Difference between revisions of "X-Payments:KOUNT Antifraud screening"

From X-Payments Help
Jump to: navigation, search
(Created page with "<noinclude>{{XP_manual_TOC}}</noinclude> __NOTOC__ To help you protect your business against fraud, X-Payments 2.1 provides integration with a powerful fraud detection and p...")
 
m
 
(30 intermediate revisions by 2 users not shown)
Line 3: Line 3:
 
__NOTOC__
 
__NOTOC__
  
To help you protect your business against fraud, X-Payments 2.1 provides integration with a powerful fraud detection and prevention solution by [http://www.kount.com/?utm_source=x-cart&utm_medium=home&utm_campaign=partner Kount]. Kount delivers an all-in-one, SaaS model fraud and risk management platform for merchants operating in card-not-present (CNP) environments and looking to root out fraudsters and increase revenue. For each transaction, Kount’s real-time "decisioning" engine analyzes hundreds of relevant variables and activity across the globe. Kount applies a multitude of proven and patented technologies including Multi-layered Device Fingerprinting®, Proxy Piercer® geolocation tools, statistical scoring, rules-based fraud detection, cross-merchant linking, and Persona behavioral modeling. Kount's proprietary technology has reviewed hundreds of millions of transactions and provides maximum protection for some of the world's best-known brands.
+
To help you protect your business against fraud, X-Payments versions 2.1 and later provide integration with a powerful fraud detection and prevention solution by [http://www.kount.com/?utm_source=x-cart&utm_medium=home&utm_campaign=partner Kount]. Kount delivers an all-in-one, SaaS model fraud and risk management platform for merchants operating in card-not-present (CNP) environments and looking to root out fraudsters and increase revenue. For each transaction, Kount’s real-time "decisioning" engine analyzes hundreds of relevant variables and activity across the globe. Kount applies a multitude of proven and patented technologies including Multi-layered Device Fingerprinting®, Proxy Piercer® geolocation tools, statistical scoring, rules-based fraud detection, cross-merchant linking, and Persona behavioral modeling. This enables Kount to expose fraudsters and prevent fraudulent transactions in real time, before losses occur. Kount's proprietary technology has reviewed hundreds of millions of transactions and provides maximum protection for some of the world's best-known brands.
 
+
<br /><br />
For more information or to request a personal demo of Kount, contact Kyle Allred at KBA@Kount.com or call 208-489-2773.
+
To start using Kount for online payment fraud screening in X-Payments, complete the following steps:<br />
 
+
# Sign up for a Merchant account with Kount at [http://www.kount.com/?utm_source=x-cart&utm_medium=home&utm_campaign=partner http://www.kount.com]. You will be provided with some credentials that you will need to configure Kount fraud screening in X-Payments: your Merchant ID and your Site ID. Take note of this information.<br />
To start using Kount for online payment fraud screening in X-Payments, complete the following steps:
+
# In the Kount Agent Web Console (AWC), create your API Key(s).<br />[[File:Kount_api_keys.png|668px|border]]<br />API Keys are required to authenticate to Kount. Note that Kount has separate environments for testing and production, and API Keys must be created and used for each of the environments separately. Kount's instructions for creating API Keys can be found here: [https://support.kount.com/s/article/Create-an-API-Key https://support.kount.com/s/article/Create-an-API-Key].<br />
# Sign up for a Merchant account with Kount at [http://www.kount.com/?utm_source=x-cart&utm_medium=home&utm_campaign=partner http://www.kount.com]. You will be provided with some credentials that you will need to configure Kount fraud screening in X-Payments: your Merchant ID and your Site ID. Take note of this information.
+
# In the Kount Agent Web Console (AWC), configure customized credit card validation rules for your online store to match the unique needs of your business.
# Go to the desired Kount Agent Web Console (AWC), test or production, and request your Public certificate and Private key. You will need to convert the files to .PEM format and set your private key passphrase. Kount will provide detailed instructions for that.
+
# Log in to X-Payments and locate the payment configuration for which you want to use Kount fraud screening. For the sake of example, we are going to enable KOUNT for the payment configuration "First Data Payeezy Gateway (ex- Global Gateway e4)".<br />[[File:Firstdata_pconf.png|668 px|border]]<br />Open the details of the chosen payment configuration for editing.
# Upload the public certificate and private key files to the directory <xp-dir>/var/certs/kount/ within your X-Payments installation.
+
# In the payment configuration details, check the '''Antifraud service''' setting. If you haven't been using any antifraud service for the current payment configuration so far, this field will be set to "Not enabled".<br />[[File:Antifraud_service.png|668 px|border]]<br />Reset this field to "KOUNT Antifraud screening".<br />[[File:Kount_selected.png|668 px|border]]<br />Click '''Save''' to save the changes.<br />
# Edit some Kount related code in the file <xp-dir>/.htaccess to enable Kount to work. For details, see [[#Kount related settings in <xp-dir>/.htaccess|Kount related settings in <xp-dir>/.htaccess]].
+
# Configure KOUNT for the current payment configuration:
# In the AWC, adjust credit card validation rules for your online store.
+
## Click <u>Configure</u>.<br />[[File:Kount_configure.png|668px|border]]<br />The KOUNT settings page for the current payment configuration opens:<br />[[File:Firstdata_kount.png|668 px|border]]<br />
# Log in to X-Payments and locate the payment configuration for which you want to use Kount fraud screening.
+
## Adjust the KOUNT settings:<br />[[File:Xp_kount_settings1.png|668px|border]]<br />
# Go to the 'KOUNT Antifraud screening settings' page for this payment configuration by clicking the "KOUNT Antifraud screening: <u>Configure</u>" link:<br />
+
##* '''Status''' (Not configured / Enable / Disable): This setting indicates whether KOUNT module is active. For now just leave it as is. After you provide the rest of the required settings (below) and save the changes, KOUNT module will be enabled automatically. You will then be able to use this setting to disable/re-enable KOUNT for your current payment configuration as you require.
#* On the 'Payment configurations' page (Settings -> Payment configurations) you can find this link here:<br />[[File:Kount_configure1.png|border]]
 
#* On the 'Payment configuration details' page it is here:<br />[[File:Kount_configure2.png]]
 
# Use the 'KOUNT Antifraud screening settings' page for the selected payment configuration to configure your Kount integration module:<br />[[File:Kount_settings.png|border]]
 
## Adjust the following settings:
 
 
##* '''Merchant ID''': Specify your Merchant ID as was provided to you by Kount.
 
##* '''Merchant ID''': Specify your Merchant ID as was provided to you by Kount.
 
##* '''Site ID''': Specify your Site ID.
 
##* '''Site ID''': Specify your Site ID.
##* '''Public certificate file name''': Specify your public certificate file name.
+
##* '''API key''': Enter the API key you have created in the AWC. It will be used for authentication.<br />Note that Kount API has been updated and, starting with X-Payments 3.1.4, Kount certificates (RIS Certificates) are no longer supported. You must use an API key.
##* '''Private key file name''': Specify your private key file name.
 
##* '''Private key passphrase''': Specify your private key passphrase.
 
 
##* '''Test/Live mode''': Use this to set the operation mode for Kount fraud screening service - ''Test'' or ''Live''. For access to the Kount AWC in Live mode use the address https://awc.kount.net, in Test mode - the address https://awc.test.kount.net.
 
##* '''Test/Live mode''': Use this to set the operation mode for Kount fraud screening service - ''Test'' or ''Live''. For access to the Kount AWC in Live mode use the address https://awc.kount.net, in Test mode - the address https://awc.test.kount.net.
##* '''Description of products''': Common name of the products sold by your store.
+
##* '''Description of products''': Common name of the products sold by your store.<br />
## When you are done adjusting all the fields, click '''Save''' to save the changes.
+
##* '''Mode for RIS update request''': Choose one of the available options (''X: Update data and re-validate transaction against rules'' or ''U: Update transaction data only''). Mode X is recommended if rules are based on the AVS information returned from the payment gateway. Note that additional charges may apply for Mode X. 
# Enable Kount fraud screening for the selected payment configuration: On the 'KOUNT Antifraud screening settings' page for your selected payment configuration, click the '''Disabled''' button located near the top of the page close to the title "Payment configuration: <Payment configuration name> KOUNT Antifraud screening", and select the action ''Enable'' from the button menu:<br />[[File:Kount_enable.png|border]]<br />Once the button switches to '''Enabled''', Kount screening for the selected payment configuration will be enabled.
+
##* '''Configuration key''': This setting is only available in X-Payments Enterprise. Specify your Configuration key; this one needs to be obtained from Kount.
<br />
+
##* '''If Kount declines''': This setting determines what happens if Kount recommends that a transaction should be declined: should the transaction be declined at once, or should the merchant be given a chance to review the transaction manually and possibly accept it.
Once Kount antifraud screening has been configured and enabled for a specific payment configuraton, any new payment transactions for this payment configuration will be screened by Kount, and you will be able to view the screening results on the Payment details page:
+
## Click '''Save''' to save your settings.
::[[File:Kount_results.png|border]]
+
# Make sure Kount fraud screening is enabled:<br />[[File:Kount_enabled.png|668px|border]]<br />
<br />
+
 
In X-Cart stores, it is also possible to view the results of screening by Kount in the order details via the store's back end. On the order details page, you will need to click the <u>View payment information</u> link:
+
Once Kount antifraud screening has been configured and enabled for a specific payment configuration, any new payment transactions for this payment configuration will be screened by Kount.<br /><br />'''Important:''' Kount will not screen transactions made using a previously saved credit card.<br /><br />
::[[File:View_payment_info_Kount_results.png]]
+
What happens when a buyer submits their credit card info to pay for an order in a store accepting payments via X-Payments and protected by Kount?<br /><br /> 
Kount screening results will be displayed in a popup window:
+
Technically, the process involves three steps:<br /><br />
::[[File:Kount_xc_results.png|border]]
+
At the first step, X-Payments makes a call to Kount to invoke Kount’s risk check service. In this call, information about the payment transaction (including the IP address, email address, shipping address, card details, billing info, order details, etc.) is submitted to Kount. This happens for each new card prior to contacting the payment gateway.<br />
 +
Kount’s risk check service checks the information submitted to it using Kount's proprietary algorithms and applies the custom rules configured for the merchant's account. Kount account settings provide substantial flexibility for configuring the rules, which means you can fine-tune the rules to your needs with precision - to the degree where you can specify that a transaction should be declined if initiated by a buyer of a certain name, or be declined if the risk score generated by Kount based on its internal algorithms exceeds a certain value. In practice, Kount will consider a lot of factors such as the buyer's country, how far the buyer's location is from the location of the store where the purchase is being made, whether the buyer is telling the truth about their location (based on whether the address submitted by the buyer matches the geolocation info collected by the service regarding the IP address from which the purchase is being made), the type of products being purchased (for example, if the buyer has a history of consistently using the card to buy car parts and suddenly pays for $2000 worth of makeup and beauty products) and so on. As a result, Kount's risk check service responds with a risk decision, which includes a risk score and a decision as to what should be done about the transaction in question (whether the transaction looks safe and should be processed, or whether it looks suspicious and should be declined or suspended for manual review by the merchant). X-Payments will honor the risk decision returned by Kount’s service. If the decision is to process the transaction, X-Payments will continue with the transaction processing by submitting the details to the payment gateway. If the risk decision is to decline the transaction, X-Payments will block the transaction and not contact the payment gateway. This way high risk transactions are blocked automatically before they become a problem, and the merchant does not have to pay the payment processor for processing a card that might have been stolen.<br />The setting "If Kount Declines" determines whether a transaction recommended for blocking should be blocked at once or should be suspended for manual review by the merchant. (In the latter case, the merchant will be able to review the transaction details and decide whether they want to decline the transaction or accept the risks associated with processing the card).<br /><br />  
 +
At the second step, X-Payments contacts the payment gateway for order processing. This, of course, does not happen for transactions that have been blocked.<br /><br />
 +
At the third step, X-Payments once again contacts Kount to find out the transaction result, including the results of the CVV и AVS checks. Kount's risk check service  also stores this information for future use.
 
<br /><br />
 
<br /><br />
===Kount related settings in <xp-dir>/.htaccess===
+
In the store where the transaction originated, the order to which the transaction pertains is marked with a special icon. For example, here's an order list from an X-Cart 5 based online store with an order of Aug 30, 2018 screened by Kount:<br />
The file <xp-dir>/.htaccess contains the following code:
+
::[[File:Kount_orderlist.png|668px|border]]<br />
<pre>
+
For transactions suspended for manual review, X-Payments provides a warning so the merchant can decide whether they wish to accept or decline this transaction. Here's what it looks like on the payment details page in X-Payments:
#
+
::[[File:Kount_warning.png|668px|border]]<br />
# Kount related
+
A similar warning appears in the store. For example, here's what it looks like in an X-Cart 5 store:
#
+
::[[File:Kount_warning_xc.png|668px|border]]<br />  
<IfModule mod_rewrite.c>
+
The results of screening by Kount can be viewed on the Payment details page in X-Payments:
    RewriteEngine On
+
::[[File:Kount_passed.png|668px|border]]
 
+
and on the order details page in the store:
    RewriteBase /xpayments/
+
::[[File:Kount_results_xc.png|668px|border]]
 
 
    RewriteCond %{REQUEST_FILENAME} !-f
 
    RewriteCond %{REQUEST_FILENAME} !-d
 
    RewriteCond %{REQUEST_FILENAME} !-l
 
    RewriteRule ^public/secure-logo.htm$ payment.php?target=kount&action=redirect&token=$1 [L,QSA]
 
    RewriteRule ^public/secure-logo.gif$ payment.php?target=kount&action=redirect&token=$1 [L,QSA]
 
</IfModule>
 
</pre>
 
In this code, the RewriteBase value is hardcoded as "/xpayments/". To allow Kount to work, you need to edit this line replacing "/xpayments/" with the actual path to your X-Payments installation relative to web root.<br />
 
 
 
''Examples:''<br />
 
:{| width="70%"
 
! align="left"| If your X-Payments is installed at...
 
! the default RewriteBase value should be:
 
|-valign="top"
 
| style="width: 50%;" | www.example.com/xpayments
 
| style="width: 50%;" | "/xpayments/" (i.e., the default value)<br />&nbsp;
 
|-valign="top"
 
| style="width: 50%;" | www.example.com
 
| style="width: 50%;" | "/" (single slash)<br />&nbsp;
 
|-valign="top"
 
| style="width: 50%;" | www.example.com/some/directory/path
 
| style="width: 50%;" | "/some/directory/path/"<br />&nbsp;
 
|}
 
  
Note that, in all cases, RewriteBase values should be entered without quotation marks.
 
<br />
 
  
 
[[Category:X-Payments User Manual]]
 
[[Category:X-Payments User Manual]]

Latest revision as of 19:01, 11 April 2020

X-Payments user manual
  1. X-Payments:General information
  2. What's New
  3. System requirements
  4. Installation
  5. Two-factor user authentication
  6. Configuring X-Payments
  7. Managing users
  8. Customizing the interface
  9. Managing payments
  10. Unistalling X-Payments
  11. Upgrading
  12. Moving X-Payments from one host to another
  13. Viewing X-Payments logs
  14. FAQ
  15. Troubleshooting
  16. Glossary
  17. Supported payment gateways
  18. Popular Payment Methods Configuration Instructions


To help you protect your business against fraud, X-Payments versions 2.1 and later provide integration with a powerful fraud detection and prevention solution by Kount. Kount delivers an all-in-one, SaaS model fraud and risk management platform for merchants operating in card-not-present (CNP) environments and looking to root out fraudsters and increase revenue. For each transaction, Kount’s real-time "decisioning" engine analyzes hundreds of relevant variables and activity across the globe. Kount applies a multitude of proven and patented technologies including Multi-layered Device Fingerprinting®, Proxy Piercer® geolocation tools, statistical scoring, rules-based fraud detection, cross-merchant linking, and Persona behavioral modeling. This enables Kount to expose fraudsters and prevent fraudulent transactions in real time, before losses occur. Kount's proprietary technology has reviewed hundreds of millions of transactions and provides maximum protection for some of the world's best-known brands.

To start using Kount for online payment fraud screening in X-Payments, complete the following steps:

  1. Sign up for a Merchant account with Kount at http://www.kount.com. You will be provided with some credentials that you will need to configure Kount fraud screening in X-Payments: your Merchant ID and your Site ID. Take note of this information.
  2. In the Kount Agent Web Console (AWC), create your API Key(s).
    Kount api keys.png
    API Keys are required to authenticate to Kount. Note that Kount has separate environments for testing and production, and API Keys must be created and used for each of the environments separately. Kount's instructions for creating API Keys can be found here: https://support.kount.com/s/article/Create-an-API-Key.
  3. In the Kount Agent Web Console (AWC), configure customized credit card validation rules for your online store to match the unique needs of your business.
  4. Log in to X-Payments and locate the payment configuration for which you want to use Kount fraud screening. For the sake of example, we are going to enable KOUNT for the payment configuration "First Data Payeezy Gateway (ex- Global Gateway e4)".
    Firstdata pconf.png
    Open the details of the chosen payment configuration for editing.
  5. In the payment configuration details, check the Antifraud service setting. If you haven't been using any antifraud service for the current payment configuration so far, this field will be set to "Not enabled".
    Antifraud service.png
    Reset this field to "KOUNT Antifraud screening".
    Kount selected.png
    Click Save to save the changes.
  6. Configure KOUNT for the current payment configuration:
    1. Click Configure.
      Kount configure.png
      The KOUNT settings page for the current payment configuration opens:
      Firstdata kount.png
    2. Adjust the KOUNT settings:
      Xp kount settings1.png
      • Status (Not configured / Enable / Disable): This setting indicates whether KOUNT module is active. For now just leave it as is. After you provide the rest of the required settings (below) and save the changes, KOUNT module will be enabled automatically. You will then be able to use this setting to disable/re-enable KOUNT for your current payment configuration as you require.
      • Merchant ID: Specify your Merchant ID as was provided to you by Kount.
      • Site ID: Specify your Site ID.
      • API key: Enter the API key you have created in the AWC. It will be used for authentication.
        Note that Kount API has been updated and, starting with X-Payments 3.1.4, Kount certificates (RIS Certificates) are no longer supported. You must use an API key.
      • Test/Live mode: Use this to set the operation mode for Kount fraud screening service - Test or Live. For access to the Kount AWC in Live mode use the address https://awc.kount.net, in Test mode - the address https://awc.test.kount.net.
      • Description of products: Common name of the products sold by your store.
      • Mode for RIS update request: Choose one of the available options (X: Update data and re-validate transaction against rules or U: Update transaction data only). Mode X is recommended if rules are based on the AVS information returned from the payment gateway. Note that additional charges may apply for Mode X.
      • Configuration key: This setting is only available in X-Payments Enterprise. Specify your Configuration key; this one needs to be obtained from Kount.
      • If Kount declines: This setting determines what happens if Kount recommends that a transaction should be declined: should the transaction be declined at once, or should the merchant be given a chance to review the transaction manually and possibly accept it.
    3. Click Save to save your settings.
  7. Make sure Kount fraud screening is enabled:
    Kount enabled.png

Once Kount antifraud screening has been configured and enabled for a specific payment configuration, any new payment transactions for this payment configuration will be screened by Kount.

Important: Kount will not screen transactions made using a previously saved credit card.

What happens when a buyer submits their credit card info to pay for an order in a store accepting payments via X-Payments and protected by Kount?

Technically, the process involves three steps:

At the first step, X-Payments makes a call to Kount to invoke Kount’s risk check service. In this call, information about the payment transaction (including the IP address, email address, shipping address, card details, billing info, order details, etc.) is submitted to Kount. This happens for each new card prior to contacting the payment gateway.
Kount’s risk check service checks the information submitted to it using Kount's proprietary algorithms and applies the custom rules configured for the merchant's account. Kount account settings provide substantial flexibility for configuring the rules, which means you can fine-tune the rules to your needs with precision - to the degree where you can specify that a transaction should be declined if initiated by a buyer of a certain name, or be declined if the risk score generated by Kount based on its internal algorithms exceeds a certain value. In practice, Kount will consider a lot of factors such as the buyer's country, how far the buyer's location is from the location of the store where the purchase is being made, whether the buyer is telling the truth about their location (based on whether the address submitted by the buyer matches the geolocation info collected by the service regarding the IP address from which the purchase is being made), the type of products being purchased (for example, if the buyer has a history of consistently using the card to buy car parts and suddenly pays for $2000 worth of makeup and beauty products) and so on. As a result, Kount's risk check service responds with a risk decision, which includes a risk score and a decision as to what should be done about the transaction in question (whether the transaction looks safe and should be processed, or whether it looks suspicious and should be declined or suspended for manual review by the merchant). X-Payments will honor the risk decision returned by Kount’s service. If the decision is to process the transaction, X-Payments will continue with the transaction processing by submitting the details to the payment gateway. If the risk decision is to decline the transaction, X-Payments will block the transaction and not contact the payment gateway. This way high risk transactions are blocked automatically before they become a problem, and the merchant does not have to pay the payment processor for processing a card that might have been stolen.
The setting "If Kount Declines" determines whether a transaction recommended for blocking should be blocked at once or should be suspended for manual review by the merchant. (In the latter case, the merchant will be able to review the transaction details and decide whether they want to decline the transaction or accept the risks associated with processing the card).

At the second step, X-Payments contacts the payment gateway for order processing. This, of course, does not happen for transactions that have been blocked.

At the third step, X-Payments once again contacts Kount to find out the transaction result, including the results of the CVV и AVS checks. Kount's risk check service also stores this information for future use.

In the store where the transaction originated, the order to which the transaction pertains is marked with a special icon. For example, here's an order list from an X-Cart 5 based online store with an order of Aug 30, 2018 screened by Kount:

Kount orderlist.png

For transactions suspended for manual review, X-Payments provides a warning so the merchant can decide whether they wish to accept or decline this transaction. Here's what it looks like on the payment details page in X-Payments:

Kount warning.png

A similar warning appears in the store. For example, here's what it looks like in an X-Cart 5 store:

Kount warning xc.png

The results of screening by Kount can be viewed on the Payment details page in X-Payments:

Kount passed.png

and on the order details page in the store:

Kount results xc.png