Security configuration

Anti-fraud

Paylands offers a powerful anti-fraud system which allows both redirecting suspicious transactions to 3DS and rejecting them directly, without processing the payment. For this purpose there are a number of checks available that can be grouped together to form anti-fraud rules, each with its own score. The sum of the scores of all the rules that have been activated will determine the score for the current transaction.

Configuration and creation of Anti Fraud.

First of all, we have to go to the Security -> Anti Fraud tab in the panel. Here we will see a list with all the anti-fraud available and the number of services associated with it. In the Total Services column we can consult by clicking the number of services associated with anti-fraud. Remember that you have to associate those services that are going to use it with anti-fraud. A service can only be associated to an anti-fraud.

To assign a service we must go to Manage -> Payment Services -> List. We access the details of the service that we want to associate with an Anti Fraud. In the Anti Fraud tab we choose the desired one and update.

The available validations are:

maximumCorrectPaymentsByCard

• Number of correct transactions with a card in the last X days.
• Parameters:
  • retries: number
  • interval: number (in days)

maximumCorrectPaymentsByIp

• Number of correct transactions from an IP in the last X days.
• Parameters:
  • retries: number
  • interval: number (in days)

maximumCorrectPaymentsByExternalId

• Number of correct transactions associated with a user in the last X days.
• Parameters:
  • retries: number
  • interval: number (in days)

maximumIncorrectPaymentsByCard

• Number of declined transactions with a card in the last X days.
• Parameters:
  • retries: number
  • interval: number (in days)

maximumIncorrectPaymentsByIp

• Number of rejected transactions associated with an IP in the last X days.
• Parameters:
  • retries: number
  • interval: number (in days)

maximumIncorrectPaymentsByExternalId

• Number of declined transactions associated with a user in the last X days.
• Parameters:
  • retries: number
  • interval: number (in days)

maximumPaymentsPerMinuteByCard

• Number of charges with a card in the last X minutes.
• Parameters:
  • retries: number
  • interval: number (in minutes)

maximumPaymentsPerMinuteByIp

• Number of collections from an IP in the last X minutes.
• Parameters:
  • retries: number
  • interval: number (in minutes)

maximumPaymentsPerMinuteByExternalId

• Number of collections associated with a user in the last X minutes.
• Parameters:
  • retries: number
  • interval: number (in minutes)

maximumPaymentsFromCardFromDifferentIPs

• Number of collections with different IPS from which the card has been used in the last X days in the current payment service.
• Parameters:
  • retries: number
  • interval: number (in days)

maximumPaymentsFromIPFromDifferentCards

• Number of different card charges from an IP in the last X days on the current payment service.
• Parameters:
  • retries: number
  • interval: number (in days)

maximumRetriesFromCardUsedByOtherUser

• Number of charges from different users who have used the card in the current payment service.
• Parameters:
  • retries: number
  • interval: number (in days)

maximumRetriesFromSameIpUsedByOtherUsers

• Number of charges from different users who have used the card from the same IP in the current payment service.
• Parameters:
  • retries: number
  • interval: number (in days)

successivePaymentsWithSimilarCards

• Number of payments in the last few days from the same IP with similar cards.
• Parameters:
  • interval: number (in days).

maximumAmountPayment

• Maximum payment amount.
• Parameters:
  • amount: number

maximumUsedCardsByExternalId

• Number of charges with different cards used by the same user in the last X days.
• Parameters:
  • retries: number
  • interval: number (in days)

paymentFromProxy

• Checks if any proxy header exists.

paymentFromTor

• Checks the IP match with a list of the last IPs used by TOR.

lastAmountsSum

• Sum of the amounts of successful transactions for the last X days.
• Parameters:
  • amount: number
  • interval: number (in days)

minimumAmountPayment

• MinimumAmountPaymentAmountPayment.
• Parameters:
  • amount: number

datesRange

• Compares the transaction time to the provided date range.
• Parameters:
  • from: date
  • to: date

matchingIpFromCountry

• Matches the currency country to the user's country.
• Parameters:
  • operator: string
  • country: number

matchingBrand

• Matches whether the card belongs to a particular brand.
• Parameters:
  • brand: string

matchingBrandAndAndCountry

• Checks if the card belongs to a specific brand and country.
• Parameters:
  • brand: string
  • country: number

matchingSourceCountry

• Checks if the card belongs to a specific country.
• Parameters:
  • operator: string
  • country: number

maximumAmountCorrectPaymentsByCard

• Maximum number of successful payments with the same card.
• Parameters:
  • retries: number
  • interval: number (in days)

maximumCorrectUsedCardsByExternalId

• Maximum number of cards used in correct payments per External ID.
• Parameters:
  • retries: number
  • interval: number (in days)

maximumIncorrectUsedCardsByExternalId

• Maximum number of cards used in incorrect payments per ExternalId.
• Parameters:
  • retries: number
  • interval: number (in days)

Listas de seguridad

Within the security lists we can configure those elements (IP, BIN, UUID, EXTERNAL_ID and TOKEN) to be marked as safe, risky or block them.

To access each of the security lists we only have to go to Security and click on the desired list.

In this section we can see each of the available lists where we can enable or disable them and consult the services associated with them. Even being able to unlink the services we want from said list.

In the details of each list we can create, modify and delete elements. Remember that you will also have to associate as many services as you want to use this list.

Whitelists

From this section you can configure white lists that can be associated with existing services.

These lists allow you to configure checks to prevent a trusted operation from entering risk assessment or fraud. The parameters that can be checked to validate that the operation is trusted are the following:

• IP: IP address from which the operation is performed.
• BIN: First 6 digits of the card number.
• UUID: Card identifier.
• ID_EXTERNAL: Customer identifier.
• TOKEN: Card identifier token.

Blacklists

From this section you can configure black lists that can be associated to existing services.

These lists allow you to configure checks to prevent an untrusted operation from being processed. The parameters that can be checked to validate that the operation should be blocked are as follows:

• IP: IP address from which the operation is performed.
• BIN: First 6 digits of the card number.
• UUID: Card identifier.
• ID_EXTERNAL: Customer identifier.
• TOKEN: Token identifier of the card.

Greylists

From this section you can configure gray lists that can be associated to existing services.

These lists allow you to configure checks to force an untrusted transaction to be processed as a secure order (3DS). The parameters that can be checked to validate that the security level of the operation should be increased are the following:

• IP: IP address from which the operation is performed.
• BIN: First 6 digits of the card number.
• UUID: Card identifier.
• ID_EXTERNAL: Customer identifier.
• TOKEN: Card identifier token.