Skip to main content

Setting Up and Customizing Fraud Prevention Rules

Updated

Overview

Setting up Fraud Prevention helps you proactively protect your business by controlling how and when transactions are accepted. With a variety of customizable rules and filters, you can block suspicious activity, flag unusual patterns, and limit risk exposure—without needing technical expertise.

This article walks you through how to enable and customize Fraud Prevention in your merchant portal

Prerequisites

Before you can access or use Fraud Prevention, make sure the following are in place:

  1. Fraud Prevention must be active on your merchant account. If you're unsure, contact your Merchant Service Provider.
  2. Your user account must have the 'Access Fraud Prevention' permission enabled. This setting controls visibility of the Fraud Prevention configuration page.

How to Enable Permission

  1. Log in to your Merchant Portal.
  2. Go to Options > Settings > User Accounts.
  3. Select the username you want to edit.
  4. Under Permissions, check the box for 'Access Fraud Prevention'.
  5. Click Save.

How to Access the Tool

Once active and permissions are correctly set:

  1. Log in to your Merchant Portal.
  2. In the left-side menu, click Other Services.
  3. Select Fraud Prevention.

You’ll now see the full configuration panel where you can define rules, exceptions, and review flagged activity.

Fraud Prevention Configuration Sections

Fraud Prevention includes three major tools to help manage your risk:

1. Thresholds

This section allows you to set limits on transaction volume or value over specific timeframes.

  • Daily, weekly, monthly, or yearly rules are supported.
  • Rules can apply to all processors or be set per processor.
  • You can configure them using two modes:

a. Attempted Rules

  • Counts all submitted transactions, regardless of their final status.
  • Includes approved, declined, or errored transactions.
  • Ideal for catching patterns like card testing or excessive retries.

b. Approved Rules

  • Counts only successfully approved transactions.
  • Useful for managing real transaction exposure.

2. User Ban

Block or flag individual users based on specific identifying information:

  • IP Address
  • Credit Card Number
  • Billing Email
  • Country (see "Default Banned Countries" below)
  • User IDs (via Customer Vault, API, or submitted billing email)

You can apply bans:

  • For a specific time period (e.g., 7 days)
  • Indefinitely, if risk remains ongoing

Default Banned Countries

There are 21 countries that are automatically banned. To view them:

  1. Navigate to User Ban tab
  2. Under Geographical Information, click the View (xx) button
  3. If you've added more countries, the number will reflect the total

3. Exceptions

Use this section to whitelist users or transactions you know are legitimate, even if they meet other fraud triggers.

What Actions Can Be Taken on a Transaction?

You can choose how the system responds when a rule is triggered:

ActionWhat Happens
Flag for ReviewTransaction is allowed to process but held for manual review
Deny TransactionTransaction is blocked entirely with an error message: REJECTED CONTACT CUST SERV

Notification and Review Tools

Waiting Review

Transactions flagged by your rules will appear in this queue for your review.

  • If the transaction is legitimate, do nothing—it will process as normal.
  • If it’s fraudulent, manually cancel or void it from your gateway or reporting tool.

History Log

To investigate any past flagged or denied transactions:

  1. Go to Fraud PreventionHistory Log tab
  2. Enter the Transaction ID and click Search
  3. Click the magnifying glass icon under the Response column to see which rule triggered

Merchant Tips

  • Use "Flag for Review" for medium-risk patterns so you can decide case-by-case.
  • For high-risk rules (e.g., banned countries, known IPs), use "Deny Transaction."
  • Keep your exception list current to avoid false positives with trusted customers.

Common Questions

Can I set a limit on how many times a card is used per day?
Yes, use the Thresholds tab to create a rule that limits usage per card number per time period.

What if I only want to ban someone temporarily?
In the User Ban tab, you can set an expiration date or limit the number of days the ban should apply.

Can I override a flagged transaction?
You can choose to allow a transaction through your reporting portal if it's only flagged (not denied).

Need Help?

If you're unsure which rules to use or how to configure the tool for your business model, please contact your Merchant Service Provider for help.