How to Implement Kount Central

Kount Central provides online payment processors such as Payment Service Providers and Payment Gateways, collectively referred to as Processors, with an easy and profitable way to provide enterprise-level fraud and risk protection for their customers (also known as e-commerce merchants). After a one-time integration with Kount Central, processors can offer their customers three levels of protection based on the needs of the customer.

Overview

This section is for Payment Service Providers and Payment Gateways to provide general information regarding what preparations are necessary to implement Kount Central.

  1. Read the Kount Command Integration Guide.
  2. Code for the Device Data Collector (DDC). Use https://tst.katcha.com as your URL for certification testing.
  3. Contact your Implementation Engineer to determine if your data collector transactions are working successfully.
  4. Code for the Risk Inquiry Service (RIS) response. SDKs available for .NET, Java, PHP, Python, and Ruby (contact your Implementation Engineer for the appropriate environment). Use https://risk.test.kount.net for testing.
    Note: We encourage merchants to provide all data fields they have data for. Having access to more data makes it easier to prevent fraud.
  5. Contact your Implementation Engineer to determine if your transactions are posting successfully.
  6. Before moving to the production environment, we will provide you with a Certification Letter verifying that you have met all the requirements in testing. This letter will also include the production environment URLs.
  7. Create custom SITE IDs and User Defined Fields (UDFs) in the production environment.
  8. Notify us prior to moving into production so we can monitor and ensure that there are no issues.
  9. We will continue to monitor data and meet with you to discuss further recommendations on settings and answer your questions.
  10. Once in production you will contact the Account Manager for additional questions or issues.

Technical Implementation Guide

Step One: Implementing the DDC

The DDC gathers information from an end-customer’s device by redirecting the device browser momentarily to Kount then back to the merchant. This passive analysis obfuscates Kount’s interaction with the end-customer and does not affect the end-customer’s purchasing experience. Implementation of the DDC is strongly encouraged for use with Kount Central Enterprise and improves the fraud detection capabilities for Kount Central Portfolio and Kount Central Fraud Manager.

If the processor provides a hosted pay page (HPP) for use by merchants, the DDC should be implemented on the HPP. In addition, the processor should encourage merchants who are not using a HPP to implement the DDC on their checkout pages.

Refer to the DDC section of the Kount Integration Guide for more information.

Step Two: Implementing RIS

The section is a technical guide designed for IT staff who integrate Kount Central for use by processors.

The first step in implementing Kount Central is the one-time simple integration with the Kount Risk Inquiry Service (RIS). This integration is necessary to enable all three levels of Kount Central. The exact details of the RIS Integration depends on which level or levels of protection the processor utilizes.

An overview of the RIS Modes specific to Kount Central is provided below. Detailed information about implementing RIS is provided in the Kount Integration Guide.

Additional RIS Modes described in Risk Inquiry Service (RIS) Modes on the Kount Developer site might be required with Kount Central Portfolio Manager or Kount Central Enterprise. The Kount Merchant Services Team can provide detailed consultation about the different RIS modes and their applicability to different use cases.

RIS Processing/Response

Kount Central introduces two RIS Modes (Mode J and Mode W) to support Kount Central Fraud Manager and to provide enhanced support for Kount Central Portfolio Manager.

Mode J

Mode J is a simplified RIS call. RIS Mode J evaluates only the customer specific fraud thresholds, filters, and lists (thresholds) that were configured in Kount Central Fraud Manager. Mode J transactions are not available in the AWC, Search, or Datamart. 

Many thresholds require data that is optional to Mode J can only be evaluated if the necessary input is provided. For example, address distance thresholds require an address.

Note: Mode J has the same input requirements as Mode Q with the addition of CUSTOMER_ID.

Each Kount Central Fraud Manager threshold has a built-in decision: “review” or “decline”. The overall decision for the transaction is determined by the highest priority threshold that was triggered. For example, if four review thresholds are triggered, and one decline threshold is triggered, the overall decision is “decline”.

Mode W (Fraud Manager only)

If Kount Central Fraud Manager is used in conjunction with Kount Central Portfolio Manager, RIS Mode W provides the ability to evaluate both the customer specific thresholds that were configured in Kount Central Fraud Manager, as well as the processor’s rules that were configured in Kount Central Portfolio Manager. The RIS Response includes details about both the fraud rules as well as the thresholds that were triggered.

Mode W is a Mode Q with Mode J response appended to the end. Thresholds are evaluated in addition to Kount Central Portfolio Manager rules. Mode W transactions are available in the AWC, Search, and Datamart. Mode W has the same input requirements as mode Q, with the addition of CUSTOMER_ID.

In a Mode W, the threshold decision/response is added to the Mode Q decision/response. It is the responsibility of the processor to evaluate both decisions in a Mode W and take appropriate action.

Step Three: Implementing Fraud Manager

Kount Central provides an API for use with Kount Central Fraud Manager (the Kount Central API). To offer Kount Central Fraud Manager functionality to its customers/merchants, the processor must develop a customer-facing user interface for threshold configuration and must use the Kount Central API.

The Kount Central API supports the following actions:

  • Enabling or Disabling Kount Central Fraud Manager for an individual customer.
  • Configuring thresholds for an individual customer.

There are two other manager options:

Kount Central Portfolio Manager: Provides a “blanket” of protection for a Processor’s customer base, Kount Central Portfolio offers fraud security services across the entire customer portfolio, reviewing all transactions handled by the Processor. With Portfolio Manager, the partner Processor or Gateway own the risk and access to the AWC.

Kount Central Enterprise: The largest and highest transaction volume merchants are critical to Enterprise-level businesses and need ultimate protection against payment fraud. Kount Central Enterprise can protect these top merchants with direct implementation to Kount Complete, the industry-leading fraud mitigation platform. With Enterprise, the merchant owns the risk and therefore has access to the AWC.

Note: Contact your Customer Success Manager for more information and consultation regarding implementation of Kount Central Portfolio Manager or Kount Central Enterprise. 

Kount Central API Authorization and Authentication

Authorization and authentication is managed by the Kount Central API which uses an API Key solution based on OAuth2.0. This simplifies the way processors interact with the API.

Note: An API Key is required for all Kount Central API requests.

Processor/Customer configuration

For a processor’s customer to utilize Kount Central Fraud Manager, the customer must first be added to Kount Central. Adding, removing, and changing a customer can be performed by the Kount Central API.

Processor/Customer threshold configuration

Once a processor’s customer has been added to Kount Central, the Kount Central API can be used to obtain the current threshold configuration and to make changes.

Kount Central and RIS

Kount Central Fraud Manager provides a set of fraud controls (thresholds) that a processor can provide to their customers and an API (the Kount Central API) that the processor can use to configure the thresholds. It is the responsibility of the processor to create a user interface that is a front-end to the Kount Central API and that their customers can use to configure their specific thresholds.

Kount Central Portfolio Manager and Kount Central Enterprise provide access to the Agent Web Console (AWC). The AWC is a sophisticated user interface that enables a processor in the case of Portfolio Manager, or a processor’s largest customers in the case of Enterprise, to manage all facets of their fraud protection program, including configuring fraud rules, reviewing suspect transactions, and reporting on transaction history.

The Kount RIS is a real-time web service that determines the fraud risk of a transaction and evaluates the fraud rules configured in the AWC and/or the thresholds configured using the Kount Central API. Once the evaluation has been completed, RIS returns a response indicating if the transaction should be approved, declined, or held for further review.

For more information:

JSON Data Structures

The Kount Central API leverages the JSON (JavaScript Object Notations) data-interchange format for all input and response data. JSON is an efficient format for both machine and human readability and allows for extremely robust and flexible data exchange.

JSON is represented using the following formatting to facilitate easy identification:

{“merchantId”:999999, “customerId”: “Customer 1”}

API Keys

The Kount Central API uses OAuth2.0 for authentication, using the current JWT (JSON Web Token) specification for key structure. Keys are used not only to authenticate, but also to identify the customer and their permissions.

For more information, refer to JWT Specifications.

There are two types of keys that can access the Kount Central API.

Gateway Key

Gateway keys are obtained from Kount Merchant Services. A gateway key controls access for processors. processors can manage their customers, as well as customer-centric operations such as threshold configuration. A gateway key does not expire and can be revoked at any time. Kount cannot recover forgotten keys, but can regenerate a new key, revoking all previous keys for that processor.

Gateway Customer Keys

Customer keys give access to customer related functionality such as threshold configuration. Customer keys are generated through the API using a gateway key. Customer keys auto-expire after one hour, making them like a session ID. Generating additional customer keys will not revoke previous keys.

API Endpoint Management

For the most up-to-date information about API endpoint usages and relevant data types, refer to Kount Central Getting Started.

API Endpoint Permissions

Processor Only Endpoints

  • getCustomer
  • addCustomer
  • updateCustomer

Processor/Customer Endpoints

  • generateCustomerKey
  • updatethresholds
  • getthresholds

Kount Central Thresholds

The following thresholds are currently supported in Kount Central Fraud Manager and can be configured using the Kount Central API. Within each category, the thresholds are further organized based on their specific function.

Note: All thresholds support Mode W but only a subset of them support Mode J.
Basic thresholds

These thresholds can be evaluated with any Kount Central RIS Mode and require only standard RIS Input data. Refer to Omniscore Overview for information about interpreting Omniscores.

Codes

Description

billingAddressDeliverableReview


billingAddressDeliverableDecline

Review or Decline the transaction if the Billing Address provided by the customer is not deliverable.

billShipAddressNotMatchReview


billShipAddressNotMatchDecline

Review or Decline the transaction if the Billing and Shipping Address provided by the customer are not an exact match.

billingToShippingAddressReview


billingToShippingAddressDecline

Review or Decline the transaction if the Billing to Shipping Distance (in Kilometers) exceeds the specified value.

blacklistIPCountryReview


blacklistIPCountryDecline

Review or Decline the transaction if the Device IP Country matches any of the selected values.

blacklistNetworkTypeReview


blacklistNetworkTypeDecline

Review or Decline the transaction if the Network Type matches any of the selected values.

blacklistPaymentCountryReview


blacklistPaymentCountryDecline

Review or Decline the transaction if the BIN Country matches any of the selected values.


Note: BIN Country is only available when Credit Cards are used for the transaction.

blacklistShippingCountryReview


blacklistShippingCountryDecline

Review or Decline the transaction if the Shipping Address Country matches any of the selected values.

cardPtokVelocityReview


cardPtokVelocityDecline

Review or Decline the transaction if the number of transactions with the same Credit Card in the last hour exceeds the specified value.

deviceIPVelocityReview


deviceIPVelocityDecline

Review or Decline the transaction if the number of transactions with the same Device IP in the last hour exceeds the specified value.

deviceToBillingAddressReview


deviceToBillingAddressDecline

Review or Decline the transaction if the Device IP to Billing Distance (in Kilometers) exceeds the specified value.

deviceToShippingAddressReview


deviceToShippingAddressDecline

Review or Decline the transaction if the Device IP to Shipping Distance (in Kilometers) exceeds the specified value.

emailVelocityReview


emailVelocityDecline

Review or Decline the transaction if the number of transactions with the same Billing Email Address in the last 24 hours exceeds the specified value.

masterCardEmsReview


masterCardEmsDecline

Review or Decline the transaction if the EMS Score is greater than the specified value.

orderTotalReview


orderTotalDecline

Review or Decline the transaction if the Order Total Amount (in fractional base currency, i.e. pennies) exceeds the specified value.

shippingAddressDeliverableReview


shippingAddressDeliverableDecline

Review or Decline the transaction if the Shipping Address provided by the customer is not deliverable.

suspectIPReview


suspectIPDecline

Review or Decline the transaction if the Device IP address is found on a global list known to be associated with fraud.

transactionVelocityReview


transactionVelocityDecline

Review or Decline the transaction if the number of transactions in the last 24 hours exceeds the specified value.

universalChargebackCardReview


universalChargebackCardDecline

Review or Decline the transaction if the Card is found in the universal chargeback list.

Pre-Authorization thresholds

These thresholds can be evaluated with any Kount Central RIS Mode but require data obtained from a Payment Authorization request. Device Data Collector is neither required nor optional.

Codes

Description

blacklistAvsStreetResponseReview


blacklistAvsStreetResponseDecline

Review or decline the transaction if the AVS Street Authorization Response matches any of the values selected.

blacklistAvsZipResponseReview


blacklistAvsZipResponseDecline

Review or decline the transaction if the AVS Zip Code Authorization Response matches any of the values selected.

blacklistCvvResponseReview


blacklistCvvResponseDecline

Review or Decline the transaction if the CVV Authorization Response matches any of the specified values.

Data Collector thresholds

These thresholds can only be evaluated with Kount Central RIS Mode W and require the Device Data Collector be present on the payment page.

Codes

Description

deviceFingerprintVelocityReview


deviceFingerprintVelocityDecline

Review or decline the transaction if the number of transactions with the same device fingerprint in the last hour exceeds a specified value.


Note: The Device Data Collector is required for these thresholds to be evaluated.

highRiskReview


highRiskDecline

Review or Decline the transaction if the fraud risk is High.


Note: The DDC is considered optional for these filters but is considered more accurate when it is present.

mediumRiskReview

Review the transaction if the Fraud Risk is Medium.


Note: The DDC is considered optional for this filter but is considered more accurate when it is present.

invalidBillingPhoneReview


invalidBillingPhoneDecline

Review or Decline the transaction if the billing phone number has no directory match.

   
Kount Central Fraud Manager thresholds

Codes

Description

orderTotalReview

Mark the transaction for Review if the Order Total Amount (in fractional base currency, i.e., pennies) exceeds the value specified.

orderTotalDecline

Decline the transaction if the Order Total Amount (in fractional base currency, i.e., pennies) exceeds the value specified.

deviceToBillingAddressReview

Mark the transaction for Review if the Device IP to Billing distance (in kilometers) exceeds the value specified.

deviceToBillingAddressDecline

Decline the transaction if the Device IP to Billing distance (in kilometers) exceeds the value specified.

deviceToShippingAddressReview

Mark the transaction for Review if the Device IP to Billing distance (in kilometers) exceeds the value specified.

deviceToShippingAddressDecline

Decline the transaction if the Device IP to Shipping distance (in kilometers) exceeds the value specified.

billingToShippingAddressReview

Mark the transaction for Review if the Device IP to Shipping distance (in kilometers) exceeds the value specified.

billingToShippingAddressDecline

Decline the transaction if the Billing to Shipping distance (in kilometers) exceeds the value specified.

billShipAddressNotMatchReview

Mark the transaction for Review if the Billing and Shipping Address provided by the customer are not an exact match.

billShipAddressNotMatchDecline

Decline the transaction if the Billing and

Shipping Address provided by the customer are not an exact match.

paymentCountryIpCountryNotMatchReview

Mark the transaction for Review if the payment country and the IP country are not an exact match.

paymentCountryIpCountryNotMatchDecline

Mark the transaction for Decline if the payment country and the IP country are not an exact match.

paymentCountryDeviceCountryNotMatchReview

Mark the transaction for Review if the payment country and the device country are not an exact match.

paymentCountryDeviceCountryNotMatchDecline

Mark the transaction for Decline if the

payment country and the device country are not an exact match.

mediumRiskReview

Mark the transaction for Review if the Fraud Risk, based on the Boost Safety Rating, is Medium.

highRiskReview

Mark the transaction for Review if the Fraud Risk, based on the Boost Safety Rating, is High.

highRiskDecline

Decline the transaction if the Fraud Risk, based on the Boost Safety Rating, is High.

riskScoreReview

Mark the transaction for Review if the Persona Score is higher than the value specified.

riskScoreDecline

Decline the transaction if the Persona Score is higher than the value specified.

emailVelocityReview

Mark the transaction for Review if the number of transactions with the same Billing Email Address in the last 24 hours exceeds the value specified.

emailVelocityDecline

Decline the transaction if the number of transactions with the same Billing Email Address in the last 24 hours exceeds the value specified.

emailCalendarDayVeloReview

Mark the transaction for Review if the number of transactions with the same Billing Email Address during the same calendar day exceeds the value specified.

emailCalendarDayVeloDecline

Decline the transaction if the number of transactions with the same Billing Email Address during the same calendar day exceeds the value specified.

cardPtokVelocityReview

Mark the transaction for Review if the number of transactions with the same Credit Card in the last hour exceeds the value specified.

cardPtokVelocityDecline

Decline the transaction if the number of transactions with the same Credit Card in the last hour exceeds the value specified.

cardPtokAuthAVelocityDecline

Decline the transaction if the number of transactions with the same Credit Card and bank auth was approved in the last hour exceeds the value specified.

cardPtokAuthDVelocityDecline

Decline the transaction if the number of transactions with the same Credit Card and bank auth was declined in the last hour exceeds the value specified.

cardPtokAuthAVelocityReview

Review the transaction if the number of transactions with the same Credit Card and bank auth was approved in the last hour exceeds the value specified.

cardPtokAuthDVelocityReview

Review the transaction if the number of transactions with the same Credit Card and bank auth was declined in the last hour exceeds the value specified.

transactionVelocityReview

Mark the transaction for Review if the number of transactions in the last 24 hours exceeds the value specified.

transactionVelocityDecline

Decline the transaction if the number of transactions in the last 24 hours exceeds the value specified.

deviceFingerprintVelocityReview

Mark the transaction for Review if the number of transactions with the same Device Fingerprint in the last hour exceeds the value specified.

deviceFingerprintVelocityDecline

Decline the transaction if the number of

transactions with the same Device Fingerprint in the last hour exceeds the value specified.

deviceFingerprintAuthAVelocityDecline

Decline the transaction if the number of

transactions with the same Device Fingerprint in the last hour exceeds the value specified, and the bank auth was approved.

deviceFingerprintAuthDVelocityDecline

Decline the transaction if the number of

transactions with the same Device Fingerprint in the last hour exceeds the value specified, and the bank auth was declined.

deviceFingerprintAuthAVelocityReview

Review the transaction if the number of

transactions with the same Device Fingerprint in the last hour exceeds the value specified, and the bank auth was approved.

deviceFingerprintAuthDVelocityReview

Review the transaction if the number of

transactions with the same Device Fingerprint in the last hour exceeds the value specified, and the bank auth was declined.

deviceIpVelocityReview

Mark the transaction for Review if the number of transactions with the same Device IP in the last hour exceeds the value specified.

deviceIpVelocityDecline

Decline the transaction if the number of transactions with the same Device IP in the last hour exceeds the value specified.

blacklistNetworkTypeReview

Mark the transaction for Review if the Network Type matches any of the values selected.

blacklistNetworkTypeDecline

Decline the transaction if the Network Type matches any of the values selected.

blacklistPaymentCountryReview

Mark the transaction for Review if the BIN Country matches any of the values selected. Note: BIN Country is only available when Credit Cards are used for the transaction.

blacklistPaymentCountryDecline

Decline the transaction if the BIN Country matches any of the values selected. 


Note: BIN Country is only available when Credit Cards are used for the transaction.

blacklistIpCountryReview

Mark the transaction for Review if the Device IP Country matches any of the values selected.

blacklistIpCountryDecline

Decline the transaction if the Device IP Country matches any of the values selected.

blacklistShippingCountryReview

Mark the transaction for Review if the Shipping Address Country matches any of the values selected.

blacklistShippingCountryDecline

Decline the transaction if the Shipping Address Country matches any of the values selected.

blacklistCvvResponseReview

Mark the transaction for Review if the CVV Authorization Response matches any of the values selected.

blacklistCvvResponseDecline

Decline the transaction if the CVV Authorization Response matches any of the values selected.

blacklistAvsStreetResponseReview

Mark the transaction for Review if the AVS Street Authorization Response matches any of the values selected.

blacklistAvsStreetResponseDecline

Decline the transaction if the AVS Street

Authorization Response matches any of the values selected.

blacklistAvsZipResponseReview

Mark the transaction for Review if the AVS Zip Authorization Response matches any of the values selected.

blacklistAvsZipResponseDecline

Decline the transaction if the AVS Zip Authorization Response matches any of the values selected.

billingAddressDeliverableReview

Mark the transaction for Review if the Billing Address is not deliverable.

billingAddressDeliverableDecline

Decline the transaction if the Billing Address is not deliverable.

shippingAddressDeliverableReview

Mark the transaction for Review if the

Shipping Address is not deliverable.

shippingAddressDeliverableDecline

Decline the transaction if the Shipping

Address is not deliverable.

suspectIpReview

Review based on device IP being on a global suspect list.

suspectIpDecline

Decline based on device IP being on a global suspect list.

invalidBillingPhoneReview

Review transaction if the billing phone number has no directory match.

invalidBillingPhoneDecline

Decline transaction if the billing phone number has no directory match.

universalChargebackCardReview

Review based on whether a card was found on the chargeback list.

universalChargebackCardDecline

Decline based on whether a card was found on the chargeback list.

Frequently Asked Questions (FAQs)

Can I Run the filters in a No-Change mode to determine impact in Kount Central?

At this time, Kount does not allow merchants to set the Fraud Manager Thresholds and Filters to No Change for testing purposes.

How will Order Review in Kount Central work?

In the RIS response, provide all of the data about the Thresholds (and the Portfolio Rules) that triggered, as well as a number of other data points about the transaction.

The expectation is that the Processor will incorporate this data into their Merchant Portal on an existing page where merchants can currently go to view the transactions that have been processed. This way, small merchants have one consistent website and interface for all of their orders.

Was this article helpful?
0 out of 0 found this helpful