16 Mar iQ Protect
What is iQ Protect?
iQ Protect is a fraud management tool used to set rules and filters to prevent and detect suspicious transactions. Transactions can be declined/approved pre and post-authorization.
Who benefits from it?
• Card-not-present merchants, especially eCommerce merchants, who are looking for an automated way to deter fraudulent transactions.
**Note** Rules set within iQ Protect will not apply to retail transactions processed through an EMV peripheral/terminal.
Who qualifies for it?
• Any iQ Pro merchant. iQ Protect is Included in iQ Pro base package that also includes Virtual Terminal with Vault and Recurring Billing.
Is there a cost to the merchant for iQ Protect?
• BASYS does not bill merchants a separate fee for iQ Protect. It is included in their iQ Pro package.
How to Enable iQ Protect:
How to enable iQ Protect at the gateway level:
- • Select Manage > iQ Protect
- • Toggle “Enable iQ Protect” on
- • Set Pre Rules and/or Post Rules accordingly
How to Enable iQ Protect at the Merchant User Level:
• iQ Protect is a Permission toggled ON at the gateway level and can be turned on or off at the user level.
• The user must have the permission enabled to access iQ Protect
- Select Manage > Users
- 2. Select the pencil icon next to the user to edit
- 3. Toggle “Manage Rule Engine” on/off accordingly
How to Enable iQ Protect Trigger Notifications:
How to enable virtual terminal notifications when a velocity rule is triggered:
• If the “Trigger Notifications” checkbox is selected on each individual iQ Protect rule, the merchant will receive an error message if a velocity rule is triggered
How to Enable the Trigger Notifications per Rule:
- 1. Add the rule
- 2. Then, check the box for “Trigger Notification” next to the rule
- • In the example shown above, the pre-rule is set to deny a transaction equal to $1.00. If the merchant attempts to run a $1.00 transaction, an error message will appear and the transaction status on the transaction details screen will show as “Unknown”
- • If the trigger notification checkbox is not selected, the transaction will decline, and will show the decline reason in the “Processor Response Text”
iQ Protect Pre Rules
What are Pre Rules?
• Rules set to accept or deny transactions BEFORE the authorization request is sent to the issuer.
Pre Rules include:
- • Amount
- • IP Velocity Check (1hr, 24hrs, 72hrs)
- • Velocity Check (1hr, 24hrs, 72hrs)
- • Account Velocity Check (24hrs, 72hrs, 30days)
- • Address Match
- • Bin Range
- • Card Type
- • Card Brand
- • CVV on Card Payment
- • Vault Create on Card Payment
- • IP Address
- • Email Domain
- • Email Address
- • IP Proxy
- • Country
- • Billing State
- • Billing State Card Only
iQ Protect Pre Rule Descriptions/Definitions
See descriptions on each pre-rule below
Amount – Filter based on the Amount.
• Use Case #1: A merchant with a $10 average ticket may want to automatically deny transactions greater than $1000 because a sale that large would be rare and potentially fraudulent, warranting investigation before holding funds on a card and shipping product.
• Configure Rule as: If Amount is greater than $1000.00, Deny the transaction.
• Use case #2: An eCommerce or Simple Pay merchant could deny transactions under $1.00 to prevent card testing.
• Configure Rule as: If Amount is less than $1.00, Deny the transaction.
Account Velocity Check 24Hours
• Deny transactions once the number of transactions exceeds the allowed occurrences in a 24-hour period.
• This is the best way for a merchant to prevent excessive losses associated with card testing. Ecommerce and Simple Pay merchants need to utilize this filter.
• Use case #1: An eCommerce or Simple Pay merchant who averages 50 transactions per day could deny all transactions after the 100th transaction in a 24 hour period.
• Configure Rule as: If Account Velocity Check 24Hours is greater than 100, Deny the transaction.
Account Velocity Check 72Hours
• Deny transactions once the number of transactions exceeds the allowed occurrences in a 72-hour period.
Account Velocity Check 30Days
• Deny transactions once the number of transactions exceeds the allowed occurrences in a 30-day period.
• Filter based on IP address
• This is where the merchant can set their list of trusted IP addresses
• Use Case: A MOTO merchant wants to deny transactions that originate from IP addresses outside his business or home.
• Configure rule as: If IP Address is not equal to [insert IP Address(es)], Deny the transaction.
Billing State Card Only
• Filter based on billing state (card only)
iQ Protect Post Rules
What are Post Rules?
• Rules set to accept or decline transactions based on the response from the issuer.
- Post Rules include:
- • CVV
- • AVS
• Filter based on CVV response.
• Merchant can choose to deny transactions if the response is not a match.
**Note** Most issuers will decline a transaction if the CVV does not match.
• Filter based on AVS response.
• This is where the merchant can set their desired AVS level. For example, a merchant may want to require at least one element of the address to match, or the gateway declines the transaction.
• They would set the filter to Deny the transaction If AVS is not equal to:
• X – Exact match, 9-character numeric ZIP
• Y – Exact match, 5-character numeric ZIP
• D – Street address Match for international
• M – Address match only international
• A – Address match only
• B – Address match only international
• W – 9-character numeric ZIP match only
• Z – 5-character Zip match only
• P – Postal Code match international
• L – Postal Code match international (amex)
• OR, they could set the filter to Deny the transaction if AVS is equal to:
• N – No address or ZIP match
• C – Incompatible format (international)
• U – Address unavailable
• G – Non-U.S. Issuer does not participate
• I – Not verified (International)
• R – Issuer system unavailable
• E – Not a mail/phone order (This is how it’s labeled in UI but this really indicates that AVS data is invalid)
• S – Service not supported
• 0 – AVS Not Available