annotated interface makes it simple to point, click, and configure measures you wish to include in your rules, give them memorable names and then put them to work! Blacklisting & Whitelisting gives the opportunity to blacklist or whitelist the cardholder or source of payment on any previous transaction. Any card, IP address or postcode can be blacklisted. Any card or IP address can be whitelisted. FraudGuard lets you review a fully auditable Blacklist and Whitelist, with time and origin of additions and the opportunity to remove customers. 4 Fraud Scoring All PayPoint.net payment transactions are scored on a scale of 0.00 to 10.00, reflecting an assessment of the potential fraud risk. Each score is drawn from a wide range of visible and invisible data about the customer and their transaction request. Although FraudGuard Fraud Scoring will provide information for every payment transaction, to take control of the outcome of those transactions automatically according to the score calculated (known as screening ), you must enable desired thresholds. Using thresholds to deploy automated decision-making is ideal for enforcing your maximum appetite for risk, eliminating time consuming reviews of high risk activity, and ensuring risk processes are more scalable by focusing any manual intervention. Better than that, FraudGuard features powerful automated decision-making so you can authorise and defer selected payments AND specify a period after which they should be automatically settled: perfect for review windows with guaranteed fund flow. The Fraud Scoring tab gives you access to set two different thresholds, a Fail Limit and a Flexi Limit. The Fail Limit dictates the score above which you simply won t accept transactions. The Flexi Limit lets you defer transactions for manual review. To set either threshold simply drag the sliders from their default setting of 0.00 (off) to your desired threshold above which you wish to either reject or defer and manually review transactions. Guidance on suitable levels is provided later in this section. You may choose to use only one limit, for example to fail (or defer and review) all transactions above one particular threshold. Or you might use both limits so that high risk transactions are declined whilst borderline risk is also simultaneously deferred. When both are in use, the intuitive sliders ensure logical hierarchy of transaction screening by maintaining the Fail Limit above your Flexi Limit increasing Fail Limit if Flexi Limit reaches it, and preventing Fail Limit falling back below the Flexi Limit. Please note: for this reason, once a Fail Limit is in use, should you wish to zero it (switch it off), it is necessary to zero both the limits by dragging Flexi Limit to the off position, then the Fail Limit. You will then be able to restore any Flexi Limit setting. Selecting a Threshold No two Merchants are necessarily alike, given the potentially different territories with which they do business and the type of consumers who transact with them and the behaviour those consumers exhibit. Therefore it is difficult to suggest a single threshold which is suitable for all. Page 4 of 26

The most sensible advice is to start with a less-strict relatively open threshold (between 5.00 and 10.00) and then adjust it after you have been transacting for a period of time and recognise the types of scores which are resulting in fraud or are simply a source of concern for you. You should bear in mind that if you do business solely in low risk territories (i.e. UK or Western Europe only) or with consumers who transact infrequently, you would expect to see far lower scores than if you are accepting lots of repeat business from all across the world. Although the score is calculated from a complex algorithm, a score typically increases or decreases based on confidence factors including: Discrepancies between customers stated location and the actual location of their internet connection (determined by Geolocation) Discrepancies between customers actual and stated location and the location of the bank or issuer of the card being used High risk country locations, multiple location discrepancies, latitude and longitude distances between actual and stated locations Recent activity with the card and/or IP address. Past chargeback history across all our Merchants from the card or IP address Potential anonymity of customers internet connection or email address. Use of open and anonymous proxies to hide IP address Recent identity morphing of card, IP, email or billing address, for example if a card had been used with multiple email addresses Your own preferences on maximum permitted 24 hours transaction velocity from card and/or IP address (see section 6) Analysis of the keying of the customer name and email address and how much they correspond to identify any spoofed identities When you set a Fail Limit you need do nothing else. However when you select a Flexi Limit, the first control associated with this limit is displayed. It allows you to specify whether transactions over your Flexi Limit should be deferred, or just declined. What is a Deferred Transaction? When you defer a transaction, only a Pre-Authorisation (or Pre-Auth ) rather than a full Authorisation of the payment takes place. It means that the payment is only authorised and funds are not immediately captured. You then have up to 7 days to review the transaction before deciding whether to capture the funds or decline the transaction. If you use FraudGuard standalone, we simply advise you to defer. If you choose to defer transactions over your nominated FraudGuard Flexi Limit threshold, additional controls are displayed, allowing you to decide what should happen to these transactions so that you can even automate your review processes. You have up to 7 days to review transactions deferred by your Flexi Limit allowing you to manually assess suspicious activity exceeding your nominated Flexi Limit threshold. You can then decide whether you wish to accept liability for such payments. By default the above control can automatically decline deferred transactions when the 7 days complete. You would then need to manually capture each transaction which you review and do wish to accept. See the panel overleaf on manual capture. Page 5 of 26

However, in order to maximise number of transactions that you accept, you may alternatively set an automatic capture period. By choosing to capture Flexi Limit deferred transactions in 1 to 7 days, those which have exceeded this FraudGuard threshold will be deferred (and can be manually reviewed) ahead of the funds being automatically captured in your chosen period. With an automatic capture setting in place, your review process then only needs to manually reject unusual activity deferred for review. This lets risk managers do what they do best and eliminate risk instead of frantically click-capturing deferred revenue! For transactions exceeding your Fail Limit or if you choose to decline transactions over the nominated Flexi Limit a decline is instant. You may still use our Override feature (see Appendix A) to re-submit any such transaction for manual authorisation. Should I use Automatic Capture? If you are more cautious about acceptance and prefer to manually capture suspicious transactions only after a review, you should choose to automatically decline deferred transactions, and only manually capture those which you review. If you prefer to maximise your acceptance, select an automatic capture period and only reject those transactions which you have reviewed and wish to specifically decline. Automatic capture is an inclusive approach to high risk transactions, automatically declining and manually capturing is an exclusive approach. How do I manually capture or reject a transaction? To capture or reject a transaction which was deferred by FraudGuard, locate and display its transaction detail (see section 11). You may then use the Capture Funds option from the drop-down menu. You have up to 7 days in which to do this. If there is an automatic capture period set and you wish to reject a transaction before it is captured, use the Void Funds option from the drop-down menu to cancel the capture. Most risk managers, particularly those with an automatic capture period who need to identify transactions to eliminate, are best served using the FraudGuard report (see section 12) to review their deferred transactions according to a range of chosen risk filters and quickly highlight those requiring special attention or action which differs from the preset delayed handling. 5 Territory Management All PayPoint.net payment transactions are assessed to discretely determine the country in which they originated, based both on the physical location of the consumer s internet connection, and where the card used in payment was issued. Territory Management allows you to accept and deny selected countries according to this detail, and thus target your payment installation to certain regions in which you plan to do business or to exclude problem countries from transacting. Page 6 of 26

Upon checking the Enable Territory Management option to enable the service, the full controls will instantly appear. The two tables show the countries of the world on one side, those which you select on the other side, alongside a world map. Countries of the world are grouped by continent, which can be changed according to the dropdown which appears above the country list. The dropdown above the list of your selected countries indicates whether these should be accepted or rejected. Notice that to aid your recognition, when you highlight any country in each of the continent lists, the world map to the right of the menus will pan and zoom in on the country you re considering adding to your list just in case your geography isn t great! To move a country to your selected list, simply highlight it and then click Add Selected to move it across to the selected list. Hold down Shift to select a range of countries, or Ctrl to select multiple countries from the list, before moving them across. Page 7 of 26

Country Selection To be inclusive, simply select those countries you don t wish to accept and choose Countries should be REJECTED, or to be exclusive, select the countries you do wish to do business with and choose Countries should be ACCEPTED. When you save your selected countries, the panel will re-load and you ll find that the world map will show countries from your selected list shaded. This provides a useful representation of your chosen territories. Highlight shaded countries for more detail! Select North America > United States Click Add Selected to add United States to your list Click Save Territories to submit your updated territory management configuration! Hover Help You ll find FraudGuard full of useful hover help to tell you when you ve made a mistake or let you know what to do next... or even just to keep you informed as we update our systems in real time to reflect your latest settings! Page 8 of 26

Reloaded territory management configuration shows the United States shaded Click on United States on world map for more detail on the new configuration! Once countries are moved across to your selected list they will no longer appear in the left hand list. You can remove countries from your selected list and return them to the left hand lists by selecting the countries and clicking the left arrow. High Risk Countries Africa Algeria Angola Burundi Eritrea Ethiopia Kenya Liberia Libya Malawi Mozambique Nigeria Rwanda Sierra Leone Somalia Sudan Uganda Asia Afghanistan Armenia Azerbaijan Belarus Cambodia China East Timor Indonesia Kazakhstan Laos Mongolia Myanmar Russian Federation Tajikistan Turkmenistan Uzbekistan Vietnam Europe Albania Bosnia And Herzegowina Latvia Macedonia Moldova Serbia And Montenegro Slovakia Slovenia Middle East Iran Iraq Syria Yemen North America Cuba Haiti Oceana Fiji South America Colombia Ecuador Suriname You can decide the method of assessment by which the country of origin of a payment is determined. By default this will check the consumer s IP address (where their internet connection originates) for the physical location of their transaction request. Alternatively you can opt to identify countries by the location of the card issuing financial institution the card s origin or you can require a combination of the two such that both must pass either as one unique country or as two matching countries. Once you have selected countries to accept or reject, and the method by which they are identified, you will be able to specify whether transactions failing your territory management configuration should be declined, or deferred for manual review. Page 9 of 26

You should now be familiar with these options from fraud scoring. If you choose to decline transactions, those payments will be automatically rejected. You may use our Override feature (see Appendix A) to re-submit such transaction for authorisation. If you choose to defer transactions which don t pass territory management, the same additional controls used in FraudGuard scoring (see section 4) will be displayed. You can once again opt to automatically capture these transactions in up to 7 days. 6 Fraud Velocity Controls One of the obvious risks posed to any online business is a repeated assault by someone committing fraud from a single internet connection or re-using the same stolen card. Repeated use is called card or IP velocity and we make it child s-play to control it! Upon selecting the Velocity Controls tab, to make things really simple, you can use another slider to quickly select a maximum permitted attempts from any card or IP (internet connection) in any 24 hour period; this limits your exposure to a fraud assault. To allow you to share in the far wider transaction data across all of our FraudGuard clients, we give you the option to specify if the velocity control should measure activity only through your own account or across all our clients via a dropdown menu. This means that you have the option to share in knowledge that a card or IP has already transacted a large number of times via another of our Merchants, or, should you not wish other Merchant activity to conflict with yours, solely on your own account. Page 10 of 26

To give all FraudGuard users a free taste of the power-functionality contained in our comprehensive, flexible, easy-to-use Rules Engine (see section 7), the Velocity Controls panel also provides access to build a custom velocity rule specific to your business. This might be just a small subset of criteria which can be used in creating a rule via the rules engine, but it gives all FraudGuard users access to setup one bespoke control to limit the type of repeated activity that most threatens your business operations. This means you can specify the unique source to monitor card, IP address, email address or even billing address the number of attempts, and the period (anything from minutes to days!). And again you can select whether to count all PayPoint data too. Simply select the appropriate choice from each of the drop down menus and then save the new controls. They will be enforced immediately and the new live configuration will be explained clearly above the control so you know what it will be doing! 7 Fraud Rules Engine As well as enjoying the peace of mind provided by using FraudGuard to score transactions and reject or review those above a chosen threshold, and in addition to the flexibility of territory management, FraudGuard now also offers a rules engine! The rules engine enables you to build your own bespoke rules against a range of transaction and FraudGuard criteria, specific to your operational or risk needs. These rules can result in automatic rejection of transactions, or deferment for review. Having selected the Fraud Rules tab, you will see a list of any existing rules configured for this payment installation. Rules may be active, pending or disabled. Rules can be created to activate at a future date and time, and can be disabled at any time. Rules are listed by the name you have chosen for them, and the name of the user who created them is also shown. Clicking on any rule will immediately show the configuration of that rule. Pending rules may be amended up until their activation time. Page 11 of 26

All criteria within the configuration of a rule is optional for example some must be enabled and others can be left blank. Rule Name A memorable name or description for the rule, used in reporting. Applicable Countries Payment Limits Countries on which the rule acts, whether as IP, issuer or stated country. Enforce the rule only on transactions exceeding fixed currency amounts. Activation Date A chosen date and time at which the rule takes effect on transactions. New or Existing Allows your rule to act only on new customers or only if seen before. Payment Type Select a credit or debit card type on which you wish the rule enforced, for example you might want to build a rule to limit the amount which can be spent using East European MasterCards. Fraud Score Card Attempts Now instead of simply configuring your single Fraud Score threshold, you can develop rules which deal with specific Fraud scores in specific circumstances: multiple Fraud Score thresholds! Repeated use of a card is one tell-tale sign of a likely fraud-attack. Now you can control repeat card use against certain criteria and allow other customers to continue transacting unaffected! IP Attempts Miscellaneous Similarly, limiting repeat requests from the same IP combined with other key criteria can produce sophisticated controls i.e. limit how frequently an IP in certain high risk countries can transact. Your rules may also be setup to only act where certain fraud red flags are identified either a history of chargebacks from the card or a risk that the customer IP is an open proxy. Velocity Limits Construct any bespoke velocity limits on which you wish the rule to operate. For Advanced Scheduling Your choice of when the rule should be operational, both days of the week, and Resultant Action Specify whether the rule should reject or defer (PreAuth) the transaction, and if it example any number of transactions via the hours on each or every day of the is a defer should it automatically capture a same card, IP, email address or billing address in a specific number of minutes, week, along with any specific periods of days and hours between chosen dates in matching transactions after a set number of days? Alternatively set a rule to Watch hours or days it s completely up to you. which the rule should be off. Only to produce a transaction watch list. Note that rule configuration is always cumulative, all enabled criteria must be matched for the rule to be satisfied, for example a rule which has payment type set to MasterCard, FraudGuard score set to 2.0, and card attempts in 24 hours set to 3, will not match a MasterCard with 4 card attempts in 24 hours but FraudGuard score of 1.5. All three parts would need to be satisfied. The important exception to this logic is 3 advanced configuration tools within the rule (Countries on Which Rule Acts, Payment Limits, and Velocity Limits). Each of these panels are multiple choice, allowing you to add a range of selections, so your rule can act against any of the selections, whether a currency specific limit, a chosen country, or a particular velocity model. Page 12 of 26

What sort of rules can I create? By combining different criteria and being selective about which criteria are enabled within each rule, the possibilities are endless, from simple rules such as enforcing a maximum spend on Maestro transactions, through to complex very targeted rules, i.e. preventing customers from a Russian IP using a British issued Visa credit card who have used the same email 10 times in 6 hours and have a Fraud Score of over 3.0. To get you thinking, here are some practical operational and risk rules that might be created with this tool: Enforce a GBP or USD spending limit on transactions with a FraudGuard score of more than 5.0 Enforce a EUR spending limit whenever a customer is transacting with the same card for a 2 nd time in 3 hours Reject any transactions from Nigerian IP s where using a French issued card and having generated previous chargebacks Pre Auth (defer) any Solo transactions from new customers where the email has been used three or more times in 5 days Reject transactions with a FraudGuard score of more than 2.5 if there is also a risk that the IP address is an Open Proxy Simply apply your own desired spending thresholds for each currency to act on all transactions or against other criteria First time users will wish to create a new rule rather than have existing rules to manage. To do this the Add New Rule option should be clicked. This will immediately expose a blank rule ready for configuration no rule criteria will yet be enabled. Creating your rule is simple simply tick to enable any of the first four criteria (Payment Type, Fraud Score, Card Attempts, and IP Attempts) to act on your rule, and once enabled select the required value. Two clicks per criteria needed and you re all set! Check whether you want either of the miscellaneous criteria matched, set the rule to act only on new or existing customers, or configure any of the advanced criteria countries on which rule acts, payment limits, velocity limits and advanced scheduling. Finally, select the resultant action you wish the rule to have. By default it will fail the transaction, however you can specify that the rule should PreAuth (defer) the transaction instead. This allows you to create rules which allow transactions to be reviewed. Before hitting Save Rules, enter a descriptive name for your new rule which will appear on transaction detail of any matched payments and set the date on which it should be activated. You must also tick the Add New Rule confirmation checkbox. Page 13 of 26

7.1 Managing Countries To manage countries on which your Fraud Rule will act, simply click the Manage option which appears above the blank panel headed Countries On Which The Rule Acts. This will display a new configuration tool for adding and removing countries. You may select one or more countries from the regional lists on the left hand side (multiple countries can be selected by using your CTRL or SHIFT keys) and then use the top row of right hand buttons to add the countries to one of three country lists. Each list represents a different way of matching a country. The stated location list matches on the country given in cardholder billing address. The IP list matches on the geolocation of their IP address and Issuer list matches the country of their card issuer. Any countries added to the rule using Enforce by Stated Location require that the customer gave that country as their billing address for the rule to be satisfied. Likewise countries in the Issuer list must match country of the card used in a transaction. When you have completed your country lists, simply click the Confirm button and the countries tool will close and your newly selected countries added to the main rule panel. Clicking Cancel will close the countries tool without updating the rule. Either during creation or when later editing your rules, you can select and remove countries using the Remove button below. Page 14 of 26

7.2 Managing Payment Limits As with managing countries, to manage the payment limits on which your Fraud Rule will act, simply click the Manage option which appears above the blank panel headed Payment Limits. This will display a new configuration tool for managing these. Simply select each currency you want to add to the rule, enter the amount limit applicable for that currency, and then use the Add Currency button to add it to the rule. You may do this for as many different currencies as you wish to apply to the rule. When you have completed your lists or currency amount limits, simply click Confirm and the payment limits tool will close and your selected amounts will be added to the main rule panel. Clicking Cancel will close this tool without updating the rule. 7.3 Managing Velocity Limits To configure a variety of custom velocity controls as criteria of your rule, once again simply click on the Manage option which appears above the blank panel headed Velocity Limits On Which The Rule Acts. This will display the related configuration tool. Simply use the drop down menus to create a sentence describing your proposed velocity limit, then use the Add Limit button to add it to the rule. You may do this for as many different alternative velocity controls as you wish to apply to the rule. Page 15 of 26

When you have completed your list of desired velocity limits, simply click the Confirm button and the velocity limits tool closes and your selected controls will be added to the main rule panel. Clicking Cancel will close this tool without updating the rule. As with your selected countries and payment limits, don t forget to click Save Rules after adding or removing limits from your rule, in order to commit these criteria to our systems. At least one limit in each of these lists must be exceeded for a rule to act. 7.4 Advanced Scheduling In addition to the three panels in which you can configure lists of limits on your rule, the fourth and final panel enables you to create advanced scheduling for your rule for example days and hours of the week it operates, and any periods it must be off. By default a rule will run on all days of the week, but clicking the Manage option above the Advanced Scheduling panel will launch the scheduling tool, which contains three distinct controls for configuring days, hours and custom breaks in a schedule. To the right of the scheduler you can add any periods on which you wish to disable the rule. In conjunction with the chosen activation time this makes it easy to build a complex calendar for the periods in which your rule should act. Simply select your desired periods between a start time and date and finish time and date, then click Add from above to add to a rule. When all scheduling is set, click Confirm. On the left of the configuration simply tick and un-tick those days on which you want the rule to act. This will ensure the rule only operates on the days where you require it for example weekends on week days. Then below that you can select hour ranges on which the rule acts, both by default for all days, and/or on specific individual days. You can add as many hour ranges as required, so you could add both 00:00 to 09:00 and 18:00 to 24:00 for the same day to cover pre- and post- work hours. Note as with all Extranet reporting, scheduling is based on a GMT timezone. Page 16 of 26

Upon confirming your scheduling configurations, the selections will be added to the rule itself and listed in the summary panel so that you can always review this criteria as part of your rule. Don t forget to save your rule in order to store the scheduling. 7.5 Transaction Detail Once you have active Fraud Rules on your payment installation, all transactions processed via this installation rules will incorporate an additional FraudGuard Rules section within the FraudGuard panel. The comprehensive FraudGuard information panel displayed on any transaction detail screen is covered in full in Section 11. It accompanies available payment information with multiple Pass/Fail sections reporting different fraud data. The new FraudGuard Rules section will list the total number of active rules that were processed when a transaction was received and the outcome of all these checks. Once a transaction fails a rule, the rule is given in the outcome panel. In such cases the rule is named using your description for the control and a summary of its criteria is shown. It also links through to the rule s control panel. 7.6 Disable Rule Although you may opt to create a range of scheduling for your rule, once a rule is active you cannot make any further changes or additions to it. Therefore at some point you may wish to disable the rule if it no longer matches your desired risk profiling. You ll see that all interfaces and configuration options are disabled for an active rule but a new checkbox will be visible marked Disable?. Simply tick this box and re-save your rules in order to disable, upon reload you ll find the rule is now switched off. 7.7 Copy Rule As soon as you start creating rules you may find you have a base risk profile that you need to re-use when developing more complex risk profiles. Or you may wish to adapt an active rule by disabling it and copying it to a new rule to make adjustments. To do this, simply click Copy Rule within the configuration panel for the rule you wish to duplicate. Be sure to have saved any other rule changes before you do this, as it will instantly reload the page with a new copy rule, ready for you to adapt and use. The name identifies it as a copy you ll be prompted to change this. Once adapted tick Confirm Add Copied Rule and save. Page 17 of 26

8 Blacklisting & Whitelisting FraudGuard provides the opportunity to automatically either blacklist (reject) or whitelist (allow) future customer transactions based on their card number, IP address (internet connection location), postal code, email address or billing address. FraudGuard will automatically reject any customer whose credentials are matched on the blacklist, whilst any customer whose credentials are matched on the whitelist will always pass any FraudGuard controls and be submitted for authorisation. When you elect to review a list via options in the FraudGuard control panel, you are presented with a new screen containing all customers on that list, and those recently removed from the list. For auditing, the user performing each action is also displayed. Detail of criteria used is shown, whether card, IP address, or other. A one click option allows you to remove any customer, and this in turn is also audited so that a list of customers recently removed from a black or whitelist shows who was responsible. To add any customer to your consumer blacklist or whitelist, simply display their transaction detail (see section 11), then choose the relevant Blacklist or Whitelist options from the dropdown headed Options relating to this transaction, above the panel. Choosing either option will display a new screen prompting you to select the criteria by which you wish to add the customer to your blacklist or whitelist. You can see overleaf examples of these. Simply select and confirm to add the customer to your list. Page 18 of 26

Why Blacklist or Whitelist? If we have access to your chargeback data from your acquirer, you can decide that all customers who chargeback should be added to your Blacklist automatically but otherwise the Blacklist offers the opportunity to manually block problem consumer and transaction sources. For example if you receive a series of suspicious payments from the same IP address, you might choose to blacklist that IP address until you re comfortable accepting activity from this source. Or if a specific customer or email address is a repeated problem, simply blacklist them! Alternatively if you have a customer who you always wish to accept, irrespective of FraudGuard detecting potential risk for example, a VIP client or valuable user who transacts frequently or is often abroad outside your territory management you can add them to your whitelist. Selecting the criteria and clicking Confirm will instantly add the customer to your blacklist or whitelist, ensuring transactions subsequently received with this criteria are instantly managed according to your wishes there is no delay in enforcing this. Note that when blacklisting or whitelisting based on a consumer s address verification match, whilst the key elements of their address are visible, what is actually added to the list are numeric portions of their address, just the same as in an AVS check. When whitelisting, there are some additional options which are provided for you to manage common operational challenges caused by false positives in risk profiling, such as where an IP address or email address is very commonly used (i.e. mobile IP). If you choose the whitelist an IP address only from the effect of transaction history, customers using this IP address will still be subject to all FraudGuard checks, but the effect of many attempts from the IP address will not be treated as additional risk. Likewise if you choose to whitelist an email address only from its effect on fraud velocity and ID morphing (see section 11), for example if you were using your own email address on all payments, FraudGuard still operates but the email address is ignored. But otherwise, for all other whitelisting choices, the criteria chosen when identified in a subsequent transaction will ensure that such a transaction is sent straight for authorisation regardless of any FraudGuard processing that might have restricted it. Page 19 of 26

9 Additional Configuration The PayPoint.net FraudGuard control panel also includes an Additional tab for miscellaneous configuration options, included to enhance your customisation of the tools setup, or allowing you to better harness certain features according to your needs. For example, an option is included so that 3D Secure (provided as standard by PayPoint.net) overrides FraudGuard s transaction scoring if a customer has been successfully authenticated zeroing the score to imply no risk and maximise your acceptance. Among its many checks, FraudGuard Fraud Scoring (see section 4) assesses the likelihood that the customer is connecting from an open proxy, which increases the risk that it is someone trying to connect anonymously or trick your territory management. What is an Open Proxy? An open proxy is a deliberately or accidentally accessible open third party computer on the internet through which other users may connect in order to hide their true location and appear based in a different location (that of the third party). This is a common tactic by fraudsters. Of particular concern are those Open Proxies which are anonymous allowing a fraudster to operate without trace and Proxies which are known spam sources indicating that they are already actively used and share for performing illegal and undesirable activity. Reject Open Proxy Transactions? allows you to block transactions where there is more than a 30% chance of origination from an Open Proxy. This may restrict some genuine consumers but eliminates transactions whose true origin may well be disguised. Blacklist customers who Chargeback? will automatically place cards into your blacklist where the preceding purchase resulted in a chargeback. This zero tolerance policy on chargebacks will save you blacklisting problem cards manually. Note that this is only possible on accounts for which PayPoint.net are provided chargeback data by your acquirer. Please check before using. 10 Alternative Payment Methods Though FraudGuard is used on all PayPoint.net payment processing, it is designed to be used standalone by Merchants seeking to consolidate risk management across a diverse range of activity, such as cards processed elsewhere and other payment types. All functionality described in this guide is completely applicable to standalone use of FraudGuard, providing all the same output via API or Extranet. Rather than processing a payment ourselves, PayPoint.net will advise you via API to accept, reject or defer. How do I use FraudGuard standalone? It s simple to send us transactions for which you only want FraudGuard to provide you guidance on whether to process the transactions. This is covered clearly and easily in our Bank Enterprise API guide, in a section entitled Non Auth Transactions transactions we don t authorise. The MCPE Bank Enterprise integration guide may be obtained via the Merchant Extranet under Resources > Integration Guides or from our public website. Most importantly, you can leverage the same great tools regardless of how you use FraudGuard. So, should you use it on cards processed elsewhere, you can still send us the card number first so we can manage velocity, allow you to blacklist/whitelist, etc. And even if you re using FraudGuard on transactions of other payment methods (for example Neteller, PayPal, Paysafecard) you can still send us the payment account identifier and we ll store it and measure its velocity, and allow you to blacklist/whitelist it. In fact, no matter what token you send whether a card number, Moneybookers account email address etc FraudGuard will make just as good use of it, so you can build FraudGuard rules (see section 7) specific to any payment method and it s activity! Page 20 of 26

11 Transaction Detail In addition to the control panel, the key feature of PayPoint.net FraudGuard is its presence within the transaction detail of each and every payment and pre-authorisation, clearly displaying the outcome of all transaction analysis and fraud management. How do I view Transaction Detail? The full detail of any transaction is displayed simply by clicking on it either when displayed in a list of results generated by a transaction search, when appearing on statements, or targeted lists of suspicious and deferred transactions under the FraudGuard tab (see section 12). Using the Merchant Extranet, to search for any transaction simply use Sales > Search, or use Sales > Statements to list transactions in any given period. Under the FraudGuard tab, three different reports identify high risk transactions, deferred transactions and suspicious activity. Results of FraudGuard checks and in particular Transaction Analysis appear alongside every payment transaction in a dedicated right-hand panel. Related attributes are grouped together. Click on the plus or minus icon to open or close each panel section. Sections comprising the negative outcome of certain checks open automatically for highlighting. Each section also has a trafficlight coloured outcome. FraudGuard displays an overall score and clear English-language summary of potential risk identified. Page 21 of 26

Where a transaction is processed by FraudGuard, the FraudGuard panel on the right-hand side of a transaction detail screen offers all the detailed fraud and risk analysis available. CV2 & AVS The outcome of the card issuer s Security Code (CV2) check, and any Address Verification (AVS) performed on the transaction to establish the validity of address and/or postcode. 3D Secure Check The card scheme 3D Secure check attempted, including outcome of the enrolment lookup, status of the cardholder authentication (if attempted) and guidance on resultant expected liability shift. Identity Keying Analysis Analysis of the name and email address entered by the customer, using proven algorithmic techniques to detect any spoofing of a given name or email address, or any lack of consistency between each often a strong indicator of a fraudulent submission. Cardholder: IP I P Address By locating the origin of the customer internet connection, their physical location is pin-pointed to both a region, city and internet provider. Any discrepancy against a consumers claimed country is highlighted, as well as if their actual location is high-risk. Consumer: Email Address The domain of the customer email address is assessed in order to report where it is hosted. Importantly, it is also highlighted if the email address is an anonymous or free service, an increased risk. Card Issuer Information For card transactions, full details of the customer s card issuer are provided, including name, location and where known, telephone number. If the card has been issued in a different country to that given of the claimed address or physical location, this is shown. Location Summary To summarise any differences between the country given by the customer in their stated address, the country of their IP address, and the country in which their card was issued, a clear summary of the locations used in this transactions is provided. Recent Activity Previous transaction attempts from the same card or IP address in the last 24 hours are reported, whether it s via your account only or across PayPoint.net (see section 6). In one click you can pull up a statement of all transaction activity, from either the card or IP. Identity Morphing A key trait of online fraud is the risk that some identity morphing has occurred, whether a card has been used with multiple email addresses, or several cards have been used through a single IP. This section summarises any morphing of a given IP address, card number, billing address or email address during the past week. It gives you clear guidance on what has morphed and how. Page 22 of 26

Chargebacks Via our acquirers, PayPoint.net has access to chargeback data for many Merchants. Using the data we can highlight if chargebacks have occurred against previous transactions from the same card or IP. You can even see a profile of the previous transaction. Territory Management If Territory Management is active (see section 5) the verification method (card issuer country, IP, or combination of both) is given along with the verified country and the outcome. With one click access you can jump back to your configured list of countries. Open Proxy This reports percentage likelihood that the transaction originated from an open proxy (see section 9). Also indicates whether the proxy is anonymous and whether it is a spam source. Blacklist / Whitelist Displays whether any aspect of the transaction is blacklisted or is whitelisted. If there is a match, displays further criteria detail. FraudGuard Rules For Merchants using the FraudGuard Rules Engine, this shows all rules that were applicable and were therefore checked. It reports outcome, and if a rule fails full detail is given (see section 7.5) FraudGuard Score An overall FraudGuard score is shown, reflecting the Transaction Analysis which has been performed. If this exceeds a configured fraud score threshold, then the payment is deferred or rejected. Summary A plain-english summary lists all the potential issues which have been identified by FraudGuard. This is a clear at-a-glance review of areas of risk which FraudGuard has either acted automatically upon, or is advising you to take into account during review. 12 FraudGuard Reporting Any and all recent transactions that match a range of risk indicators (including, if applicable, your FraudGuard score threshold) are displayed on the FraudGuard risk report, available from the dedicated FraudGuard tab on the Merchant Extranet. By using a range of reporting filters, this is your portal for finding high-risk or suspicious transactions. Used in conjunction with FraudGuard automatic deferral and delayed capture functions, this is a perfect tool for efficiently pruning undesirable activity. And for Merchants using the FraudGuard Rules Engine, a filter by rule makes it easy to review matching transactions, including in particular those created with a Watch Transaction Only action the results of which can be pulled up instantly in this way. Page 23 of 26

Designed to mimic and automate the investigation process used by risk managers to search for suspicious activity, use as many or as few filters as suit your day to day risk concerns and then generate a report to review (and manage) any matching activity. Filtering above a particular FraudGuard score is logical, but you can also look for transactions with territory mismatches (where stated country, IP country or card issuing country are different) and you can filter where there is recent activity from card or IP. You can add into the mix whether there has been any identity morphing, whether the keying of the customer name or email is odd, or even if a transaction is from a source which has previously produced chargebacks. Search for risk that matters to you! Upon selecting your desired filters and choosing the ordering for the report whether by FraudGuard score, number of recent attempts, or date click Generate and an at-a-glance report will be displayed complete with key details and country flags. You can hover your mouse over the flags for guidance on countries identified in the transaction, or click into any transaction to load the full transaction detail (see section 11). This makes it simple for you to void, capture or refund transactions as required. The report itself is easy to follow and carries numeric and graphical summary information for each transaction in order to form quick and efficient judgements about the risk from each. The idea being that you can target activity you consider is concerning. Used alongside all the powerful automation tools provided by FraudGuard and described in the preceding sections, it should be clear that the report offers an intuitive portal through which to manage any remaining grey area risk to maximise revenues! What is an efficient way of using these tools to manage risk? Working with risk-sensitive clients for over six years, we ve seen Merchants using FraudGuard tools and reports in many different ways. There is one operational model which stands out as producing big efficiency savings for a client whilst sustaining rapid yet controlled growth. The approach was to use FraudGuard tools to automate deferral of suspicious activity (according to scoring thresholds, territory management and latterly risk profiling via the rules engine) and ensure automatic capture was set for all these deferrals to ensure eventual fund flow. In this way a flexible review window is created without having to reject or decision payments at source. Using automatic capture, no risk or chargeback liability was taken at the point of receiving a suspicious transaction, but funds were guaranteed and collected later by default. So risk managers were able to do what they were good at, and use the above reporting to profile deferred activity during the review window and find and eliminate fraudulent activity. This was far more efficient than having to tirelessly capture deferred revenue or monitor live flow. Page 24 of 26

As an alternative to the main FraudGuard report, you might just wish to track transactions deferred by the service for which a review is most pressing for example looking at the oldest live deferrals because the deferred transaction is about to expire. Using the Deferred Transactions report provides this much simpler view, enabling you to browse transactions simply according to combination of their score and the length of time until they expire allowing you to manage review and collection of funds. As well as this FraudGuard reporting, a more traditional statement is available of recent transactions which either exceed your FraudGuard score threshold or (in the absence of such a threshold being set) are considered to have scored highly. The Suspicious Transactions report is also available via the FraudGuard tab on the Merchant Extranet. It should not be used as an alternative to the FraudGuard report, but offers a typical Merchant Extranet statement view of high-risk transactions. Page 25 of 26

As with the main FraudGuard report, if you had not operated a FraudGuard threshold previously, this report will give you the opportunity to identify and refund any high risk recent transactions which you are worried may result in chargeback. If you do have a threshold set, the report will list all activity which exceeded the threshold, a simple way to review payments either deferred or rejected by FraudGuard. Where payments are deferred you can then capture or reject them as appropriate. If you are rejecting transactions over your nominated threshold, the report will list transactions declined by FraudGuard. You can then optionally use our Override feature (see Appendix A) to authorise any payments you are happy with. Finally, to complete the suite of FraudGuard reporting, the Risk Report also visible on this tab offers something different it pro-actively asks common risk questions each night and if it finds matches compiles a dossier for you to read in the morning! This is designed to replace time spent each morning looking for unusual patterns it asks questions such as: which cards have had more than x attempts in y days, which had more than x auths, and which aggregated a total spend of more than x? This is designed to be a basic generic alert to higher risk activity and, where identified, a simple daily report is published under this option which lets you click through to offending transactions and gives you access to any previous dossiers that week. Should you wish to extend this functionality and create your own profiling so that you can review activity quickly and easily, it is recommended that you use the FraudGuard Rules Engine (see section 7) and create a rule to build a live watch list! Appendix A: Manual Override A powerful feature of PayPoint.net FraudGuard is the ability for you to override any negative decision taken by fraud processing and manually authorise the payment regardless of risk analysis. For example you might review some recent declines and notice that some genuine activity has been incorrectly screened, or you may find an adjustment to your risk profiling was made in error. To protect your interests we maintain an override option for you so that on any transaction which has been declined as a result of FraudGuard checks, a Manual Authorisation button is available. This appears for up to 7 days after an initial decline, and if, after reviewing the declined transaction you then wish to override the FraudGuard decision, simply click Manual Authorisation. A new screen will appear, prompting you to confirm you wish to manually authorise the transaction. If you confirm, the payment will be immediately sent to the bank for authorisation. Page 26 of 26