Fraud Protection

To combat online fraud, we have provided Admins with powerful tools. These tools enable Admins to set 24-hour velocity filters, reducing the risk of fraudulent activities. Admins can monitor transaction frequency and detect suspicious patterns.

We also introduced the option for Admins to add end-users to the denylist based on transactional metrics. This provides an additional layer of protection, preventing potential fraudsters from engaging in illicit activities. As an admin, you can enforce security measures and safeguard your site.

Furthermore, Admins can add verified end-users to the allowlist to ensure legitimate users are not inconvenienced. This balances security and user experience, creating a safer online environment and a seamless transactional process for genuine customers.

And to add an extra layer of protection for online transactions, we also make the security protocol 3D Secure available for a small additional cost.

Spark Location: Commerce > Fraud Protection

Velocity Filters

Spark Location: Commerce > Fraud Protection - Filters tab

These Filters are set for either Sales or Transaction thresholds for any given 24hr period.

We are providing you with three different ways (filters) to limit these transactions:

  • Per Email
    • Number of Transactions
    • Dollar amount spent
    • Number of gateway declines
  • Per IP Address
    • Number of Transactions
    • Dollar amount spent
    • Number of gateway declines
  • Per Credit Card - ONLY card type, last 4 digits, expiration date.
    • Due to compliance, we don't ever see the full credit card number - this number is passed along directly to the Gateway.
    • Number of Transactions
    • Dollar amount spent
    • Number of gateway declines

At leat one of the three values must be specified for each filter. Leaving a field empty will result in no limit being set.

AllowList & DenyList Rules

Spark Location: Commerce > Fraud Protection - AllowList tab or DenyList tab

AllowList

This allows you to define emails and/or IP addresses that can bypass the additional fraud tools in place on the Velocity Filters tab.

  1. Name the Rule
  2. Add an internal Note (optional)
  3. Set the values (Email address or IP address)
    1. You can add multiple emails or IPs by adding one per line (not separated by a comma)
    2. For IP addresses, only IPv4 addresses are supported (0.0.0.0 to 255.255.255.255).
  4. Save

There are a few other ways that you can add to the AllowList (aka whitelist) including from the Purchases Report, the Failed Transaction Report, and the Order Viewer in the Actions Menu.

Failed Transaction Report

DenyList

This tooling allows you to set parameters that, when all are met, the purchase will not be permitted.

  1. Name your rule
  2. Add an internal Note for reference (optional)
  3. Apply Fields - These are the parameters that you can limit.
    • Email Address
    • IP Address
    • Credit Card Full Name
    • Credit Card Last 4
    • Credit Card Type
    • Billing Info - First Name, Last Name, Address, City, Postal Code, State Province, Country
    • Shipping Info - First Name, Last Name, Address, City, Postal Code, State Province, Country
  4. Save

NOTE: All fields must be an exact match in order for the rule to take block transactions.

Much like the Allowlist, there are a few other places that you can add rules to the Denylist, These include from the Purchases Report and Order Viewer in the Actions Menu:


View From Purchase Report:

View From Actions Menu:

Actions menu in the Order viewer

3D Secure

3D Secure (3DS) is a security protocol that adds an extra layer of protection for online transactions. It verifies a customer’s identity through methods like a password, SMS code, or temporary PIN, reducing the risk of fraud and shifting liability for chargebacks caused by unauthorized transactions to the issuing bank.


Please review this article for additional information. Contact Saffire Support if you would like to have 3D Secure enabled on your site.

Once enabled, you'll find two options for authentication, and two settings for fine-tuning the feature:

Frictionless

No buyer interaction required, but results in lower authentication rates. All purchases are allowed regardless of the buyer being authenticated.

Non-Frictionless

If the credit card issuer requests a “challenge” or second form of validation from the buyer, the buyer will see a popup during their checkout process asking for additional information to validate their identity. As a result this adds “friction” to the checkout process, but results in higher authentication rates. If the credit card issuer requests the challenge then the buyer must successfully authenticate in order to complete their purchase.

Minimum order total for analysis

This allows you, as an organization, to choose what is the 'Minimum Order Total for Analysis'. What this means is that you can control if/when orders will be authenticated for 3DS, either in a frictionless or non-frictionless process. Instead of incurring a cost of $0.20 for EVERY transaction, you can set this new Minimum and only pay for orders that are OVER this dollar value. NOTE: Any orders under this dollar value will not be authenticated with 3DS, and will therefore not have any liability shift to the issuing banking institution in the case of Chargebacks/Disputes for true fraud.

Minimum Order Total Requiring Authentication

Any non-authenticated order total exceeding this amount will be rejected. NOTE: If no value is entered, this represents that all orders must be authenticated to be approved.

International Transactions

Our 3DS setup does not authenticate international transactions

Still need help? Contact Us Contact Us