About This Resource
This guide provides integration guidance associated with the ReD Shield Fraud Prevention Value-Added Service (VAS) supported by the Managed Commerce Services Platform. The ReD Shield Fraud Prevention VAS provides inline fraud detection services within existing Commerce Web Services (CWS) transaction processing workflows through the direct integration to Retail Decision's ReD Shield Fraud Prevention Service.
This guide is intended to provide software company developers with an overview of the ReD Shield Fraud Prevention VAS and some important development considerations associated with the development of Commerce Web Services (CWS) applications that leverage this service.
The following prerequisites are required to leverage the ReD Shield Fraud Prevention VAS on the Managed Commerce Services Platform:
- Integration of the Commerce Web Services API (SOAP and/or REST)
The following resources provide additional information that can be referenced as supplemental material to this online guide:
- Commerce Web Services Developer’s Guide provides an overview of the components and concepts related to the development of client applications that communicate with Commerce Web Services, as well as a step-by-step guide for developing applications that implements the Commerce Web Services SOAP and REST APIs.
- Integration Guidelines provides guidance associated with the integration to specific certified payment service providers and Value-Added Services (VAS) supported by the Managed Commerce Services Platform.
In today’s payments environment, Software companies and merchant aggregators serving merchants require trusted payments fraud protection. NAB Velocity and Retail Decisions have teamed up to offer the Retail Decisions (ReD) Fraud Prevention Value Added Service (VAS). This unique partnership capitilizes on the strengths of both companies to provide a state of the art fraud screening solution with amazing speed to market and implementation timelines.
- No new code development necessary.
- Fraud protection service implementation with Accept/Decline responses (no scores to interpret).
- Integrated into transaction processing workflow with no Processor Auth Fees on ReD Fraud Declines.
- Normalized solution available for use with all certified payment service providers on the NAB Velocity Managed Commerce Services Platform.
- Tier 1 support available from NAB Velocity with additional support from ReD, as necessary.
- Requires Commerce Web Services (CWS) application certification 2.0.17 (and above).
- Support for Bankcard Processing (BCP) transactions only (ECK and SVA service classes are currently not supported).
Fraud Detection Logic (by Industry Type)
In the ReD Shield Fraud Prevention VAS, Merchant Category Codes (MCC) are grouped into industry/market segments. This means merchants from Retail, Travel and Entertainment, Telco, and other segments all have a specific set of fraud detection rules applied logically to these groupings based on specific criteria related to the types of transactions and activities in their category.
The ReD Shield Fraud Prevention VAS leverages the ReD Shield screening service which is comprised of a comprehensive set of elements that are configured to deliver the optimal level of transaction risk protection while providing a seamless customer buying experience. Services are customized based on the expertise at Retail Decisions regarding a given MCC code while taking merchant risk levels and current chargeback rates into consideration.
Unlike single-threaded, one dimensional solutions, ReD Shield uses a multi-dimensional approach to fraud screening. Some of the decisioning components are listed below:
|ReD Shield Component||Description|
|Screening Database (SDS)||The SDS is a proprietary database of negative entries comprised primarily of fraudulent card account numbers and telephone numbers. Also includes AUTOPILOT, ReD's automated blocking feature based on confirmed fraudulent transactions.|
|CardExpress (CEA)||A proprietary hot card file maintained by ReD on behalf of the issuers of UK and other European cards containing lost, stolen, and compromised payment information. ReD screens transactions against card details that have been exchanged by criminal elements over the internet via chat rooms and other social networking sites.|
|Early Warning Bulletin (EWB)||ReD maintains databases of credit card numbers that have been lost, stolen, or compromised by card issuing banks, and receives weekly updates of these databases directly from the credit card associations.|
|PRISM Neural||The Neural score component of the ReD Shield Service is a three-digit number that predicts the relative risk of a transaction by examining all of the field values in the transaction to determine if a particular purchase resembles, or does not resemble, fraud.|
|Geolocation/IP-ID||The IP-ID service provides the geographic location and other information associated with an Internet Protocol (IP) address in real time. the service provides a number of data elements with each response:
|Bank Identification Number (BIN)||A credit card issuer database is in place that identifies the country in which a card was issued. A lookup is performed on the BIN for each card and the appropriate country code is populated in the VIRTBIN and VIRTCARDCLASS fields.|
|Distributed Velocity Engine (DVE)||The DVE is a proprietary service component designed to measure transaction velocities against any transaction anchor field (such as card, email, address, phone number, etc). Complex rule strategies can be designed to trap (Challenge or Deny) an order that meets specific rule criteria.|
|Tumbling and Swapping Service (TSW)||The TSW service is a collection of proprietary algorithms designed to detect subtle alterations of data elements that fraudsters use to prevent velocity patterns from being detected by recognizing the commonality of email addresses and card numbers.|
|Click 'n Block||The Click and Block function automates the entry of screening blocks through a customer-accessible interface, allowing clients to block pre-determined fields (configurable by the client) through the ReD Shield Customer Service Interface (CSI).|
Fraud Detection Rules
The ReD Shield Service groups Merchant Category Codes (MCC) into appropriate industry/market segments. Rule logic is then applied logically to these groupings based on specific criteria related to the types of transactions and subsequent activities in a specific segment. The generic fraud detection rule sets are described below:
|Rule Type||Description and Sample Criteria|
|Global Rules||Rules applied to all MCC and industry segments. Example: Checking for card expiration dates.|
|Cross-Relational Rules||Rules that look at the transactional and ancillary data provided at the time of transaction processing (card data, email addresses, etc). Details of these rules can be discussed in more detail on a client-by-client basis.|
|Tumbling/Swapping Rules||Tumbling and Swapping is fraud nomenclature for specific activities attempted by those trying to commit and perpetrate identify theft and fraudulent purchasing with other consumer information or issuer details. These rules are used across all MCC and industry segments.|
|Miscellaneous Rules||All other rules fall into this category and are usually written specific to the types of activities that occur in a specific industry segment as determined by the depth of knowledge that Retail Decisions has in fraud prevention and can include geographically suspicious location information.|
The ReD Shield Fraud Prevention VAS component architecture and associated workflow is illustrated below:
Figure 1: Component Architecture - ReD Shield Fraud Prevention VAS
- A transaction authorization request is submitted to the Managed Commerce Services Platform via the Transaction Processing Service (TPS) endpoint from a CWS-enabled point-of-sale (POS) application. The request contains a workflowId indicating the enablement of the ReD Shield Fraud Prevention VAS.
- TPS passes the authorization request to the Transaction Broker (TB). TB accesses the workflow process set for instructions on processing the transaction against the ReD Service based on the workflowId passed in the request.
- TB transmits specific purchase data to the ReD VAS Adaptor. ReD VAS code is invoked which performs a lookup on the supplied Merchant Category Code (MCC) to determine the associated subClientId specified by ReD.
- If the specified MCC code is found, the ReD VAS Adaptor includes the ReD subClientId in the transaction request and routes it to the ReD Shield Service.
- The ReD Shield Service invokes the appropriate fraud detection rule set and returns an Accept/Deny response to the ReD VAS Adaptor.
- Depending on the result, the following occurs:
- For an Accept result (Step 7), the transaction is routed to the destination service provider for processing as normal.
- For a Deny result, the transaction processing workflow stops, and a reason code is stored with the transaction and subsequently returned to the requesting POS application, and no authorization request is sent to the Service Provider.
Integration to the ReD Shield Fraud Prevention VAS requires a ReD Shield VAS-enabled workflowId which must be passed with each Commerce Web Services (CWS) transaction request.
Note: Additional data requirements may be found in Retail Decisions Integration Guidelines.
Contact your NAB Velocity Sales Engineer for more information.