There are many fraud-screening services to help merchants assess the risk of a transaction and authenticate the cardholder to prevent chargebacks.
Nuvei provides you with three types of services for mitigating chargebacks:
- Standard services that include real-time fraud prevention through Nuvei’s Rule Engine, access to the Case Management System, Screening Profile Overview and Chargeback Re-presentments.
- Personalized services that include personal risk account manager.
- Added Value services that include the 3D-Secure Authentication Program, Dynamic 3D, Pre-chargeback notifications, AVS check, and CVV check.
Standard Services
Rule Engine
Nuvei’s rule engine provides real-time fraud prevention via your Nuvei payment page. The rule engine runs during the pre-authorization phase of a transaction and its decision can impact the flow of the authorization in the acquirer bank. Nuvei’s fraud screening rules can block or flag transactions for review for a particular user that matches the logical conditions of the rules. In addition, rules can be configured to automatically blacklist transactions according to elements such as credit card, email address, user ID, IP address and more.
The risk engine has three responses to transactions:
- Accept a transaction – When the risk engine accepts a transaction, the transaction passes to the acquirer bank.
- Reject a transaction – When the risk engine rejects a transaction, the transaction is not passed to the acquirer bank for authorization, and the merchant receives a detailed response with the reasons why the transaction was rejected.
- Flag a transaction – When the rule engine flags a transaction for review, the transaction passes to the acquirer bank and the merchant receives a response with the reasons for review.
Additionally, you can refund or void suspicious transactions before they become chargebacks through the Case Management System.
Nuvei’s risk platform is proactive in combating fraudulent transactions and can be customized to your needs to automatically blacklist customers according to specific fraud rules or when a transaction has been reported as a chargeback.
Screening Profile Overview
Listed below are categories of rules available in the rule engine.
For the specific rules that have been configured to your account, please refer to the Control Panel, Risk > Client Fraud Rules:
The table below provides a list of the categories that are mapped to groups of Nuvei’s fraud screening rules. A category is displayed in the Nuvei Control Panel in the Transaction Report when a transaction is filtered due to a Custom Fraud Screen.
# | Rule Categories | # | Rule Categories |
---|---|---|---|
1 | 3D-Secure Information | 17 | Inconsistency by Passport |
2 | AI Score | 18 | Inconsistency by UserID |
3 | Airline Information | 19 | IP Information |
4 | Banned Countries | 20 | List Management Global Level |
5 | Billing Information | 21 | List Management Industry Level |
6 | Credit Card Information | 22 | List Management Merchant Level |
7 | Customer Verification | 23 | Merchant Information |
8 | Default Parameters | 24 | Merchant Limits |
9 | Duplicate Charges | 25 | Merchant Velocities |
10 | Geo-location | 26 | Names Conflict |
11 | Global Limits | 27 | Restricted Gambling Countries |
12 | Global Velocities | 28 | Shipping Information |
13 | Inconsistency by Billing Address | 29 | Transactional Information |
14 | Inconsistency by Credit Card | 30 | User Information |
15 | Inconsistency by Email Address | 31 | User Seniority |
16 | Inconsistency by IP Address |
Case Management System
Nuvei’s Case Management system enables you to be proactive in your risk management. Through the Case Management system, your Risk Team can collaborate with the Nuvei Risk Team to mitigate the risks of fraudulent transactions and is embedded within Nuvei’s portal.
Through the Case Management system, real-time alerts are received for transactions that have been flagged for review by the rule engine, offline reports, or the Nuvei Risk Team.
With the Case Management system, you can independently review transactions, flag users, issue refunds, void transactions, perform follow-ups, blacklist and whitelist users and parameters such as Email addresses, and send live feedback to the Nuvei Risk Team. Nuvei logs all alerts and feedback in the system.
Merchants can cancel/void transactions prior to the transmission of the transaction to the acquiring bank. This allows merchants to decrease chargebacks and prevent even greater losses in cases where an affiliate sends bad traffic.
All alerts and merchant feedback are documented in the system. Nuvei’s Risk Team is able to measure the efficiency of fraud detection for each merchant’s account. The Risk Team can then further customize parameters and fine-tune the merchant’s risk profiles for better performance.
Re-present Chargebacks
Nuvei handles disputes on behalf of clients. For more information about the re-presentment process and necessary documents, please refer to Chargebacks.
Personalized Services
Personalized services are customized services, which Nuvei can provide you in addition to standard services.
Risk Account Manager
A personal risk account manager is responsible for your account in terms of monitoring and payment optimization, including, but not limited to, reviewing fraud screening rules efficiency, chargeback ratio, fraud trends, and conversion ratio.
Your risk account manager is your focal point for any inquiry, customized analysis, or reports. The Risk Team handles post-process actions, such as blocks and whitelists, as well as answering merchant emails and inquires. For merchants eligible for personalized services, the Risk Team also performs manual reviews of suspicious transactions.
Emails to the risk account manager should be sent to [email protected]. They are then forwarded to your personal risk account manager.
Added Value Services
Added value services are provided by Nuvei in addition to the standard and personalized services. This section provides a brief description of the Nuvei’s added value services.
3D-Secure Authentication
3D-Secure is a credit card authentication program implemented by Visa and Mastercard to reduce fraudulent purchases by verifying the cardholder’s identity during online transactions. The Nuvei Gateway can act as an MPI (Merchant Plug-in) for 3D-Secure when processing transactions.
The benefits of implementing 3D-Secure include a reduction in disputed transactions and chargebacks with fraud reasons and their resulting financial expenses.
3D stands for three domains:
- Issuer Domain
The issuer is responsible for managing the enrollment of their cardholders to the service and the authentication of the cardholder during an online purchase.
- Acquirer Domain
The acquirer is responsible for ensuring that the merchant participating in the transaction is operating under a merchant agreement and is also responsible for the actual processing of the authenticated transaction.
- Interoperability Domain
This domain facilitates the transaction exchange between the other two domains with a common protocol and shared services.
Transaction Flow
ECI
An Electronic Commerce Indicator (ECI) value is the result of a 3DS authentication request, returned by a Directory Server (“issuer ACS”) (namely Visa, Mastercard, Diners, Discover, JCB, and American Express).
Possible ECI data values:
An Electronic Commerce Indicator (ECI) value is the result of a 3DS authentication request, returned by a Directory Server (“issuer ACS”) (namely Visa, Mastercard, Diners, Discover, JCB, and American Express).
Possible ECI values:
ECI = 5 (VISA), 2 (Mastercard): This value is set by the ACS in the Payer Authentication Response message when the cardholder successfully passes 3D-Secure payment authentication leading to a shift in liability.
ECI = 6 (VISA), 1 (Mastercard): This value is set by the merchant when the merchant attempted to authenticate the cardholder using 3D-Secure, but the issuer or cardholder was not participating, or an issuer ACS was not able to respond, leading to a shift in liability.
ECI = 7 (VISA, Mastercard), 6 (Mastercard): This value is set by the merchant when the payment transaction was conducted over a secure channel (for example, SSL/TLS), but payment authentication was not performed, or when the issuer responded that authentication could not be performed, leading to no shift in liability.
Below is a table that contains the ECI values:
Credit Card Type | ECI | Enrollment | Authentication | Chargeback Protection |
---|---|---|---|---|
Mastercard | 2 | Y | Y | Yes |
C | Y | Yes | ||
1 | A | A | Yes | |
C | A | Yes | ||
6 | N | N | No | |
7 | R | - | No | |
N | - | No | ||
C | Y | No | ||
- | No | |||
U | - | No | ||
Visa | 5 | Y | Y | Yes |
C | Y | Yes | ||
6 | A | A | Yes | |
7 | R | - | No | |
N | - | No | ||
C | Y | No | ||
- | No | |||
U | - | No | ||
- | No |
Whether you have a liability shift or not depends on the combination of the enrollment and authentication result.
Results Explanations
Result | Enrollment | Authentication |
---|---|---|
N | Cardholder not participating | Authentication failed |
U | Unable to authenticate | Authentication could not be performed |
E | Critical field validation failed | Error |
Y | Card participate | Authentication successful |
A | - | Attempts processing performed |
C | Challenge required | - |
R | Authentication/account verification rejected | - |
Exceptional Cases
Every user has the right to ask their issuer bank for clarification and details. Even though a transaction was processed through 3D-Secure, a retrieval request or report as fraud may occur when a cardholder does not recognize a charge in their credit card’s monthly statement.
It is also possible to get a chargeback from any user who is authenticated via 3D-Secure, but only under the following circumstances:
- The chargeback reason is not fraud related.
- When the ECI result is 7 and the enrollment status or authentication status returned an error (U, E, N).
Dynamic 3D
The Dynamic 3D feature allows Nuvei to dynamically manage a 3D-Secure flow for suspicious orders based on multiple criteria in the rule engine in real-time.
Nuvei minimizes the merchants’ risk of chargebacks and fraud, while converting high-risk traffic into payments instead of automatically rejecting them during the fraud screening flow.
Users flagged as suspicious are given an option to pay via a secured flow, and if authentication has been successfully completed, Nuvei accepts these transactions as legitimate transactions and ensures a liability shift in the event of a chargeback.
Routing parameters include the following parameters:
- Amount Fixed
- Amount converted in USD
- Amount converted in EUR
- Amount converted in GBP
- Billing country
- BIN
- BIN country
- Credit Card Company (Visa, Mastercard, etc.)
- Currency
- Device Type (Desktop, Mobile)
- Is Rebill / MIT
- Billing – BIN conflict
- Seniority by card or email
- Website
- External Token Provider (such as ApplePay, GooglePay, Mobilepay)
- Issuer bank
- External Fraud score
- Is Anonymous Card
- Stored Credentials mode (COF – Card on File)
CVV Check
CVV2 (Card Verification Value) reduces credit card fraud by ensuring that the card number is legitimate, and that the customer physically possesses the credit card. The CVV number is printed on the back side of a credit card next to the signature panel.
Nuvei connects to Visa, Mastercard and AMEX networks to verify that the card verification number that appears on the back of a credit card matches the credit card number provided by the customer.
The result can be seen in the Transaction Search section in the Control Panel or in the API response from our server.
The possible CVV2 responses are listed below:
Code | Result |
---|---|
M | CVV2 Match |
N | CVV2 No Match |
P | Not Processed |
U | Issuer is not certified and/or has not provided Visa the encryption keys |
S | CVV2 processor is unavailable |
AVS Check
Address Verification Service (AVS) enables merchants to verify the address of a cardholder. Nuvei’s AVS checking service verifies the billing address of the credit card provided by the customer against the address on file at the credit card company.
AVS has almost full coverage in the US, Canada, and UK (for the rest of the world, it is supported when the issuer supports it). To be able to receive AVS results, you need to make sure that you send the relevant information in the Address, City, ZIP Code, and Country fields for all transactions processed from these countries.
The result can be seen in the transaction search in the Control Panel and in the API response from our server.
When sending a transaction for address verification, you receive one of the following responses from the issuing bank:
Code | Summary | Value Description |
---|---|---|
X / Y / D / M / F | Match | Street address and ZIP code both match. |
A / B | Partial Match | Street address matches, but ZIP code does not match. |
W / Z / P | Partial Match | Street address does not match, but ZIP code matches. |
N / I / C | No Match | Street address and ZIP code do not match. |
G / S | Not Supported | Issuing bank does not support AVS. |
U | System Unavailable | • Address information unavailable. Returned if non-US. • AVS is not available or the AVS in a U.S. bank is not functioning properly. |
R | System Unavailable | Retry - Issuer's System Unavailable or Timed Out. |