/
1.13.10 Fraud prevention

1.13.10 Fraud prevention

Owned by Former user (Deleted)
Last updated: Oct 16, 2015Version comment

 

Below are the measures that can be applied in order to prevent undesired transactions.

 

Screening

A recharge transaction consists of the following phases:

  • processing by the payment gateway – the onlineshop sends request to the payment provider and the charging process takes place there
  • finalization – on receiving result from the payment provider the onlineshop takes appropriate action, if transaction is approved the client account is credited

 

By default the finalization is set to auto mode which lets the onlineshop credit the account instantly. This behavior can be changed so that the transaction is paused with the ApprovedWaiting status and needs a manual intervention.

 

The manual approval can be set per a payment provider by setting the 'manualApprovingTransactions' key to 1 in the Payments.config file.

In order to approve transaction a VSM user with adequate rights has to open the Transaction history menu and change the status of pending transactions. Depending on his assessment a transaction can be cancelled or approved – which results in crediting the account.

Black list

If you see a suspicious activities from a certain location or a user you can block it permanently so that all attempts to make a transaction will be blocked. To do so go to the Settings/Online payments/Blockades menu and click the add new button. In the dialogue window select the type of the blockade and enter the exact value or a regular expression matching the unwanted pattern.

In order to make the onlineshop use the blocking function you have to set the EnableBlocking key to true in the AppSettings.config file.

 

Alerts

In the AppSettings.config, there is a key AdminEmailAddress where you should put an email address used to receive alerts generated by the onlineshop. Below are the events that trigger notifications:

  • When a client changes subscription associated with a DID and the DID removal requires manual action. The notification’s content:  "Client with ID: {0} and ClientType: {1}  removed a DID(s) '{2}', clientId, clientType, didsToRemove.TrimEnd(',')));
  • An attempt to use recharge with NoPaymentProvider provider type. The notification’s content: "An attempt to use the NoPaymentProvider to recharge account. Client login: {0} IP: {1}. The transaction has been cancelled.", transaction.ClientLogin, transaction.ShopData.IpAddress)
  • An attempt to recharge account of the client type which is not permitted. The notification’s content: "An attempt to recharge account; the client type is not allowed for this operation type. The client login: {0} IP: {1}.", transaction.ClientLogin, transaction.ShopData.IpAddress)
  • An attempt to recharge account with an amount which is not defined in the Charge amounts configuration. The notification’s content: "The recharge amount is different than the allowed amounts. Client login: {0} IP: {1}. The transaction has been cancelled.", transaction.ClientLogin, transaction.ShopData.IpAddress)

Related content