PayPal Fraud Management Filters - 2009, Fraud Management Filters - 2012 User Guide
Fraud Management
Filters
For Professional Use Only
Currently only available in English.
A usage Professional Uniquement
Disponible en Anglais uniquement pour l’instant.
Last updated: June 23, 2009
Fraud Management Filters
Document Number: 10060.en_US-200906
© 2009 PayPal, Inc. All rights reserved. PayPal is a registered trademark of PayPal, Inc. The PayPal logo is a trademark of PayPal, Inc. Other
trademarks and brands are the property of their respective owners.
The information in this document belongs to PayPal, Inc. It may not be used, reproduced or disclosed without the written approval of PayPal, Inc.
PayPal (Europe) Ltd. is authorised and regulated by the Financial Services Authority in the United Kingdom as an electronic money institution.
PayPal FSA Register Number: 226056.
Notice of non-liability:
PayPal, Inc. is providing the information in this document to you “AS-IS” with all faults. PayPal, Inc. makes no warranties of any kind (whether express,
implied or statutory) with respect to the information contained herein. PayPal, Inc. assumes no liability for damages (whether direct or indirect), caused
by errors or omissions, or resulting from the use of this document or the information contained in this document or resulting from the application or use
of the product or service described herein. PayPal, Inc. reserves the right to make changes to any information herein without further notice.
Contents
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Revision History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Chapter 1 Introducing Fraud Management Filters . . . . . . . . . . . 7
Fraud Management Filters Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Fraud Management Filters Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Reviewing High-Value Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Denying Transactions From High-Risk Countries . . . . . . . . . . . . . . . . . . . . 10
Flagging Transactions With Invalid Card Security Codes . . . . . . . . . . . . . . . . 11
Accepting Transactions Using the Total Price Minimum Filter . . . . . . . . . . . . . . 11
Using Multiple Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Modifying the Examples to Meet Your Needs . . . . . . . . . . . . . . . . . . . . . . 14
Merchants With Third-Party Shopping Carts . . . . . . . . . . . . . . . . . . . . . . . . . 14
Chapter 2 Setting Up Fraud Management Filters . . . . . . . . . . . .15
Configuring Your Fraud Management Filters. . . . . . . . . . . . . . . . . . . . . . . . . 15
Fraud Management Filter Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Fraud Management Filters Setup Strategy. . . . . . . . . . . . . . . . . . . . . . . . . . 17
Chapter 3 Using Fraud Management Filters . . . . . . . . . . . . . .19
Accepting and Denying Payments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Monitoring Fraud Management Filters Performance. . . . . . . . . . . . . . . . . . . . . 21
Using Fraud Management Filters with Virtual Terminal . . . . . . . . . . . . . . . . . . . 22
Using Payment Fraud Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Chapter 4 Customizing Websites to use Fraud Management Filters . .31
Using Fraud Management Filters With IPN . . . . . . . . . . . . . . . . . . . . . . . . . 31
Fraud Management Filters API Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . 34
NVP Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
SOAP Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Fraud Management Filters June 23, 2009 3
Contents
Detecting Pending Transactions Using the PayPal API . . . . . . . . . . . . . . . . . . . 36
Handling FMF Errors in Payment API Operations . . . . . . . . . . . . . . . . . . . . . . 37
Migration From Risk Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Chapter 5 Fraud Management Filters Summary . . . . . . . . . . . . 41
Kinds of Fraud Management Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Basic Fraud Management Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Maximum Transaction Amount Filter . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Unconfirmed Address Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Country Monitor Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Advanced Fraud Management Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Card and Address Validation Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
High Risk Lists Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Transaction Data Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Chapter 6 Fraud Management Filters Operating Principles . . . . . .47
Fraud Management Filters Operation With Direct Credit Card and Virtual Terminal Payments .
47
Fraud Management Filters Operation With Other Payment Transactions . . . . . . . . . . 48
Fraud Management Filters Pending State Operation . . . . . . . . . . . . . . . . . . . . 48
Supported Transaction Flows for Review Action . . . . . . . . . . . . . . . . . . . . 49
Capturing Pending Payments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Interaction with Payment Receiving Preferences . . . . . . . . . . . . . . . . . . . . 49
Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51
4 June 23, 2009 Fraud Management Filters
Preface
This document describes Fraud Management Filters.
Intended Audience
This document is intended for merchants implementing the PayPal Fraud Management Filters.
Revision History
Revision history for Fraud Management Filters.
TABLE P.1 Revision History
Date Description
06/23/09 Updated to note that configuration of Fraud Management Filters is required
before they take effect.
01/31/09 Updated to show correct filters and include IPN and API programming
examples. This manual is for Canada, UK, and US.
09/30/08 Updated to show new free filters.
04/18/08 Second draft.
12/20/07 First draft.
Fraud Management Filters June 23, 2009 5
Revision History
6 June 23, 2009 Fraud Management Filters
Introducing Fraud Management
1
Filters
PayPal Fraud Management Filters enable you to identify potentially fraudulent transactions.
You must configure Fraud Management Filters to meet your needs; they are not active until
you configure them.
z Fraud Management Filters Overview
z Fraud Management Filters Examples
z Merchants With Third-Party Shopping Carts
Fraud Management Filters Overview
PayPal provides many Fraud Management Filters, which make it easier for you to detect and
respond to fraudulent transactions. You must configure the filters before they take effect.
Fraud management filters (FMF) provide you with tools, called filters, that can identify
potentially fraudulent transactions. The kinds of filters can be divided into the following
categories:
z Basic filters include filters that screen against the country of origin, the value of
transactions, and such. PayPal provides basic filters for business accounts and Website
Payments Pro accounts.
z Advanced filters include filters that screen credit card and addresses information, filters
that screen against lists of high-risk indicators, and filters that screen additional transaction
characteristics. Website Payments Pro merchants can upgrade to use advanced filters.
NOTE: Using advanced filters may incur additional charges.
Fraud Management Filters checks for payment characteristics that may indicate fraudulent
activity. You set up Fraud Management Filters to provide the tightest control possible over
payments so that you can deny payments that are likely to result in fraudulent transactions and
accept payments that are not typically a problem. Payments that may require further
investigation or intervention, such as comparing prior orders or contacting the customer for
more information, can be flagged or put on hold or pended for review.
The following diagram, conceptually shows how Fraud Management Filters work in three
steps:
Fraud Management Filters June 23, 2009 7
Introducing Fraud Management Filters
Fraud Management Filters Examples
1. Configure your Fraud Management Filters to flag, hold for review, or deny riskier
payments.
2. Based on your settings, your filters review incoming payments.
3. Your filters automatically, flag, deny, or hold payments for review; typically, most
payments are accepted because they do not show characteristics indicating fraud
A flexible fraud management configuration enables you to select the filters to use and to test
your strategy before denying payments or pending transactions for review. Advantages of
using Fraud Management Filters include
z time savings from having the computer do more to review transactions, and review them
consistently, which allows you to focus on transactions that are truly risky
z cost savings from identifying potentially risky transactions, which reduces chargebacks and
lowers your cost of doing business
z more accepted payments because you apply rules evenly with greater accuracy
Fraud Management Filters Examples
These examples show ways to configure Fraud Management Filters to flag or review
transactions and accept or deny payments. You must configure your filters before they take
effect.
Consider an example using four of the many kinds of filters provided by PayPal:
z Maximum Transaction Amount filter, which identifies transactions whose value exceeds a
specified amount
z Country Monitor filter, which identifies transactions based on the country of origin
z Card Security Code Mismatch filter, which identifies transactions with differences in the
credit card security code
z Total Purchase Price Minimum filter, which identifies transactions that are less than a
specified amount
8 June 23, 2009 Fraud Management Filters
The Maximum Transaction Amount filter and the Country Monitor filters are examples of
basic filters, which are available to business account holders and Website Payments Pro
merchants. The Total Purchase Price Minimum filter and Card Security Code Mismatch filter
are examples of advanced filters, which are available to Website Payments Pro merchants at
additional cost.
Reviewing High-Value Transactions
In this example, consider a scenario in which your average transaction amount is $100 and you
seldom expect orders over $1,000. Although you have received large orders before, you want
to verify for yourself that the order is legitimate and not an attempt to defraud you of
merchandise. In this case, you could set the Maximum Transaction Amount filter to Review
for transactions over $1,000.
The following diagram shows the effect of pending a transaction:
Introducing Fraud Management Filters
Fraud Management Filters Examples
A transaction is pended when the maximum transaction amount specified by the filter is
exceeded, which in this example is $1,000, meaning that these transactions await a decision
whether to accept or deny the payment. Other filters execute because the payment has neither
been accepted or denied. When there are no more filters to execute and another filter has not
caused the payment to be denied or approved, a pended transaction is ready to be reviewed.
The following diagram shows this logic:
Fraud Management Filters June 23, 2009 9
Introducing Fraud Management Filters
Fraud Management Filters Examples
You can review a transaction and accept or deny a payment
z from the PayPal website. You examine the transaction details.
z from your website or application, by using the ManagePendingTransactionStatus
API operation; for more information, see the Name-Value Pair API Developer Guide and
Reference or SOAP API Developer Reference.
z from your shopping cart vendor, if they provide this feature for you.
Denying Transactions From High-Risk Countries
In this example, consider a scenario in which your experience indicates that transactions
originating from some countries have always been attempts to defraud. You can set the
Country Monitor filter to deny payments from these countries, as shown in the following
diagram:
10 June 23, 2009 Fraud Management Filters
Introducing Fraud Management Filters
Fraud Management Filters Examples
Filtering stops if the payment is denied. If the transaction originates from a country not on the
list, filtering continues.
Flagging Transactions With Invalid Card Security Codes
In this example, consider a scenario in which your experience indicates that customers
routinely mistype their credit card security code; however, in some cases, it is not an honest
mistake and can indicate fraud. Before you decide to review or deny this kind of payment, you
may decide to flag them first. After reviewing the flagged transactions, you can decide if
further action is necessary.
In this case, you could set the Card Security Code Mismatch filter to Flag, which would flag
the transaction:
Regardless of whether the transaction has been flagged, the next enabled filter is applied.
Flagging a transaction does not approve or deny a payment or pend the transaction for review.
Accepting Transactions Using the Total Price Minimum Filter
For the purpose of thinking about the operation of filters, the Total Price Minimum filter
determines the universe of payments on which the other filters operate. If the Total Price
Minimum filter is not enabled, the Fraud Management Filters universe includes all payments;
otherwise, the Fraud Management Filters universe includes all payments above the amount
specified by this filter.
NOTE: This filter is also the only filter that uses Accept to indicate that the filter does not
deny payments less than the specified amount.
Consider the following example in which the Total Price Minimum filter is set to Accept for
$10, In this case a $10 payment will be accepted and other filters will not be executed. If the
payment was for $11, other filters execute.
Fraud Management Filters June 23, 2009 11
Introducing Fraud Management Filters
Fraud Management Filters Examples
Using Multiple Filters
If you enable more than one filter, the filters are applied in the order determined by the kind of
payment method until one of them causes the payment to be accepted or denied. If all filters
have been applied and the transaction has not been pended for review, it is automatically
accepted. For information about the order in which filters are applied, see Fraud Management
Filters Operating Principles.
Consider the four filters in the following diagram, which are shown in the order used for
Direct Credit Card and Virtual Terminal payments.
12 June 23, 2009 Fraud Management Filters
Introducing Fraud Management Filters
Fraud Management Filters Examples
1. If the total amount of the transaction is less than the amount specified by the Total Purchase
Price Minimum filter, the payment is accepted and processing stops; otherwise, the next
filter is applied.
Fraud Management Filters June 23, 2009 13
Introducing Fraud Management Filters
Merchants With Third-Party Shopping Carts
2. If the total amount of the transaction is greater than the amount specified by the Maximum
Transaction Amount filter, the transaction is pended awaiting review; regardless of whether
the transaction is pended, the next filter is applied.
3. If the transaction’s country of origin matches a country specified by the Country Monitor
filter, the payment is denied and processing stops; otherwise, the next filter is applied.
4. If the customer’s credit card security code does not match a valid code, the Card Security
Code Mismatch filter flags the transaction and processing continues; the next filter is
applied.
5. When there are no more filters to apply and the transaction has not been pended, the
payment is accepted; otherwise, you must decide whether to accept or deny the payment.
Modifying the Examples to Meet Your Needs
These examples use specific filters, which are set to take specific actions. Your needs dictate
how you use these and other filters to reduce risk to a manageable level without significantly
increasing the effort required to process an order.
You need not use the same filters shown in the examples and you can take different actions if
you do use them. The following items are just some of the alternatives for you to consider:
z You may decide not to use the Total Purchase Price Minimum filter or use it with a lower
transaction value.
z You may decide to pend transactions from high-risk countries rather than deny their
payments.
z You may decide to flag high-value transactions rather than pend them for review.
Setting up Fraud Management Filters requires both experimentation and iteration.
Merchants With Third-Party Shopping Carts
Merchants that use a shopping cart provider, should consult with their vendor about their level
of support for Fraud Management Filters.
You can use Fraud Management Filters with a third-party shopping cart. You should check
with your vendor about their level of support for Fraud Management Filters because the
business procedures you use to review transactions may be different depending on your
shopping cart’s level of support.
For example, your cart vendor may support all features of Fraud Management Filters, in which
case, you would review and accept or deny payments from their service. If your cart vendor
does not provide any additional support for Fraud Management Filters, you will need to log
onto PayPal to review and accept or deny payments or provide your own solution using the
PayPal API to develop a custom application.
14 June 23, 2009 Fraud Management Filters
Setting Up Fraud Management
2
Filters
You must set up Fraud Management Filters after you sign up for them.
z Configuring Your Fraud Management Filters
z Fraud Management Filter Settings
z Fraud Management Filters Setup Strategy
Configuring Your Fraud Management Filters
Configuring Fraud Management Filters to enable filters that are predictive of fraud requires
both experimentation and iteration. By default, Fraud Management filters are not configured
to identify potentially fraudulent transactions.
IMPORTANT: By default, Fraud Management Filters are not configured. You must configure
your filters before they take effect.
You configure PayPal Fraud Management Filters to accept as many payments as possible
automatically, deny payments that are clearly associated with fraud, and review the payments
that are outside your normal experience but may or may not indicate an attempt to defraud.
When you first start, you should consider using filters only to flag payments; in which case,
the payment is accepted but you can easily locate and view the payment later. If you notice that
a filter configuration is predictive of fraud, you can either change the filter configuration to
review the payment or to deny the payment. If you choose to review the payment, you may
want to incorporate the review into your normal workflow. If a filter is not predictive of fraud,
you can deselect the filter.
To configure Fraud Management Filters, select Fraud Management Filters from your
Profile. Then enable the filters you want to use from the Edit My Filter Settings page:
Fraud Management Filters June 23, 2009 15
Setting Up Fraud Management Filters
Configuring Your Fraud Management Filters
NOTE: The available filters are determined by agreement between the merchant and PayPal.
You may not be granted access to all filters.
16 June 23, 2009 Fraud Management Filters
Loading...