The optile Risk Suite offers the functionality to help you prevent fraud and manage your risk. This functionality of our Risk Suite is continuously evolving and currently you can choose to block specific transactions when those transactions meet certain conditions. These conditions could be Simple Conditions, Aggregate Conditions or a Combination of Conditions (i.e., conditions combined with AND in a single rule).
A Simple Condition checks only the current transaction with regard to one of these Dimensions:
- IP Address - The end customer's IP address.
- IP Country - The country from where the end customer’s IP address emanates. We refer your customer’s IP address to our internal GeoIP database to retrieve the relevant country.
- IIN - The Issuing Identification Number which is the first 6 digits of a credit card and it identifies the credit card's issuing bank.
- Issuing Country - The country where the credit card was issued. We use the IIN (the first 6 digits of a credit card) and refer it to optile's IIN list.
- E-Mail Address - The full e-mail address of your end customer.
- E-Mail Localpart - The local part of the e-mail address of your end customer (everything before the "@" sign).
- E-Mail Domain - The domain part of the e-mail address of your end customer (everything after the "@" sign).
Each Simple Condition needs to have one of these forms:
- [Dimension] 'has' or 'has not' value "X" - examples:
- IP Country 'has not' value "Germany". This rule matches all end customers with an IP address not from Germany and blocks these transactions.
- E-Mail Domain 'has' value "hotmail.com". This rule matches all end customers using an email address ending in "@hotmail.com" and blocks these transactions.
- [Dimension] 'has' or 'has not' the same value as [Dimension] - example:
- IP Country 'has not' the same value as Issuing Country. This rule matches and blocks the transactions where the credit card is issued in a country other than the GeoIP location of the end customer.
- [Dimension] 'contains' or 'does not contain' substring "X" - example:
- E-Mail Domain 'contains' substring "yahoo.". This rule matches and blocks all end customers using an email address containing "yahoo." after the "@" - so this would match "@yahoo.de", "@yahoo.com" and "@yahoo.fr" email addresses (among others).
An Aggregate Condition checks the current transaction in the context of past transactions. Currently our Risk Suite has only one form of Aggregate Condition:
- Number of transactions for the same payment account in [Timespan] is greater than [N].
The [Timespan] can be something like "the last 30 days" or "the last 12 hours"; it is always evaluated with regard to the exact time that the transaction was attempted.
Example: If we have a condition where [Timespan] is "last 30 days" and a credit card transaction is attempted at 2017-05-31 09:42:18 UTC, all transactions for this credit card after 2017-05-01 09:42:18 UTC are included.
Only non-blocked transactions are counting towards the limit [N].
Example: If you have a rule that blocks transactions when "Number of transactions for the same payment account in 24 hours is greater than 3" and a transaction is attempted every hour, the first 3 of these transactions will be allowed and the subsequent 21 transactions would be blocked. The next 3 transactions will be allowed again, as the 21 blocked transactions are not counted as transactions within the 24 hour [Timespan].
Configuring Risk Rules
Currently there is no graphical user interface for our Risk Suit. As a result, all rule adjustments and other requests must be communicated via email following the template below.
Creating Risk Rules
To create a new rule to manage your Risk just follow this process:
- Write an email to firstname.lastname@example.org
- Title the email with the relevant name: 'Merchant Name - Rule Adjustment'
- The email should be structured as follows:
- Type - what kind of change would you like? There are three options:
- Create - if you want to create a rule new rule
- Modify - if you want to modify an existing rule
- Delete - if you want to inactivate an existing rule
- Rule ID - only relevant if you want to Modify or Delete an existing rule.
- Action - what action is required? Currently the only option available is to 'Block'
- Dimension/s - there are currently seven dimensions available. You can create a rule from either or a conditional rule that requires both.
- IP Address
- IP Country
- IIN - The Issuing Identification Number
- Issuing Country
- E-Mail Address
- E-Mail Localpart
- E-Mail Domain
- Parameter/s - as there is a restriction on the dimensions available equally this applies to the parameters that can be specified. We can create a rule relating to any country in the world.
- Environment - specify if the changes should be applicable to the Live or the Sandbox environment. If not explicitly specified, we would apply the changes to Sandbox as a default.
- Confirmation – once we have completed the change you request, we will send you an email to advise you. If you have decided to create a new rule, the response will include the unique RuleID. This RuleID must be cited in future if you wish to modify or delete an existing rule
Should you require the information regarding what risk rules you currently have active, simply follow these steps:
- Write an email to email@example.com
- Title the email with your 'Merchant Name' and – 'Rule View'
- Template for the email should be as follows:
- Type - Rule View
- Variant - All active rules
- Environment - Live or Sandbox
An email asking us to create a new rule. It should block transactions when the Issuing Country is Germany
Effect - this will create a single rule that blocks transactions when the Issuing Country is Germany.
An email asking us to create a new rule. It should block when Issuing Country is Germany and IP Country is Germany
Effect - this would create a single rule, that blocks when both conditions are met.
An email asking us to create a new rule. It should block when Issuing Country is Germany, Austria or Ireland
Effect - this request will create three new rules. One each to block credit cards from Germany, Austria and Ireland.