Preventing Fraudulent Transactions

Woohoo Pay has a number of risk functionalities available to Merchants when it comes to preventing fraud. There are a number of checks built into the Gateway and a small selection where Woohoo Pay is partnered with a third-parties to provide Merchants with a number of solutions.

The following checks are available in-house from Cardstream:

  • CV2 (Card Verification Value)
  • AVS (Address Verification System)
  • 3D Secure
  • IP configuration/locking
  • Signature Key
  • BIN blocking
  • Velocity Checks

Woohoo Pay partner with the following third-parties for advanced fraud prevention:

  • Kount

CV2 (Security Code) Checking: This is a check which is provided by most card issuers. The CV2 checks can be performed on all E-Commerce and MOTO transactions placed on Woohoo Pay. The CV2 is the three-digit number on the back of your Visa or MasterCard.

AVS (Address Verification System) Checking: This is a check which is widely supported by the UK, however, limited issuing banks outside the UK support AVS checking. This allows Cardstream to check the numerical details in the cardholder’s address and postcode with their card issuer.

3D Secure: Woohoo Pay currently support and offer 3D Secure on AMEX, Visa and MasterCard transactions. 3D Secure adds an additional layer of security to the Cardholders card, it allows the cardholder to create a unique password to their relevant debit or credit card. This when works very much like the Pin would with a PDQ machine in order to authenticate a payment as only the cardholder should know that password.

Direct Integration/IP Locking: Direct Integration transaction operations such as Refunds, Captures, Cancels and manual authorisations can only normally be made through this admin application if the user has sufficient permissions. If a Merchant wishes to send these operations via the Direct Integration method, they are required to input their IP address here, otherwise, such operations received from non-authorised IP addresses will not be accepted.

Signature Key/Pre-Shared Key: For additional security, a Merchant must sign all of their requests to the Gateway with a signature key. This is a requirement which must be added to the end of any checksum for a Merchant’s request.

BIN Blocking: Woohoo Pay provides Merchants with the option to block certain Card Types and Issuing Countries from being transacted on their Merchant Account/s.

Merchant Accepted Card Types: Choose which card types the Merchant can process. The choice of available card types will depend on the Acquirer and which types they support. However, this feature allows for an easy way to block a specific card type if needed (e.g. Credit Cards).

Merchant Rejected Card Issuer Countries: Choose which card issuing countries to remove and NOT accept transactions from. Therefore, if the Merchant was not entitled to accept payments from a particular country, they can simply input this into the MMS via the Preference page.

Velocity Checks: The Velocity Checking system is designed to alert the Merchant and/or block a/several specific transaction/s when a certain number of transactions of a certain type reached a certain threshold. This is a requirement that some Merchant Acquirers require a Merchant to have in place. For example, a Merchant may need/want to limit the number of times a Cardholder can process on their Merchant Account in a day (e.g. twice in a day), therefore these Velocity Checks prevent this. This system can also limit the value per transaction and count of the transaction (REFUNDS and SALES).

Third Party Prevention’s: We’ve recently partnered with the fraud prevention solution ‘Kount’ For further information on these solutions, please contact the Support team who will be happy to advise further.