If your ecommerce site is integrated with the CitrusPay Gateway in order to accept online card payments, then you'll be able to see detailed security information on the Payments page in Cloud MT: https://cloudmt.citruslime.com/#/payments
On this page, you will see each payment attempt that has been made on your e-commerce site, by each of the online payment methods you accept.
Towards the right-hand side of each line, you'll see a link entitled View Security Info.
If the transaction was processed through the CitrusPay Gateway, then clicking on the View Security Info link will open up a further window in which you can see details of the security checks which were performed.
What do these details mean?
Some of these details are purely transaction reference information that doesn't relate back to anything you will see elsewhere in Cloud MT or Cloud POS. Where this is the case, we've not provided a description below.
Address Matched
Whether the billing address submitted by the customer matches the cardholder address registered with the card issuer.
Postcode Matched
Whether the postcode submitted by the customer matches the cardholder postcode registered with the card issuer.
AVS CV2 Check
Confirms if both above checks matched.
NOTE: Not all card issuers support Address / Postcode / CV2 checking, so you may see 'Not Checked' here, particularly if the customer's billing address is outside the UK. For billing addresses within the UK, you would expect to see 'Matched'.
Card Verification Matched
Confirms if the CV2 ('three digits on the back') submitted by the customer matches those known to the card issuer.
Auth Number
The authorisation code that was provided by your merchant acquirer.
Risk Processor
Kount is the risk checking application that is used to perform additional security checks on the transaction.
Risk Check Response
The verdict from the risk check process.
Risk Check Score
This gives an indication of transaction riskiness, ranging from 0 (low risk) to 99 (high risk). Higher scores indicate higher risk.
The majority of orders would be expected to score less than 40, but this doesn't automatically mean that an order with a higher score is definitely fraudulent.
The Risk Check Score should be considered as an initial indicator of fraud, rather than the final word, and you should always use due diligence when processing orders.
Card Type
The card type used during the transaction. Mstr = Mastercard / Visa = Visa / Amex = American Express
Customer Location
Where Kount has identified the customer was located when the order was placed.
Riskiest network type Kount has seen for this person
N=Normal. This is perceived as the least risky and most common network type.
O=Open Proxy (free Wifi). This is the 2nd least risky network type and often associated with coffee shops and other public spaces.
*A=Anonymous. This network type is the 3rd least risky.
*S=Satellite. Associated with higher risk, but may be used from rural areas.
*P=Prison. Associated with high-risk orders; is the least common.
H=High School. Associated with higher risk.
L=Library. Associated with higher risk.
* These network types are considered to be the riskiest.
Number of Cards Owned and seen by Kount
The Kount platform gathers information about each transaction it sees pass through websites that use Kount for risk checking. This statistic refers to the number of cards associated with this customer that Kount has seen, not just on your e-commerce site but across all sites which use Kount.
Devices Owned and seen by Kount
The figure given here shows how many different devices the customer has been seen to use to make transactions on websites that use Kount for risk checking.
Number of associated email addresses seen by Kount
This statistic gives the number of email addresses associated with the device and payment card used for a transaction attempt, on any website that uses Kount.
Orders checked in last 14 days
The total number of transactions on your website that were placed by this customer in the last 14 days. A figure of 0 means this is the first transaction.
Max orders in a 6-hour period
The total number of transactions placed by this customer on your website within the busiest six-hour period, within the last 14 days. A figure of 0 means one transaction has been made within the busiest six-hour window.
Time on user's computer
The date and time on the device used to place the order, at the point the order was placed.
I suspect a transaction is fraudulent - what should I do?
Your business may have its own protocols in respect of what to do if you suspect an order is fraudulent.
If you have carried out your own due diligence and are unwilling to process the order, then an option available to you is to cancel the transaction in Cloud POS.
To cancel a transaction in Cloud POS, recall the order and then go to the Actions menu and click the button marked Remove All Items And Tender:
You'll then see the following prompt. Click Yes to proceed:
Next, you'll see a prompt asking if you wish to refund the value of the order, as in the example below:
Clicking Yes will remove the items from the order and one of the following actions will happen:
If you cancel the transaction in Cloud POS on the same day that the order was placed, this will cancel the payment (rather than it being considered a refund). The transaction will never be sent to your acquirer for settlement.
If you cancel the transaction in Cloud POS on any day after the date the transaction took place, the transaction will have been settled to your acquirer, who will treat it as a refund.
