About Fraud prevention with IP tracking

General information about Fraud prevention

VR-ePayment Gateway supports different processes for fraud prevention. These include inquiries with credit agencies for the monitoring of the card's country of origin and payment guarantees for credit cards.

A large proportion of fraud attempts come from foreign countries. VR-ePayment Gateway can check the country of origin and, in many cases the city of the IP address used. If the country of origin or the IP address of your customer is not one of your supplies countries or is not the same country as the credit card Issuer, VR-ePayment Gateway can send an alert via e-mail or automatically refuse the payment.

75% of all fraud attempts are made with foreign credit cards. VR-ePayment Gateway can check the card’s origin: If you enter the delivery country as a parameter, VR-ePayment Gateway returns the country of origin of Visa and MasterCard issued cards and sends an e-mail if the delivery country differs from the card’s origin. You can then find out from the customer why the card’s origin differs from the delivery country to avoid fraud. VR-ePayment Gateway can optionally refuse such payments immediately.

Additional parameters for Fraud prevention

Definitions

Data formats

Format	Description
a	alphabetical
as	alphabetical with special characters
n	numeric
an	alphanumeric
ans	alphanumeric with special characters
ns	numeric with special characters
bool	boolean expression (true or false)
3	fixed length with 3 digits/characters
..3	variable length with maximum 3 digits/characters
enum	enumeration of allowed values
dttm	ISODateTime (YYYY-MM-DDThh:mm:ss)

Abbreviations

Abbreviation	Description	Comment
CND	condition
M	mandatory	If a parameter is mandatory, then it must be present
O	optional	If a parameter is optional, then it can be present, but it is not required
C	conditional	If a parameter is conditional, then there is a conditional rule which specifies whether it is mandatory or optional

Notice: Please note that the names of parameters can be returned in upper or lower case.

Additional parameters for calling VR-ePayment Gateway interface for credit cards

Fraud prevention via IP-tracking relates to VISA and MasterCard credit cards via VR-ePayment Gateway interfaces payssl.aspx, paynow.aspx and direct.aspx.

For standard integration and other special parameters for making a credit card payment via the payssl.aspx, paynow.aspx and direct.aspx interfaces, please check the credit card handbook.

Notice: By default the fraud prevention functions are not activated. Merchant Service can activate these functions for you if required.

Notice: For security reasons, VR-ePayment Gateway rejects all payment requests with formatting errors. Therefore, please use the correct data type for each parameter.

The following table describes the encrypted payment request parameters:

Oops, it seems that you need to place a table or a macro generating a table within the Table Filter macro.

Key	Format	CND	Description	Beschreibung
IPAddr	ans..15	O	IP address. If you transfer the IP address, VR-ePayment Gateway can determine in which country and in which town your customer has connected with the Internet (see also IPZone). Format: 123.456.789.012	IP-Adresse. Damit kann das ermitteln, in welchem Land und welcher Stadt Ihr Kunde mit dem Internet verbunden ist (vgl. IPZone). Format 123.456.789.012
IPZone	ans..1100	O	Codes of countries from which you accept orders, 3 digits numeric according to ISO 3166-1. Separate several countries by commas: 036,040,124. If you transmit countries in IPZone, VR-ePayment Gateway checks the country of origin of your customer's IP address, whether it is included in your country list, and whether it corresponds to the country of the credit card (see below). VR-ePayment Gateway also transmits the IP-country to your shop (see below). If the IP-country is not in your list or does not match the credit card VR-ePayment Gateway can send a warning e-mail or refuse payments.	Codes der Länder, aus denen Sie Bestellungen akzeptieren, dreistellig numerisch gemäß ISO 3166-1. Mehrere Länder durch Kommata trennen: 036,040,124. Wenn Sie Länder in IPZone übergeben, prüft das , aus welchem Land die IP-Adresse Ihres Kunden stammt, ob es in Ihrer Länderliste enthalten ist und ob es mit dem Land der Kreditkarte (s.u.) übereinstimmt. Das übergibt das IP-Land auch an Ihren Shop (s.u.). Wenn das IP-Land nicht in Ihrer Liste ist oder nicht zur Kreditkarte passt, kann das eine Warnung per E-Mail senden oder Zahlungen ablehnen.
Zone	ans..1100	O	Codes of countries where you accept credit cards, 3 digits numeric or alphanumeric according to ISO 3166-1. Separate several countries by commas: 036,040,124. If you transmit countries in Zone, VR-ePayment Gateway checks the country of origin of your customer's credit card (MasterCard, Visa) and whether it is included in your approved country list. VR-ePayment Gateway also transmits the card’s country to your shop (see below). If the card’s-country is not in your list or does not match your customer's IP address, VR-ePayment Gateway can send a warning e-mail or refuse payments. In order to refuse cards from particular countries (negative list) enter an exclamation mark before that country code: !036,!040,!124. Please note, there is a maximum length of 1100 characters.	Codes der Länder, in denen Sie Kreditkarten akzeptieren, dreistellig numerisch oder alphanumerisch gemäß ISO 3166.1. Mehrere Länder durch Kommata trennen: 036,040,124. Wenn Sie Länder in Zone übergeben, prüft das , aus welchem Land die Kreditkarte (MasterCard, Visa) Ihres Kunden stammt und ob es in Ihrer Länderliste enthalten ist. Das übergibt das Kartenland auch an Ihren Shop (s.u.). Wenn das Kartenland nicht in Ihrer Liste ist oder nicht zur IP-Adresse des Kunden passt, kann das eine Warnung per E-Mail senden oder Zahlungen ablehnen. Um Karten aus bestimmten Ländern abzulehnen (Negativliste), geben Sie vor dem Ländercode ein Ausrufezeichen an: !036,!040,!124. Bitte beachten Sie die Längenbegrenzung auf max. 1100 Zeichen.

Additional parameters for Fraud prevention for credit card payments

The following table describes the result parameters with which the VR-ePayment Gateway responds to your system

pls. be prepared to receive additional parameters at any time and do not check the order of parameters

the key (e.g. MerchantId, RefNr) should not be checked case-sentive

Oops, it seems that you need to place a table or a macro generating a table within the Table Filter macro.

Key	Format	CND	Description	Beschreibung
Zone	a..7	O	If country codes have been entered in Zone VR-ePayment Gateway returns the country code for the credit card or "UNKNOWN"	Falls bei der Anfrage Ländercodes in Zone übergeben wurden, gibt das den Ländercode der Kreditkarte oder "UNKNOWN" zurück
IPZone	a..7	O	If IP-countries are transmitted in IPZone in the case of the inquiry VR-ePayment Gateway returns the country code of the IP address or "UNKNOWN"	Falls bei der Anfrage IP-Länder in IPZone übergeben wurden, gibt das den Ländercode der IP-Adresse oder "UNKNOWN" zurück
IPZoneA2	a..7	O	If IPZone is submitted within the request VR-ePayment Gateway returns the two-character country code of the IP address or "UNKNOWN" (DE=Germany, FR=France etc.)	Falls bei der Anfrage IPZone übergeben wurde, gibt das den zweistelligen Ländercode der IP-Adresse oder "UNKNOWN" zurück (DE=Deutschland, FR=Frankreich etc.)
IPState	a..32	O	If IPZone is submitted in the request VR-ePayment Gateway returns the federal state from which the IP address of your customer originates.	Falls bei der Anfrage IPZone übergeben wurde, gibt das das Bundesland zurück, aus der die IP-Adresse Ihres Kunden stammt
IPCity	a..32	O	If IPZone is submitted in the request VR-ePayment Gateway returns the town/city from which the IP address of your customer originates.	Falls bei der Anfrage IPZone übergeben wurde, gibt das die Stadt zurück, aus der die IP-Adresse Ihres Kunden stammt
IPLongitude	n..20	O	If IPZone is submitted in the request VR-ePayment Gateway returns the geographical longitude (floating point, decimal) of the dial-in node (PoP) of your customer.	Falls bei der Anfrage IPZone übergeben wurde, gibt das den geographischen Längengrad (Fließkomma, dezimal) des Internet-Einwahlknotens Ihres Kunden zurück
IPLatitude	n..20	O	If IPZone is submitted in the request VR-ePayment Gateway returns the geographical latitude (floating point, decimal) of the dial-in node (PoP) of your customer	Falls bei der Anfrage IPZone übergeben wurde, gibt das den geographischen Breitengrad (Fließkomma, dezimal) des Internet-Einwahlknotens Ihres Kunden zurück
fsStatus	ans..9	OC	Only via direct.aspx, only with EVO Payments International: ACCEPT=no suspicion of card fraud, DENY=refusal recommended, CHALLENGE= verification recommended, NOSCORE=No risk analysis, ENETFP=Exceptional error in the network, ERROR=Error in the data processing centre, ETMOUT=Timeout	Nur über direct.aspx, nur bei EVO Payments International: ACCEPT=Kein Verdacht auf Kartenbetrug, DENY=Abweisen empfohlen, CHALLENGE=Prüfung empfohlen, NOSCORE= keine Risikobewertung, ENETFP=Ausnahmefehler im Netzwerk, ERROR=Fehler im Rechenzentrum, ETMOUT=Timeout
fsCode	n4	OC	Only via direct.aspx, only with EVO Payments International: Recommended action: <0000> no result, <0100> accept, <0150> always accept, <0200> deny, <0250> always deny, <0300> suspicious, <0330> please check, <0400> suspicious ReD blacklist, <0500> questionable, <0600> questionable ReD blacklist, <0700> threshold exceeded, <0800> unusual usage, <901> intern ebitGuard error, <902> format error	Nur über direct.aspx, nur bei EVO Payments International: Handlungsempfehlung: <0000> keine Bewertung, <0100> annehmen, <0150> immer annehmen, <0200> ablehnen, <0250> immer ablehnen, <0300> verdächtig, <0330> überprüfen, <0400> verdächtig ReD-Blacklist, <0500> fragwürdig, <0600> fragwürdig ReD-Blacklist, <0700> Schwellwert überschritten, <0800> ungewöhnliches Nutzungsmuster, <901> interner ebitGuard-Fehler, <902> Formatfehler

Additional response parameters for fraud prevention for credit card payments

Calling the interface for editing a Blacklist

In order to create, read, update or delete a blacklist entry via a Server-to-Server connection, call the following URL:

BlackList.aspx

Notice: For security reasons, VR-ePayment Gateway rejects all payment requests with formatting errors. Therefore, please use the correct data type for each parameter.

The following table describes the encrypted payment request parameters:

Oops, it seems that you need to place a table or a macro generating a table within the Table Filter macro.

Key	Format	CND	Description	Beschreibung
MerchantID	ans..30	M	MerchantID, assigned by VR-Payment. Additionally this parameter has to be passed in plain language too.	HändlerID, die von vergeben wird. Dieser Parameter ist zusätzlich auch unverschlüsselt zu übergeben.

Key	Format	CND	Description	Beschreibung
MAC	an64	M	Hash Message Authentication Code (HMAC) with SHA-256 algorithm. Details can be found here: HMAC Authentication (Request) HMAC Authentication (Notify)	Hash Message Authentication Code (HMAC) mit SHA-256-Algorithmus. Details finden Sie hier: HMAC-Authentisierung (Anfrage) HMAC-Authentisierung (Notify)

Key	Format	CND	Description	Beschreibung
EventToken	enum	M	Abbreviation of the action to be done: <Create>, <Read>, <Update> or <Delete>	Abkürzung der auszuführender Aktion: <Create>, <Read>, <Update> oder <Delete>
BlackListInfo	ans..1024	M	Information about the blacklist entry as JSON string in the Base64 format. See table BlackListInfo below.	Information über den Blacklist-Eintrag als JSON-String im Base64-Format. Siehe Tabelle BlackListInfo unten.

Parameters for calling the blacklist editing

The following table describes the result parameters with which the VR-ePayment Gateway responds to your system

pls. be prepared to receive additional parameters at any time and do not check the order of parameters

the key (e.g. MerchantId, RefNr) should not be checked case-sentive

Oops, it seems that you need to place a table or a macro generating a table within the Table Filter macro.

Key	Format	CND	Description	Beschreibung
mid	ans..30	M	MerchantID, assigned by VR-Payment	HändlerID, die von vergeben wird

Key	Format	CND	Description	Beschreibung
MAC	an64	M	Hash Message Authentication Code (HMAC) with SHA-256 algorithm. Details can be found here: HMAC Authentication (Request) HMAC Authentication (Notify)	Hash Message Authentication Code (HMAC) mit SHA-256-Algorithmus. Details finden Sie hier: HMAC-Authentisierung (Anfrage) HMAC-Authentisierung (Notify)

Key	Format	CND	Description	Beschreibung
Status	a..50	M	OK (URLSuccess) or FAILED (URLFailure)	OK (URLSuccess) oder FAILED (URLFailure)

Key	Format	CND	Description	Beschreibung
Description	ans..1024	M	Further details in the event that payment is rejected. Please do not use the Description but the Code parameter for the transaction status analysis!	Nähere Beschreibung bei Ablehnung der Zahlung. Bitte nutzen Sie nicht den Parameter Description, sondern Code für die Auswertung des Transaktionsstatus!

Key	Format		CND	Description	Beschreibung
BlackListInfo		ans..1024	C	Information about the blacklist entry as JSON string in the Base64 format, if Status=OK. See table BlackListInfo below.	Information über den Blacklist-Eintrag als JSON-String im Base64-Format, wenn Status=OK. Siehe Tabelle BlackListInfo unten.

Result parameters for calling the blacklist editing

BlackListInfo

Following table describes the BlackListInfo object for EventToken Insert:

Oops, it seems that you need to place a table or a macro generating a table within the Table Filter macro.

Key

Format

CND

Description

Beschreibung

Page tree

About Fraud prevention with IP tracking

General information about Fraud prevention

Additional parameters for Fraud prevention

Definitions

Data formats

Abbreviations

Additional parameters for calling VR-ePayment Gateway interface for credit cards

Calling the interface for editing a Blacklist

BlackListInfo

Help

Intranet Tools