MySagePay
Login >

SCA and Fraud Protection

Published 23/10/2020

SCA and Fraud Prevention

Dealing with fraudulent payments can be a nightmare for any business. While the introduction of new protective measures through the SCA (Strong Customer Authentication) mandate aims to reduce fraudulent activity, the risk may still be present.

There are many types of ecommerce fraud schemes that currently exist, each more sophisticated than the other. From instances of classic fraud, where stolen credit card details are sold on the dark web, to chargeback fraud where online shoppers make a purchase only to then issue a chargeback, claiming that their card was stolen. In addition to this, merchants can also face further fraud attempts such as card testing fraud, account takeover fraud and fraud via identity theft.

With the introduction of SCA as a part of PSD2, there are some general requirements that must be met by merchants for better fraud protection. This includes having effective transaction monitoring mechanisms in place to detect fraudulent or unauthorised payment transactions.

With these mechanisms, merchants should be able to identify:

  • A list of any known fraud scenarios.

  • A list of compromised or stolen authentication elements.

  • The exact amount of each payment transaction.

  • If the access device or payment software is provided by a PSP (Payment Service Provider), a record of the use of the access device and any abnormal use.

Currently we offer merchants a variety of free and third-party fraud screening and prevention services that can help businesses stay compliant whilst offering a smoother transaction experience to customers.

At Opayo, we also offer fraud prevention webinars at £99 (excluding VAT) that are aimed to guide merchants with using all of our standard fraud prevention tools in MSP.

Our advanced fraud screening tools include 3D Secure Versions 1 & 2, customisable rules for AVS (Address Verification Service), CV2 checks and more. For a more advanced and tailored eCommerce fraud prevention service, we have partnered with ACI Worldwide to offer ReD Shield, a multi-layered fraud prevention solution.

The implications of SCA for merchants and payment service providers

Strong Customer Authentication, or SCA, was implemented to make payments more secure for merchants and customers, introducing stronger security measures including two-factor authentication.

When using 3D Secure, transactions are effectively authenticated and the liability for unauthorised transactions passes onto the card issuer. This in the long term can save merchants time and money from dealing with potential disputes.

Furthermore, there are several exemptions to SCA that can help merchants balance customer security and convenience, while minimising fraud and friction. Merchants are first required to speak with their acquirers to get their approval of any exemptions chosen to use.

Once the acquirer has offered advice on the suitable exemptions for each merchant’s business model, an exemption can be requested on a per-transaction basis. Please be aware that exemptions can only be requested when submitting transaction requests to the payment service provider.

Where an exemption is chosen and applied, chargeback liability is transferred back to the merchant for that particular transaction. 

Fraud Prevention Tools Available for Merchants

At Opayo, we offer a variety of tools to merchants, some of which are totally free and others that come as an additional upgrade. With our fraud prevention solutions, merchants can benefit from multiple layers of security from the moment transactions are made.

Opayo advanced fraud screening tools can help you determine whether payments are genuine through free services such as two-factor authentication from 3D Secure, CVV (Card Verification Value) and AVS (Address Verification Value). By correctly setting up your additional fraud prevention rules on MyOpayo, suspicious activity may be appropriately monitored and the risk of chargebacks and fraud significantly reduced.

Alternatively, we also offer bespoke fraud protection from ACI ReD Shield, an advanced solution that works alongside the Opayo system to provide a more specialist prevention service.

Take a look below for further information on the fraud protection tools that are available to your business.

My Sage Pay rulebase settings with SCA and AVS / CVV checks

With our free fraud checking tools, merchants can drastically reduce the risk of fraud by being able to dynamically control whether a transaction is authorised or rejected.

The MSP rulebase settings allow merchants to create bandings for transaction amount values, enabling you to determine whether you’d like to authorise or reject a transaction based on the results of 3D Secure authentication coupled with an Address Verification Service (AVS) and the Card Verification Value (CVV or CV2 or CVC) and based on the amount value. You may have less of a risk appetite for high transaction amounts compared to low transaction amounts.

Merchants can also use 3D Secure authentication as your pre-authorisation fraud check. If authentication fails, then the transaction can be rejected. Opayo also allows you to even request to challenge the cardholder to undertake SCA so they have to prove they are the owner of the card. You may want to do this if you find there is suspicious account activity on your site (passwords constantly changing, different cards being added / removed in a short space of time).

Use the AVS / CVV checks as your post authorisation fraud check. If the cardholders address or security code (last 3 digits on the back of the card) fail the card issuers checks, then you can reject the transaction.

You can also use our enhanced fraud screening tool as a free post authorisation fraud check to be provided with a fraud risk score to act upon.

Enhanced fraud screening built in as standard

This free fraud prevention solution offered by Opayo aims to reduce the costs of fraud to businesses, whilst making sure that genuine customers are not frustrated by the checking process. Each transaction is screened individually.

The fraud rating, along with the rules that have been used to trigger the fraud score will appear in the merchant’s My Sage Pay account along with the fraud score itself.

These results are then displayed within your My Sage Pay account. After our enhanced fraud screening tool has reviewed each payment, merchants will be given a numerical score alongside one of three available ratings. These include:

OK – Low Risk

HOLD – Medium Risk

REJECT – High Risk

ACI Red Shield

ACI ReD Shield uses highly sophisticated technology to create a multi-layered fraud prevention solution that can be completely adapted to the needs of each business. ReD Shield works alongside the Opayo system to identify and prevent payment fraud through either Intermediate or Bespoke account options.

With the Intermediate account, you can expect the activation of predetermined rules that will be specific to each type of business or sector. This option will allow any transactions processed through the account to run against these predetermined rules to then identify whether the payment will be Accepted, Challenged or Denied.

Through your Bespoke account, you will have access to next-level features that enable businesses to work alongside ReD Shield. You can define your own fraud screening parameters and rules that will review all payments processed through the account.

Depending on your business requirements, merchants can tailor fraud strategies and rules in real time to match each product, channel and geography. You can benefit from access to global fraud intelligence that will be delivered through real-time information exchange.

Additionally, each business that opts to use ACI ReD Shield will also gain access to your own administrative platform directly from ReD Shield. Through this, you will be able to review, manage and amend transactions that have been processed through your account. For further information on ACI ReD Shield and how to understand the process, take a look at our article.

Conclusion

We understand that fraud protection can sometimes be a difficult topic to understand. However, with the correct processes in place, merchants can benefit greatly from the new SCA rules in place with the inclusion of our fraud prevention tools.

By using our free fraud-checking tools, merchants can effectively identify fraudulent activity in a number of ways, including pre and post authorisation checks. For businesses that require a more advanced fraud prevention tool, ACI ReD Shield is a resolution incorporating sophisticated machine learning service that includes real-time insight and global multi-layer protection for online payments.

If you would like help on understanding how fraud protection can help your business, or to set yourself up with our fraud prevention tools, feel free to contact the Opayo team on 0800 086 1975.

Opayo are one of the UK’s most trusted payment service providers, with expertise in helping businesses grow across the country. We offer a service that is completely unique to other payment service providers, with products available to match businesses