Fraud management

Attract a larger audience and secure customer trust with superior fraud prevention mechanisms built right into your Recurly setup, courtesy of Kount's expertise.

Overview

Required plan

This feature is available to all customers on any subscription plan.

Limitations

  • New card verifications (both sign-ups and billing info updates) are subject to risk inquiries. Existing accounts with a credit/debit card on file are not scrutinized unless their billing information is updated.
  • The efficacy of fraud detection might be influenced by the quality and completeness of the transaction and customer data provided.

Definition

Recurly's Fraud Management is a comprehensive suite of tools designed to identify and counteract fraudulent activities in real-time. This page is about how we help merchants fight fraud.

Key benefits

  • Real-time fraud detection: Our system analyzes transactions as they happen, providing instant alerts on suspicious activities, helping you prevent fraudulent transactions before they occur.

  • Integrated with Kount: Leveraging Kount, a leading fraud management integration partner, we ensure your transactions are secure and your business is protected against evolving fraud tactics.

  • Enhanced payment security: Utilizing AVS (Address Verification Service) and CVV (Card Verification Value) checks to add an extra layer of security, reducing the likelihood of fraudulent transactions.

Key details

Fraud Management Functionality

Kount

We use Kount as our main fraud management integration partner to maximize fraud protection. To know more about our Kount integration, please visit our dedicated page. Kount Integration

AVS and CVV Verification

We also utilize AVS and CVV responses from our gateway partners as part of our fraud prevention measures. To understand the details and the process to enable these features, please visit our payment settings page. Payment Settings

Fraud Management Configuration

To configure the fraud management settings, navigate to Configuration → Fraud Management in your Recurly account. This area allows you to customize your fraud detection and prevention measures to fit your business needs, ensuring you're equipped to handle the challenges of online payment fraud.

On this initial page, you can find an overview of the fraud management settings, providing a snapshot of whether this critical feature is active and how it is configured. To view any fraudulent transactions, click on ‘View All’. To tailor these settings to your needs, click on the ‘Configure Settings’ button located in the upper right corner.

User defined fields

Set business and merchant type it’s essential to specify your business and merchant type to tailor fraud prevention strategies effectively to your operational model.

Merchant Business Types:

  • B2C means Business to Consumer: If you are primarily selling subscriptions and products to an end consumer, choose this option.
  • B2B means Business to Business: If your customers are primarily other businesses / organizations, choose this option.
  • Both: If you have a mixture of both business customers and end-consumers, choose B2C and B2B.
  • Unknown: We do not recommend this option – it is best to find out your mix and choose accordingly.

Merchant Category Types:

  • Digital: If you primarily provide services or digital products (online-only, classes, streaming services, software, etc.) choose this option.
  • Physical: If you primarily sell physical products that require shipment to the customer, choose this option.
  • Digital and Physical (Both): If you have a mixture of both types, choose this option.
  • Unknown: We do not recommend this option – it is best to find out your mix and choose accordingly.

Enabling fraud management

Set the status to ‘Enable’ to activate real-time fraud management monitoring, ensuring your transactions are scanned for suspicious activities.

Decline threshold rules

High risk decline

Utilizing Kount's extensive data and logic, this feature gives a detailed analysis of transactions, checking for connections to fraudulent activities outside of Recurly's network. Any transaction identified as High Risk by Kount will be automatically declined.

Note: This setting is overridden if a risk score decline level of 75+ is chosen.

Risk score decline threshold

This setting allows you to define the risk score threshold that, if exceeded by a transaction, will trigger an automatic decline. A higher Risk Score setting means a more lenient approach to risk, potentially reducing the number of declined transactions. Conversely, a lower Risk Score setting indicates a stricter risk threshold, leading to more declined transactions.

Adjust this threshold by selecting an option from the dropdown menu to align with your organization's risk tolerance.

Fraud velocity rules

These rules restrict the frequency of attempts made using the same credit/debit card, IP address, email, or device for entering or updating billing information.

Note: There is a default for all velocity rules which can be found in your Recurly fraud management settings. This number provides a balanced approach to fraud prevention, but you may change it at your discretion. Setting this value to 0 turns off the velocity rule entirely, removing the restriction on attempt frequency. While possible, this is not recommended.

Velocity rules for credit cards

This rule restricts how often billing information can be updated using the same credit or debit card number within a single hour. It's designed to prevent excessive attempts that might indicate fraudulent activity.

Velocity rules for IP addresses

Similar to credit cards, this rule limits the number of times billing information updates can occur from the same IP address within an hour, helping to identify and mitigate potential fraud.

Velocity rules for email addresses

This rule sets a cap on the number of billing information updates that can be made with the same email address over a 24-hour period. It's a crucial step in controlling fraud linked to email-based manipulation.

Velocity rules for devices

This regulation controls the frequency of billing updates initiated from the same device within an hour, offering an additional layer of security by monitoring device-specific activity.

Blocked countries

You have the option to automatically reject transactions originating from countries you designate as high risk. This automatic decline activates when the customer's transaction BIN (Bank Identification Number) Country is a match with any selected on your deny list. This rule is specifically applied to credit card transactions, enhancing your fraud prevention measures by geography.