XP Cloud:NoFraud Fraud Prevention
X-Payments Cloud provides integration with NoFraud. NoFraud is a comprehensive fraud prevention service that employs every known fraud prevention technology in a single centralized system, producing the most precise decision-making fraud prevention application. NoFraud sits between your store site and your payment gateway reviewing payment transactions in real time through complex algorithms so that only the legitimate transactions are sent to the gateway for processing. Any transactions declined by NoFraud are bounced back to the customer while they are still at the cart. Approved transactions are passed along to the gateway for uninterrupted processing. For the small percentage of transactions where a Pass or Fail decision is not available, NoFraud can contact the cardholder for verification. This eliminates the need for manual review of transactions and prevents the declining of legitimate customers. NoFraud takes just a few minutes to set up and does not require training or dedicated staff to run or maintain. With no setup fees and low per-transaction billing rates, NoFraud allows anyone to try the system with little risk. All you need to do is choose a plan to match your needs. You can even get a free trial by contacting NoFraud at email@example.com or 888-773-3669.
Getting started with NoFraud
To start using NoFraud, complete the steps below:
- If you have not yet done so, sign up for a NoFraud account.
- After creating your NoFraud account, log in to the Account Manager portal.
On the bottom left of your portal account, you will see a few tabs that require merchant information input. Make sure all the required information for your account has been provided correctly. NoFraud provides some help guides and references in their "Help Center". For example, you can find a thorough explanation of all the settings here.
Please pay particular attention to the "Integration" tab, on the bottom-left corner of the page. On the "Integrations" page, you will see a button in the upper-right corner that says, 'Create New Integration'.
Click on it and a pop-up will appear; prompting you to enter Integration Name, Site Name, Site URL and Integration Type. After entering in relevant Integration Name, Site Name, and Site URL, under Integration Type choose 'Direct API'. Once selected, additional options for Site Platform, and Payment Gateway will appear – Site Platform will be X-Cart and Payment Gateway will be your specific payment gateway. Once all pertinent information is recorded, press the blue 'Create Integration' button at the bottom of the pop-up.
After the new integration has been created, on the "Integrations" page, you will see your newly created integration. Click the 'View / Edit' button to open integration details.
On the pop-up that appears after clicking 'View / Edit', please look for the section in the middle of the pop-up where it says 'Your NoFraud API Key' – please note, this code is automatically generated. You will need to copy this code from your NoFraud portal account and input it into the appropriate field in X-Payments. To copy the code, click the hyperlinked blue text stating 'Click to Copy API Key'. Once clicked, you will get a confirmation text of 'Copied!' to let you know the text is now on your clipboard.
- In a new browser tab or window, log in to the X-Payments Cloud admin panel, go to the General settings page (Settings -> General) and specify that you are going to use NoFraud as your Antifraud service:
- Now if you look again at the Antifraud service setting on the same page, you will see that NoFraud has been selected as your Antifraud service, and the page now provides a link to configure it.
Click on the Configure link to access the page for NoFraud configuration and adjust the NoFraud settings:
The page for NoFraud configuration opens:
- Adjust the settings on the NoFraud settings page. Be sure to click Save to save your changes.
- Status (Not configured / Enable / Disable): This setting indicates whether NoFraud module is active. For now just leave it as is. After you provide the rest of the required settings (below) and save the changes, NoFraud module will be enabled automatically. You will then be able to use this setting to disable/re-enable NoFraud for your current payment configuration as you require.
- API key: Use this field to input the API key code you have obtained in your NoFraud portal account.
- Test/Live mode: Set the mode for your NoFraud integration. Note that this setting must match the mode you have chosen for your NoFraud integration in your portal account settings.
- Make sure NoFraud fraud prevention service is enabled:
- Once you are ready to go live and you are ready for NoFraud to begin screening the orders placed on your site, please navigate to the "Settings" tab within the NoFraud portal. Within this page, click on the "Advanced" settings option.
On the Advanced Settings page, ensure that the dropdown is the appropriate integration. Click on the box labeled 'Live Mode' and a pop-up will appear. In the pop-up, click the 'Disabled' toggle, which will flip the field to 'Enabled'.
That is all; NoFraud service has been activated. From now on, any payment transactions via X-Payments Cloud will be screened by NoFraud.
Once activated in X-Payments Cloud, NoFraud works automatically for all the incoming payments.
What happens when a buyer submits their credit or debit card info to pay for an order in a store accepting payments via X-Payments Cloud and protected by NoFraud?
Technically, the process involves three steps:
At the first step, X-Payments Cloud makes a call to NoFraud to invoke NoFraud fraud screening service. In this call, information about the payment transaction (including the IP address, email address, shipping address, card details, billing info, order details, etc.) is submitted to NoFraud. This happens for each new card prior to contacting the payment gateway. NoFraud’s fraud screening service uses proprietary algorithms to check the information submitted to it and applies the custom rules configured for the merchant's account. NoFraud account settings provide substantial flexibility for configuring the rules. In practice, NoFraud will consider a lot of factors such as the buyer's country, how far the buyer's location is from the location of the store where the purchase is being made, whether the buyer is telling the truth about their location (based on whether the address submitted by the buyer matches the geolocation info collected by the service regarding the IP address from which the purchase is being made), the type of products being purchased (for example, if the buyer has a history of consistently using the card to buy car parts and suddenly pays for $2000 worth of makeup and beauty products) and so on. As a result, NoFraud’s fraud screening service responds with a decision as to what should be done about the transaction in question (whether the transaction looks safe and should be processed, or whether it looks suspicious and should be declined). X-Payments will honor the decision returned by NoFraud. If the decision is to process the transaction, X-Payments Cloud will continue with the transaction processing by submitting the details to the payment gateway. If the risk decision is to decline the transaction, X-Payments Cloud will block the transaction and not contact the payment gateway. This way high risk transactions are blocked automatically before they become a problem, and the merchant does not have to pay the payment processor for processing a card that might have been stolen.
At the second step, X-Payments Cloud contacts the payment gateway for order processing. This, of course, does not happen for transactions that have been blocked.
At the third step, X-Payments Cloud once again contacts NoFraud to find out the transaction result, including the results of the CVV и AVS checks. NoFraud's fraud screening service also stores this information for future use.
The results of checking by NoFraud can be viewed in X-Payments Cloud, in the admin panel of the online store and in the NoFraud portal.
To view NoFraud results in X-Payments Cloud:
- Go to the Payments page and locate the payment for which you would like to view the NoFraud results.
- Open the payment details for viewing.
On the Payment details page, you will be able to see whether the NoFraud check has been passed successfully of failed in the 'NoFraud - Full Service Fraud Prevention' section:
If NoFraud is not able to set either 'passed' or 'failed' status right away, it sets the status 'Being reviewed by NoFraud'.
The status 'Being reviewed by NoFraud' means that NoFraud needs time to conduct additional customer verification. Once the process is completed, NoFraud will send the final verification result to the X-Payments Cloud administrator by email. Note that the NoFraud status of the payment in X-Payments Cloud will not be updated.
To view NoFraud results in your online store's admin panel, go to the section where you view order details. The result of checking by NoFraud will be available in the order details similarly to what you see in X-Payments Cloud. For example, in X-Cart 5 you can do it as follows:
- On the Orders > Orders list page, select the order and open its details for viewing.
- Scroll down the page till you see the box with the information on the card that was used to pay for the order and click on the 'View payment information' link.
The NoFraud result will be shown along with the rest of the information regarding the payment: