The following checklist is intended to help agents check off the steps typically performed during a manual suspect order review.
Open the subsequent annotated maps of the Transaction Details page and follow along while reviewing the corresponding advice about how to interpret the information displayed within each map section.
Checklist
Checklist Item |
Considerations |
Identify the rules that triggered and ensure you understand them. |
Review device location and settings.
|
Examine Persona information. |
|
Review address and phone. |
|
Consult third-party callouts, if available. |
Information about optional third-party-provided data can be found here. |
Transaction Details Maps
Consider all of the following when reviewing a suspect order. Note that gadget availability and placement are configurable at the user level. Customize gadgets.
- Persona information: Data is captured from across the Kount network of merchants over a 14-day period. The order velocities represented in the Velo and Vmax fields are captured from your merchant website only. Traditionally 92-95% of all orders where device data is received will score less than 40. Higher numbers indicate higher risk. The Network field represents the riskiest network type Kount has seen for the Persona. If there are other orders directly linked to this persona within the past 14 days, the Persona Orders link to display details.
- Is the Persona Score different under Transaction Summary and Last Risk Evaluation? Kount continually looks for links across orders from Kount merchants. The Persona Score can change for many reasons. Click Reevaluate to see if risk factors such as card or email have changed. Important: Clicking Reevaluate counts against the number of paid RIS transactions purchased, so often merchants reevaluate only when they see that the score has changed. If Persona Score went down, it is likely that persona data within the 14-day window timed out. This is not an indicator of lower risk.
- Time zone information is gathered from the customer's input on the merchant checkout page, as well as the device’s time zone setting as it is set in its native settings. Multiple colors might indicate increased risk.
- A Collector of N indicates there was no device data received by Kount. This could be either due to a problem with the merchant's Device Data Collector that requires troubleshooting, or the result of a potential fraudster deliberately blocking the information from being gathered in order to hide their identity.
- Customer-provided information from the merchant's checkout page: If an end customer provides a United States address, click “more data” to see the USPS-provided Melissa Data results for address verification. If you call the end customer directly to verify order information, ask the end customer what county they live in, as fraudsters will often be unable to provide this information without searching for it.
- BIN Country is the country from which the credit card was issued. If it does not match the billing address country or the Device location, this indicates higher risk. Visa and Mastercard brands are the only companies that provide Kount with BIN information;
- If the bank does not authorize payment, xAuth will display in red. If payment was not authorized, it is not advisable to approve the order.
- Web Links are set up by the customer to provide a way to quickly research end customer data for validity.
- Does the Device Location match the billing or shipping country? Long distances could indicate increased risk. “Collector” means the location was detected by Kount’s Data Collector; “Merchant” means the location is gathered from the checkout page and is based on the IP Address provided by the merchant. If a proxy is in use, it could indicate increased risk.
- UDFs (User Defined Fields) are created by the customer and tailored to its business needs. For example, a customer might have coupon codes or other data that helps detect fraud. Rules can be created around UDFs.
- Link Analysis displays the customer-specific orders that have had shared values at any point over the last 24-months. Link Analysis helps customers review past orders to see what actions were taken. Many customers use Link Analysis to research an order when they get a chargeback.
- Do the distances between the billing and shipping addresses, device location, and proxy location make sense? Proxy should be within normal commuting distances if an order is placed by a telecommuter making a purchase using their work computer. Long distances could indicate higher risk.
- Extended Variables are data collected from the end customer’s device. Do the Language and Time zone settings match the Device Country? If not, consider the transaction as potentially risky.
- Flags: If Cookies or Java are disabled (a red X displays) or Mobile Forwarder or Proxy are enabled (a green check displays), these are indicators of increased risk. Flash is disabled or unavailable on Apple devices, so this does not necessarily indicate risk.
Comments
0 comments
Please sign in to leave a comment.