Payflow Fraud Protection Services User's Guide

Last updated: October 12th 2021, @ 6:58:00 pm


This document describes Fraud Protection Services and explains how you can use the Payflow SDK to perform transactions that will be screened by Fraud Protection Services filters.

Table of Contents

Revisions

  • May 7, 2020
    • Clarified VERBOSITY and added recommendation to set it to HIGH.
    • Updated the description regarding RESULT=127 to better define that transactions where not processed by the Fraud Protection Services, but could have been processed by your processor and that they need to be re-run through the fraud service to release them.
    • Clarified that a Sale type transaction should not be used with certain processors, see Special considerations.
    • Changed COUNTRYCODE to SHIPTOCOUNTRY and updated reference that should be a 3-digit numeric ISO code.

Overview

This section discusses how fraud can affect you, the merchant, and provides an overview of Fraud Protection Services.

The growing problem of fraud

Online fraud is a serious and growing problem. While liability for fraudulent card-present or in-store transactions lies with the credit card issuer, liability for card-not-present transactions, including transactions conducted online, falls to the merchant. As you probably know, this means that a merchant who accepts a fraudulent online transaction (even if the transaction is approved by the issuer) does not receive payment for the transaction and additionally must often pay penalty fees and higher transaction rates.

Reducing the cost of fraud

Fraud Protection Services, in conjunction with your Payflow service’s standard security tools, can help you to significantly reduce these costs and the resulting damage to your business.

Merchants must meet the following eligibility requirements to enroll in and use the Fraud Protection Services products:

  • Merchant must have a current, paid-in-full Payflow service account.
  • Merchant Payflow service account must be activated (in Live mode).
  • Merchant must be integrated using Payflow API (USER, VENDOR, PARTNER, PWD) or must use Virtual Terminal within the PayPal Manager.
  • Merchant must have its business operations physically based in the United States of America.

Note: Processor PayPal Australia (FISERV), World Pay, Moneris, and Litle only support Fraud Protection for authorization/capture, not for sales.

How fraud protection services protect you

This section describes the security tools that make up the Fraud Protection Services.

The threats

There are two major types of fraud—hacking and credit card fraud.

Hacking

Fraudsters hack when they illegally access your customer database to steal card information or to take over your Payflow account to run unauthorized transactions (purchases and credits).

Fraud Protection software filters minimize the risk of hacking by enabling you to place powerful constraints on access to and use of your PayPal Manager and Payflow accounts.

Credit card fraud

Fraudsters can use stolen or false credit card information to perform purchases at your website, masking their identity to make recovery of your goods or services impossible. To protect you against credit card fraud, the Fraud Protection filters identify potentially fraudulent activity and let you decide whether to accept or reject the suspicious transactions.

Fraud filters provide protection against threats

Configurable filters screen each transaction for evidence of potentially fraudulent activity. When a filter identifies a suspicious transaction, the transaction is marked for review.

Fraud Protection Services offers two levels of filters: Basic and Advanced. The filters are described in Fraud filter reference.

Example filter

The Total Purchase Price Ceiling filter compares the total amount of the transaction to a maximum purchase amount (the ceiling) that you specify. Any transaction amount exceeding the specified ceiling triggers the filter.

Configuring the filters

Through PayPal Manager, you configure each filter by specifying the action to take whenever the filter identifies a suspicious transaction (either set the transaction aside for review or reject it). See PayPal Manager online help for detailed filter configuration procedures.

Typically, you specify setting the transaction aside for review. For transactions that you deem extremely risky (for example, a known bad email address), you might specify rejecting the transaction outright. You can turn off any filter so that it does not screen transactions.

For some filters, you also set the value that triggers the filter—for example the dollar amount of the ceiling price in the Total Purchase Price Ceiling filter.

Reviewing suspicious transactions

As part of the task of minimizing the risk of fraud, you review each transaction that triggered a filter through PayPal Manager to determine whether to accept or reject the transaction. See PayPal Manager online help for details.

Special considerations

Merchants with an instant fulfillment model

For businesses with instant fulfillment business models (for example, software or digital goods businesses), the Review option does not apply to your business—you do not have a period of delay to review transactions before fulfillment to customers. Only the Reject and Accept options are applicable to your business model.

In the event of server outage, Fraud Protection Services is designed to queue transactions for online processing. This feature also complicates an instant fulfillment business model.

Unsupported transaction types

Fraud Protection Services do not screen the following transaction types:

  • Reference transactions
  • Recurring billing transactions
  • Transactions in which the merchant passes in RECURRING=Y
  • Voice authorizations
  • PayPal Express Checkout transactions

Note: The following processors only support Authorization/Capture model not a sale. This is due to the processors doing an immediate settlement; i.e. transaction is paid instantly, and if a post (after transaction processed) filter is triggered the transaction is not reversed or credited, but the transaction will be marked as declined or review. PayPal highly suggests that you DO NOT process transactions as a Sale.

  • PayPal Australia (FISERV)
  • World Pay
  • Moneris
  • Litle

Recurring billing transactions

To avoid charging you to filter recurring transactions that you know are reliable, Fraud Protection Services filters do not screen recurring transactions.

To screen a prospective recurring billing customer, submit the transaction data using PayPal Manager’s Virtual Terminal. The filters screen the transaction in the normal manner. If the transaction triggers a filter, then you can follow the normal process to review the filter results.

Configuring the fraud protection services filters

This section describes how to configure the Fraud Filters for your Payflow account, covering a phased approach to implementing transactional security. Though you are not required to use this approach, it enables you to fine-tune your filters before you deploying them in a live environment.

You first set and fine-tune filter settings in a test environment. Then you move to a live transaction environment to fine-tune operation in an Observe-only mode. Finally, when you are fully satisfied with your settings, you move to live Active mode to begin screening all live transactions for fraud.

Filter operation is fully described in Fraud filter reference.

Important: Upon completing the configuration procedures within each of the phases described below, you must click the Deploy button to deploy the filter settings. Filter settings take effect only after you deploy them. Filter setting changes are updated hourly (roughly on the hour), so you might have to wait up to an hour for your changes to take effect. This waiting period only occurs when you move from one mode to the next.

  • Phase 1: Run test transactions in Test mode using test transaction servers. In the test phase, configure fraud filter settings for test servers that do not affect the normal flow of transactions, then run test transactions against the filters and review the results offline to determine whether the integration was successful. Once you are happy with the filter settings, you move to the next phase and the optimized settings from the test phase are transferred to the live servers.
  • Phase 2: Run live transactions on live transaction security servers using Observe mode. When deploying to Observe mode, the settings established in the test phase are automatically transferred to the live servers. In Observe mode, the filters examine each live transaction and mark the transaction with each triggered filter’s action. You can then review the actions that would have been taken on the live transactions had the filters been active. Regardless of the filter actions, all transactions are submitted for processing in the normal fashion.
  • Phase 3: Run live transactions on live transaction security servers using Active mode. Once you have set all filters to the optimum settings, deploy the filters to Active mode. In Active mode, filters on the live servers examine each live transaction and take the specified action when triggered.

Remember that you can test a new filter setting using the test servers at any time (even if your account is in Active mode), then, if desired, adjust the live filter settings.

Phase 1: Run test transactions against filter settings on test transaction security servers

In this phase of implementation, you configure filter settings for test servers that do not affect the normal flow of live transactions, then run test transactions against the filters and review the results offline to determine whether the integration was successful. Continue modifying and testing filters as required.

There is no per-transaction fee when you use the test servers.

  1. In the Service Summary section of the PayPal Manager home page, click the Basic or Advanced Fraud Protection link. Click Service Settings > Fraud Protection >Test Setup.

  2. Click Edit Standard Filters. The Edit Standard Filters page appears.

  3. For each filter, do the following:

    Note: If you have not enrolled for the Buyer Authentication Service, then the Buyer Authentication Failure filter is grayed-out and you cannot configure it. Items that you enter in the Test Good, Bad, or Product Watch lists are not carried over to your configuration for the live servers, so do not spend time entering a complete list for the test configuration. For details on the Good, Bad, or Product Watch, see Fraud filter reference.

    • Click the filter check box to enable it and click-to-clear the check box to disable it.
    • Select the filter action that should take place when the filter is triggered. For some filters, you set a trigger value. For example, the Total Purchase Price Ceiling filter trigger value is the transaction amount that causes the filter to set a transaction aside. To make decisions about how the filters work, see Fraud filter reference.
  4. After editing the settings, click Deploy.

    Important: If you do not deploy the filters, then your settings are not saved.

  5. All filters are now configured, and you can begin testing the settings by running test transactions. Follow the guidelines outlined in Testing the transaction security filters. To run test transactions, you can use PayPal Manager’s Virtual Terminal. See PayPal Manager for online help instructions.

  6. Review the filter results by following the instructions in Assessing transactions that triggered filters.

  7. Based on your results, you may want to change filter settings. Return to the Edit Filters page, change settings, and redeploy them. After you are happy with your filter settings, move to Phase 2.

Phase 2: Run live transactions on live transaction servers in observe mode

In this phase, you configure filters on live servers to the settings that you had fine-tuned on the test servers. In Observe mode, filters examine each live transaction and mark the transaction with the filter results. The important difference between Observe and Active mode is that, regardless of the filter actions, all Observe mode transactions are submitted for processing in the normal fashion. Observe mode enables you to view filter actions offline to assess their impact (given current settings) on your actual transaction stream.

Note: You are charged the per-transaction fee to use the live servers in either Observe or Active mode.

  1. Click Service Settings > Fraud Protection >Test Setup. Click Move Test Filter Settings to Live. The Move Test Filter Setting to Live page appears. Remember that in this phase, you are configuring the live servers.

  2. Click Move Test Filter Settings to Live. On the page that appears, click Move Test Filter Settings to Live again.

  3. The Move Test Filter Settings to Live page prompts whether to deploy the filters in Observe mode or in Active mode. Click Deploy to Observe Mode. After you deploy the filters, all transactions are sent to the live servers for screening by the live filters. In Observe mode, each transaction is marked with the filter action that would have occurred (Review, Reject, or Accept) had you set the filters to Active mode. This enables you to monitor (without disturbing the flow of transactions) how actual customer transactions would have been affected by active filters.

    Important: Deployed filter setting changes are updated hourly (roughly on the hour), so you might have to wait up to an hour for your changes to take effect. This waiting period only occurs when you move from one mode to the next.

  4. Test the filters. Follow the procedures outlined in Testing the transaction security filters.

  5. Review the filter results as per Assessing transactions that triggered filters. The Filter Scorecard will be particularly helpful in isolating filter performance that you should monitor closely and to ensure that a filter setting is not set so strictly so as to disrupt normal business.

  6. After you are happy with your filter settings, move to Phase 3.

Phase 3: Run all transactions through the live transaction security servers using active mode

After you have configured all filters to optimum settings, convert to Active mode. Filters on the live servers examine each live transaction and take the specified action.

  1. Click Move Test Filter Settings to Live. After that page appears, click Move Test Filter Settings to Live again.
  2. On the Move Test Filter Settings to Live page, click Deploy to Active Mode. At the top of the next hour, all live transactions will be inspected by the filters.
  3. Use the instructions in Assessing transactions that triggered filters, to detect and fight fraud.

Important: Remember that you can make changes to fine-tune filter settings at any time. After changing a setting, you must re-deploy the filters so that the changes take effect.

Assessing transactions that triggered filters

As part of the task of minimizing fraud risk, review each transaction that triggered a filter and decide, based on the transaction’s risk profile, whether to accept or reject the transaction. This section describes how to review transactions that triggered filters, and provides guidance on deciding acceptable risk.

Note: The Fraud Protection Services package (Basic or Advanced) to which you subscribe determines the number of filters that screen your transactions. Basic subscribers have access to a subset of the filters discussed in this section. Advanced subscribers have full access. See Filters Included with the fraud protection services for complete lists of Basic and Advanced filters.

Reviewing suspicious transactions

Transactions that trigger filters might or might not represent attempted fraud. It is your responsibility to analyze the transaction data and then to decide whether to accept or reject the transaction.

Accepting a transaction requires no further action. To reject a transaction, a separate void of the transaction is required.

The first step in reviewing filtered transactions is to list the transactions.

  1. Click Reports > Fraud Protection > Fraud Transactions. The Fraud Transactions Report page appears.
  2. Specify the date range of the transactions to review.
  3. Specify a Transaction Type, as shown in the following table.
Transaction TypeDescription
RejectTransactions that the filters rejected. These transactions cannot be settled. The type of filter that took this action is called a Reject filter.
ReviewTransactions that the filters set aside for review. The type of filter that took this action is called a Review filter.
AcceptTransactions that the filters allowed through the normal transaction submission process. The type of filter that took this action is called an Accept filter.
Not Screened by FiltersTransactions that were not screened by any filter. This condition (Result Code 127) indicates an internal server error prevented the filters from examining transactions, and occurs only in test or live modes. In Observe mode all results codes are always 0. You can re-screen any of these transactions through the filters as described in Re-running transactions that were not screened.
Note: For live transactions it is possible and likely that the transaction was processed by your processor, and to release the transaction for future processing, for example, for credit, you need to re-run the transaction through the service.
Screened by FiltersAll transactions screened by filters, regardless of filter action or whether any filter was triggered.
  1. Specify the Transaction Mode, and click Run Report. The Fraud Transactions Report page displays all transactions that meet your search criteria.

Note: If filters are deployed in Observe mode, then all transactions have been submitted for processing and are ready to settle. Transactions are marked with the action that the filter would have taken had the filters been deployed in Active mode.

The following information appears in the Transactions Report:

HeadingDescription
Report TypeThe type of report created.
DateDate and time range within which the transactions in this report were run.
Time ZoneTime zone represented in this report.
Transaction ModeTest, Observe, or Active
Transaction IDUnique transaction identifier. Click this value to view the Transaction Detail page.
Transaction TimeTime and date that the transaction occurred.
Transaction TypeThe transaction status that resulted from filter action, as described in the preceding table.
Card TypeType of card used in the transaction.
AmountAmount of the transaction.

The following transaction status values can appear in the report:

Stage of ReviewTransaction StatusResult CodeResult MessageReport in Which the Transaction Appears
Screened by filtersPass0ApprovedApproved report
Screened by filtersReject125Declined by Fraud ServiceDeclined report
Screened by filtersAccept0ApprovedApproved report
Screened by filtersService Outage127Unprocessed by Fraud ServiceApproved report
After review by merchantAccepted0ApprovedApproved report
Rejected128Declined by MerchantDeclined report

Click the Transaction ID of the transaction of interest. The Fraud Details page appears, as discussed in the next section.

Acting on transactions that triggered filters

The Fraud Details page displays the data submitted for a single transaction. The data is organized to help you to assess the risk types and to take action (accept, reject, or continue in the review state).

Reasons for transactions appearing here can include:

  • Triggered filters.
  • The transaction was not screened by any of the filters in the Skipped Filters section because the data required by these filters did not appear in the transaction data.
  • The transaction data was badly formatted.
  • In special cases, all filters appear here.

See Re-running transactions that were not screened.

For each transaction on the Fraud Details page, you can take the following actions:

  • Specify the action to take on the transaction:

    • Review: Take no action. You can return to this page at any time or reject or accept the transaction. The transaction remains unsettleable.
    • Reject: Do not submit the transaction for processing. See Rejecting transactions.
    • Accept: Submit the transaction for normal processing.
  • Enter notes regarding the disposition of the transaction or the reasons for taking a particular action. Do not use the & < > or = characters.

  • Click Submit to save the notes, apply the action, and move to the next transaction.

Note: You can also view the Fraud Details page for transactions that were rejected or accepted. While you cannot change the status of such transactions, the page provides insight into filter performance.

Rejecting transactions

If you decide to reject a transaction, you should notify the customer that you could not fulfill the order. Do not be explicit in describing the difficulty with the transaction because this provides clues for performing successful fraudulent transactions in the future. Rejected transactions are never settled.

Fine-tuning filter settings using the filter scorecard

The Filter Scorecard displays the number of times that each filter was triggered and the percentage of all transactions that triggered each filter during a specified time period. This information is especially helpful in fine-tuning your risk assessment workflow. For example, if you find that you are reviewing too many transactions, then use the Filter Scorecard to determine which filters are most active. You can reduce your review burden by relaxing the settings on those filters (for example, by setting a higher amount for the Purchase Price Ceiling filter).

  1. Click Reports > Filter Scorecard. The Filter Scorecard Report page appears.
  2. Specify the date range of the transactions to review.
  3. In the Transaction Mode field, specify transactions screened by the live or the test servers.
  4. Click Run Report. The Filter Scorecard Report page displays the number of times that each filter was triggered and the percentage of all transactions that triggered each filter during the time span that you specified.

Ensuring meaningful data on the filter scorecard

The Scorecard shows the total number of triggered transactions for the time period that you specify, so if you had changed a filter setting during that period, the Scorecard result for the filter might reflect transactions that triggered the filter at several different settings.

Say, for example, you changed the total purchase price ceiling on August 1 and again on August 7. You then run a filter scorecard for July 1 to August 31. Between July 1 to August 31, three different price ceiling settings caused the filter to trigger, yet the scorecard would not indicate this.

To ensure meaningful results in the filter scorecard, specify a time period during which the filter settings did not change.

Re-running transactions that were not screened

Perform the following steps if you wish to re-run a transaction that was not screened by filters (transactions with result code 127):

  1. Navigate to Reports > Fraud Protection > Fraud Transaction Report. The Fraud Transaction Report page appears.
  2. Select the appropriate time period for the search, and select the Not Screened by Filters option for Transaction Type.
  3. Click Run View Report. The Fraud Transaction Report Results page appears. It contains all the transactions that were not screened by filters.
  4. Click on the Transaction ID of the transaction you would like to re-run. The Confirm Rerun page appears.
  5. Click Yes to re-run that transaction. The Success page appears if your transaction was successful.

Note: If multiple attempts at screening fail, then the transaction may have data formatting problems. Validate the data and contact Customer Service. If you encounter 50 or more transactions with result code 127, contact Customer Service to resubmit them as a group.

Screening transactions using the Payflow SDK

This section describes using the Payflow SDK to perform transactions that will be screened by the Fraud Protection Services filters. For information on using the SDK, and on transaction syntax, see the Payflow Gateway Developer’s Guide and Reference.

Important: Neither recurring billing nor reference transactions transactions are screened by Fraud Protection Services filters, nor are Express Checkout or Automated Clearing House (ACH) transactions.

Downloading the Payflow SDK (Including APIs and API documentation)

The Payflow SDK is available either as a standalone client that can you can integrate with your Web store using CGI scripts or as a set of APIs for direct integration with your application.

The Payflow Gateway Developer’s Guide and Reference provides instructions for downloading the SDK appropriate to your platform.

Full API documentation is included with each SDK.

Transaction data required by filters

This table lists each filter and the Payflow parameter values that are required by the filters.

FilterRequired Transaction DataParameters
Account Number VelocityCredit card numberACCT
AVS FailureBilling address - street addressBILLTOSTREET
Billing address - ZIP (postal) codeBILLTOZIP
Bad ListsCustomer email addressBILLTOEMAIL
Credit card numberACCT
BIN Risk List MatchCredit card numberACCT
Country Risk List MatchBilling address - countryBILLTOCOUNTRY
Shipping address - countrySHIPTOCOUNTRY
Card Security Code FailureCard security code information from credit cardCSC
Email Service Provider Risk ListCustomer email addressBILLTOEMAIL
Geo-location FailureCustomer IP addressCUSTIP
Billing address - street addressBILLTOSTREET
Billing address - ZIP (postal) codeBILLTOZIP
Billing address - state/provinceBILLTOSTATE
Shipping address - street addressSHIPTOSTREET
Shipping address - ZIP (postal) codeSHIPTOZIP
Shipping address - citySHIPTOCITY
Shipping address - state/provinceSHIPTOSTATE
Good ListsCustomer email addressBILLTOEMAIL
Credit card numberACCT
International AVSShipping address - street addressSHIPTOSTREET
Shipping address - ZIP (postal) codeSHIPTOZIP
International Shipping/Billing AddressBilling address - countryBILLTOCOUNTRY
Shipping address - countrySHIPTOCOUNTRY
International IP AddressCustomer IP addressCUSTIP
IP Address Risk List MatchCustomer IP addressCUSTIP
IP Address VelocityCustomer IP addressCUSTIP
Product Watch ListProduct SKU or other identifying informationL_SKUn
Shipping/Billing MismatchBilling address - street addressBILLTOSTREET
Billing address - ZIP (postal) codeBILLTOZIP
Billing address - state/provinceBILLTOSTATE
Shipping address - street addressSHIPTOSTREET
Shipping address - ZIP (postal) codeSHIPTOZIP
Shipping address - citySHIPTOCITY
Shipping address - state/provinceSHIPTOSTATE
Total Item CeilingTotal quantityTotal of QTY for all line items within the transaction
Total Purchase Price CeilingTotal amountTotal of AMT for all line items within the transaction
Total Purchase Price FloorTotal amountTotal of AMT for all line items within the transaction
USPS Address Validation FailureBilling address - street addressBILLTOSTREET
Shipping address - street addressSHIPTOSTREET
ZIP Risk List MatchBilling address - ZIP (postal) codeBILLTOZIP
Shipping address - ZIP (postal) codeSHIPTOZIP

Transaction parameters unique to the filters

The Payflow server accepts the parameters listed in this section.

Standard Payflow parameters, parameters that you can pass for reporting purposes, and return values are described in Payflow Gateway Developer’s Guide and Reference

NameDescriptionTypeMax. LengthExample
BILLTOSTREET2Extended billing addressAlpha- numeric String30Apt. 107
BILLTOPHONE2Alternative Phone Number for the billing contact.Numeric String200119120513621, 6104463591
SHIPTOSTREET2Extended shipping addressString30Bldg. 6, Mail Stop 3
SHIPTOPHONEPrimary Phone Number for the shipping contactString200119120513621, 6104463591
SHIPTOPHONE2Primary Phone Number for the shipping contactString200119120513621, 6104463591
SHIPTOEMAILOptional. E-mail Address for the shipping contactString formatted as an email address40abc@xyz.com
SHIPTOCOUNTRYOptional. Country code of the shipping country.Numeric String3Refer to the ISO 3166-1 numeric country codes.

Existing Payflow parameters used by the filters

The following existing Payflow parameters (described in the Payflow Gateway Developer’s Guide and Reference) are also used by the filters (if they are provided in the transaction request or response):

User Authentication

  • PARTNER
  • VENDOR
  • USER
  • PWD

Transaction Information

  • TRXTYPE
  • TENDER
  • ACCT
  • EXPDATE
  • AMT

Billing Information

  • BILLTOFIRSTNAME
  • BILLTOMIDDLENAME
  • BILLTOLASTNAME
  • BILLTOSTREET
  • BILLTOSTREET2
  • BILLTOCITY
  • BILLTOSTATE
  • BILLTOZIP
  • BILLTOCOUNTRY
  • BILLTOPHONENUM
  • BILLTOPHONE2
  • BILLTOEMAIL

Shipping Information

  • SHIPTOFIRSTNAME
  • SHIPTOLASTNAME
  • SHIPTOMIDDLENAME
  • SHIPTOSTREET
  • SHIPTOSTREET2
  • SHIPTOCITY
  • SHIPTOSTATE
  • SHIPTOZIP
  • SHIPTOCOUNTRY
  • SHIPTOPHONE
  • SHIPTOPHONE2
  • SHIPTOEMAIL

Order Information

  • DOB
  • DL
  • SS
  • CUSTIP
  • BROWSERUSERAGENT
  • BROWSERTIME
  • BROWSERCOUNTRYCODE
  • FREIGHTAMT
  • TAXAMT
  • COMMENT1
  • DESC
  • CUSTREF
  • PONUM

Line Item (each item is appended with the line item number)

  • L_COST0
  • L_UPC0
  • L_QTY0
  • L_DESC0
  • L_SKU0
  • L_TYPE0

Response strings for transactions that trigger filters

In the response string to a transaction that triggered filters, you have the option to view either a summary statement or a detailed list of each triggered filter’s response. The response depends on your setting for the VERBOSITY parameter in the transaction request.

VERBOSITY=LOW: This is the default setting for Payflow accounts. The following values (described in the Payflow Gateway Developer’s Guide and Reference) are returned: {RESULT, PNREF, RESPMSG, AUTHCODE, AVSADDR, AVSZIP, CVV2MATCH, IAVS, CARDSECURE}.

The following values are specific to Fraud Protection Services:

ParameterDescription
RESULTSee RESULT values specific to Fraud Protection Services
PREFPSMSGPreprocessing Fraud Protection Services messages. These apply to all filters except: AVS Failure, Card Security Code Failure, and Custom Filters.
POSTFPSMSGPostprocessing Fraud Protection Services messages. These apply to the following filters only: AVS Failure, Card Security Code Failure, and Custom Filters.

VERBOSITY=MEDIUM: Returns all of the values returned for a LOW setting, plus the following values:

ParameterTypeLengthDescription
FPS_PREXMLDATAcharItemized list of responses for triggered filters.
HOSTCODEchar7Response code returned by the processor. This value is not normalized.
RESPTEXTchar17Text corresponding to the response code returned by the processor. This text is not normalized.
PROCAVSchar2AVS (Address Verification Service) response from the processor
PROCCVV2char1CVV2 (buyer authentication) response from the processor
PROCCARDSECUREchar1VPAS/SPA response from the processor
ADDLMSGScharUp to 1048 characters. Typically 50 characters.Additional error message that indicates that the merchant used a feature that is disabled
TRANSSTATEInteger10State of the transaction. The values are:
0 = General succeed state
1 = General error state
3 = Authorization approved
6 = Settlement pending (transaction is scheduled to be settled)
7 =Settlement in progress (transaction involved in a currently ongoing settlement)
8 = Settled successfully
9 = Authorization captured (after an authorization type transaction is captured, its TRANSSTATE becomes 9)
10 =Capture failed (an error occurred while trying to capture an authorization because the transaction was already captured)
11 = Failed to settle (transactions fail settlement usually because of problems with the merchant’s processor or because the card type is not set up with the merchant’s processor)
12 - Unsettled transaction because of incorrect account information
14 = For various reasons, the batch containing this transaction failed settlement
16 = Merchant ACH settlement failed; (need to manually collect it). For information on TRANSSTATE incremental values, see the table below.
DATE_TO_SETTLEDate format YYYY-MM-DD HH:MM:SS19Value available only before settlement has started.
BATCHIDInteger10Value available only after settlement has assigned a Batch ID.
SETTLE_DATEDate format YYYY-MM-DD HH:MM:SS19Value available only after settlement has completed.

The table below shows the increments that are possible on basic TRANSSTATE values.

IncrementMeaning
+100No client acknowledgment (ACK) is received (=status 0 in Version 2), for example, 106 is TRANSSTATE 6.
+200The host process never receives ACK from the transaction broker (or backend payment server). A transaction with a TRANSSTATE of +200 is basically in limbo and will not be settled.
+1000Voided transactions. Any TRANSSTATE of +1000 (for example, 1006) means the transaction was pending settlement, but was voided either through the API PayPal Manager, or Customer Service.

VERBOSITY=HIGH: Returns all of the values returned for a LOW and MEDIUM setting, plus all additional items returned by your processor. PayPal recommends all transactions be sent with VERBOSITY=HIGH.

RESULT values specific to Fraud Protection Services

A RESULT value greater than zero indicates a decline or error. For this type of error, a RESPMSG name-value pair is included. The exact wording of the RESPMSG may vary. Sometimes a colon appears after the initial RESPMSG followed by more detailed information, as shown in the following table:

RESULTRESPMSG and Explanation
125Fraud Protection Services Filter — Declined by filters
126Fraud Protection Services Filter — Flagged for review by filters
127Fraud Protection Services Filter — Not screened by filtersT

This condition (Result Code 127) indicates an internal server error prevented the filters from examining transactions, and occurs only in test or live modes. In Observe mode all results codes are always 0. You can re-screen any of these transactions through the filters as described in Re-running transactions that were not screened.
Note: For live transactions it is possible and likely that the transaction was processed by your processor, and to release the transaction for future processing, for example, for credit, you need to re-run the transaction through the service.
128Fraud Protection Services Filter — Declined by merchant after being flagged for review by filters
131The Version 1 Payflow client no longer supported. Upgrade to the most recent version of the Payflow client.

Changing the verbosity setting

You may wish to change the verbosity level to alter the detail level of data received back for screened transactions.

Setting the default verbosity level for all transactions

PayPal suggests you contact Customer Service to set your account’s verbosity setting to HIGHfor all transaction requests.

Setting the verbosity level on a per-transaction basis

To specify a setting for verbosity that differs from your account’s current setting, include the VERBOSITY=<value> name-value pair in the transaction request, where <value> is LOW, MEDIUM or HIGH. PayPal suggests that verbosity be set to HIGH always.

Note: In the examples below, the <action> tag value is the state to which the transaction has been set. Values are: R = Review, J = Reject, A = Accept.

Example response for an authentication transaction with Verbosity=Low
RESULT=126&PNREF=VFHA28926593&RESPMSG=Under review by Fraud
Service&AUTHCODE=041PNI&AVSADDR=Y&AVSZIP=N&CVV2MATCH=X&HOSTCODE=A&PROCAVS=
A&PROCCVV2=X&IAVS=N&PREFPSMSG=Review: More than one rule was triggered for
Review&POSTFPSMSG=Review: More than one rule was triggered for Review
Example response for an authentication transaction with Verbosity=Medium
RESULT=126(0)&PNREF=VFHA28926593&RESPMSG=Under review by Fraud Service(Approved)&AUTHCODE=041PNI&AVSADDR=Y &AVSZIP=N&CVV2MATCH=X&HOSTCODE=A&PROCAVS=A&PROCCVV2=X&IAVS=N &PREFPSMSG=Review: More than one rule was triggered for Review&FPS_PREXMLDATA[2898]= <triggeredRules> <rule num="1"> <ruleId>2</ruleId> <ruleAlias>CeilingAmount</ruleAlias> <ruleDescription>Total Purchase Price Ceiling</ruleDescription> <action>R</action> <triggeredMessage>The purchase amount of 7501 is greater than the ceiling value set of 7500</triggeredMessage> <rulevendorparms> <ruleParameter num="1"> <name>CeilingValue</name> <value type="USD">75.00</value> </ruleParameter> </rulevendorparms> </rule> <rule num="2"> <ruleId>6</ruleId> <ruleAlias>HighOrderNumber</ruleAlias> <ruleDescription>Total ItemCeiling</ruleDescription> <action>R</action> <triggeredMessage>16 items were ordered, which is over the maximum allowed quantity of 15</triggeredMessage> <rulevendorparms> <ruleParameter num="1"> <name>Value</name> <value type="Integer">15</value> </ruleParameter> </rulevendorparms> </rule> <rule num="3"> <ruleId>7</ruleId> <ruleAlias>BillShipMismatch</ruleAlias> <ruleDescription>Shipping/BillingMismatch</ruleDescription> <action>R</action> <triggeredMessage>The billing and shipping addresses did not match</triggeredMessage> </rule> <rule num="4"> <ruleId>13</ruleId> <ruleAlias>HighRiskBinCheck</ruleAlias> <ruleDescription>BIN Risk List Match</ruleDescription> <action>R</action> <triggeredMessage>The card number is in a high risk bin list</triggeredMessage> </rule> <rule num="5"> <ruleId>37</ruleId> <ruleAlias>HighRiskZIPCheck</ruleAlias> <ruleDescription>Zip Risk List Match</ruleDescription> <action>R</action> <triggeredMessage>High risk shipping zip</triggeredMessage> </rule> <rule num="6"> <ruleId>16</ruleId> <ruleAlias>BillUSPostalAddressCheck</ruleAlias> <ruleDescription>USPS Address Validation Failure</ruleDescription> <action>R</action> <triggeredMessage>The billing address is not a valid US Address</triggeredMessage> <rulevendorparms> <ruleParameter num="1"> <name>AddressToVerify</name> <value type="String">bill</value> </ruleParameter> </rulevendorparms> </rule> <rule num="7"> <ruleId>10</ruleId> <ruleAlias>HighRiskEmailCheck</ruleAlias> <ruleDescription>Email Service Provider Risk List Match</ruleDescription> <action>R</action> <triggeredMessage>The email address fraud@asiamail.com in bill Email was found in a high risk email providerlist</triggeredMessage> </rule> <rule num="8"> <ruleId>38</ruleId> <ruleAlias>GeoLocationCheck</ruleAlias> <ruleDescription>Geo-Location Failure</ruleDescription> <action>R</action> <triggeredMessage>GeoLocation difference: Bill Address and IP, GeoLocation difference: Ship Address and IP</triggeredMessage> </rule> <rule num="9"> <ruleId>8</ruleId> <ruleAlias>NonUSIPAddress</ruleAlias> <ruleDescription>International IP Address</ruleDescription> <action>R</action> <triggeredMessage>The IP address is from: CZ</triggeredMessage> </rule> <rule num="1"> <ruleId>1</ruleId> <ruleAlias>AVS</ruleAlias> <ruleDescription>AVS Failure</ruleDescription><action>R</action> <triggeredMessage>AVS check failed: Full Security</triggeredMessage> <rulevendorparms> <ruleParameternum="1"> <name>Value</name> <value type="String">Full</value> </ruleParameter> </rulevendorparms> </rule> <rule num="2"> <ruleId>23</ruleId> <ruleAlias>CSCFailure</ruleAlias> <ruleDescription>CSC Failure</ruleDescription> <action>R</action> <triggeredMessage>CSC check failed, returned X</triggeredMessage> <rulevendorparms> <ruleParameter num="1"> <name>Value</name> <value type="String">Full</value> </ruleParameter> </rulevendorparms> </rule> </triggeredRules> RESULT=126&PNREF=VFHA28926593&RESPMSG=Under review by Fraud Service& AUTHCODE=041PNI&AVSADDR=Y&AVSZIP=N&CVV2MATCH=X&HOSTCODE=A& PROCAVS=A&PROCCVV2=X&IAVS=N&PREFPSMSG=Review: More than one rule was triggered for Review &FPS_PREXMLDATA[2898]= <triggeredRules> <rule num="1"> <ruleId>2</ruleId> <ruleAlias>CeilingAmount</ruleAlias> <ruleDescription>Total Purchase Price Ceiling</ruleDescription> <action>R</action> <triggeredMessage>The purchase amount of 7501 is greater than the ceiling value set of 7500</triggeredMessage> <rulevendorparms> <ruleParameter num="1"> <name>CeilingValue</name> <value type="USD">75.00</value> </ruleParameter> </rulevendorparms> </rule> <rule num="2"> <ruleId>6</ruleId> <ruleAlias>HighOrderNumber</ruleAlias> <ruleDescription>Total Item Ceiling</ruleDescription> <action>R</action> <triggeredMessage>16 items were ordered, which is over the maximum allowed quantity of 15</triggeredMessage> <rulevendorparms> <ruleParameter num="1"> <name>Value</name> <value type="Integer">15</value> </ruleParameter></rulevendorparms> </rule> <rule num="3"> <ruleId>7</ruleId> <ruleAlias>BillShipMismatch</ruleAlias> <ruleDescription>Shipping/Billing Mismatch</ruleDescription> <action>R</action> <triggeredMessage>The billing and shipping addresses did not match</triggeredMessage> </rule> <rule num="4"> <ruleId>13</ruleId> <ruleAlias>HighRiskBinCheck</ruleAlias> <ruleDescription>BIN Risk List Match</ruleDescription> <action>R</action> <triggeredMessage>The card number is in a high risk bin list</triggeredMessage> </rule> <rule num="5"> <ruleId>37</ruleId> <ruleAlias>HighRiskZIPCheck</ruleAlias> <ruleDescription>Zip Risk List Match</ruleDescription> <action>R</action> <triggeredMessage>High risk shipping zip</triggeredMessage> </rule> <rule num="6"> <ruleId>16</ruleId> <ruleAlias>BillUSPostalAddressCheck</ruleAlias> <ruleDescription>USPS Address Validation Failure</ruleDescription> <action>R</action> <triggeredMessage>The billing address is not a valid US Address</triggeredMessage> <rulevendorparms> <ruleParameter num="1"> <name>AddressToVerify</name> <value type="String">bill</value> </ruleParameter> </rulevendorparms> </rule> <rule num="7"> <ruleId>10</ruleId> <ruleAlias>HighRiskEmailCheck</ruleAlias> <ruleDescription>Email Service Provider Risk List Match</ruleDescription> <action>R</action> <triggeredMessage>The email address fraud@asiamail.com in billEmail was found in a high risk email provider list</ triggeredMessage> </rule> <rule num="8"> <ruleId>38</ruleId> <ruleAlias>GeoLocationCheck</ruleAlias> <ruleDescription>Geo-Location Failure</ruleDescription> <action>R</action> <triggeredMessage>GeoLocation difference: Bill Address and IP, GeoLocation difference:  Ship Address and IP</triggeredMessage> </rule> <rule num="9"> <ruleId>8</ruleId> <ruleAlias>NonUSIPAddress</ruleAlias> <ruleDescription>International IP Address</ruleDescription> <action>R</action> <triggeredMessage>The IP address is from: CZ</triggeredMessage> </rule> </triggeredRules> &POSTFPSMSG=Review:  More than one rule was triggered for Review&FPS_POSTXMLDATA[682]= <triggeredRules> <rule num="1"> <ruleId>1</ruleId> <ruleAlias>AVS</ruleAlias> <ruleDescription>AVS Failure</ruleDescription> <action>R</action><triggeredMessage>AVS check failed: Full Security</triggeredMessage> <rulevendorparms> <ruleParameter num="1"> <name>Value</name> <value type="String">Full</value> </ruleParameter> </rulevendorparms> </rule> <rule num="2"> <ruleId>23</ruleId> <ruleAlias>CSCFailure</ruleAlias> <ruleDescription>CSC Failure</ruleDescription> <action>R</action> <triggeredMessage>CSC check failed, returned X</triggeredMessage> <rulevendorparms> <ruleParameter num="1"><name>Value</name> <value type="String">Full</value> </ruleParameter> </rulevendorparms> </rule> </triggeredRules>

Accepting or rejecting transactions that trigger filters

You can submit a transaction request that either accepts or rejects a transaction that triggered a filter (result code 126). This is the functional equivalent of the operations discussed in Acting on transactions that triggered filters.

  • Accept: Submit the transaction for normal processing.
  • Reject: Do not submit the transaction for processing. See Rejecting transactions.

Note: You must contact Customer Service to enable this feature.

To accept or reject a transaction, include the following values in the transaction request:

  • TRXTYPE=U
  • ORIGID=<PNREF returned for the original transaction>
  • UPDATEACTION=APPROVE (to accept); OR
  • UPDATEACTION=FPS_MERCHANT_DECLINE (to reject)

Logging transaction information

A record is maintained of all transactions executed on your account. Use PayPal Manager to view the record and use the information to help reconcile your accounting records.

Note: This record is not the official bank statement. The activity on your account is the official record.

In addition, it is strongly recommended to log all transaction results (except for check information) on your own system. At a minimum, log the following data:

  • PNREF (called the Transaction ID in PayPal Manager reports)
  • Transaction Date
  • Transaction Amount

If you have any questions regarding a transaction, use the PNREF to identify the transaction.

Responses to credit card transaction requests

This section describes the contents of a response to a credit card transaction request.

An example response string

When a transaction finishes, the server returns a response string made up of name-value pairs. For example, this is a response to a credit card Sale transaction request:

RESULT=0&PNREF=VXYZ01234567&RESPMSG=APPROVED&AUTHCODE=123456&AVSADDR=Y&AVSZIP=N&IAVS=Y&CVV2MATCH=Y

Contents of a response to a credit card transaction request

All transaction responses include values for RESULT, PNREF, and RESPMSG. A value for AUTHCODE is included for Voice Authorization transactions. Values for AVSADDR and AVSZIP are included if you use address verification system (AVS). The table below describes the values returned in a response string. 

FieldDescriptionTypeLength
PNREFReference ID, a unique number that identifies the transaction. PNREF is described in PNREF Format.Alpha- numeric12
RESULTThe outcome of the attempted transaction. A result of 0 (zero) indicates the transaction was approved. Any other number indicates a decline or error. RESULT codes are described in RESULT codes and RESPMSG values.NumericVariable
CVV2MATCHResult of the card security code (CVV2) check. The issuing bank may decline the transaction if there is a mismatch. In other cases, the transaction may be approved despite a mismatch.Alpha Y, N, X, or no response1
RESPMSGThe response message returned with the transaction result. Exact wording varies. Sometimes a colon appears after the initial RESPMSG followed by more detailed information. Response messages are described in RESULT codes and RESPMSG values.Alpha- numericVariable
PPREFUnique transaction ID of the payment. If the TRXTYPE of the request is A, then you will need the value of PPREF for use with Authorization and Delayed Capture transactions.string17
AUTHCODEReturned for Sale, Authorization, and Voice Authorization transactions. AUTHCODE is the approval code obtained over the phone from the processing network. AUTHCODE is required when submitting a Force (F) transaction.Alpha- numeric6
AVSADDRAVS address responses are for advice only. This process does not affect the outcome of the authorization.Alpha: Y, N, X, or no response1
AVSZIPAVS ZIP code responses are for advice only. This process does not affect the outcome of the authorization.Alpha: Y, N, X, or no response1
IAVSInternational AVS address responses are for advice only. This value does not affect the outcome of the transaction. Indicates whether AVS response is international (Y), United States (N), or cannot be determined (X). Client version 3.06 or later is required.Alpha: Y, N, X, or no response1

PNREF value

The PNREF is a unique transaction identification number issued by the server that identifies the transaction for billing, reporting, and transaction data purposes. The PNREF value appears in the transaction ID column in PayPal Manager reports.

  • The PNREF value is used as the ORIGID value (original transaction ID) in delayed capture transactions (TRXTYPE=D), credits (TRXTYPE=C), inquiries (TRXTYPE=I), and voids (TRXTYPE=V).
  • The PNREF value is used as the ORIGID value (original transaction ID) value in reference transactions for authorization (TRXTYPE=A) and Sale (TRXTYPE=S).

Note: The PNREF is also referred to as the Transaction ID in Payflow Link documentation.

PNREF format

The PNREF is a 12-character string of printable characters, for example:

  • EFHP0D426838
  • ACRAF23DB3C4

Note: Printable characters also include symbols other than letters and numbers such as the question mark (?). A PNREF typically contains letters and numbers only. The PNREF in a transaction response tells you that your transaction is connecting to the server.

Historically, the contents of a PNREF indicated a test or a live transaction. However, this is not always the case, and as a rule, you should not place any meaning on the contents of a PNREF.

RESULT codes and RESPMSG values

RESULT is the first value returned in the server response string. The value of the RESULT parameter indicates the overall status of the transaction attempt.

  • A value of 0 (zero) indicates that no errors occurred and the transaction was approved.
  • A value less than zero indicates that a communication error occurred. In this case, no transaction is attempted.
  • A value greater than zero indicates a decline or error.

The response message (RESPMSG) provides a brief description for decline or error results.

RESULT values for transaction declines or errors

For non-zero results, the response string includes a RESPMSG name-value pair. The exact wording of the RESPMSG (shown in bold) may vary. Sometimes a colon appears after the initial RESPMSG followed by more detailed information.

RESULTRESPMSG and Explanation
0Approved.
1User authentication failed. Error is caused by one or more of the following:
Login information is incorrect. Verify that USER, VENDOR, PARTNER, and PASSWORD have been entered correctly. VENDOR is your merchant ID and USER is the same as VENDOR unless you created a Payflow user. All fields are case sensitive.
Invalid processor information entered. Contact merchant bank to verify.
Allowed IP Address security feature implemented. The transaction is coming from an unknown IP address. See PayPal Manager online help for details on how to update the allowed IP addresses.
You are using a test (not active) account to submit a transaction to the live PayPal servers. Change the host address from the test server URL to the live server URL.
2Invalid tender type. Your merchant bank account does not support the following credit card type that was submitted.
3Invalid transaction type. Transaction type is not appropriate for this transaction. For example, you cannot credit an authorization-only transaction.
4Invalid amount format. Use the format: "#####.##". Do not include currency symbols or commas.
5Invalid merchant information. Processor does not recognize your merchant account information. Contact your bank account acquirer to resolve this problem.
6Invalid or unsupported currency code
7Field format error. Invalid information entered. See RESULT codes and RESPMSG values.
8Not a transaction server
9Too many parameters or invalid stream
10Too many line items
11Client time-out waiting for response
12Declined. Check the credit card number, expiration date, and transaction information to make sure they were entered correctly. If this does not resolve the problem, have the customer call their card issuing bank to resolve.
13Referral. Transaction cannot be approved electronically but can be approved with a verbal authorization. Contact your merchant bank to obtain an authorization and submit a manual Voice Authorization transaction.
19Original transaction ID not found. The transaction ID you entered for this transaction is not valid. See RESULT codes and RESPMSG values.
20Cannot find the customer reference number
22Invalid ABA number
23Invalid account number. Check credit card number and re-submit.
24Invalid expiration date. Check and re-submit.
25Invalid Host Mapping. Error is caused by one or more of the following:
You are trying to process a tender type such as Discover, but you are not set up with your merchant bank to accept this card type
You are trying to process an Express Checkout transaction when your account is not set up to do so. Contact your account holder to have Express Checkout added to your account.
26Invalid vendor account. Login information is incorrect. Verify that USER, VENDOR, PARTNER, and PASSWORD have been entered correctly. VENDOR is your merchant ID and USER is the same as VENDOR unless you created a Payflow user. All fields are case sensitive.
27Insufficient partner permissions
28Insufficient user permissions
29Invalid XML document. This could be caused by an unrecognized XML tag or a bad XML format that cannot be parsed by the system.
30Duplicate transaction
31Error in adding the recurring profile
32Error in modifying the recurring profile
33Error in canceling the recurring profile
34Error in forcing the recurring profile
35Error in reactivating the recurring profile
36OLTP Transaction failed
37Invalid recurring profile ID
50Insufficient funds available in account
51Exceeds per transaction limit
99General error. See RESULT codes and RESPMSG values.
100Transaction type not supported by host
101Time-out value too small
102Processor not available
103Error reading response from host
104Timeout waiting for processor response. Try your transaction again.
105Credit error. Make sure you have not already credited this transaction, or that this transaction ID is for a creditable transaction. (For example, you cannot credit an authorization.)
106Host not available
107Duplicate suppression time-out
108Void error. See RESULT codes and RESPMSG values. Make sure the transaction ID entered has not already been voided. If not, then look at the Transaction Detail screen for this transaction to see if it has settled. (The Batch field is set to a number greater than zero if the transaction has been settled.) If the transaction has already settled, your only recourse is a reversal (credit a payment or submit a payment for a credit).
109Time-out waiting for host response
110Referenced auth (against order) Error
111Capture error. Either an attempt to capture a transaction that is not an authorization transaction type, or an attempt to capture an authorization transaction that has already been captured.
112Failed AVS check. Address and ZIP code do not match. An authorization may still exist on the cardholder’s account.
113Merchant sale total will exceed the sales cap with current transaction. ACH transactions only.
114Card Security Code (CSC) Mismatch. An authorization may still exist on the cardholder’s account.
115System busy, try again later
116PayPal internal error. Failed to lock terminal number
117Failed merchant rule check. One or more of the following three failures occurred:
An attempt was made to submit a transaction that failed to meet the security settings specified on the PayPal Manager Security Settings page. If the transaction exceeded the maximum amount security setting, then no values are returned for AVS or CSC.
AVS validation failed. The AVS return value should appear in the RESPMSG.
CSC validation failed. The CSC return value should appear in the RESPMSG.
118Invalid keywords found in string fields
120Attempt to reference a failed transaction
121Not enabled for feature
122Merchant sale total will exceed the credit cap with current transaction. ACH transactions only.
125Fraud Protection Services Filter — Declined by filters
126Fraud Protection Services Filter — Flagged for review by filters
Important: Result code 126 indicates that a transaction triggered a fraud filter. This is not an error, but a notice that the transaction is in a review status. The transaction has been authorized but requires you to review and to manually accept the transaction before it will be allowed to settle. Result code 126 is intended to give you an idea of the kind of transaction that is considered suspicious to enable you to evaluate whether you can benefit from using the Fraud Protection Services. To eliminate result 126, turn the filters off.
127Fraud Protection Services Filter — Not processed by filters Transactions will need to be re-run through the Fraud Protection Service.
128Fraud Protection Services Filter — Declined by merchant after being flagged for review by filters
132Card has not been submitted for update
133Data mismatch in HTTP retry request
150Issuing bank timed out
151Issuing bank unavailable
160Secure Token already been used. Indicates that the secure token has expired due to either a successful transaction or the token has been used three times while trying to successfully process a transaction. You must generate a new secure token.
161Transaction using secure token is already in progress. This could occur if a customer hits the submit button two or more times before the transaction completed.
162Secure Token Expired. The time limit of 20 minutes has expired and the token can no longer be used.
170Fraudulent activity detected. Carding or fraudulent activity; such as excessive card use, was found on the account and the account or credit card can be temporarily suspended until issue is resolved. The RESPMSG will contain more information describing the type of activity.

Examples:
RESPMSG=Fraudulent activity detected: Excessive use of a credit card would be returned when a customer tried to submit the same credit card multiple times within a short period of time and the card issuing bank declined the original request.

RESPMSG=Fraudulent activity detected: Carding would be returned when the account has reached a threshold and PayPal has determined that carding; i.e. excessive transactions, are being processed on the account and PayPal has started blocking all transactions.
Note: For some instances of a RESULT 170 an email will be sent to the administrators on the account informing them of the possible fraudulent activity and action taken.
200Reauth error
201Order error
1000Generic host error. This is a generic message returned by your credit card processor. The RESPMSG will contain more information describing the error.
1001Buyer Authentication Service unavailable
1002Buyer Authentication Service — Transaction timeout
1003Buyer Authentication Service — Invalid client version
1004Buyer Authentication Service — Invalid timeout value
1011Buyer Authentication Service unavailable
1012Buyer Authentication Service unavailable
1013Buyer Authentication Service unavailable
1014Buyer Authentication Service — Merchant is not enrolled for Buyer Authentication Service (3-D Secure).
1016Buyer Authentication Service — 3-D Secure error response received. Instead of receiving a PARES response to a Validate Authentication transaction, an error response was received.
1017Buyer Authentication Service — 3-D Secure error response is invalid. An error response is received and the response is not well formed for a Validate Authentication transaction.
1021Buyer Authentication Service — Invalid card type
1022Buyer Authentication Service — Invalid or missing currency code
1023Buyer Authentication Service — merchant status for 3D secure is invalid
1041Buyer Authentication Service — Validate Authentication failed: missing or invalid PARES
1042Buyer Authentication Service — Validate Authentication failed: PARES format is invalid
1043Buyer Authentication Service — Validate Authentication failed: Cannot find successful Verify Enrollment
1044Buyer Authentication Service — Validate Authentication failed: Signature validation failed for PARES
1045Buyer Authentication Service — Validate Authentication failed: Mismatched or invalid amount in PARES
1046Buyer Authentication Service — Validate Authentication failed: Mismatched or invalid acquirer in PARES
1047Buyer Authentication Service — Validate Authentication failed: Mismatched or invalid Merchant ID in PARES
1048Buyer Authentication Service — Validate Authentication failed: Mismatched or invalid card number in PARES
1049Buyer Authentication Service — Validate Authentication failed: Mismatched or invalid currency code in PARES
1050Buyer Authentication Service — Validate Authentication failed: Mismatched or invalid XID in PARES
1051Buyer Authentication Service — Validate Authentication failed: Mismatched or invalid order date in PARES
1052Buyer Authentication Service — Validate Authentication failed: This PARES was already validated for a previous Validate

RESULT values for communications errors

A RESULT value less than zero indicates that a communication error occurred. In this case, no transaction is attempted.

A value of -1 or -2 usually indicates a configuration error caused by an incorrect URL or by configuration issues with your firewall. A value of -1 or -2 can also be possible if the PayPal servers are unavailable, or an incorrect server/socket pair has been specified. A value of -1 can also result when there are internet connectivity errors. Contact customer support regarding any other errors.

RESULTDescription
-1Failed to connect to host
-2Failed to resolve hostname
-5Failed to initialize SSL context
-6Parameter list format error: & in name
-7Parameter list format error: invalid [ ] name length clause
-8SSL failed to connect to host
-9SSL read failed
-10SSL write failed
-11Proxy authorization failed
-12Timeout waiting for response
-13Select failure
-14Too many connections
-15Failed to set socket options
-20Proxy read failed
-21Proxy write failed
-22Failed to initialize SSL certificate
-23Host address not specified
-24Invalid transaction type
-25Failed to create a socket
-26Failed to initialize socket layer
-27Parameter list format error: invalid [ ] name length clause
-28Parameter list format error: name
-29Failed to initialize SSL connection
-30Invalid timeout value
-31The certificate chain did not validate, no local certificate found
-32The certificate chain did not validate, common name did not match URL
-40Unexpected request ID found in request.
-41Required request ID not found in request
-99Out of memory
-100Parameter list cannot be empty
-103Context initialization failed
-104Unexpected transaction state
-105Invalid name value pair request
-106Invalid response format
-107This XMLPay version is not supported
-108The server certificate chain did not validate
-109Unable to do logging
-111The following error occurred while initializing from message file:
-113Unable to round and truncate the currency value simultaneously

Fraud filter reference

This section describes the filters that make up part of the Fraud Protection Services. Filters analyze transactions and act on those that show evidence of potential fraudulent activity. Filters can set such transactions aside for your review or reject them outright, depending on settings that you specify.

Filters are grouped to help you to assess the risk types and to take action (accept, reject, or continue in the review state).

Filters included with the fraud protection services

Fraud Protection Services offers Basic and Advanced options. The filters included with each option are listed here.

Filters included with the Basic fraud protection services option include:

Filters included with the Advanced fraud protection services option includes all Basic filters, plus:

About the fraud risk lists

Filters whose name includes "risk list" make use of lists that the Fraud Protections Services manage. Extensive statistical analysis of millions of e-commerce transactions is performed to determine transaction data elements (for example BIN numbers or ZIP codes) that are statistically more likely than average to be correlated with fraudulent transactions.

Inclusion in a risk list is not an absolute indication of fraud, only a statistical correlation that indicates that you should evaluate the transaction more closely (and in conjunction with other filter results for the transaction).

Filters applied after processing

Most filters are applied to the transaction request before forwarding the request to the processor. The following filters are applied to the transaction results that the processor returns:

Transaction Data Required by Filters

Downloading the Payflow SDK (including APIs and API documentation) provides the full list, for each filter, of each transaction value that you must send to Payflow. For example, to ensure that the total item ceiling filter can screen an order, you must provide the total number of items that make up the order.

Unusual Order Filters

Unusual order filters identify transactions that exceed the normal size for your business. Because fraudsters might not feel limited in their purchasing power, they sometimes place orders that are much larger than the norm.

Total purchase price ceiling filter

This filter compares the total amount of the transaction (including tax, shipping and handling fees) to the maximum purchase amount (the ceiling) that you specify.

The specified action is taken whenever a transaction amount exceeds the specified ceiling.

Important: The Maximum amount per transaction setting in the Account menu controls all transactions, even those that are less than or exceed the Total Purchase Price Ceiling filter.

An unusually high purchase amount (compared to the average for your business) can indicate potential fraudulent activity. Because fraudsters are not paying with their own money, they are not price-sensitive.

Total item ceiling filter

This filter compares the total number of items (or volume for bulk commodities) to the maximum count (the ceiling) that you specify.

The specified action is taken whenever the item count in a transaction exceeds the specified ceiling.

An unusually high item count (compared to the average for your business) can indicate potential fraudulent activity. Fraudsters frequently attempt to order large numbers of attractive items that can easily be resold.

Note: In addition, some items are more susceptible to fraud than others. For example, a computer can be resold for much more money than can a pair of sport shoes. The likelihood of selling the item quickly is also a factor.

Shipping-billing mismatch filter

What does the filter do?

This filter screens for differences between the shipping information and the billing information (street, state, ZIP code, and country).

The specified action is taken whenever the shipping information differs from the billing information.

Data normalization

The shipping/billing mismatch filter is tolerant of minor address inaccuracies that result from typographical or spelling errors. The filter checks relationships among the street address, city, state, and ZIP code and determines if a minor change is needed before screening the transaction.

Note: This normalization is performed purely on the billing and shipping data, and does not authenticate the customer.

Because this normalization happens during data validation by the Payflow server, the data as entered by the customer will still appear in its original form on all transaction data review pages. This means that you might see the following entries not flagged as mismatches on the Fraud Details page:

     Billing                  Shipping Steve Morrison           Steve Morrison 4390 Ramirez             4390 RamiresSan Francisco, CA        San Francisco, CA 94114                    94113
How does the filter protect me?

There are legitimate reasons for a shipping/billing mismatch with a customer purchase—for example, gift purchases might fit this profile. But a mismatch could also indicate that someone is using a stolen identity to complete a purchase (and having the items sent to another address from which they can retrieve the stolen items).

To help to distinguish between legitimate and fraudulent orders, review all mismatches by cross-checking other purchase information such as AVS and card security code.

Product watch list filter

The product watch list filter compares SKUs (or other product identifiers) of the products in a transaction against a product watch list you create. Any transaction containing an SKU in the list triggers the filter. If you enable this filter, then you must set up the list of products that should be monitored.

Note: Items that you enter in the test product watch list are not carried over to the configuration for the live servers, so do not spend time entering a complete list for the test configuration.

Some products are attractive to fraudsters (especially popular products with high resale value like computers or televisions). The Product Watch List filter gives you the opportunity to review transactions involving such products to ensure that the order is legitimate.

High-risk payment filters

High-risk payment filters identify transactions that show billing/shipping discrepancies or an indication that someone other than the legitimate account holder is initiating the transaction.

AVS failure filter

This filter compares the street number and the ZIP code submitted by the customer against the data on file with the issuer.

The AVS response is composed of a Y, N, or X value for the customer’s street address and a Y, N, or X value for the ZIP code. For example, the response for a correct street number and an incorrect ZIP code is YN.

If AVS information is not submitted with the transaction, then the response is NN.

ResultMeaning
YThe submitted information matches information on file with the account holder's bank.
NThe submitted information does not match information on file with the account holder's bank.
XThe account holder's bank does not support AVS checking for this information.
(Null)In some cases banks return no value at all.

AVS checks only for a street number match, not a street name match, so 123 Main Street returns the same response as 123 Elm Street. The USPS address validation failure filter validates the address information.

Note: The specified action is taken whenever the AVS response does not meet the criterion that you specified.

Important: The AVS failure filter performs the action after the transaction is processed. This means that, if set to reject, the filter rejects the transaction after the transaction is authorized by the processor. To charge the customer for such a transaction, you must resubmit the transaction data.

Specifying the level of AVS checking

Specify one of the AVS settings:

  • Full: Take action if a transaction returns any value other than YY (Y for street address and Y for ZIP code).
  • Medium: Take action if a transaction returns values other than these: XX, XY, YX, and YY.
  • Light: Take action only if NN is returned.

This table summarizes AVS levels:

AVS SettingAllowed Responses
Full(Y, Y)
Medium(X, X), (X, Y), (Y, X), (Y, Y)
Light(X, X), (X, Y), (Y, X), (X, N), (N, X), (N, Y), (Y, N), (Y, Y)

Buyers who can provide the street number and ZIP code on file with the issuing bank are more likely to be the actual account holder. AVS matches, however, are not a guarantee. Use card security code and Buyer Authentication in addition to AVS to increase your certainty.

Card security code failure filter

The card security code is a 3- or 4-digit number (not part of the credit card number) that appears on credit card. Because the card security code appears only on the card and not on receipts or statements, the card security code provides some assurance that the physical card is in the possession of the buyer.

Important: The card security code failure filter performs the action after the transaction is processed. This means that, if set to reject, the filter rejects the transaction after the transaction is authorized by the processor. To charge the customer for such a transaction, you must resubmit the transaction data.

About the card security code

The card security code is printed on the back of most cards (usually in the signature field). All or part of the card number appears before the card security code (567 in the example). For American Express, the 4-digit number (1122 in the example) is printed on the front of the card, above and to the right of the embossed account number. Be sure to explain this to your customers.

The card security code check compares the number provided by the customer with the number on file with the issuer and returns one of the following responses:

ResultMeaning
YThe submitted information matches information on file with account holder's bank.
NThe submitted information does not match information on file with the account holder's bank.
XAccount holder's bank does not support this service.
(Null)In some cases banks return no value at all.
Card security code failure filter action

The specified action is taken whenever the card security code response is the value that you specified.

Best practice is to review all transactions with responses other than Y. You set the "strength" of the filter as follows:

  • Full: Take action if a value of N or X is returned.
  • Medium: Take action only if a value of N is returned.

Buyer authentication failure filter

Buyer Authentication refers to the card-sponsored authentication services such as Verified by Visa and Mastercard Secure Code that make use of the 3-D Secure protocol. These authentication methods prompt buyers to provide a password to their card issuer before being allowed to execute a credit card purchase.

You must enroll for the Buyer Authentication Service in the Fraud Protection Services suite to make use of the buyer authentication failure filter. The filter is grayed out on configuration pages if you are not enrolled.

The filter is triggered when the customer’s identity is not adequately authenticated, according to criteria that you specify.

Buyer authentication results

Although Mastercard and Visa both use the underlying 3-D Secure protocol to implement buyer authentication, they have different liability rules regarding buyer authentication results. Those are covered in the following table.

Mastercard converts 3-D Secure results into UCAF fields. To simplify for the merchant, all responses are normalized into the values listed in the following table.

Buyer authentication returns one of the following responses in the AUTHENTICATION_STATUS name-value pair (values are for Visa United States region):

ResultDescriptionLiability Impact (Subject to Change)
YSuccessful authentication—the password was correct.Both Visa and Mastercard shift liability for fraud from the merchant.
AThe merchant attempted to authenticate the buyer, but the issuer does not support buyer authentication.Visa shifts liability for fraud from the merchant.
Mastercard does not shift liability for fraud from the merchant.
NUnsuccessful authentication—the password was not correct.Neither Visa nor Mastercard shift liability for fraud from the merchant.
UAuthentication could not be completed due to network error.Neither Visa nor Mastercard shift liability for fraud from the merchant.
FCard issuers authentication credentials could not be validated.Neither Visa nor Mastercard shift liability for fraud from the merchant.
Actions

You set the "strength" of the filter as follows:

  • Full: Trigger if a value of N, U, or F is returned.
  • Medium: Trigger only if a value of N is returned.

Note: To enforce the minimum Visa regulations, set the filter to Medium strength with an action of Reject. This setting rejects N responses, however, so there is no liability benefit.

How does the filter protect me?

Buyer authentication is the only screening tool that promises to shift fraud liability from the merchant. The password used with Verified by Visa and Mastercard Secure Code is the digital equivalent to a shopper’s handwritten signature.

Note: Make use of buyer authentication if your processor and acquirer support it. The use of the password protects merchants from some chargebacks when a customer claims not to have authorized the purchase.

Widespread account holder enrollment in buyer authentication programs may take some time and depends on the card issuers supporting and marketing the option.

BIN risk list match filter

This checks the Bank Identification Number (BIN) on a card for banks flagged as possible risks.

The BIN makes up the first six digits of a credit card number and identifies the bank that issued the card. This filter screens every credit card number for BINs on the high-risk list.

The specified action is taken whenever a BIN matches one on the list.

Certain BINs might be associated with a greater degree of fraud because the issuer uses less stringent authentication policies when issuing cards. In other cases, because some issuers have a large number of cards in circulation, the cards are more likely to fall into the hands of fraudsters.

Account number velocity filter

The account number velocity filter is triggered for excessive use of a card within a short period of time.

What does the filter do?

The account number velocity filter triggers when any credit card account number is used five times within a three-day (72-hour) period.

Important: The specified action is performed on only the transaction that triggered the filter and not on the previous four transactions. You must manually review and act upon those transactions. Generate a Transaction Details report and click the Account Velocity link to view the transactions.

What is velocity?

In the risk management industry, an event’s velocity is a measure of its frequency of occurrence during a defined time period. Unusually high velocity is can be associated with repeated fraudulent attacks on a system. Legitimate customers do not typically perform multiple transactions in quick succession.

How does the filter protect me?

Fraudsters often submit multiple purchases with a single account number to try to discover the card’s valid billing address or card security code. Alternatively, the fraudster may attempt to bypass ceiling filters by making multiple small purchases with a know good account number.

High-risk address filters

High risk address filters identify transactions associated with high-risk geographical locations or poorly-matched transaction data.

ZIP risk list match filter

This filter checks for high risk ZIP codes.

This filter compares the ship to and bill to ZIP codes (US only) against the high-risk list. High-risk ZIP codes are determined based on analysis of millions of e-commerce transactions. The specified action is taken whenever a submitted ZIP code appears in the risk list.

Note: Fraud tends to correlate to densely populated areas like major cities. For this reason, ZIP codes on the risk list will likely correlate to major cities.

Matching a ZIP code on the risk list does not necessarily indicate a fraudulent purchase, but that you should evaluate these transactions more closely than other transactions.

USPS address validation failure filter

This filter screens the ship to and bill to addresses (street number, street name, state, and ZIP code) against the United States Postal Service database of existing addresses. The USPS updates the database continually.

The specified action is taken whenever the address cannot be validated (it does not exist or is incorrect in some way).

Note: The filter does not validate that the person named in the transaction data lives at that address or even that the address is currently occupied—only that the address exists in the database.

To trick a merchant’s filters, fraudsters sometimes deliberately misspell or make up street names. This enables the fraudster to spoof AVS, geo-location, and high-risk address filters. You can identify this basic form of spoofing by using the USPS address validation filter to determine whether an address really exists.

Note: One useful side effect of the filter is that mis-keyed addresses of legitimate customers can be identified before shipping.

IP address match filter

This filter screens the IP address from which a transaction originates against a list of high-risk IP addresses. An IP (Internet protocol) address is a unique identifier for a computer on a TCP/IP network that can identify a particular network and a particular computer on that network.

Note: IP addresses are not always fixed like the addresses to physical buildings. Some computers get a new IP address each time they connect to a network. The most general level of the IP address indicates the region or country from which the computer is connecting, and is thus relatively fixed. Therefore the IP address risk list is most effective as a screen for overseas fraud.

The specified action is taken whenever a submitted IP address appears in the risk list.

A customer’s IP address identifies a country, region, state, or city. As with ZIP codes, these addresses can be associated with higher or lower likelihood of fraud. This is especially true with high-risk countries that are known to be associated with especially high rates of fraud.

Required transaction data

You must send the customer’s IP address to use this filter.

Email service provider risk list match filter

This filter compares the e-mail service provider used by the customer against a list of high-risk e-mail service providers.

Note: Fraudsters most often use free services at which they do not need to provide traceable billing information. (Free services are also popular among legitimate shoppers—because they are free.) It is therefore a good practice to check whether the billing name appears in some form in the e-mail address. For example, Tina Johnson should have an e-mail address of TinaJohnson@hotmail.com or Johnson42@hotmail.com, or some similar variant. Such an e-mail address is less suspicious than xy12@hotmail.com.

The specified action is taken whenever the e-mail service provider is found in the risk list.

Online merchants rarely talk to their customers. The customer’s e-mail address is a critical communications channel between the merchant and customer. For example, e-mail is often used to confirm a purchase and to notify the customer that shipment has been made. It is therefore important for merchants to determine how reliably the e-mail address is tied to the identity of the customer. Some e-mail service providers make it especially easy to open and close e-mail accounts without ever providing personal information, enabling fraudsters to use false identities to cover their tracks. You should examine any transaction in which a high-risk e-mail service provider is involved.

Geo-location failure filter

This filter compares the IP address of the customer’s computer (captured in real-time when the transaction is submitted) and compares its geographical location to the billing and shipping addresses. IP (Internet protocol) addresses are unique identifiers for computers that can often be mapped to a specific city or area code.

The specified action is taken whenever the IP address, shipping address, and billing address do not fall within a 100 mile radius. If you provide only one physical address (billing or shipping address), then the filter triggers when the distance between the IP address and the address that you provided is greater than 100 miles.

Note: Gift purchases shipped far from the billing address will trigger the filter. Every effort has been made to ensure that IP address mapping is accurate and up-to-date. Given the nature of the Internet’s architecture, however, some Internet Service Provider (ISPs) use data centers far from the customers being serviced. In addition, as described in the IP address risk list Match filter, IP addresses can change dynamically. For these reasons, treat this filter as an indicator of suspicious activity, not as a definitive result.

Comparing the geographical location associated with the IP address to the submitted shipping and billing information can be an effective method for identifying identity spoofing. Fraudsters often pretend to live in one location, but live and shop from another.

All three elements should match one realistic customer profile. For example, a customer with a billing address in New York would typically shop from a computer in New York, and request delivery to a New York address. While there may be some minor inconsistencies in the overall profile, it should generally fit together. Remember, however, that gift purchases sent to another part of the country will not fit this profile.

Note: You should be especially wary when a customer has an international IP address but uses U.S. billing and shipping information.

IP address velocity filter

This filter is triggered for numerous transactions from the same IP address.

What does the filter do?

The IP address velocity filter triggers when five or more transactions within three days (72 hours) originate from any individual IP address.

Important: The specified action is performed on only the transaction that triggered the filter and not on the previous four transactions. You must manually review and act upon those transactions. Generate a transaction details report and click the IP Address Velocity link to view the transactions. IP addresses do not always identify a unique computer or user. For example, an ISP may use a limited number of IP addresses for all of its users. To protect against triggering the filter in this case, set up an IP address velocity ignore list (described in the online help).

What is velocity?

In the risk management industry, an event’s velocity is a measure of its frequency of occurrence during a defined time period. Unusually high velocity is can be associated with a fraudster making repeated attacks on a system. Legitimate customers do not typically perform multiple transactions in quick succession.

How does the filter protect me?

Fraudsters often submit multiple purchases using an automated script that tests unknown card numbers. Alternatively, the fraudster may attempt to bypass other filters by making multiple small purchases with multiple stolen account numbers.

High risk customer filters

These filters flag high risk customer transactions.

Bad lists

These filters trigger for information linked to fraudulent or otherwise "bad" customers.

This filter compares the customer’s e-mail address and credit card number against lists (that you create) of addresses and numbers for known bad customers.

Note: Unlike the risk lists managed by PayPal, you manage and update the bad lists yourself.

Any transaction that is an exact match with an entry in one of your bad lists triggers the filter.

If you enable this filter, then your next step will be to set up lists of bad email addresses and bad card numbers. Be sure to type the e-mail addresses and credit card numbers accurately. Enter only numerals in the credit card number list—no spaces or dashes.

Note: Items that you enter in the test bad lists are not carried over to your configuration for the live servers, so do not spend time entering a complete list for the test configuration.

This filter enables you to block repeat fraud. In the e-commerce world, after someone successfully performs a fraudulent transaction, they are very likely to try again. For this reason, you should set up lists of cards and email addresses and configure this filter to take action on transactions with data elements appearing in the bad lists.

International order filters

International order filters identify transactions associated with risky international locations.

Country risk list match filter

This filter screens the customer’s shipping and billing address information for matches with countries on the list of high-risk countries.

The specified action is taken whenever any of the information matches a country on the risk list.

Orders from customers in foreign countries are more likely to be fraudulent than orders from domestic customers. This is due to the difficulty of authenticating foreign citizens and the difficulty of cross-border legal enforcement against fraudulent activities.

Certain countries, however, are much riskier than others. These countries have high likelihood of fraud and you should evaluate transactions from these countries closely.

International shipping-billing address filter

This filter screens the customer’s shipping and billing information for non-U.S. addresses. The filter checks for country code 840, or any derivation of "United States" (U.S., USA, United States of America, America, and so on) in the country fields. Any other country name triggers the filter.

Orders from customers in foreign countries are more likely to be fraudulent than orders from domestic customers. This is due to the difficulty of authenticating foreign citizens and the difficulty of cross-border legal enforcement against fraudulent activities.

The international shipping-billing address filter sets aside transactions from customers in foreign countries so that you can evaluate them more fully.

International IP address filter

This filter screens for international IP addresses. An IP (Internet protocol) address is a unique identifier for a computer that can identify a particular network and a particular computer on that network.

The specified action is taken whenever the IP address indicates an international computer or network.

Orders from customers in foreign countries are more likely to be fraudulent than orders from domestic customers. This is due to the difficulty of authenticating foreign citizens as well as the difficulty of cross-border legal enforcement against fraudulent activities.

The international IP address filter sets aside transactions from customers in foreign countries so that you can evaluate them more fully.

International AVS filter

This filter determines whether the card issuer is domestic or international.

What does the filter do?

International Address Verification Service (IAVS) determines whether the card number is associated with a domestic (US) or international issuer. See the following table:

ResultMeaning
YThe card number is associated with an international issuer.
NThe card number is associated with a US issuer.
XAccount holder's bank does not support IAVS.
(Null)In some cases banks return no value at all.

The specified action is taken whenever AVS returns Y.

Special requirements

International AVS is not currently widely supported by processors. Check to see if your processor supports international AVS.

  • FISERV Nashville, Elavon, and Vantiv return IAVS responses for all card types.
  • All other processors always return N or X.
How does the filter protect me?

Orders from customers in foreign countries are more likely to be fraudulent than orders from domestic customers. This is due to the difficulty of authenticating foreign citizens as well as the difficulty of cross-border legal enforcement against fraudulent activities.

The international AVS filter sets aside transactions from customers with cards issued in foreign countries so that you can evaluate them more fully.

Accept filters

Accept filters immediately approve transactions that meet characteristics that you specify. If a filter in this group is triggered, then the transaction is accepted regardless of review filter results.

Important: The accept filters are designed to reduce the load on your staff by reducing the number of transactions set aside for review. The accept filters do not reduce risk.

Good lists

This list provides a way to avoid applying fraud filters to known good customers.

This filter compares the customer’s e-mail address and credit card number against lists (that you create) of addresses and numbers for known good customers. You create the lists.

Any transaction for which the e-mail address or credit card number is an exact match with an entry in one of your good lists is accepted and no other filters are applied. Enter only numerals in the credit card number list—no spaces or dashes.

Note: Unlike the risk lists that PayPal manages, you manage and update good lists yourself.

Items that you enter in the test good lists are not carried over to your configuration for the live servers, so do not spend time entering a complete list for the test configuration. If you activate this filter, then you must set up lists of good email addresses and good card numbers. Be sure to type the e-mail addresses and credit card numbers accurately.

Good lists do not authenticate individuals. If a fraudster were to steal e-mail addresses or credit card account numbers from this list, then they would be able to bypass the filter.

To ensure that loyal repeat customers are not held up by your fraud review process, you may want to create lists of e-mail addresses and card numbers that should be accepted. This ensures that an abnormal shopping pattern on the part of a loyal customer (for example making a purchase while on vacation overseas) does not trigger a filter and delay the transaction.

Total purchase price floor filter

This sets a floor so that small transactions will not be run through fraud filter screening.

This filter screens the total amount of a transaction (including tax, shipping and handling fees).

If a transaction amount is below the price set for this filter, then the transaction is accepted and no other filters are applied.

Merchants with an especially high transaction volume can use this filter to reduce the number of transactions that their staff must review—transactions below the specified price level are accepted without further analysis.

Custom filters

You create custom filters by combining up to five existing filters. A well-designed custom filter can more accurately identify suspicious transactions because it is fine-tuned to the unique needs of your business (for example, you can specify a particular combination of amount, buyer location, and shipping location). For this reason, fewer legitimate transactions are unnecessarily held for review.

For example, a custom filter that triggers only when both the card security code failure and AVS failure filters trigger will set aside transactions that are especially suspicious.

Note: You can create a combined maximum (test plus live) of 15 custom filters. For example, if you currently have 5 test custom filters and 10 live custom filters, you cannot create any more custom filters until you delete one of the existing custom filters.

See PayPal Manager online help for details on creating a custom filter.

Testing the transaction security filters

Each example transaction shown in this section is designed to test the operation of a single filter. To test a filter, disable all other filters and submit the transaction. The filter should be triggered and display its results in the Transaction Detail page.

In the examples, the critical transaction data is shown in bold type.

Testing the good and bad lists

To test the good and bad list filters, add good and bad entries to the list and then submit a transaction using a value in the list.

Testing the AVS failure filter

TRXTYPE=A&ACCT=5105105105105100&AMT[4]=1.02&BILLTOPHONE2=650-555-0123 &BROWSERCOUNTRYCODE=203&BROWSERTIME[22]=July 11, 2002 12:12:12& BROWSERUSERAGENT=BROWSERUSERAGENT&CITY=Campbell&COMMENT1= Automated testing from AdminTester&BILLTOCOUNTRY=840&CUSTIP=194.213.32.220&CUSTREF=CUSTREF& DESC=DESC&DL=CA111111&DOB=CA123456&BILLTOEMAIL[17]=Admin@merchant.com&EXPDATE= 1209&BILLTOFIRSTNAME=John&FREIGHTAMT=1.11&BILLTOLASTNAME=Johnson&L_COST0=11.11& L_DESC0=L_DESC0&L_QTY0=1&L_SKU0=L_SKU0&L_TYPE0=L_TYPE0&L_UPC0=L_UPC0& BILLTOMIDDLENAME=Z&ORDERTIMEZONE=1&PARTNER=PayPal&PHONENUM=650-555-0123& PONUM=PONUM&PWD=testing1&SHIPCARRIER=SHIPCARRIER&SHIPMETHOD=SHIPMETHOD&SHIPTOCITY= Mountain View&COUNTRYCODE=US&SHIPTOEMAIL[17]=Admin@merchant.com& SHIPTOFIRSTNAME=SHIPTOFIRSTNAME&SHIPTOLASTNAME=SHIPTOLASTNAME&SHIPTOMIDDLENAME= SHIPTOMIDDLENAME&SHIPTOPHONE=650-555-0124&SHIPTOPHONE2=650-555-0125& SHIPTOSTATE=CA&SHIPTOSTREET=487 East Middlefield Road&SHIPTOSTREET2=487 East Middlefield Road& SHIPTOZIP=94043&SS=565796510&BILLTOSTATE=CA&BILLTOSTREET=667 W. Rincon Ave&BILLTOSTREET2=Unit C&TAXAMT=1.02&TENDER=C&USER= TESTAVSRejectFull&VENDOR=TESTAVSRejectFull&BILLTOZIP=99999

Expected response message

resp mesg=RESULT=125&PNREF=VBCA25034255&RESPMSG=Declined by Fraud Service &AUTHCODE=421PNI&AVSADDR=X&AVSZIP=X&IAVS=X&PREFPSMSG=No Rules Triggered&POSTFPSMSG=Reject AVS !!ERROR 16:55:6 result=125 TRXTYPE=A!!

Testing the BIN risk list match filter

Pass in the appropriate credit card number for the card brand:

  • American Express: 378282246310005
  • Mastercard: 5555555555554444
  • Visa: 4610251000010168
TRXTYPE=A&ACCT=4610251000010168&AMT[8]=$1000.00&BILLTOPHONE2=650-555-0123& BILLTOSTREET2=123 BILLTOSTREET&BROWSERCOUNTRYCODE=203&BROWSERTIME[22]=July 11, 2002 12:12:12&BROWSERUSERAGENT=BROWSERUSERAGENT&CITY=No City&COMMENT1=Automated testing from AdminTester&BILLTOCOUNTRY=203&CUSTIP=66.218.71.93&CUSTREF=CUSTREF&DESC=DESC&DL=CA111111& DOB=CA123456&BILLTOEMAIL[20]=admin@merchant.com&EXPDATE=1209&BILLTOFIRSTNAME=John&FREIGHTAMT=1.11& BILLTOLASTNAME=Johnson&L_COST0=11.11&L_DESC0=L_DESC0&L_QTY0=1&L_SKU0=L_SKU0&L_TYPE0=L_TYPE0&L_UPC0= L_UPC0&BILLTOMIDDLENAME=Z&ORDERTIMEZONE=1&PARTNER=PayPal&PHONENUM=650-555-0123&PONUM=PONUM& PWD=testing1&SHIPCARRIER=SHIPCARRIER&SHIPMETHOD=SHIPMETHOD&SHIPTOCITY=No City&SHIPTOCOUNTRY=203& SHIPTOEMAIL[20]=admin@merchant.com&SHIPTOFIRSTNAME=SHIPTOFIRSTNAME&SHIPTOLASTNAME=SHIPTOLASTNAME& SHIPTOMIDDLENAME=SHIPTOMIDDLENAME&SHIPTOPHONE=650-555-0124&SHIPTOPHONE2=650-555-0125&SHIPTOSTATE= CA&SHIPTOSTREET=123 Main St.&SHIPTOSTREET2=123 SHIPTOSTREET 2&SHIPTOZIP=11111&SS=565796510&BILLTOSTATE= CA&BILLTOSTREET=123 Main St.&BILLTOSTREET2=123 SHIPTOSTREET2&TAXAMT=1.01&TENDER=C&USER= TESTHighRiskBinCheckReject&VENDOR=TESTHighRiskBinCheckReject&BILLTOZIP=11111

Expected response message

resp mesg=RESULT=125&PNREF=VB0A25033363&RESPMSG=Declined by Fraud Service& PREFPSMSG=Reject HighRiskBinCheck !!ERROR 15:52:54 result=125 TRXTYPE=A!!

Testing the country risk list match filter

Pass in the specified country or country code.

TRXTYPE=A&ACCT=5105105105105100&AMT[8]=$1000.00&BROWSERCOUNTRYCODE=203& BROWSERTIME[22]=July 11, 2002 12:12:12&BROWSERUSERAGENT=BROWSERUSERAGENT&CITY=No City&COMMENT1= Automated testing from AdminTester&BILLTOCOUNTRY=124&HIPTOCOUNTRY=AD&CUSTIP=172.131.193.25& CUSTREF=CUSTREF&DESC=DESC&DL=CA111111&DOB=CA123456&BILLTOEMAIL[20]=admin@merchant.com&EXPDATE= 1209&BILLTOFIRSTNAME=John&FREIGHTAMT=1.11&BILLTOLASTNAME=Johnson&L_COST0=11.11&L_DESC0=L_DESC0& L_QTY0=1&L_SKU0=L_SKU0&L_TYPE0=L_TYPE0&L_UPC0=L_UPC0&BILLTOMIDDLENAME=Z&ORDERTIMEZONE=1& PARTNER=PayPal&PHONENUM=650-555-0123&PONUM=PONUM&PWD=testing1&SHIPCARRIER=SHIPCARRIER&SHIPMETHOD= SHIPMETHOD&SHIPTOCITY=No City&SHIPTOEMAIL[20]=admin@merchant.com&SHIPTOFIRSTNAME=SHIPTOFIRSTNAME& SHIPTOLASTNAME=SHIPTOLASTNAME&SHIPTOMIDDLENAME=SHIPTOMIDDLENAME&SHIPTOPHONE=650-555-0124& SHIPTOPHONE2=650-555-0125&SHIPTOSTATE=CA&SHIPTOSTREET=123 Main St.&SHIPTOSTREET2=123 SHIPTOSTREET 2& SHIPTOZIP=60649&SS=565796510&BILLTOSTATE=CA&BILLTOSTREET=123 Main St.&BILLTOSTREET2=123 SHIPTOSTREET 2& TAXAMT=1.01&TENDER=C&USER=TESTHighRiskCountryCheckReject&VENDOR=TESTHighRiskCountryCheckReject&BILLTOZIP=60649

Expected response message

resp mesg=RESULT=125&PNREF=VB0A25031715&RESPMSG=Declined by Fraud Service&PREFPSMSG= Reject HighRiskCountryCheck !!ERROR 14:7:57 result=125 TRXTYPE=A!!

Testing the email service provider risk list match filter

Pass in the specified e-mail address.

TRXTYPE=A&ACCT=5105105105105100&AMT[8]=$1000.00&BROWSERCOUNTRYCODE=203&BROWSERTIME[22]= July 11, 2002 12:12:12&BROWSERUSERAGENT=BROWSERUSERAGENT&CITY=No City&COMMENT1=Automated testing from AdminTester& BILLTOCOUNTRY=124&SHIPTOCOUNTRY=124&CUSTIP=172.131.193.25&CUSTREF=CUSTREF&DESC=DESC&DL=CA111111&DOB=CA123456&BILLTOEMAIL[18]=fraud@asiamail.com&EXPDATE=1209&BILLTOFIRSTNAME=John&FREIGHTAMT=1.11&BILLTOLASTNAME=Johnson& L_COST0=11.11&L_DESC0=L_DESC0&L_QTY0=1&L_SKU0=L_SKU0&L_TYPE0=L_TYPE0&L_UPC0=L_UPC0&BILLTOMIDDLENAME=Z& ORDERTIMEZONE=1&PARTNER=PayPal&PHONENUM=650-555-0123&PONUM=PONUM&PWD=testing1&SHIPCARRIER=SHIPCARRIER& SHIPMETHOD=SHIPMETHOD&SHIPTOCITY=No City&SHIPTOEMAIL[18]=fraud@asiamail.com&SHIPTOFIRSTNAME=SHIPTOFIRSTNAME& SHIPTOLASTNAME=SHIPTOLASTNAME&SHIPTOMIDDLENAME=SHIPTOMIDDLENAME&SHIPTOPHONE=650-555-0124&SHIPTOPHONE2= 650-555-0125&SHIPTOSTATE=CA&SHIPTOSTREET=123 Main St.&SHIPTOSTREET2=123 SHIPTOSTREET 2&SHIPTOZIP=60649& SS=565796510&BILLTOSTATE=CA&BILLTOSTREET=123 Main St.&BILLTOSTREET2=123 SHIPTOSTREET2&TAXAMT=1.01& TENDER=C&USER=TESTHighRiskEmailCheckReject&VENDOR=TESTHighRiskEmailCheckReject&BILLTOZIP=60649

Expected response message

resp mesg=RESULT=125&PNREF=VB0A25031907&RESPMSG=Declined by Fraud Service& PREFPSMSG=Reject HighRiskEmailCheck !!ERROR 14:20:5 result=125 TRXTYPE=A!!

Testing the geo-location failure filter

Pass in the specified shipping address, billing address, and IP address.

TRXTYPE=A&ACCT=5105105105105100&AMT[8]=$1000.00&BILLTOPHONE2=650-555-0123&BROWSERCOUNTRYCODE= 203&BROWSERTIME[22]=July 11, 2002 12:12:12&BROWSERUSERAGENT=BROWSERUSERAGENT&CITY=Campbell&COMMENT1= Automated testing from AdminTester&BILLTOCOUNTRY=840&CUSTIP=192.6.165.40&CUSTREF=CUSTREF&DESC=DESC& DL=CA111111&DOB=CA123456&BILLTOEMAIL[18]=fraud@asiamail.com&EXPDATE=1209&BILLTOFIRSTNAME=John&FREIGHTAMT=1.11& BILLTOLASTNAME=Johnson&L_COST0=11.11&L_DESC0=L_DESC0&L_QTY0=1&L_SKU0=L_SKU0&L_TYPE0=L_TYPE0&L_UPC0=L_UPC0& BILLTOMIDDLENAME=Z&ORDERTIMEZONE=1&PARTNER=PayPal&PHONENUM=650-555-0123&PONUM=PONUM&PWD=testing1&SHIPCARRIER= SHIPCARRIER&SHIPMETHOD=SHIPMETHOD&SHIPTOCITY=Mountain View&SHIPTOCOUNTRY=840&SHIPTOEMAIL[18]= fraud@asiamail.com&SHIPTOFIRSTNAME=SHIPTOFIRSTNAME&SHIPTOLASTNAME=SHIPTOLASTNAME&SHIPTOMIDDLENAME= SHIPTOMIDDLENAME&SHIPTOPHONE=650-555-0124&SHIPTOPHONE2=650-555-0125&SHIPTOSTATE=CA&SHIPTOSTREET= 487 East Middlefield Road&SHIPTOSTREET2=487 East Middlefield Road&SHIPTOZIP=94043&SS=565796510&BILLTOSTATE=CA&BILLTOSTREET=236 W. Rincon Ave&BILLTOSTREET2=Unit C&TAXAMT=1.01&TENDER=C&USER=TESTGeoLocationCheckReject& VENDOR=TESTGeoLocationCheckReject&BILLTOZIP=95008

Expected response message

resp mesg=RESULT=125&PNREF=VB0A25088015&RESPMSG=Declined by Fraud Service&PREFPSMSG= Reject GeoLocationCheck !!ERROR 15:44:28 result=125 TRXTYPE=A!!

Testing the international AVS filter

Pass in the specified ZIP codes and billing address.

TRXTYPE=A&ACCT=5105105105105100&AMT[8]=$1000.00&BROWSERCOUNTRYCODE=203&BROWSERTIME[22]= July 11, 2002 12:12:12&BROWSERUSERAGENT=BROWSERUSERAGENT&CITY=No City&COMMENT1=Automated testing from AdminTester&BILLTOCOUNTRY=840&SHIPTOCOUNTRY=U840&CUSTIP=66.218.71.93&CUSTREF=CUSTREF&DESC=DESC&DL=CA111111&DOB= CA123456&BILLTOEMAIL[20]=admin@merchant.com&EXPDATE=1209&BILLTOFIRSTNAME=John&FREIGHTAMT=1.11&BILLTOLASTNAME= Johnson&L_COST0=11.11&L_DESC0=L_DESC0&L_QTY0=1&L_SKU0=L_SKU0&L_TYPE0=L_TYPE0&L_UPC0=L_UPC0&BILLTOMIDDLENAME= Z&ORDERTIMEZONE=1&PARTNER=PayPal&PHONENUM=650-555-0123&PONUM=PONUM&PWD=testing1&SHIPCARRIER=SHIPCARRIER& SHIPMETHOD=SHIPMETHOD&SHIPTOCITY=No City&SHIPTOEMAIL[20]=admin@merchant.com&SHIPTOFIRSTNAME=SHIPTOFIRSTNAME& SHIPTOLASTNAME=SHIPTOLASTNAME&SHIPTOMIDDLENAME=SHIPTOMIDDLENAME&SHIPTOPHONE=650-555-0124&SHIPTOPHONE2= 650-555-0125&SHIPTOSTATE=CA&SHIPTOSTREET=123 Main St.&SHIPTOSTREET2=123 SHIPTOSTREET 2&SHIPTOZIP=00101&SS=565796510& BILLTOSTATE=CA&BILLTOSTREET=123 Main St.&BILLTOSTREET2=123 SHIPTOSTREET 2&TAXAMT=1.01&TENDER=C&USER= TESTInternationalAVSReject&VENDOR=TESTInternationalAVSReject&BILLTOZIP=00101

Expected response message

resp mesg=RESULT=125&PNREF=VBCA25032988&RESPMSG=Declined by Fraud Service&AUTHCODE=890PNI& AVSADDR=Y&AVSZIP=Y&IAVS=Y&PREFPSMSG=No Rules Triggered&POSTFPSMSG=Reject InternationalAVS !!ERROR 15:30:41 result=125 TRXTYPE=A!!

Testing the international IP address filter

Pass in the specified IP address.

TRXTYPE=A&ACCT=5105105105105100&AMT[8]=$1000.00&BROWSERCOUNTRYCODE=203&BROWSERTIME[22]= July 11, 2002 12:12:12&BROWSERUSERAGENT=BROWSERUSERAGENT&CITY=Campbell&COMMENT1=Automated testing from AdminTester& BILLTOCOUNTRY=840&SHIPTOCOUNTRY=840&CUSTIP=194.213.32.220/&CUSTREF=CUSTREF&DESC=DESC&DL=CA111111&DOB= CA123456&BILLTOEMAIL[18]=fraud@asiamail.com&EXPDATE=1209&BILLTOFIRSTNAME=John&FREIGHTAMT=1.11&BILLTOLASTNAME=Johnson& L_COST0=11.11&L_DESC0=L_DESC0&L_QTY0=1&L_SKU0=L_SKU0&L_TYPE0=L_TYPE0&L_UPC0=L_UPC0&BILLTOMIDDLENAME=Z& ORDERTIMEZONE=1&PARTNER=PayPal&PHONENUM=650-555-0123&PONUM=PONUM&PWD=testing1&SHIPCARRIER=SHIPCARRIER& SHIPMETHOD=SHIPMETHOD&SHIPTOCITY=Mountain View&SHIPTOEMAIL[18]=fraud@asiamail.com&SHIPTOFIRSTNAME=SHIPTOFIRSTNAME& SHIPTOLASTNAME=SHIPTOLASTNAME&SHIPTOMIDDLENAME=SHIPTOMIDDLENAME&SHIPTOPHONE=650-555-0124&SHIPTOPHONE2= 650-555-0125&SHIPTOSTATE=CA&SHIPTOSTREET=487 East Middlefield Road&SHIPTOSTREET2=487 East Middlefield Road& SHIPTOZIP=94043&SS=565796510&BILLTOSTATE=CA&BILLTOSTREET=236 W. Rincon Ave&BILLTOSTREET2=Unit C&TAXAMT=1.01& TENDER=C&USER=TESTNonUSIPAddressReject&VENDOR=TESTNonUSIPAddressReject&BILLTOZIP=95008

Expected response message

resp mesg=RESULT=125&PNREF=VB0A25032282&RESPMSG=Declined by Fraud Service&PREFPSMSG= Reject NonUSIPAddress !!ERROR 14:49:23 result=125 TRXTYPE=A!!

Testing the international shipping-billing address filter

Pass in a non-United States country code to either the billing or shipping address.

TRXTYPE=A&ACCT=5105105105105100&AMT[8]=$1000.00&BROWSERCOUNTRYCODE=203&BROWSERTIME[22]= July 11, 2002 12:12:12&BROWSERUSERAGENT=BROWSERUSERAGENT&CITY=No City&COMMENT1=Automated testing from AdminTester&BILLTOCOUNTRY=188&SHIPTOCOUNTRY=840&CUSTIP=66.218.71.93&CUSTREF=CUSTREF&DESC=DESC&DL=CA111111&DOB= CA123456&BILLTOEMAIL[20]=admin@merchant.com&EXPDATE=1209&BILLTOFIRSTNAME=John&FREIGHTAMT=1.11&BILLTOLASTNAME= Johnson&L_COST0=11.11&L_DESC0=L_DESC0&L_QTY0=1&L_SKU0=L_SKU0&L_TYPE0=L_TYPE0&L_UPC0=L_UPC0&BILLTOMIDDLENAME= Z&ORDERTIMEZONE=1&PARTNER=PayPal&PHONENUM=650-555-0123&PONUM=PONUM&PWD=testing1&SHIPCARRIER=SHIPCARRIER& SHIPMETHOD=SHIPMETHOD&SHIPTOCITY=No City&SHIPTOEMAIL[20]=admin@merchant.com&SHIPTOFIRSTNAME=SHIPTOFIRSTNAME& SHIPTOLASTNAME=SHIPTOLASTNAME&SHIPTOMIDDLENAME=SHIPTOMIDDLENAME&SHIPTOPHONE=650-555-0124&SHIPTOPHONE2= 650-555-0125&SHIPTOSTATE=CA&SHIPTOSTREET=123 Main St.&SHIPTOSTREET2=123 SHIPTOSTREET 2&SHIPTOZIP=11111&SS= 565796510&BILLTOSTATE=CA&BILLTOSTREET=123 Main St.&BILLTOSTREET2=123 SHIPTOSTREET2&TAXAMT=1.01&TENDER=C&USER= TESTInternationalOrderReject&VENDOR=TESTInternationalOrderReject&BILLTOZIP=11111

Expected response message

resp mesg=RESULT=125&PNREF=VB0A25032493&RESPMSG=Declined by Fraud Service&PREFPSMSG= Reject InternationalOrder !!ERROR 15:0:24 result=125 TRXTYPE=A!!

Testing the IP address match filter

TRXTYPE=A&ACCT=5105105105105100&AMT[6]=$75.00&BILLTOPHONE2=650-555-1234&BILLTOSTREET2=& BROWSERCOUNTRYCODE=203&BROWSERTIME[22]=July 11, 2002 12:12:12&BROWSERUSERAGENT=BROWSERUSERAGENT&CITY= No City&COMMENT1=Test to trigger rules&BILLTOCOUNTRY=840&CUSTIP=172.131.193.25&CUSTREF=CUSTREF&DESC=DESC&DL= CA111111&DOB=CA123456&BILLTOEMAIL[21]=lastName@paypal.com&EXPDATE=1209&BILLTOFIRSTNAME=FirstName&FREIGHTAMT=1.11& BILLTOLASTNAME=LastName&L_COST0=11.11&L_DESC0=L_DESC0&L_QTY0=1&L_SKU0=L_SKU0&L_TYPE0=L_TYPE0&L_UPC0=L_UPC0& BILLTOMIDDLENAME=Z&ORDERTIMEZONE=1&PARTNER=PayPal&PHONENUM=650-555-1234&PONUM=PONUM&PWD=password1& SHIPCARRIER=SHIPCARRIER&SHIPMETHOD=SHIPMETHOD&SHIPTOCITY=No City&SHIPTOCOUNTRY=840&SHIPTOEMAIL[17]= test@paypal.com&SHIPTOFIRSTNAME=&SHIPTOLASTNAME=&SHIPTOMIDDLENAME=&SHIPTOPHONE=650-555-1235&SHIPTOPHONE2= 650-555-1236&SHIPTOSTATE=CA&SHIPTOSTREET=487 East Middlefield Road&SHIPTOSTREET2=&SHIPTOZIP=60649&SS=565796510& BILLTOSTATE=CA&BILLTOSTREET=487 East northfield Road&BILLTOSTREET2=&TAXAMT=1.01&TENDER=C&USER=testFilters&VENDOR= TESTFilters&BILLTOZIP=15071

Testing the shipping-billing mismatch filter

Pass in the specified shipping and billing addresses.

TRXTYPE=A&ACCT=3528000000000015&AMT[4]=1000&BROWSERCOUNTRYCODE=203&BROWSERTIME[22]= July 11, 2002 12:12:12&BROWSERUSERAGENT=BROWSERUSERAGENT&CITY=No City&COMMENT1=Automated testing from  AdminTester&BILLTOCOUNTRY=203&SHIPTOCOUNTRY=203&CUSTIP=255.255.255.255&CUSTREF=CUSTREF& DESC=DESC&DL=CA111111&DOB=CA123456&BILLTOEMAIL[20]=admin@merchant.com&EXPDATE=1209&BILLTOFIRSTNAME= John&FREIGHTAMT=1.11&BILLTOLASTNAME=Johnson&L_COST0=11.11&L_DESC0=L_DESC0&L_QTY0=1&L_SKU0=L_SKU0&L_TYPE0= L_TYPE0&L_UPC0=L_UPC0&BILLTOMIDDLENAME=Z&ORDERTIMEZONE=1&PARTNER=PayPal&PHONENUM=650-555-0123&PONUM= PONUM&PWD=testing1&SHIPCARRIER=SHIPCARRIER&SHIPMETHOD=SHIPMETHOD&SHIPTOCITY=SHIPTOCITY& SHIPTOEMAIL[20]=admin@merchant.com&SHIPTOFIRSTNAME=SHIPTOFIRSTNAME&SHIPTOLASTNAME=SHIPTOLASTNAME& SHIPTOMIDDLENAME=SHIPTOMIDDLENAME&SHIPTOPHONE=650-555-0124&SHIPTOPHONE2=650-555-0125&SHIPTOSTATE=CA&SHIPTOSTREET=SHIPTOSTREET&SHIPTOSTREET2=123 SHIPTOSTREET 2&SHIPTOZIP=11111&SS=565796510&BILLTOSTATE=CA&BILLTOSTREET=123 Main St.&TAXAMT=1.01&TENDER=C&USER=TESTBillShipMismatchReject& VENDOR=TESTBillShipMismatchReject&BILLTOZIP=11111

Expected response message

resp mesg=RESULT=125&PNREF=VB0A25031150&RESPMSG=Declined by Fraud Service&PREFPSMSG= Reject BillShipMismatch !!ERROR 13:34:27 result=125 TRXTYPE=A!!

Testing the total item ceiling filter

First, set the filter to trigger on 5 or fewer items. For testing, pass in more than 5 items, as shown here.

TRXTYPE=A&ACCT=3528000000000015&AMT[4]=1000&BROWSERCOUNTRYCODE=203&BROWSERTIME[22]= July 11, 2002 12:12:12&BROWSERUSERAGENT=BROWSERUSERAGENT&CITY=No City&COMMENT1=Automated testing from AdminTester& BILLTOCOUNTRY=203&SHIPTOCOUNTRY=203&CUSTIP=255.255.255.255&CUSTREF=CUSTREF&DESC=DESC&DL=CA111111&DOB= CA123456&BILLTOEMAIL[20]=admin@merchant.com&EXPDATE=1209&BILLTOFIRSTNAME=John&FREIGHTAMT=1.11&BILLTOLASTNAME= Johnson&L_COST0=11.11&L_DESC0=L_DESC0&L_QTY0=6&L_SKU0=L_SKU0&L_TYPE0=L_TYPE0&L_UPC0=L_UPC0& BILLTOMIDDLENAME=Z&ORDERTIMEZONE=1&PARTNER=PayPal&PHONENUM=650-555-0123&PONUM=PONUM&PWD=testing1& SHIPCARRIER=SHIPCARRIER&SHIPMETHOD=SHIPMETHOD&SHIPTOCITY=SHIPTOCITY&SHIPTOEMAIL[20]=admin@merchant.com& SHIPTOFIRSTNAME=SHIPTOFIRSTNAME&SHIPTOLASTNAME=SHIPTOLASTNAME&SHIPTOMIDDLENAME=SHIPTOMIDDLENAME& SHIPTOPHONE=650-555-0124&SHIPTOPHONE2=650-555-0125&SHIPTOSTATE=CA&SHIPTOSTREET=SHIPTOSTREET&SHIPTOSTREET2= 123 SHIPTOSTREET 2&SHIPTOZIP=11111&SS=565796510&BILLTOSTATE=CA&BILLTOSTREET=123 Main St.&TAXAMT=1.01&TENDER=C& USER=TESTHighOrderNumberReject&VENDOR=TESTHighOrderNumberReject&BILLTOZIP=11111

Expected response message

resp mesg=RESULT=125&PNREF=VB0A25030952&RESPMSG=Declined by Fraud Service&PREFPSMSG= Reject HighOrderNumber !!ERROR 13:19:25 result=125 TRXTYPE=A!!

Testing the total purchase price ceiling filter

First, set the filter to trigger at 1000.00. For testing, pass in an amount higher than 1000, as shown here.

TRXTYPE=A&ACCT=3528000000000015&AMT[7]=1000.01&BROWSERCOUNTRYCODE=203&BROWSERTIME[22]= July 11, 2002 12:12:12&BROWSERUSERAGENT=BROWSERUSERAGENT&CITY=No City&COMMENT1=Automated testing from AdminTester& BILLTOCOUNTRY=203&SIPTOCOUNTRY=203&CUSTIP=255.255.255.255&CUSTREF=CUSTREF&DESC=DESC&DL=CA111111&DOB=CA123456& BILLTOEMAIL[20]=admin@merchant.com&EXPDATE=1209&BILLTOFIRSTNAME=John&FREIGHTAMT=1.11&BILLTOLASTNAME=Johnson& L_COST0=11.11&L_DESC0=L_DESC0&L_QTY0=1&L_SKU0=L_SKU0&L_TYPE0=L_TYPE0&L_UPC0=L_UPC0&BILLTOMIDDLENAME=Z& ORDERTIMEZONE=1&PARTNER=PayPal&PHONENUM=650-555-0123&PONUM=PONUM&PWD=testing1&SHIPCARRIER=SHIPCARRIER& SHIPMETHOD=SHIPMETHOD&SHIPTOCITY=SHIPTOCITY&SHIPTOEMAIL[20]=admin@merchant.com&SHIPTOFIRSTNAME=SHIPTOFIRSTNAME& SHIPTOLASTNAME=SHIPTOLASTNAME&SHIPTOMIDDLENAME=SHIPTOMIDDLENAME&SHIPTOPHONE=650-555-0124&SHIPTOPHONE2= 650-555-0125&SHIPTOSTATE=CA&SHIPTOSTREET=SHIPTOSTREET&SHIPTOSTREET2=123 SHIPTOSTREET2&SHIPTOZIP=11111& SS=565796510&BILLTOSTATE=CA&BILLTOSTREET=123 Main St.&TAXAMT=1.01&TENDER=C&USER=TESTCeilingAmountReject&VENDOR= TESTCeilingAmountReject&BILLTOZIP=11111

Expected response message

resp mesg=RESULT=125&PNREF=VB0A25030756&RESPMSG=Declined by Fraud Service&PREFPSMSG= Reject CeilingAmount !!ERROR 13:11:4 result=125 TRXTYPE=A!!

Testing the total purchase price floor filter

To test the total purchase price floor filter, submit a transaction with an amount lower than the trigger amount.

Testing the USPS address validation failure filter

TRXTYPE=A&ACCT=5105105105105100&AMT[8]=$1000.00&BROWSERCOUNTRYCODE=203&BROWSERTIME[22]= July 11, 2002 12:12:12&BROWSERUSERAGENT=BROWSERUSERAGENT&CITY=No City&COMMENT1=Automated testing from AdminTester&BILLTOCOUNTRY=840&SHIPTOOUNTRY=US&CUSTIP=203.81.64.19&CUSTREF=CUSTREF&DESC=DESC&DL=CA111111&DOB=CA123456& BILLTOEMAIL[18]=fraud@asiamail.com&EXPDATE=1209&BILLTOFIRSTNAME=John&FREIGHTAMT=1.11&BILLTOLASTNAME=Johnson&L_COST0= 11.11&L_DESC0=L_DESC0&L_QTY0=1&L_SKU0=L_SKU0&L_TYPE0=L_TYPE0&L_UPC0=L_UPC0&BILLTOMIDDLENAME=Z&ORDERTIMEZONE=1& PARTNER=PayPal&PHONENUM=650-555-0123&PONUM=PONUM&PWD=testing1&SHIPCARRIER=SHIPCARRIER&SHIPMETHOD=SHIPMETHOD&SHIPTOCITY=No City&SHIPTOEMAIL[18]=fraud@asiamail.com&SHIPTOFIRSTNAME=SHIPTOFIRSTNAME&SHIPTOLASTNAME= SHIPTOLASTNAME&SHIPTOMIDDLENAME=SHIPTOMIDDLENAME&SHIPTOPHONE=650-555-0124&SHIPTOPHONE2=650-555-0125&SHIPTOSTATE=CA&SHIPTOCOUNTRY=840&SHIPTOSTREET=123 Main St. blah&SHIPTOSTREET2=&SHIPTOZIP=60649& SS=565796510&BILLTOSTATE=CA&BILLTOSTREET=123 Main St. blah&BILLTOSTREET2=123 SHIPTOSTREET 2&TAXAMT=1.01& TENDER=C&USER=TESTBillUSPostalAddressCheckReject&VENDOR=TESTBillUSPostalAddressCheckReject&BILLTOZIP=60649

Expected response message

resp mesg=RESULT=125&PNREF=VB0A25032101&RESPMSG=Declined by Fraud Service&PREFPSMSG= Reject BillUSPostalAddressCheck !!ERROR 14:39:3 result=125 TRXTYPE=A!!

Testing the ZIP risk list match filter

Pass in the specified ZIP codes.

TRXTYPE=A&ACCT=5105105105105100&AMT[8]=$1000.00&BROWSERCOUNTRYCODE=203&BROWSERTIME[22]= July 11, 2002 12:12:12&BROWSERUSERAGENT=BROWSERUSERAGENT&CITY=No City&COMMENT1=Automated testing from AdminTester& BILLTOCOUNTRY=203&SHITOCOUNTRY=203&CUSTIP=172.131.193.25&CUSTREF=CUSTREF&DESC=DESC&DL=CA111111&DOB=CA123456& BILLTOEMAIL[20]=admin@merchant.com&EXPDATE=1209&BILLTOFIRSTNAME=John&FREIGHTAMT=1.11&BILLTOLASTNAME=Johnson& L_COST0=11.11&L_DESC0=L_DESC0&L_QTY0=1&L_SKU0=L_SKU0&L_TYPE0=L_TYPE0&L_UPC0=L_UPC0&BILLTOMIDDLENAME=Z& ORDERTIMEZONE=1&PARTNER=PayPal&PHONENUM=650-555-0123&PONUM=PONUM&PWD=testing1&SHIPCARRIER=SHIPCARRIER& SHIPMETHOD=SHIPMETHOD&SHIPTOCITY=No City&SHIPTOEMAIL[20]=admin@merchant.com&SHIPTOFIRSTNAME=SHIPTOFIRSTNAME& SHIPTOLASTNAME=SHIPTOLASTNAME&SHIPTOMIDDLENAME=SHIPTOMIDDLENAME&SHIPTOPHONE=650-555-0124&SHIPTOPHONE2= 650-555-0125&SHIPTOSTATE=CA&SHIPTOSTREET=123 Main St.&SHIPTOSTREET2=123 SHIPTOSTREET 2&SHIPTOZIP=60649& SS=565796510&BILLTOSTATE=CA&BILLTOSTREET=123 Main St.&BILLTOSTREET2=123 SHIPTOSTREET2&TAXAMT=1.01&TENDER=C&USER= TESTHighRiskZIPCheckReject&VENDOR=TESTHighRiskZIPCheckReject&BILLTOZIP=60649

Expected response message

resp mesg=RESULT=125&PNREF=VB0A25031523&RESPMSG=Declined by Fraud Service&PREFPSMSG= Reject HighRiskZIPCheck !!ERROR 13:55:6 result=125 TRXTYPE=A!!

Deactivating fraud protection services

Deactivating Fraud Protection Services removes the security menu and transaction review functions (making it impossible to settle transactions). Therefore, before deactivating the service, you must first perform the following steps:

  1. Turn off filters so that no new transactions are sent to the fraud review queue.
  2. Clear the queue of transactions awaiting review by deciding to accept or reject them.
  3. Print hard copies of your audit trails as a permanent record.
  4. After you have completed steps 1 through 3, call Customer Service to request deactivation.
  5. PayPal deactivates the service. Any remaining transactions settle normally.

Customer Service

If you are having problems with Fraud Protection Services, contact Customer Service at: Email: payflow-support@paypal.com. Telephone: 1 888 883-9770