X-Payments:KOUNT Antifraud screening

From X-Payments Help
Jump to: navigation, search
X-Payments user manual
  1. X-Payments:General information
  2. What's New
  3. System requirements
  4. Installation
  5. Two-factor user authentication
  6. Configuring X-Payments
  7. Managing users
  8. Customizing the interface
  9. Managing payments
  10. Unistalling X-Payments
  11. Upgrading
  12. Moving X-Payments from one host to another
  13. Viewing X-Payments logs
  14. FAQ
  15. Troubleshooting
  16. Glossary
  17. Supported payment gateways

To help you protect your business against fraud, X-Payments versions 2.1 and later provide integration with a powerful fraud detection and prevention solution by Kount. Kount delivers an all-in-one, SaaS model fraud and risk management platform for merchants operating in card-not-present (CNP) environments and looking to root out fraudsters and increase revenue. For each transaction, Kount’s real-time "decisioning" engine analyzes hundreds of relevant variables and activity across the globe. Kount applies a multitude of proven and patented technologies including Multi-layered Device Fingerprinting®, Proxy Piercer® geolocation tools, statistical scoring, rules-based fraud detection, cross-merchant linking, and Persona behavioral modeling. Kount's proprietary technology has reviewed hundreds of millions of transactions and provides maximum protection for some of the world's best-known brands.

For more information or to request a personal demo of Kount, contact Kyle Allred at KBA@Kount.com or call 208-489-2773.

To start using Kount for online payment fraud screening in X-Payments, complete the following steps:

  1. Sign up for a Merchant account with Kount at http://www.kount.com. You will be provided with some credentials that you will need to configure Kount fraud screening in X-Payments: your Merchant ID and your Site ID. Take note of this information.
  2. Go to the desired Kount Agent Web Console (AWC), test or production, and request your Public certificate and Private key. You will need to convert the files to .PEM format and set your private key passphrase. Kount will provide detailed instructions for that.
  3. Upload the public certificate and private key files to the directory <xp-dir>/var/certs/kount/ within your X-Payments installation.
  4. Edit some Kount related code in the file <xp-dir>/.htaccess to enable Kount to work. For details, see Kount related settings in <xp-dir>/.htaccess.
  5. In the AWC, adjust credit card validation rules for your online store.
  6. Log in to X-Payments and locate the payment configuration for which you want to use Kount fraud screening.
  7. Go to the 'KOUNT Antifraud screening settings' page for this payment configuration by clicking the "KOUNT Antifraud screening: Configure" link:
    • On the 'Payment configurations' page (Settings -> Payment configurations) you can find this link here:
      Kount configure1.png
    • On the 'Payment configuration details' page it is here:
      Kount configure2.png
  8. Use the 'KOUNT Antifraud screening settings' page for the selected payment configuration to configure your Kount integration module:
    Kount settings.png
    1. Adjust the following settings:
      • Merchant ID: Specify your Merchant ID as was provided to you by Kount.
      • Site ID: Specify your Site ID.
      • Public certificate file name: Specify your public certificate file name.
      • Private key file name: Specify your private key file name.
      • Private key passphrase: Specify your private key passphrase.
      • Test/Live mode: Use this to set the operation mode for Kount fraud screening service - Test or Live. For access to the Kount AWC in Live mode use the address https://awc.kount.net, in Test mode - the address https://awc.test.kount.net.
      • Description of products: Common name of the products sold by your store.
    2. When you are done adjusting all the fields, click Save to save the changes.
  9. Enable Kount fraud screening for the selected payment configuration: On the 'KOUNT Antifraud screening settings' page for your selected payment configuration, click the Disabled button located near the top of the page close to the title "Payment configuration: <Payment configuration name> KOUNT Antifraud screening", and select the action Enable from the button menu:
    Kount enable.png
    Once the button switches to Enabled, Kount screening for the selected payment configuration will be enabled.

Once Kount antifraud screening has been configured and enabled for a specific payment configuraton, any new payment transactions for this payment configuration will be screened by Kount, and you will be able to view the screening results on the Payment details page:

Kount results.png

In X-Cart stores, it is also possible to view the results of screening by Kount in the order details via the store's back end. On the order details page, you will need to click the View payment information link:

View payment info Kount results.png

Kount screening results will be displayed in a popup window:

Kount xc results.png

Kount related settings in <xp-dir>/.htaccess

The file <xp-dir>/.htaccess contains the following code:

# Kount related
<IfModule mod_rewrite.c>
    RewriteEngine On

    RewriteBase /xpayments/

    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-l
    RewriteRule ^public/secure-logo.htm$ payment.php?target=kount&action=redirect&token=$1 [L,QSA]
    RewriteRule ^public/secure-logo.gif$ payment.php?target=kount&action=redirect&token=$1 [L,QSA]

In this code, the RewriteBase value is hardcoded as "/xpayments/". To allow Kount to work, you need to edit this line replacing "/xpayments/" with the actual path to your X-Payments installation relative to web root.


If your X-Payments is installed at... the default RewriteBase value should be:
www.example.com/xpayments "/xpayments/" (i.e., the default value)
www.example.com "/" (single slash)
www.example.com/some/directory/path "/some/directory/path/"

Note that, in all cases, RewriteBase values should be entered without quotation marks.