Difference between revisions of "XP Cloud:KOUNT Antifraud Screening"

From X-Payments Help
Jump to: navigation, search
m
m
 
(5 intermediate revisions by 2 users not shown)
Line 7: Line 7:
 
To start using Kount for online payment fraud screening in X-Payments Cloud, complete the following steps:<br />
 
To start using Kount for online payment fraud screening in X-Payments Cloud, complete the following steps:<br />
 
# Sign up for a Merchant account with Kount at [http://www.kount.com/?utm_source=x-cart&utm_medium=home&utm_campaign=partner http://www.kount.com]. You will be provided with credentials that you will need to configure Kount fraud screening in X-Payments Cloud: your Merchant ID and your Site ID. Take note of this information.<br />
 
# Sign up for a Merchant account with Kount at [http://www.kount.com/?utm_source=x-cart&utm_medium=home&utm_campaign=partner http://www.kount.com]. You will be provided with credentials that you will need to configure Kount fraud screening in X-Payments Cloud: your Merchant ID and your Site ID. Take note of this information.<br />
# In the Kount Agent Web Console (AWC), create your API Key(s).<br />[[File:xpc_kount_apikeys.png|740px|border]]<br />API Keys are required to authenticate to Kount. Note that Kount has separate environments for testing and production, and API Keys must be created and used for each of the environments separately. Kount's instructions for creating API Keys can be found here: [https://support.kount.com/s/article/Create-an-API-Key https://support.kount.com/s/article/Create-an-API-Key].<br />
+
# In the Kount Agent Web Console (AWC), create your API Key(s).<br />[[File:xpc_kount_apikeys.png|670px|border]]<br />API Keys are required to authenticate to Kount. Note that Kount has separate environments for testing and production, and API Keys must be created and used for each of the environments separately. Kount's instructions for creating API Keys can be found here: [https://support.kount.com/s/article/Create-an-API-Key https://support.kount.com/s/article/Create-an-API-Key].<br />
 
# In the Kount Agent Web Console (AWC), configure customized credit card validation rules for your online store to match the unique needs of your business.
 
# In the Kount Agent Web Console (AWC), configure customized credit card validation rules for your online store to match the unique needs of your business.
 
# Log in to the X-Payments Cloud admin panel, go to the General settings page ('''Settings''' -> '''General''') and specify that you are going to use Kount as your Antifraud service:  
 
# Log in to the X-Payments Cloud admin panel, go to the General settings page ('''Settings''' -> '''General''') and specify that you are going to use Kount as your Antifraud service:  
 
## Scroll down the page to the Services section.
 
## Scroll down the page to the Services section.
## In that section, use the '''Antifraud service''' box to select "KOUNT Antifraud screening".<br />[[File:xpc_select_kount.png|740px|border]]<br />
+
## In that section, use the '''Antifraud service''' box to select "KOUNT Antifraud screening".<br />[[File:xpc_select_kount.png|670px|border]]<br />
 
## Click '''Save''' at the bottom of the page to save your changes.  
 
## Click '''Save''' at the bottom of the page to save your changes.  
# Now if you look again at the '''Antifraud service''' setting on the same page, you will see that KOUNT has been selected as your Antifraud service, and the page now provides a link to configure it.<br />[[File:xpc_kount_selected.png|740px|border]]<br />Click on the <u>Configure</u> link to access the page for KOUNT configuration and adjust the KOUNT settings:<br />[[File:Xp_kount_configure_link.png|740px|border]]<br />The page for KOUNT configuration opens:<br />[[File:Xp_kount_settings_page.png|740px|border]]<br />
+
# Now if you look again at the '''Antifraud service''' setting on the same page, you will see that KOUNT has been selected as your Antifraud service, and the page now provides a link to configure it.<br />[[File:xpc_kount_selected.png|670px|border]]<br />Click on the <u>Configure</u> link to access the page for KOUNT configuration and adjust the KOUNT settings:<br />[[File:Xp_kount_configure_link.png|670px|border]]<br />The page for KOUNT configuration opens:<br />[[File:Xp_kount_settings_page.png|670px|border]]<br />
 
# Adjust the settings on the KOUNT configuration page. Be sure to click '''Save''' to save your settings.
 
# Adjust the settings on the KOUNT configuration page. Be sure to click '''Save''' to save your settings.
 
#* '''Status''' (Not configured / Enable / Disable): This setting indicates whether KOUNT module is active. For now just leave it as is. After you provide the rest of the required settings (below) and save the changes, KOUNT module will be enabled automatically. You will then be able to use this setting to disable/re-enable KOUNT for your current payment configuration as you require.
 
#* '''Status''' (Not configured / Enable / Disable): This setting indicates whether KOUNT module is active. For now just leave it as is. After you provide the rest of the required settings (below) and save the changes, KOUNT module will be enabled automatically. You will then be able to use this setting to disable/re-enable KOUNT for your current payment configuration as you require.
Line 24: Line 24:
 
#* '''Configuration key''': This setting is only available in X-Payments Enterprise. Specify your Configuration key; this one needs to be obtained from Kount.
 
#* '''Configuration key''': This setting is only available in X-Payments Enterprise. Specify your Configuration key; this one needs to be obtained from Kount.
 
#* '''If Kount declines''': This setting determines what happens if Kount recommends that a transaction should be declined: should the transaction be declined at once, or should the merchant be given a chance to review the transaction manually and possibly accept it.  
 
#* '''If Kount declines''': This setting determines what happens if Kount recommends that a transaction should be declined: should the transaction be declined at once, or should the merchant be given a chance to review the transaction manually and possibly accept it.  
# Make sure Kount fraud screening is enabled:<br />[[File:Kount_enabled.png|668px|border]]<br />
+
# Make sure Kount fraud screening is enabled:<br />[[File:xpc_kount_enabled.png|670px|border]]<br />
  
Once Kount antifraud screening has been configured and enabled for a specific payment configuration, any new payment transactions for this payment configuration will be screened by Kount.<br /><br />'''Important:''' Kount will not screen transactions made using a previously saved credit card.<br /><br />
+
Once Kount antifraud screening has been configured and enabled by following the steps above, any new payment transactions through X-Payments Cloud will be screened by Kount.<br /><br />
What happens when a buyer submits their credit card info to pay for an order in a store accepting payments via X-Payments and protected by Kount?<br />   
+
What happens when a buyer submits their credit or debit card info to pay for an order in a store accepting payments via X-Payments Cloud and protected by Kount?<br />   
 
Technically, the process involves three steps:
 
Technically, the process involves three steps:
At the first step, X-Payments makes a call to Kount to invoke Kount’s risk check service. In this call, information about the payment transaction (including the IP address, email address, shipping address, card details, billing info, order details, etc.) is submitted to Kount. This happens for each new card prior to contacting the payment gateway.<br />
+
At the first step, X-Payments Cloud makes a call to Kount to invoke Kount’s risk check service. In this call, information about the payment transaction (including the IP address, email address, shipping address, card details, billing info, order details, etc.) is submitted to Kount. This happens for each new card prior to contacting the payment gateway.<br />
Kount’s risk check service checks the information submitted to it using Kount's proprietary algorithms and applies the custom rules configured for the merchant's account. Kount account settings provide substantial flexibility for configuring the rules, which means you can fine-tune the rules to your needs with precision - to the degree where you can specify that a transaction should be declined if initiated by a buyer of a certain name, or be declined if the risk score generated by Kount based on its internal algorithms exceeds a certain value. In practice, Kount will consider a lot of factors such as the buyer's country, how far the buyer's location is from the location of the store where the purchase is being made, whether the buyer is telling the truth about their location (based on whether the address submitted by the buyer matches the geolocation info collected by the service regarding the IP address from which the purchase is being made), the type of products being purchased (for example, if the buyer has a history of consistently using the card to buy car parts and suddenly pays for $2000 worth of makeup and beauty products) and so on. As a result, Kount's risk check service responds with a risk decision, which includes a risk score and a decision as to what should be done about the transaction in question (whether the transaction looks safe and should be processed, or whether it looks suspicious and should be declined or suspended for manual review by the merchant). X-Payments will honor the risk decision returned by Kount’s service. If the decision is to process the transaction, X-Payments will continue with the transaction processing by submitting the details to the payment gateway. If the risk decision is to decline the transaction, X-Payments will block the transaction and not contact the payment gateway. This way high risk transactions are blocked automatically before they become a problem, and the merchant does not have to pay the payment processor for processing a card that might have been stolen.<br />The setting "If Kount Declines" determines whether a transaction recommended for blocking should be blocked at once or should be suspended for manual review by the merchant. (In the latter case, the merchant will be able to review the transaction details and decide whether they want to decline the transaction or accept the risks associated with processing the card).<br />  
+
Kount’s risk check service checks the information submitted to it using Kount's proprietary algorithms and applies the custom rules configured for the merchant's account. Kount account settings provide substantial flexibility for configuring the rules, which means you can fine-tune the rules to your needs with precision - to the degree where you can specify that a transaction should be declined if initiated by a buyer of a certain name, or be declined if the risk score generated by Kount based on its internal algorithms exceeds a certain value. In practice, Kount will consider a lot of factors such as the buyer's country, how far the buyer's location is from the location of the store where the purchase is being made, whether the buyer is telling the truth about their location (based on whether the address submitted by the buyer matches the geolocation info collected by the service regarding the IP address from which the purchase is being made), the type of products being purchased (for example, if the buyer has a history of consistently using the card to buy car parts and suddenly pays for $2000 worth of makeup and beauty products) and so on. As a result, Kount's risk check service responds with a risk decision, which includes a risk score and a decision as to what should be done about the transaction in question (whether the transaction looks safe and should be processed, or whether it looks suspicious and should be declined or suspended for manual review by the merchant). X-Payments Cloud will honor the risk decision returned by Kount’s service. If the decision is to process the transaction, X-Payments Cloud will continue with the transaction processing by submitting the details to the payment gateway. If the risk decision is to decline the transaction, X-Payments Cloud will block the transaction and not contact the payment gateway. This way high risk transactions are blocked automatically before they become a problem, and the merchant does not have to pay the payment processor for processing a card that might have been stolen.<br />The setting "If Kount Declines" determines whether a transaction recommended for blocking should be blocked at once or should be suspended for manual review by the merchant. (In the latter case, the merchant will be able to review the transaction details and decide whether they want to decline the transaction or accept the risks associated with processing the card).<br />  
At the second step, X-Payments contacts the payment gateway for order processing. This, of course, does not happen for transactions that have been blocked.
+
At the second step, X-Payments Cloud contacts the payment gateway for order processing. This, of course, does not happen for transactions that have been blocked.
At the third step, X-Payments once again contacts Kount to find out the transaction result, including the results of the CVV и AVS checks. Kount's risk check service also stores this information for future use.
+
At the third step, X-Payments Cloud once again contacts Kount to find out the transaction result, including the results of the CVV и AVS checks. Kount's risk check service also stores this information for future use.
 
<br /><br />
 
<br /><br />
In the store where the transaction originated, the order to which the transaction pertains is marked with a special icon. For example, here's an order list from an X-Cart 5 based online store with an order of Aug 30, 2018 screened by Kount:<br />
+
 
::[[File:Kount_orderlist.png|668px|border]]<br />
+
For transactions suspended for manual review, X-Payments Cloud provides a warning so the merchant can decide whether they wish to accept or decline this transaction. Here's what it looks like on the payment details page in X-Payments Cloud:
For transactions suspended for manual review, X-Payments provides a warning so the merchant can decide whether they wish to accept or decline this transaction. Here's what it looks like on the payment details page in X-Payments:
+
::[[File:xpc_kount_authorized_with_warning.png|670px|border]]<br />
::[[File:Kount_warning.png|668px|border]]<br />
+
The results of screening by Kount can be viewed lower on the same page:
A similar warning appears in the store. For example, here's what it looks like in an X-Cart 5 store:
+
::[[File:xpc_kount_result.png|670px|border]]
::[[File:Kount_warning_xc.png|668px|border]]<br />  
+
 
The results of screening by Kount can be viewed on the Payment details page in X-Payments:
+
The Kount screening results can as well be viewed from the order page in the store where the transaction originated. For example, in an X-Cart 5 based online store you can do it as follows:
::[[File:Kount_passed.png|668px|border]]
+
# On the '''Orders''' > '''Orders list''' page, select the order and open its details for viewing:<br />[[File:xpc_view_order_xc.png|670px|border]]<br />
and on the order details page in the store:
+
# Scroll down the page till you see the box with the information on the card that was used to pay for the order and click on the 'View payment information' link.<br />[[File:xpc_view_order_xc_payment_info.png|670px|border]]<br />The Kount result will be shown along with the rest of the information regarding the payment:<br />[[File:xpc_view_order_xc_payment_info1.png|670px|border]]<br />
::[[File:Kount_results_xc.png|668px|border]]
 
  
  
 
[[Category:X-Payments Cloud User Manual]]
 
[[Category:X-Payments Cloud User Manual]]

Latest revision as of 14:35, 2 March 2020

X-Payments Cloud User Manual
  1. X-Payments Cloud: General information
  2. Get Started with X-Payments Cloud
  3. Two-factor User Authentication
  4. General Settings
  5. Payment Configurations
  6. Services
  7. Users
  8. User Interface
  9. Payments
  10. Supported Payment Gateways
  11. What's New in X-Payments Cloud


To help you protect your business against fraud, X-Payments Cloud provides integration with a powerful fraud detection and prevention solution by Kount. Kount delivers an all-in-one, SaaS model fraud and risk management platform for merchants operating in card-not-present (CNP) environments and looking to root out fraudsters and increase revenue. For each transaction, Kount’s real-time "decisioning" engine analyzes hundreds of relevant variables and activity across the globe. Kount applies a multitude of proven and patented technologies including Multi-layered Device Fingerprinting®, Proxy Piercer® geolocation tools, statistical scoring, rules-based fraud detection, cross-merchant linking, and Persona behavioral modeling. This enables Kount to expose fraudsters and prevent fraudulent transactions in real time, before losses occur. Kount's proprietary technology has reviewed hundreds of millions of transactions and provides maximum protection for some of the world's best-known brands.

To start using Kount for online payment fraud screening in X-Payments Cloud, complete the following steps:

  1. Sign up for a Merchant account with Kount at http://www.kount.com. You will be provided with credentials that you will need to configure Kount fraud screening in X-Payments Cloud: your Merchant ID and your Site ID. Take note of this information.
  2. In the Kount Agent Web Console (AWC), create your API Key(s).
    Xpc kount apikeys.png
    API Keys are required to authenticate to Kount. Note that Kount has separate environments for testing and production, and API Keys must be created and used for each of the environments separately. Kount's instructions for creating API Keys can be found here: https://support.kount.com/s/article/Create-an-API-Key.
  3. In the Kount Agent Web Console (AWC), configure customized credit card validation rules for your online store to match the unique needs of your business.
  4. Log in to the X-Payments Cloud admin panel, go to the General settings page (Settings -> General) and specify that you are going to use Kount as your Antifraud service:
    1. Scroll down the page to the Services section.
    2. In that section, use the Antifraud service box to select "KOUNT Antifraud screening".
      Xpc select kount.png
    3. Click Save at the bottom of the page to save your changes.
  5. Now if you look again at the Antifraud service setting on the same page, you will see that KOUNT has been selected as your Antifraud service, and the page now provides a link to configure it.
    Xpc kount selected.png
    Click on the Configure link to access the page for KOUNT configuration and adjust the KOUNT settings:
    Xp kount configure link.png
    The page for KOUNT configuration opens:
    Xp kount settings page.png
  6. Adjust the settings on the KOUNT configuration page. Be sure to click Save to save your settings.
    • Status (Not configured / Enable / Disable): This setting indicates whether KOUNT module is active. For now just leave it as is. After you provide the rest of the required settings (below) and save the changes, KOUNT module will be enabled automatically. You will then be able to use this setting to disable/re-enable KOUNT for your current payment configuration as you require.
    • Merchant ID: Specify your Merchant ID as was provided to you by Kount.
    • Site ID: Specify your Site ID.
    • API key: Enter the API key you have created in the AWC. It will be used for authentication.
    • Test/Live mode: Use this to set the operation mode for Kount fraud screening service - Test or Live. For access to the Kount AWC in Live mode, use the address https://awc.kount.net, in Test mode - the address https://awc.test.kount.net.
    • Description of products: Common name of the products sold by your store.
    • Mode for RIS update request: Choose one of the available options (X: Update data and re-validate transaction against rules or U: Update transaction data only). Mode X is recommended if rules are based on the AVS information returned from the payment gateway. Note that additional charges may apply for Mode X.
    • Configuration key: This setting is only available in X-Payments Enterprise. Specify your Configuration key; this one needs to be obtained from Kount.
    • If Kount declines: This setting determines what happens if Kount recommends that a transaction should be declined: should the transaction be declined at once, or should the merchant be given a chance to review the transaction manually and possibly accept it.
  7. Make sure Kount fraud screening is enabled:
    Xpc kount enabled.png

Once Kount antifraud screening has been configured and enabled by following the steps above, any new payment transactions through X-Payments Cloud will be screened by Kount.

What happens when a buyer submits their credit or debit card info to pay for an order in a store accepting payments via X-Payments Cloud and protected by Kount?
Technically, the process involves three steps: At the first step, X-Payments Cloud makes a call to Kount to invoke Kount’s risk check service. In this call, information about the payment transaction (including the IP address, email address, shipping address, card details, billing info, order details, etc.) is submitted to Kount. This happens for each new card prior to contacting the payment gateway.
Kount’s risk check service checks the information submitted to it using Kount's proprietary algorithms and applies the custom rules configured for the merchant's account. Kount account settings provide substantial flexibility for configuring the rules, which means you can fine-tune the rules to your needs with precision - to the degree where you can specify that a transaction should be declined if initiated by a buyer of a certain name, or be declined if the risk score generated by Kount based on its internal algorithms exceeds a certain value. In practice, Kount will consider a lot of factors such as the buyer's country, how far the buyer's location is from the location of the store where the purchase is being made, whether the buyer is telling the truth about their location (based on whether the address submitted by the buyer matches the geolocation info collected by the service regarding the IP address from which the purchase is being made), the type of products being purchased (for example, if the buyer has a history of consistently using the card to buy car parts and suddenly pays for $2000 worth of makeup and beauty products) and so on. As a result, Kount's risk check service responds with a risk decision, which includes a risk score and a decision as to what should be done about the transaction in question (whether the transaction looks safe and should be processed, or whether it looks suspicious and should be declined or suspended for manual review by the merchant). X-Payments Cloud will honor the risk decision returned by Kount’s service. If the decision is to process the transaction, X-Payments Cloud will continue with the transaction processing by submitting the details to the payment gateway. If the risk decision is to decline the transaction, X-Payments Cloud will block the transaction and not contact the payment gateway. This way high risk transactions are blocked automatically before they become a problem, and the merchant does not have to pay the payment processor for processing a card that might have been stolen.
The setting "If Kount Declines" determines whether a transaction recommended for blocking should be blocked at once or should be suspended for manual review by the merchant. (In the latter case, the merchant will be able to review the transaction details and decide whether they want to decline the transaction or accept the risks associated with processing the card).
At the second step, X-Payments Cloud contacts the payment gateway for order processing. This, of course, does not happen for transactions that have been blocked. At the third step, X-Payments Cloud once again contacts Kount to find out the transaction result, including the results of the CVV и AVS checks. Kount's risk check service also stores this information for future use.

For transactions suspended for manual review, X-Payments Cloud provides a warning so the merchant can decide whether they wish to accept or decline this transaction. Here's what it looks like on the payment details page in X-Payments Cloud:

Xpc kount authorized with warning.png

The results of screening by Kount can be viewed lower on the same page:

Xpc kount result.png

The Kount screening results can as well be viewed from the order page in the store where the transaction originated. For example, in an X-Cart 5 based online store you can do it as follows:

  1. On the Orders > Orders list page, select the order and open its details for viewing:
    Xpc view order xc.png
  2. Scroll down the page till you see the box with the information on the card that was used to pay for the order and click on the 'View payment information' link.
    Xpc view order xc payment info.png
    The Kount result will be shown along with the rest of the information regarding the payment:
    Xpc view order xc payment info1.png