XP Cloud:KOUNT Antifraud Screening

From X-Payments Help
Revision as of 14:35, 2 March 2020 by Dohtur (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
X-Payments Cloud User Manual
  1. X-Payments Cloud: General information
  2. Get Started with X-Payments Cloud
  3. Two-factor User Authentication
  4. General Settings
  5. Payment Configurations
  6. Services
  7. Users
  8. User Interface
  9. Payments
  10. Supported Payment Gateways
  11. What's New in X-Payments Cloud


To help you protect your business against fraud, X-Payments Cloud provides integration with a powerful fraud detection and prevention solution by Kount. Kount delivers an all-in-one, SaaS model fraud and risk management platform for merchants operating in card-not-present (CNP) environments and looking to root out fraudsters and increase revenue. For each transaction, Kount’s real-time "decisioning" engine analyzes hundreds of relevant variables and activity across the globe. Kount applies a multitude of proven and patented technologies including Multi-layered Device Fingerprinting®, Proxy Piercer® geolocation tools, statistical scoring, rules-based fraud detection, cross-merchant linking, and Persona behavioral modeling. This enables Kount to expose fraudsters and prevent fraudulent transactions in real time, before losses occur. Kount's proprietary technology has reviewed hundreds of millions of transactions and provides maximum protection for some of the world's best-known brands.

To start using Kount for online payment fraud screening in X-Payments Cloud, complete the following steps:

  1. Sign up for a Merchant account with Kount at http://www.kount.com. You will be provided with credentials that you will need to configure Kount fraud screening in X-Payments Cloud: your Merchant ID and your Site ID. Take note of this information.
  2. In the Kount Agent Web Console (AWC), create your API Key(s).
    Xpc kount apikeys.png
    API Keys are required to authenticate to Kount. Note that Kount has separate environments for testing and production, and API Keys must be created and used for each of the environments separately. Kount's instructions for creating API Keys can be found here: https://support.kount.com/s/article/Create-an-API-Key.
  3. In the Kount Agent Web Console (AWC), configure customized credit card validation rules for your online store to match the unique needs of your business.
  4. Log in to the X-Payments Cloud admin panel, go to the General settings page (Settings -> General) and specify that you are going to use Kount as your Antifraud service:
    1. Scroll down the page to the Services section.
    2. In that section, use the Antifraud service box to select "KOUNT Antifraud screening".
      Xpc select kount.png
    3. Click Save at the bottom of the page to save your changes.
  5. Now if you look again at the Antifraud service setting on the same page, you will see that KOUNT has been selected as your Antifraud service, and the page now provides a link to configure it.
    Xpc kount selected.png
    Click on the Configure link to access the page for KOUNT configuration and adjust the KOUNT settings:
    Xp kount configure link.png
    The page for KOUNT configuration opens:
    Xp kount settings page.png
  6. Adjust the settings on the KOUNT configuration page. Be sure to click Save to save your settings.
    • Status (Not configured / Enable / Disable): This setting indicates whether KOUNT module is active. For now just leave it as is. After you provide the rest of the required settings (below) and save the changes, KOUNT module will be enabled automatically. You will then be able to use this setting to disable/re-enable KOUNT for your current payment configuration as you require.
    • Merchant ID: Specify your Merchant ID as was provided to you by Kount.
    • Site ID: Specify your Site ID.
    • API key: Enter the API key you have created in the AWC. It will be used for authentication.
    • Test/Live mode: Use this to set the operation mode for Kount fraud screening service - Test or Live. For access to the Kount AWC in Live mode, use the address https://awc.kount.net, in Test mode - the address https://awc.test.kount.net.
    • Description of products: Common name of the products sold by your store.
    • Mode for RIS update request: Choose one of the available options (X: Update data and re-validate transaction against rules or U: Update transaction data only). Mode X is recommended if rules are based on the AVS information returned from the payment gateway. Note that additional charges may apply for Mode X.
    • Configuration key: This setting is only available in X-Payments Enterprise. Specify your Configuration key; this one needs to be obtained from Kount.
    • If Kount declines: This setting determines what happens if Kount recommends that a transaction should be declined: should the transaction be declined at once, or should the merchant be given a chance to review the transaction manually and possibly accept it.
  7. Make sure Kount fraud screening is enabled:
    Xpc kount enabled.png

Once Kount antifraud screening has been configured and enabled by following the steps above, any new payment transactions through X-Payments Cloud will be screened by Kount.

What happens when a buyer submits their credit or debit card info to pay for an order in a store accepting payments via X-Payments Cloud and protected by Kount?
Technically, the process involves three steps: At the first step, X-Payments Cloud makes a call to Kount to invoke Kount’s risk check service. In this call, information about the payment transaction (including the IP address, email address, shipping address, card details, billing info, order details, etc.) is submitted to Kount. This happens for each new card prior to contacting the payment gateway.
Kount’s risk check service checks the information submitted to it using Kount's proprietary algorithms and applies the custom rules configured for the merchant's account. Kount account settings provide substantial flexibility for configuring the rules, which means you can fine-tune the rules to your needs with precision - to the degree where you can specify that a transaction should be declined if initiated by a buyer of a certain name, or be declined if the risk score generated by Kount based on its internal algorithms exceeds a certain value. In practice, Kount will consider a lot of factors such as the buyer's country, how far the buyer's location is from the location of the store where the purchase is being made, whether the buyer is telling the truth about their location (based on whether the address submitted by the buyer matches the geolocation info collected by the service regarding the IP address from which the purchase is being made), the type of products being purchased (for example, if the buyer has a history of consistently using the card to buy car parts and suddenly pays for $2000 worth of makeup and beauty products) and so on. As a result, Kount's risk check service responds with a risk decision, which includes a risk score and a decision as to what should be done about the transaction in question (whether the transaction looks safe and should be processed, or whether it looks suspicious and should be declined or suspended for manual review by the merchant). X-Payments Cloud will honor the risk decision returned by Kount’s service. If the decision is to process the transaction, X-Payments Cloud will continue with the transaction processing by submitting the details to the payment gateway. If the risk decision is to decline the transaction, X-Payments Cloud will block the transaction and not contact the payment gateway. This way high risk transactions are blocked automatically before they become a problem, and the merchant does not have to pay the payment processor for processing a card that might have been stolen.
The setting "If Kount Declines" determines whether a transaction recommended for blocking should be blocked at once or should be suspended for manual review by the merchant. (In the latter case, the merchant will be able to review the transaction details and decide whether they want to decline the transaction or accept the risks associated with processing the card).
At the second step, X-Payments Cloud contacts the payment gateway for order processing. This, of course, does not happen for transactions that have been blocked. At the third step, X-Payments Cloud once again contacts Kount to find out the transaction result, including the results of the CVV и AVS checks. Kount's risk check service also stores this information for future use.

For transactions suspended for manual review, X-Payments Cloud provides a warning so the merchant can decide whether they wish to accept or decline this transaction. Here's what it looks like on the payment details page in X-Payments Cloud:

Xpc kount authorized with warning.png

The results of screening by Kount can be viewed lower on the same page:

Xpc kount result.png

The Kount screening results can as well be viewed from the order page in the store where the transaction originated. For example, in an X-Cart 5 based online store you can do it as follows:

  1. On the Orders > Orders list page, select the order and open its details for viewing:
    Xpc view order xc.png
  2. Scroll down the page till you see the box with the information on the card that was used to pay for the order and click on the 'View payment information' link.
    Xpc view order xc payment info.png
    The Kount result will be shown along with the rest of the information regarding the payment:
    Xpc view order xc payment info1.png