A rule base allows you to tailor the way in which AVS/CV2 and 3D Secure authentication responses are handled on your account with Protx.

When a rule base is set up on your account you will be rejecting transactions which don't pass your rule base. In this way you can prevent fraudulent transactions from being authorised.

The use of a rule base together with proper fraud prevention procedures will enable you to greatly reduce the risk of fraud you are subject to and therefore the number of chargebacks you receive.

For more information about fraud prevention including 3D Secure authentication and AVS/CV2 checks please refer to the Protx Fraud Prevention Guide which can be found on our downloads page.

You should only set up a rule base on your account if you wish to stop a transaction from being authorised based upon the response for the 3D Secure authentication (please see 3D Secure section for more information) or the AVS/CV2 checks with the bank.

A rule base needs to be applied very carefully because it is possible to stop genuine transactions from being authorised if the wrong rule base is applied to your account.

Rules are applied to a transaction at different points in the transaction process depending on the type of rule being applied (i.e. a 3D Secure rule or an AVS/CV2 rule).

An AVS/CV2 rule base is applied after the transaction has been sent to your merchant bank for authorisation. This is because the transaction must be sent to the card issuing bank to check the billing address, billing post code and CV2 details.

If you have set up a 3D Secure rule base, the 3D Secure rule base will be applied before the AVS/CV2 rule base is applied.

After the transaction has been sent to your merchant bank for authorisation, your merchant bank returns the AVS/CV2 response from the card issuer for that transaction. For a complete list of the AVS/CV2 responses and their meanings please refer to the table later in this document.

After the AVS/CV2 response has been returned to Protx, the response is checked against your AVS/CV2 rule base. If the transaction has been authorised and the AVS/CV2 response is not allowed through your AVS/CV2 rule base, a reversal request is sent to your merchant bank to request that the authorisation is reversed and the transaction cancelled.

Important Note: Amex do not accept an online reversal request which makes it impossible to apply an AVS/CV2 rule base to Amex transactions. This means that all Amex transactions will be authorised regardless of the AVS/CV2 response.

Some card issuing banks may decline the online reversal which can leave an authorisation shadow on the card for up to 10 working days. The transaction will never be settled by Protx and will appear as a failed transaction in your VSP Admin area.

To set up a rule base on your account you must log in to your VSP Admin Area using a user name which has Administrator access.

You should hover over the 'administration' button once you have access to the VSP Admin area. Choose the Account Parameters option from the menu which appears.

I n the next screen that appears (you should see the following section):

You will only be able to set up a AVS/CV2 rule base AVS/CV2 are turned on. To turn on the AVS and CV2 option just click the appropriate TURN ON button.

To set up an AVS/CV2 rule base in VSP Admin you should follow these steps:

Hover over the 'administration'button and choose the Account Parameters menu option.

You should see the following AVS/CV2 section.

If you have AVS/CV2 switched on, you can add a rule base by entering the Price Start and Price End values and ticking the boxes next to the rules you wish to allow for that price range. When you are happy you should click the 'Add' button to add your rule base to your account.

For more information about what each rule means and the AVS/CV2 response that will be affected, please refer to the table below:

Strict rule base

The strictest rule base you can apply for AVS/CV2 is shown below:

This rule base will only allow a transaction to be authorised if the AVS/CV2 response returns 'ALL DATA MATCHED' for a price range of £0 to £100,000.00 This is the best possible result for AVS/CV2 responses.

However if you apply a rule base as strict as this, you may well be declining genuine cardholders. For example, this rule would decline cardholders whose address could not be checked because they have a card issued outside of the UK or they do not have numerics within their address i.e they have a house name instead of a house number.

Medium rule base

A medium rule base is a good option for most vendors. An example of a medium rule base is shown below.

This rule base will only allow a transaction to be authorised if the AVS/CV2 response returns 'ALL DATA MATCHED', 'SECURITY CODE MATCH ONLY', or 'DATA NOT CHECKED' for a price range of £0 to £100,000.00

If you apply this rule base you should allow most genuine cardholder's transactions to authorise whilst preventing most fraudulent transactions on your account. You may want to consider combining this rule base with other manual checks or PREAUTH / DEFERRED transaction processing. For information about manual checks and PREATUH / DEFERRED processing, please refer to the VSP Fraud Prevention guide which can be found on our downloads page.

Minimum rule base

The rule base shown below is the minimum recommended rule base you should use. It will allow most transactions to be authorised but will also leave your account open to fraudulent transactions.

This rule base will only allow a transaction to be authorised if the AVS/CV2 response returns 'ALL DATA MATCHED', 'ADDRESS MATCH ONLY', 'SECURITY CODE MATCH ONLY', or 'DATA NOT CHECKED' for a price range of £0 to £100,000.00

After a successful transaction Protx will send back the of AVS and CV2 results. All VSP Form, Server and Direct vendors will be able to see the following reponses:

•   ALL MATCH
•   SECURITY CODE MATCH ONLY
•   ADDRESS MATCH ONLY
•   NO DATA MATCHES
•   DATA NOT CHECKED

With VSP Form, Server and Direct you can apply checks without having to go through the VSP Admin area. Using this flag you can fine tune the AVS/CV2 checks and rule set you've defined at a transaction level. This is useful in circumstances where direct and trusted customer contact has been established and you wish to override the default security checks. To do this you can flag up fields to what you specifically need, for example;

0 = If AVS/CV2 enabled then check them. If rules apply, use rules. (Default)

1 = Force AVS/CV2 checks even if not enabled for the account. If rules apply, use rules.

2 = Force NO AVS/CV2 checks even if enabled on account.

3 = Force AVS/CV2 checks even if not enabled for the account but DON'T apply any rules.

The numerics are for flagging the specific checks you wish to enable, for further information on sending these over to Protx please go to our downloads page to acquire the VSP Form integration Protocol.

For VSP Form you can only view these results back and do nothing further with them. With VSP Server and Direct, you can go one step further. VSP Server and Direct users have their specific results passed back and broken down into the;

•   Address Result
•   Postcode Result
•   CV2 Result

From here you can capture the results. This allows you to define a rule base of your own and not use the Protx rule base in the VSP Admin are. From the results you receive back, you can then send back to Protx a VOID or ABORT instruction to cancel the transaction, and the transaction will then be reversed by Protx and subsequently will fail. This means that you can design and code your own unique rule base.

Protx do not have any specific information on how you would code your own rule base. For further information on the results we send back after a transaction takes pace please go to our downloads page to acquire the VSP Direct or VSP Server protocol. In addition you can also download the VSP Server and Direct Shared Protocol from this page to see how you post back an ABORT or VOID.