Fraud Management Filters Summary

Fraud Management Filters includes both basic and advanced filters.

Kinds of Fraud Management Filters

The filters you can use are determined by agreement between you and PayPal.
PayPal provides basic and advanced filters:

  • Basic filters are automatically available to any PayPal business account holder using PayPal Payments Standard, PayPal Payments Pro, Express Checkout, Virtual Terminal, or Email Payments. For more information about basic filters, see Basic Fraud Management Filters.
  • Advanced filters are available to PayPal Payments Pro merchants as an inclusive upgrade from the basic filters; using them may incur additional charges.
    Advanced filters are ideal for merchants with a medium to high volume of transactions. You can use them to automate existing manual review processes. They are specifically developed to combat credit card fraud by detecting fraudulent patterns in credit card payments. For more information about advanced filters, see Advanced Fraud Management Filters.
Important: You must have a business account to use Fraud Management Filters. Not all filters are available in each country or to each merchant. You can see your options by logging into PayPal and selecting Fraud Management Filters in the Profile.

Basic Fraud Management Filters

Basic Fraud Management Filters are filters that are available to all PayPal business account holders.

Maximum Transaction Amount Filter

This filter screens for payments above the specified amount by screening the total amount of the transaction, including tax, shipping, and handling fees. Transactions that exceed this maximum amount trigger this filter. An unusually high total amount can indicate potential fraudulent activity because fraudsters generally aren't price sensitive as they aren't paying with their own money. The Maximum Transaction Amount filter applies to all payments.

Unconfirmed Address Filter

This filter screens for payments above the specified amount when the shipping address entered by your customer has not yet been confirmed by PayPal as belonging to the PayPal account holder. A confirmed address is less likely to be used for fraudulent activity; however, there are many valid reasons why a customer's legitimate address may not be confirmed. For example, the customer may have recently moved or may live in a country where address confirmation is not available. Currently, only addresses in Canada, the United Kingdom, and the United States can be confirmed. You can also specify a maximum amount for the payment, in which amounts lower than the specified amount are not checked. The Unconfirmed Address filter applies to all payments.

Note: All payments made using debit cards, credit cards, and Virtual Terminal are considered to be from unconfirmed addresses.

Country Monitor Filter

This filter screens for payments from countries that you believe to pose an increased risk of fraud by screening a customer's IP address, billing address, and shipping addresses for matches with the countries you specify. Orders from customers in some countries can have a relatively higher incidence of fraud, especially where it is difficult to authenticate information about residents of the country. The Country Monitor filter applies to all payments.

Advanced Fraud Management Filters

Advanced Fraud Management Filters, which are optional, provide additional protection aimed at detecting fraud in credit card payments.
Advanced Fraud Management Filters are only available with PayPal Payments Pro. You can upgrade to these filters on PayPal. If you no longer want advanced fraud management filters, you can downgrade by contacting PayPal customer support.

Card and Address Validation Filters

You can filter transactions based on address information or credit card security code.

Address Verification Service No Match Filter

This filter screens for payments for which the billing address entered by your customer doesn't match the information maintained by the card issuer, as determined by the Address Verification Service (AVS). This filter corresponds to AVS response codes N or C. AVS compares the street number and zip code entered by the customer with information maintained by the card issuer. An AVS match helps verify that the customer using the credit card is the owner of the card. Failure to match may indicate that the address provided by the customer is fraudulent; however, no match may simply be the result of a typographical error. The Address Verification Service no match filter applies to Direct Credit Card and Virtual Terminal payments. Not all merchants are eligible for this filter; contact PayPal for more information if you want to use this filter.

Address Verification Service Partial Match Filter

This filter screens for payments for which the billing address entered by your customer doesn't completely match the information maintained by the card issuer, as determined by the Address Verification Service (AVS). This filter corresponds to AVS response codes A, B, P, W, and Z. AVS compares the street number and zip code entered by the customer with information maintained by the card issuer. A complete match helps verify that the customer using the credit card is the owner of the card. Failure to match may indicate that the address provided by the customer is fraudulent; however, a partial match may simply be the result of a typographical error. The Address Verification Service partial match filter applies to Direct Credit Card and Virtual Terminal payments. Not all merchants are eligible for this filter; contact PayPal for more information if you want to use this filter.

Address Verification Service Unavailable or Not Supported Filter

This filter screens for payments for which the Address Verification Service (AVS) is unable to verify the billing address. The filter corresponds to AVS response codes I, G, R, S, U and E. When AVS is not available to double-check the address, you may be more susceptible to fraud. Although AVS is supported by most credit cards in the United States, it is not supported by all cards worldwide. The Address Verification Service unavailable filter applies to Direct Credit Card and Virtual Terminal payments. Not all merchants are eligible for this filter; contact PayPal for more information if you want to use this filter.

Card Security Code Mismatch Filter

This filter screens for payments that do not include a correct Card Security Code. (This corresponds to Virtual terminal response code N.) The card security code is a three- or four-digit number usually found on the signature panel of a card. This fraud management tool has various names. Visa calls it CVV2, MasterCard calls it CVC2, and American Express calls it CID. The Card Security Code filter compares the number provided by the customer to the number on file with the issuer. A valid Card Security Code helps verify that your customer has a physical card with them when they place an order. An invalid code could be the result of a customer's typographical error or it could indicate that a fraudster did not have the card with them when they placed the order. The Card Security Code filter applies to Direct Credit Card and Virtual Terminal payments. Not all merchants are eligible for this filter; contact PayPal for more information if you want to use this filter.

Billing/Shipping Address Mismatch Filter

This filter screens for payments based on differences between the customer's billing and shipping addresses (street, state, zip code, and country). The filter checks relationships among the street address, city, state, and postal code and determines if a minor change is needed before filtering the transaction.
A billing/shipping address mismatch may indicate that the customer is shipping to an address different from the one the bill is sent to. A mismatch could be due to a fraudster using a stolen identity to complete a purchase; however, there are also legitimate reasons why a customer's shipping and billing address might not match. For example, your customer might be buying a gift for someone who lives at a different address or they might want to have a purchase delivered to their workplace. The billing/shipping address mismatch filter applies to Direct Credit Card and Virtual Terminal payments.

High Risk Lists Filters

You can filter transactions based on lists of risk criteria.

Zip Code Filter

This filter screens for payments with billing addresses that include a zip code with historically high rates of fraud. Zip codes are checked against a "Risk List" maintained by PayPal for US addresses. High-risk zip codes are determined through careful analysis of millions of e-commerce transactions. Because fraud tends to happen more often in densely populated areas like major cities, zip codes on the risk list are often for major cities. A matching zip code does not necessarily indicate a fraudulent purchase; however, it may indicate that you should pay special attention to the transaction. This filter applies to Direct Credit Card and Virtual Terminal payments.

Suspected Freight Forwarder Filter

This filter screens for payments whose shipping address is a known freight forwarder. Addresses are checked against a "Risk List" maintained by PayPal, which only applies to US shipping addresses. Freight forwarding services receive packages on behalf of a customer and forward them to another destination. There are legitimate uses for freight forwarding services; however, fraudsters can use a freight forwarder to mask their true locations. This filter applies to Direct Credit Card and Virtual Terminal payments.

Email Address Domain Filter

This filter screens for payments from email addresses with historically high instances of fraud. Email domains are checked against a "Risk List" maintained by PayPal. Fraudsters often use specific free email services because they don't require traceable billing information; however, free email services are also popular among legitimate customers. This filter applies to Direct Credit Card and Virtual Terminal payments.

Bank Identification Number Filter

This filter screens for payments from credit cards with Bank Identification Numbers (BIN) that have historically been associated with a relatively higher rate of fraudulent transactions. BINs, which identify the bank that issues the card, are checked against a "Risk List" maintained by PayPal. Some BINs carry a higher risk of fraud because the card issuer uses less stringent authentication policies before issuing cards. Cards from issuers with a large number of cards in circulation may also represent higher risk because more cards are available to fall into the hands of fraudsters. The bank identification number filter applies to Direct Credit Card and Virtual Terminal payments.

IP Address Range Filter

This filter screens for payments from IP addresses with historically high instances of fraud. IPs are checked against a "Risk List" maintained by PayPal. Historically, fraud is more likely to originate from compromised networks because fraudsters launch attacks from compromised computers or networks. To use this filter, you must send the customer's IP address along with the rest of the transaction information. The IP address range filter applies to Direct Credit Card and Virtual Terminal payments.

Transaction Data Filters

You can filter transactions based on transaction data.

Large Order Number Filter

This filter screens for payments based on the number of items a customer purchases by identifying transactions that exceed the specified number of items purchased at your business. Fraudsters usually try to purchase as much as they can before the stolen cards they use are cancelled. An unusually high item count may indicate potential fraudulent activity. Fraudsters frequently attempt to order large numbers of attractive items that can be easily resold. The large order number filter applies to Direct Credit Card and Virtual Terminal payments.

Total Purchase Price Minimum Filter

This filter overrides other filter actions if the transaction falls below a minimum total transaction amount, including tax, shipping, and handling fees. If the transaction amount is below the amount set for this filter, the payment is automatically accepted, overriding any other filter that would have set aside this transaction for your review.
Merchants with an especially high transaction volume can use this filter to reduce the number of transactions that their staff must review. Transactions below the amount you specify are accepted without further analysis. This filter applies to Direct Credit Card and Virtual Terminal payments.

IP Address Velocity Filter

This filter screens for multiple payments that originate from the same IP address by checking for repeated transaction attempts from the same computer or network. A high number of orders from a single IP address may be associated with a fraudster making repeated purchases on your website. A fraudster may repeatedly attempt transactions through an automated script that tests unknown card numbers or may attempt to make many small purchases through multiple stolen cards to bypass other filters.
Legitimate customers typically don't perform multiple transactions in quick succession; however, some Internet Service Providers (ISPs) may use a single IP address for all of their customers' computers. You can choose to ignore IP addresses from these ISPs so that payments originating with them will not be filtered. The IP address velocity filter applies to Direct Credit Card and Virtual Terminal payments.

PayPal Fraud Model Filter

This filter screens for payments that would have been declined by PayPal's fraud model. PayPal's fraud model identifies potentially risky transactions. It is updated dynamically to combat trends and patterns in fraudulent activity around the world. The PayPal fraud model filter applies to Direct Credit Card and Virtual Terminal payments. Not all merchants are eligible for this filter.