Anti-Fraud: Getting Started
The following features are available for your use and are designed to reduce fraud on your account. Please take a moment now to review these features. It is your responsibility to monitor your account and enable fraud control features as necessary. These features can be enabled (and disabled) in the Account Settings portion of your Control Panel. Information about these features is also available there.
Require Unique Order Form IDs
The twenty character Order Form UID value is randomly generated and keeps fraudsters from guessing what ID you are using to process orders. This does not keep someone from looking at your order form and obtaining this value, but we have found that the majority of fraud is done using automated tools. These tools cycle through five digit numbers until they find an account that allows standard form transactions without Proof Of Life or other fraud controls. So this setting keeps fraudsters from stumbling upon your account.
The ‘Require Unique Order Form IDs’ setting must be enabled for this to be enforced. Once this setting is enabled your order forms must pass through the UID in the ‘vendor_id’ field.
You can use the ‘RESET’ link to disable your old UID and generate a new one. When you click on the ‘RESET’ link you will be shown a warning that indicates that the action could potentially cause your order forms to stop working. If you would like to reset your UID without having to take your system down, there is a process you can use which will allow you to keep your forms working while you do the reset:
- Disable the ‘Require Unique Order Form IDs’ settings which will allow you to use your gateway ID in the order form ‘vendor_id’ field.
- Update your order form’s ‘vendor_id’ field to contain your Gateway ID.
- Reset your order form UID.
- Update your order form’s ‘vendor_id’ field to contain your new order form UID.
- Enable the ‘Require Unique Order Form IDs’ setting.
Restrict Order Usage
If a transaction is received via HTML and is NOT approved, this feature will a automatically enable a time restriction. For the next number of minutes (a number you choose), no transactions will be allowed from the IP address of the original unapproved transaction. This fraud prevention module is specifically designed to reduce the number of ‘testers.’
Order IP Filters
This feature blocks transactions from all network addresses other than those you specify in the IP filter. This eliminates the ability for anyone to post a transaction through your account except from the IP address(es) you specify. (This is only for use by systems that do a transaction "form post" directly from their server to the gateway server; if you do not know whether your system is setup this way, do not enable this feature.)
Proof of Life
After order submission, this feature displays a page to the user with a dynamically generated image containing random characters. The user must enter these characters correctly to continue the order submission. This fraud prevention module is specifically designed to reduce the number of ‘testers,’ i.e., those who hit merchants with credit card numbers attempting to find valid cards.
This feature disallows any transaction through your gateway under a dollar amount you specify. If you do not sell anything for under $15.00, for example, enter 15.00 in the Minimum Sale field. (Enter as 15.00 not 15. Do not include dollar signs.) This fraud prevention module is specifically designed to reduce the number of ‘testers.’
This feature disallows any transaction through your gateway that exceeds a maximum you specify. If you do not accept sales for over $100.00, for example, enter 100.00 in the Maximum Sale field. (Enter as 100.00 not 100. Do not include dollar signs.)
Address Verification (AVS) Auto-Void
With every transaction submitted to your processing network for approval, address information (address and ZIP code) is included for verification. The Auto-Void feature allows you to have approved transactions automatically voided if the processing network indicates that the address and/or ZIP code entered do not match their records.
Card Verification Value (CVV) Auto-Void
The CVV code is a security feature for ‘card not present’ transactions (e.g., Internet transactions); it is a three- or four-digit code that appears on most (but not all) major credit and debit cards. The Auto-Void feature allows you to have approved transactions automatically voided if the processing network indicates that the CVV entered does not match their records.
Duplicate Order Prevention
This feature will block duplicate transactions sent through the gateway. To be considered a duplicate transaction the following values must be identical to another transaction that has occurred in the last 24 hours. Currently this service only works with credit card transactions.
- Credit Card Number
- Credit Card Expiration Month
- Credit Card Expiration Year
- Billing Street Address
- Billing Zip/Postal Code
- Order Total
Allow Non-VT Sales
This box should ALWAYS be selected if you are permitting customers to process transactions from your site via the HTML connection method. UNCHECK THIS BOX IF YOU WANT TO ALLOW ONLY VIRTUAL TERMINAL TRANSACTIONS AND XML BASED TRANSACTIONS TO BE PROCESSED THROUGH YOUR ACCOUNT.
Please do not hesitate to contact us with any questions.
PO Box 999
314 South 200 West
Farmington UT 84025-0999
Phone: (801) 298-1212
Fax: (801) 298-9789
For technical assistance, please submit a ticket via the iTransact Support Center.