Transaction Filtering

Transaction filtering enables the gateway to reject or mark transactions for review based on simple rules configured by you and your payment service provider in the Merchant Administration and the Merchant Manager portal respectively. The rules are evaluated based on the principle of gates or hurdles. Even if a single rule fails, the gateway will reject the transaction and the order will not be allowed to proceed.

Key Benefits:

  • Reduces fraud costs by reducing the amount of fraud.
  • Offers real-time decisioning rather than post transaction analysis solution.
  • Allows you to block or review transactions thereby minimizing false positives.
  • Reduces chargeback costs by reducing the number of chargebacks.
  • Allows you to stop re-offenders by blocking chargeback payers from re-transacting.
  • Allows you to override payer authentication scheme security by blocking issuers who do not process 3DS correctly.

Only Authorization, Pay, Verify, and Standalone Capture transactions are assessed for risk. Risk assessment on other transactions such as Refunds, Standalone Refunds, or Voids is not performed.

If risk assessment on Verify is not performed (due to the Bypass Risk flag), then the gateway will allow you to risk assess the first financial transaction received on the order following Verify unless you also opt to bypass risk on that transaction.

Configuring Rules

You can configure the following transaction filtering rules in Merchant Administration. Your payment service provider may configure rules for you in Merchant Manager, in addition to rules that apply to all their merchants.

Risk Rule Allows the gateway to...
Trusted cards always accept transactions with these card numbers.
Suspect cards always reject transactions with these card numbers.
IP Address Range reject/review transactions originating from high-risk IP addresses.
IP Country Rules reject/review transactions originating from IP addresses associated with high-risk countries.
Card BIN Rules reject/review transactions based on card BIN ranges.
3DS Rules reject/review transactions based on the 3DS authentication result of the payer.
AVS Rules reject/review transactions based on the AVS response.
CSC Rules reject/review transactions based on the CSC response.
Even if you have not configured any transaction filtering rules, your Payment Service Provider may have configured transaction filtering rules and these will always be applied to your transactions.

Risk Details

When you are configured to use transaction filtering, transactions processed through the gateway will be assessed against the rules, and the risk assessment result (risk.response.gatewayCode) will be returned in the transaction response. Orders that are flagged for review as a result of risk assessment may be reviewed to be accepted or rejected in the Merchant Administration portal. The review decision will be returned in the risk.response.review.decision field.

Risk Assessment Result API Reference [REST][NVP]

You can choose to bypass risk assessment by providing risk.bypassMerchantRiskRules field in the transaction request. The rules configured by your payment service provider will still be applied.

Bypass Risk API Reference [REST][NVP]

You can search for the order or transaction in Merchant Administration using the risk assessment result or the review decision status. The risk assessment details are displayed on the order and transaction details page.

Copyright © 2020 Commonwealth Bank of Australia