Kount Central provides online payment processors such as Payment Service Providers and Payment Gateways, collectively referred to as Processors, with an easy and profitable way to provide enterprise-level fraud and risk protection for their customers (also known as e-commerce merchants). After a one-time integration with Kount Central, processors can offer their customers three levels of protection based on the needs of the customer.
Overview
This section is for Payment Service Providers and Payment Gateways to provide general information regarding what preparations are necessary to implement Kount Central.
- Read the Kount Command Integration Guide.
- Code for the Device Data Collector (DDC). Use
https://tst.katcha.com
as your URL for certification testing.
- Contact your Implementation Engineer to determine if your data collector transactions are working successfully.
- Code for the Risk Inquiry Service (RIS) response. SDKs available for .NET, Java, PHP, Python, and Ruby (contact your Implementation Engineer for the appropriate environment). Use
https://risk.test.kount.net
for testing.
Note: We encourage merchants to provide all data fields they have data for. Having access to more data makes it easier to prevent fraud.
- Contact your Implementation Engineer to determine if your transactions are posting successfully.
- Before moving to the production environment, we will provide you with a Certification Letter verifying that you have met all the requirements in testing. This letter will also include the production environment URLs.
- Create custom SITE IDs and User Defined Fields (UDFs) in the production environment.
- Notify us prior to moving into production so we can monitor and ensure that there are no issues.
- We will continue to monitor data and meet with you to discuss further recommendations on settings and answer your questions.
- Once in production you will contact the Account Manager for additional questions or issues.
Technical Implementation Guide
Step One: Implementing the DDC
The DDC gathers information from an end-customer’s device by redirecting the device browser momentarily to Kount then back to the merchant. This passive analysis obfuscates Kount’s interaction with the end-customer and does not affect the end-customer’s purchasing experience. Implementation of the DDC is strongly encouraged for use with Kount Central Enterprise and improves the fraud detection capabilities for Kount Central Portfolio and Kount Central Fraud Manager.
If the processor provides a hosted pay page (HPP) for use by merchants, the DDC should be implemented on the HPP. In addition, the processor should encourage merchants who are not using a HPP to implement the DDC on their checkout pages.
Refer to the DDC section of the Kount Integration Guide for more information.
Step Two: Implementing RIS
The section is a technical guide designed for IT staff who integrate Kount Central for use by processors.
The first step in implementing Kount Central is the one-time simple integration with the Kount Risk Inquiry Service (RIS). This integration is necessary to enable all three levels of Kount Central. The exact details of the RIS Integration depends on which level or levels of protection the processor utilizes.
An overview of the RIS Modes specific to Kount Central is provided below. Detailed information about implementing RIS is provided in the Kount Integration Guide.
Additional RIS Modes described in Risk Inquiry Service (RIS) Modes on the Kount Developer site might be required with Kount Central Portfolio Manager or Kount Central Enterprise. The Kount Merchant Services Team can provide detailed consultation about the different RIS modes and their applicability to different use cases.
RIS Processing/Response
Kount Central introduces two RIS Modes (Mode J and Mode W) to support Kount Central Fraud Manager and to provide enhanced support for Kount Central Portfolio Manager.
Mode J
Mode J is a simplified RIS call. RIS Mode J evaluates only the customer specific fraud thresholds, filters, and lists (thresholds) that were configured in Kount Central Fraud Manager. Mode J transactions are not available in the AWC, Search, or Datamart.
Many thresholds require data that is optional to Mode J can only be evaluated if the necessary input is provided. For example, address distance thresholds require an address.
Note: Mode J has the same input requirements as Mode Q with the addition of CUSTOMER_ID
.
Each Kount Central Fraud Manager threshold has a built-in decision: “review” or “decline”. The overall decision for the transaction is determined by the highest priority threshold that was triggered. For example, if four review thresholds are triggered, and one decline threshold is triggered, the overall decision is “decline”.
Mode W (Fraud Manager only)
If Kount Central Fraud Manager is used in conjunction with Kount Central Portfolio Manager, RIS Mode W provides the ability to evaluate both the customer specific thresholds that were configured in Kount Central Fraud Manager, as well as the processor’s rules that were configured in Kount Central Portfolio Manager. The RIS Response includes details about both the fraud rules as well as the thresholds that were triggered.
Mode W is a Mode Q with Mode J response appended to the end. Thresholds are evaluated in addition to Kount Central Portfolio Manager rules. Mode W transactions are available in the AWC, Search, and Datamart. Mode W has the same input requirements as mode Q, with the addition of CUSTOMER_ID
.
In a Mode W, the threshold decision/response is added to the Mode Q decision/response. It is the responsibility of the processor to evaluate both decisions in a Mode W and take appropriate action.
Step Three: Implementing Fraud Manager
Kount Central provides an API for use with Kount Central Fraud Manager (the Kount Central API). To offer Kount Central Fraud Manager functionality to its customers/merchants, the processor must develop a customer-facing user interface for threshold configuration and must use the Kount Central API.
The Kount Central API supports the following actions:
- Enabling or Disabling Kount Central Fraud Manager for an individual customer.
- Configuring thresholds for an individual customer.
There are two other manager options:
Kount Central Portfolio Manager: Provides a “blanket” of protection for a Processor’s customer base, Kount Central Portfolio offers fraud security services across the entire customer portfolio, reviewing all transactions handled by the Processor. With Portfolio Manager, the partner Processor or Gateway own the risk and access to the AWC.
Kount Central Enterprise: The largest and highest transaction volume merchants are critical to Enterprise-level businesses and need ultimate protection against payment fraud. Kount Central Enterprise can protect these top merchants with direct implementation to Kount Complete, the industry-leading fraud mitigation platform. With Enterprise, the merchant owns the risk and therefore has access to the AWC.
Note: Contact your Customer Success Manager for more information and consultation regarding implementation of Kount Central Portfolio Manager or Kount Central Enterprise.
Kount Central API Authorization and Authentication
Authorization and authentication is managed by the Kount Central API which uses an API Key solution based on OAuth2.0. This simplifies the way processors interact with the API.
Note: An API Key is required for all Kount Central API requests.
Processor/Customer configuration
For a processor’s customer to utilize Kount Central Fraud Manager, the customer must first be added to Kount Central. Adding, removing, and changing a customer can be performed by the Kount Central API.
Processor/Customer threshold configuration
Once a processor’s customer has been added to Kount Central, the Kount Central API can be used to obtain the current threshold configuration and to make changes.
Kount Central and RIS
Kount Central Fraud Manager provides a set of fraud controls (thresholds) that a processor can provide to their customers and an API (the Kount Central API) that the processor can use to configure the thresholds. It is the responsibility of the processor to create a user interface that is a front-end to the Kount Central API and that their customers can use to configure their specific thresholds.
Kount Central Portfolio Manager and Kount Central Enterprise provide access to the Agent Web Console (AWC). The AWC is a sophisticated user interface that enables a processor in the case of Portfolio Manager, or a processor’s largest customers in the case of Enterprise, to manage all facets of their fraud protection program, including configuring fraud rules, reviewing suspect transactions, and reporting on transaction history.
The Kount RIS is a real-time web service that determines the fraud risk of a transaction and evaluates the fraud rules configured in the AWC and/or the thresholds configured using the Kount Central API. Once the evaluation has been completed, RIS returns a response indicating if the transaction should be approved, declined, or held for further review.
For more information:
JSON Data Structures
The Kount Central API leverages the JSON (JavaScript Object Notations) data-interchange format for all input and response data. JSON is an efficient format for both machine and human readability and allows for extremely robust and flexible data exchange.
JSON is represented using the following formatting to facilitate easy identification:
{“merchantId”:999999, “customerId”: “Customer 1”}
API Keys
The Kount Central API uses OAuth2.0 for authentication, using the current JWT (JSON Web Token) specification for key structure. Keys are used not only to authenticate, but also to identify the customer and their permissions.
For more information, refer to JWT Specifications.
There are two types of keys that can access the Kount Central API.
Gateway Key
Gateway keys are obtained from Kount Merchant Services. A gateway key controls access for processors. processors can manage their customers, as well as customer-centric operations such as threshold configuration. A gateway key does not expire and can be revoked at any time. Kount cannot recover forgotten keys, but can regenerate a new key, revoking all previous keys for that processor.
Gateway Customer Keys
Customer keys give access to customer related functionality such as threshold configuration. Customer keys are generated through the API using a gateway key. Customer keys auto-expire after one hour, making them like a session ID. Generating additional customer keys will not revoke previous keys.
API Endpoint Management
For the most up-to-date information about API endpoint usages and relevant data types, refer to Kount Central Getting Started.
API Endpoint Permissions
Processor Only Endpoints
- getCustomer
- addCustomer
- updateCustomer
Processor/Customer Endpoints
- generateCustomerKey
- updatethresholds
- getthresholds
Kount Central Thresholds
The following thresholds are currently supported in Kount Central Fraud Manager and can be configured using the Kount Central API. Within each category, the thresholds are further organized based on their specific function.
Note: All thresholds support Mode W but only a subset of them support Mode J.
Basic thresholds
These thresholds can be evaluated with any Kount Central RIS Mode and require only standard RIS Input data. Refer to Omniscore Overview for information about interpreting Omniscores.
Codes
|
Description
|
billingAddressDeliverableReview
billingAddressDeliverableDecline
|
Review or Decline the transaction if the Billing Address provided by the customer is not deliverable.
|
billShipAddressNotMatchReview
billShipAddressNotMatchDecline
|
Review or Decline the transaction if the Billing and Shipping Address provided by the customer are not an exact match.
|
billingToShippingAddressReview
billingToShippingAddressDecline
|
Review or Decline the transaction if the Billing to Shipping Distance (in Kilometers) exceeds the specified value.
|
blacklistIPCountryReview
blacklistIPCountryDecline
|
Review or Decline the transaction if the Device IP Country matches any of the selected values.
|
blacklistNetworkTypeReview
blacklistNetworkTypeDecline
|
Review or Decline the transaction if the Network Type matches any of the selected values.
|
blacklistPaymentCountryReview
blacklistPaymentCountryDecline
|
Review or Decline the transaction if the BIN Country matches any of the selected values.
Note: BIN Country is only available when Credit Cards are used for the transaction.
|
blacklistShippingCountryReview
blacklistShippingCountryDecline
|
Review or Decline the transaction if the Shipping Address Country matches any of the selected values.
|
cardPtokVelocityReview
cardPtokVelocityDecline
|
Review or Decline the transaction if the number of transactions with the same Credit Card in the last hour exceeds the specified value.
|
deviceIPVelocityReview
deviceIPVelocityDecline
|
Review or Decline the transaction if the number of transactions with the same Device IP in the last hour exceeds the specified value.
|
deviceToBillingAddressReview
deviceToBillingAddressDecline
|
Review or Decline the transaction if the Device IP to Billing Distance (in Kilometers) exceeds the specified value.
|
deviceToShippingAddressReview
deviceToShippingAddressDecline
|
Review or Decline the transaction if the Device IP to Shipping Distance (in Kilometers) exceeds the specified value.
|
emailVelocityReview
emailVelocityDecline
|
Review or Decline the transaction if the number of transactions with the same Billing Email Address in the last 24 hours exceeds the specified value.
|
masterCardEmsReview
masterCardEmsDecline
|
Review or Decline the transaction if the EMS Score is greater than the specified value.
|
orderTotalReview
orderTotalDecline
|
Review or Decline the transaction if the Order Total Amount (in fractional base currency, i.e. pennies) exceeds the specified value.
|
shippingAddressDeliverableReview
shippingAddressDeliverableDecline
|
Review or Decline the transaction if the Shipping Address provided by the customer is not deliverable.
|
suspectIPReview
suspectIPDecline
|
Review or Decline the transaction if the Device IP address is found on a global list known to be associated with fraud.
|
transactionVelocityReview
transactionVelocityDecline
|
Review or Decline the transaction if the number of transactions in the last 24 hours exceeds the specified value.
|
universalChargebackCardReview
universalChargebackCardDecline
|
Review or Decline the transaction if the Card is found in the universal chargeback list.
|
Pre-Authorization thresholds
These thresholds can be evaluated with any Kount Central RIS Mode but require data obtained from a Payment Authorization request. Device Data Collector is neither required nor optional.
Codes
|
Description
|
blacklistAvsStreetResponseReview
blacklistAvsStreetResponseDecline
|
Review or decline the transaction if the AVS Street Authorization Response matches any of the values selected.
|
blacklistAvsZipResponseReview
blacklistAvsZipResponseDecline
|
Review or decline the transaction if the AVS Zip Code Authorization Response matches any of the values selected.
|
blacklistCvvResponseReview
blacklistCvvResponseDecline
|
Review or Decline the transaction if the CVV Authorization Response matches any of the specified values.
|
Data Collector thresholds
These thresholds can only be evaluated with Kount Central RIS Mode W and require the Device Data Collector be present on the payment page.
Codes
|
Description
|
deviceFingerprintVelocityReview
deviceFingerprintVelocityDecline
|
Review or decline the transaction if the number of transactions with the same device fingerprint in the last hour exceeds a specified value.
Note: The Device Data Collector is required for these thresholds to be evaluated.
|
highRiskReview
highRiskDecline
|
Review or Decline the transaction if the fraud risk is High.
Note: The DDC is considered optional for these filters but is considered more accurate when it is present.
|
mediumRiskReview
|
Review the transaction if the Fraud Risk is Medium.
Note: The DDC is considered optional for this filter but is considered more accurate when it is present.
|
invalidBillingPhoneReview
invalidBillingPhoneDecline
|
Review or Decline the transaction if the billing phone number has no directory match.
|
|
|
Kount Central Fraud Manager thresholds
Codes
|
Description
|
orderTotalReview
|
Mark the transaction for Review if the Order Total Amount (in fractional base currency, i.e., pennies) exceeds the value specified.
|
orderTotalDecline
|
Decline the transaction if the Order Total Amount (in fractional base currency, i.e., pennies) exceeds the value specified.
|
deviceToBillingAddressReview
|
Mark the transaction for Review if the Device IP to Billing distance (in kilometers) exceeds the value specified.
|
deviceToBillingAddressDecline
|
Decline the transaction if the Device IP to Billing distance (in kilometers) exceeds the value specified.
|
deviceToShippingAddressReview
|
Mark the transaction for Review if the Device IP to Billing distance (in kilometers) exceeds the value specified.
|
deviceToShippingAddressDecline
|
Decline the transaction if the Device IP to Shipping distance (in kilometers) exceeds the value specified.
|
billingToShippingAddressReview
|
Mark the transaction for Review if the Device IP to Shipping distance (in kilometers) exceeds the value specified.
|
billingToShippingAddressDecline
|
Decline the transaction if the Billing to Shipping distance (in kilometers) exceeds the value specified.
|
billShipAddressNotMatchReview
|
Mark the transaction for Review if the Billing and Shipping Address provided by the customer are not an exact match.
|
billShipAddressNotMatchDecline
|
Decline the transaction if the Billing and
Shipping Address provided by the customer are not an exact match.
|
paymentCountryIpCountryNotMatchReview
|
Mark the transaction for Review if the payment country and the IP country are not an exact match.
|
paymentCountryIpCountryNotMatchDecline
|
Mark the transaction for Decline if the payment country and the IP country are not an exact match.
|
paymentCountryDeviceCountryNotMatchReview
|
Mark the transaction for Review if the payment country and the device country are not an exact match.
|
paymentCountryDeviceCountryNotMatchDecline
|
Mark the transaction for Decline if the
payment country and the device country are not an exact match.
|
mediumRiskReview
|
Mark the transaction for Review if the Fraud Risk, based on the Boost Safety Rating, is Medium.
|
highRiskReview
|
Mark the transaction for Review if the Fraud Risk, based on the Boost Safety Rating, is High.
|
highRiskDecline
|
Decline the transaction if the Fraud Risk, based on the Boost Safety Rating, is High.
|
riskScoreReview
|
Mark the transaction for Review if the Persona Score is higher than the value specified.
|
riskScoreDecline
|
Decline the transaction if the Persona Score is higher than the value specified.
|
emailVelocityReview
|
Mark the transaction for Review if the number of transactions with the same Billing Email Address in the last 24 hours exceeds the value specified.
|
emailVelocityDecline
|
Decline the transaction if the number of transactions with the same Billing Email Address in the last 24 hours exceeds the value specified.
|
emailCalendarDayVeloReview
|
Mark the transaction for Review if the number of transactions with the same Billing Email Address during the same calendar day exceeds the value specified.
|
emailCalendarDayVeloDecline
|
Decline the transaction if the number of transactions with the same Billing Email Address during the same calendar day exceeds the value specified.
|
cardPtokVelocityReview
|
Mark the transaction for Review if the number of transactions with the same Credit Card in the last hour exceeds the value specified.
|
cardPtokVelocityDecline
|
Decline the transaction if the number of transactions with the same Credit Card in the last hour exceeds the value specified.
|
cardPtokAuthAVelocityDecline
|
Decline the transaction if the number of transactions with the same Credit Card and bank auth was approved in the last hour exceeds the value specified.
|
cardPtokAuthDVelocityDecline
|
Decline the transaction if the number of transactions with the same Credit Card and bank auth was declined in the last hour exceeds the value specified.
|
cardPtokAuthAVelocityReview
|
Review the transaction if the number of transactions with the same Credit Card and bank auth was approved in the last hour exceeds the value specified.
|
cardPtokAuthDVelocityReview
|
Review the transaction if the number of transactions with the same Credit Card and bank auth was declined in the last hour exceeds the value specified.
|
transactionVelocityReview
|
Mark the transaction for Review if the number of transactions in the last 24 hours exceeds the value specified.
|
transactionVelocityDecline
|
Decline the transaction if the number of transactions in the last 24 hours exceeds the value specified.
|
deviceFingerprintVelocityReview
|
Mark the transaction for Review if the number of transactions with the same Device Fingerprint in the last hour exceeds the value specified.
|
deviceFingerprintVelocityDecline
|
Decline the transaction if the number of
transactions with the same Device Fingerprint in the last hour exceeds the value specified.
|
deviceFingerprintAuthAVelocityDecline
|
Decline the transaction if the number of
transactions with the same Device Fingerprint in the last hour exceeds the value specified, and the bank auth was approved.
|
deviceFingerprintAuthDVelocityDecline
|
Decline the transaction if the number of
transactions with the same Device Fingerprint in the last hour exceeds the value specified, and the bank auth was declined.
|
deviceFingerprintAuthAVelocityReview
|
Review the transaction if the number of
transactions with the same Device Fingerprint in the last hour exceeds the value specified, and the bank auth was approved.
|
deviceFingerprintAuthDVelocityReview
|
Review the transaction if the number of
transactions with the same Device Fingerprint in the last hour exceeds the value specified, and the bank auth was declined.
|
deviceIpVelocityReview
|
Mark the transaction for Review if the number of transactions with the same Device IP in the last hour exceeds the value specified.
|
deviceIpVelocityDecline
|
Decline the transaction if the number of transactions with the same Device IP in the last hour exceeds the value specified.
|
blacklistNetworkTypeReview
|
Mark the transaction for Review if the Network Type matches any of the values selected.
|
blacklistNetworkTypeDecline
|
Decline the transaction if the Network Type matches any of the values selected.
|
blacklistPaymentCountryReview
|
Mark the transaction for Review if the BIN Country matches any of the values selected. Note: BIN Country is only available when Credit Cards are used for the transaction.
|
blacklistPaymentCountryDecline
|
Decline the transaction if the BIN Country matches any of the values selected.
Note: BIN Country is only available when Credit Cards are used for the transaction.
|
blacklistIpCountryReview
|
Mark the transaction for Review if the Device IP Country matches any of the values selected.
|
blacklistIpCountryDecline
|
Decline the transaction if the Device IP Country matches any of the values selected.
|
blacklistShippingCountryReview
|
Mark the transaction for Review if the Shipping Address Country matches any of the values selected.
|
blacklistShippingCountryDecline
|
Decline the transaction if the Shipping Address Country matches any of the values selected.
|
blacklistCvvResponseReview
|
Mark the transaction for Review if the CVV Authorization Response matches any of the values selected.
|
blacklistCvvResponseDecline
|
Decline the transaction if the CVV Authorization Response matches any of the values selected.
|
blacklistAvsStreetResponseReview
|
Mark the transaction for Review if the AVS Street Authorization Response matches any of the values selected.
|
blacklistAvsStreetResponseDecline
|
Decline the transaction if the AVS Street
Authorization Response matches any of the values selected.
|
blacklistAvsZipResponseReview
|
Mark the transaction for Review if the AVS Zip Authorization Response matches any of the values selected.
|
blacklistAvsZipResponseDecline
|
Decline the transaction if the AVS Zip Authorization Response matches any of the values selected.
|
billingAddressDeliverableReview
|
Mark the transaction for Review if the Billing Address is not deliverable.
|
billingAddressDeliverableDecline
|
Decline the transaction if the Billing Address is not deliverable.
|
shippingAddressDeliverableReview
|
Mark the transaction for Review if the
Shipping Address is not deliverable.
|
shippingAddressDeliverableDecline
|
Decline the transaction if the Shipping
Address is not deliverable.
|
suspectIpReview
|
Review based on device IP being on a global suspect list.
|
suspectIpDecline
|
Decline based on device IP being on a global suspect list.
|
invalidBillingPhoneReview
|
Review transaction if the billing phone number has no directory match.
|
invalidBillingPhoneDecline
|
Decline transaction if the billing phone number has no directory match.
|
universalChargebackCardReview
|
Review based on whether a card was found on the chargeback list.
|
universalChargebackCardDecline
|
Decline based on whether a card was found on the chargeback list.
|
Frequently Asked Questions (FAQs)
Can I Run the filters in a No-Change mode to determine impact in Kount Central?
At this time, Kount does not allow merchants to set the Fraud Manager Thresholds and Filters to No Change for testing purposes.
How will Order Review in Kount Central work?
In the RIS response, provide all of the data about the Thresholds (and the Portfolio Rules) that triggered, as well as a number of other data points about the transaction.
The expectation is that the Processor will incorporate this data into their Merchant Portal on an existing page where merchants can currently go to view the transactions that have been processed. This way, small merchants have one consistent website and interface for all of their orders.