X-Payments:KOUNT Antifraud screening
To help you protect your business against fraud, X-Payments versions 2.1 and later provide integration with a powerful fraud detection and prevention solution by Kount. Kount delivers an all-in-one, SaaS model fraud and risk management platform for merchants operating in card-not-present (CNP) environments and looking to root out fraudsters and increase revenue. For each transaction, Kount’s real-time "decisioning" engine analyzes hundreds of relevant variables and activity across the globe. Kount applies a multitude of proven and patented technologies including Multi-layered Device Fingerprinting®, Proxy Piercer® geolocation tools, statistical scoring, rules-based fraud detection, cross-merchant linking, and Persona behavioral modeling. This enables Kount to expose fraudsters and prevent fraudulent transactions in real time, before losses occur. Kount's proprietary technology has reviewed hundreds of millions of transactions and provides maximum protection for some of the world's best-known brands.
To start using Kount for online payment fraud screening in X-Payments, complete the following steps:
- Sign up for a Merchant account with Kount at http://www.kount.com. You will be provided with some credentials that you will need to configure Kount fraud screening in X-Payments: your Merchant ID and your Site ID. Take note of this information.
- In the Kount Agent Web Console (AWC), create your API Key(s).
API Keys are required to authenticate to Kount. Note that Kount has separate environments for testing and production, and API Keys must be created and used for each of the environments separately. Kount's instructions for creating API Keys can be found here: https://support.kount.com/s/article/Create-an-API-Key.
- In the Kount Agent Web Console (AWC), configure customized credit card validation rules for your online store to match the unique needs of your business.
- Log in to X-Payments and locate the payment configuration for which you want to use Kount fraud screening. For the sake of example, we are going to enable KOUNT for the payment configuration "First Data Payeezy Gateway (ex- Global Gateway e4)".
Open the details of the chosen payment configuration for editing.
- In the payment configuration details, check the Antifraud service setting. If you haven't been using any antifraud service for the current payment configuration so far, this field will be set to "Not enabled".
Reset this field to "KOUNT Antifraud screening".
Click Save to save the changes.
- Configure KOUNT for the current payment configuration:
- Click Configure.
The KOUNT settings page for the current payment configuration opens:
- Adjust the KOUNT settings:
- Status (Not configured / Enable / Disable): This setting indicates whether KOUNT module is active. For now just leave it as is. After you provide the rest of the required settings (below) and save the changes, KOUNT module will be enabled automatically. You will then be able to use this setting to disable/re-enable KOUNT for your current payment configuration as you require.
- Merchant ID: Specify your Merchant ID as was provided to you by Kount.
- Site ID: Specify your Site ID.
- API key: Enter the API key you have created in the AWC. It will be used for authentication.
Note that Kount API has been updated and, starting with X-Payments 3.1.4, Kount certificates (RIS Certificates) are no longer supported. You must use an API key.
- Test/Live mode: Use this to set the operation mode for Kount fraud screening service - Test or Live. For access to the Kount AWC in Live mode use the address https://awc.kount.net, in Test mode - the address https://awc.test.kount.net.
- Description of products: Common name of the products sold by your store.
- Mode for RIS update request: Choose one of the available options (X: Update data and re-validate transaction against rules or U: Update transaction data only). Mode X is recommended if rules are based on the AVS information returned from the payment gateway. Note that additional charges may apply for Mode X.
- Configuration key: This setting is only available in X-Payments Enterprise. Specify your Configuration key; this one needs to be obtained from Kount.
- If Kount declines: This setting determines what happens if Kount recommends that a transaction should be declined: should the transaction be declined at once, or should the merchant be given a chance to review the transaction manually and possibly accept it.
- Click Save to save your settings.
- Click Configure.
- Make sure Kount fraud screening is enabled:
Once Kount antifraud screening has been configured and enabled for a specific payment configuration, any new payment transactions for this payment configuration will be screened by Kount.
Important: Kount will not screen transactions made using a previously saved credit card.
What happens when a buyer submits their credit card info to pay for an order in a store accepting payments via X-Payments and protected by Kount?
Technically, the process involves three steps:
At the first step, X-Payments makes a call to Kount to invoke Kount’s risk check service. In this call, information about the payment transaction (including the IP address, email address, shipping address, card details, billing info, order details, etc.) is submitted to Kount. This happens for each new card prior to contacting the payment gateway.
Kount’s risk check service checks the information submitted to it using Kount's proprietary algorithms and applies the custom rules configured for the merchant's account. Kount account settings provide substantial flexibility for configuring the rules, which means you can fine-tune the rules to your needs with precision - to the degree where you can specify that a transaction should be declined if initiated by a buyer of a certain name, or be declined if the risk score generated by Kount based on its internal algorithms exceeds a certain value. In practice, Kount will consider a lot of factors such as the buyer's country, how far the buyer's location is from the location of the store where the purchase is being made, whether the buyer is telling the truth about their location (based on whether the address submitted by the buyer matches the geolocation info collected by the service regarding the IP address from which the purchase is being made), the type of products being purchased (for example, if the buyer has a history of consistently using the card to buy car parts and suddenly pays for $2000 worth of makeup and beauty products) and so on. As a result, Kount's risk check service responds with a risk decision, which includes a risk score and a decision as to what should be done about the transaction in question (whether the transaction looks safe and should be processed, or whether it looks suspicious and should be declined or suspended for manual review by the merchant). X-Payments will honor the risk decision returned by Kount’s service. If the decision is to process the transaction, X-Payments will continue with the transaction processing by submitting the details to the payment gateway. If the risk decision is to decline the transaction, X-Payments will block the transaction and not contact the payment gateway. This way high risk transactions are blocked automatically before they become a problem, and the merchant does not have to pay the payment processor for processing a card that might have been stolen.
The setting "If Kount Declines" determines whether a transaction recommended for blocking should be blocked at once or should be suspended for manual review by the merchant. (In the latter case, the merchant will be able to review the transaction details and decide whether they want to decline the transaction or accept the risks associated with processing the card).
At the second step, X-Payments contacts the payment gateway for order processing. This, of course, does not happen for transactions that have been blocked.
At the third step, X-Payments once again contacts Kount to find out the transaction result, including the results of the CVV и AVS checks. Kount's risk check service also stores this information for future use.
In the store where the transaction originated, the order to which the transaction pertains is marked with a special icon. For example, here's an order list from an X-Cart 5 based online store with an order of Aug 30, 2018 screened by Kount:
For transactions suspended for manual review, X-Payments provides a warning so the merchant can decide whether they wish to accept or decline this transaction. Here's what it looks like on the payment details page in X-Payments:
A similar warning appears in the store. For example, here's what it looks like in an X-Cart 5 store:
The results of screening by Kount can be viewed on the Payment details page in X-Payments:
and on the order details page in the store: