Where do I get the Merchant ID?
A Sandbox Boarding Information document is sent following the initial kick-off call. It contains the Merchant ID and URLs associated with the Data Collector (DC) and Risk Inquiry Service (RIS) processes. A separate document for production will be sent with the production service URLs once the test transactions are certified.
How do I receive a login to the Agent Web Console?
Kount creates the initial administrator user. Once the user has been created, an automated email is sent requesting a password creation.
Should I send production traffic to the test environment?
Production traffic must not be sent to the test environment due to the possibility of skewed scoring from the test orders.
Where should I place the JavaScript on my website?
On any webpage prior to the completion of the order, typically somewhere in the order summary or checkout process. This could be different if various payment methods take the customer off of the site prior to completion of the order.
What does the session identifier do?
The session identifier is used to join the device data with the order data sent to the RIS service. When the RIS process posts data to Kount it must use the session identifier that was created when the customer initiated the Data Collection.
Does the session identifier need to be unique?
Yes, the session identifier must be unique over a thirty-day period. If there are duplicate session identifiers, device data originating from the Data Collection process may be incorrectly connected to RIS order data. See Session ID Discussion for more information.
Are there limitations on the session identifier?
Yes, it must be alphanumeric, a minimum of 10, and a maximum of 32 characters long. Dashes and underscores are allowed.
What should I use for the session identifier?
The customer can determine what is used, as long as the limitation guidelines are followed. Potential identifiers include the unique web session, UNIX timestamp, and order number appended by timestamp.
Have appropriate DNS entries, NATs, and firewall settings been configured correctly?
Due to the security concerns regarding test environments or production environments the merchant’s network operations may need to verify that proper access is available.
Does the JavaScript code contain the correct Merchant ID?
Verify that the merchantID is the correct ID supplied by Kount.
Is the Session ID created in the DDC process the same Session ID being sent with the RIS post?
Ensure that the Session ID being created and stored during the DC process is the correct one being used in the RIS post to Kount and adheres to the session ID requirements.
How do I know the Data Collection process is Successful?
Determine if the process was successful by using Developer Tools within Chrome or Firefox. A successful data collection is represented by multiple GET/POST requests, including one in which the file – fin – indicates the data collection process is complete.
How to configure the Data Collector for Phone orders?
Go to How to Submit Orders Originating from a Call Center or Kiosk
My site does not have any Content Security Policy (CSP) meta tags. Should I still add them?
No. If you do not already have CSP meta tags in place, you do not want to use this feature. This is only for sites who are using CSP tags already, or wish to add more security layers to their site.
I added the Content Security Policy (CSP) meta tag and now my site does not work properly. What do I need to do to fix this?
This is likely due to your site not using meta tags prior to adding ours. Try removing the meta tag and retesting to ensure the DDC still works.
I added the Content Security Policy (CSP) meta tag, but the Device Data Collector no longer works. What do I need to do to fix this?
Check that the domain name in the CSP settings matches the domain name in the javascript src attribute. They must be the same for things to work. Other common issues are missing quotes (single) within the content value, or misspelled directives (such as 'unsafe-eval' or img-src). Also ensure there is a semicolon in between each directive. See the MDN site for more information.
Have appropriate DNS entries, NATs, and firewall settings been configured correctly?
Due to the security concerns regarding test environments or production environments the merchant’s network operations may need to verify that proper access is available.
Does the JavaScript code contain the correct Merchant ID?
Verify that the Merchant ID is the correct ID supplied by Kount.
What is the difference between Device Country and HTTP Country?
Device Country is the country of origin set on the device by the end user. This information is gathered by the Device Data Collector and represented in the Extended Variables gadget on the Transaction Details page as a two-character country code such as the “US”.
HTTP Country is the country that is specified in the HTTP header (of the browser). This is a setting that is in the browser when you view the source code for the web page. Usually this is specified by someone changing their language when viewing content within the browser. For example, the HTTP Country could be "en-US" or "vi-VN."
Device Location represents the physical location of the device.
Refer to the following table for the data elements gathered during device data collection, including corresponding RIS Response field names:
Field Name |
Description |
COOKIES |
A flag to indicate if the device placing order has cookies enabled or not. |
COUNTRY |
Two character ISO country code associated with the physical device. |
REGION |
Region associated with the device location. This field is provided by the DDC unless only using merchant data from RIS, which makes this field null. This field comes from the table device_info and the field is best_country. |
DEVICE_LAYERS |
Five device layers representing the operating system, browser, javascript settings, cookie setting and flash settings. Device layers are used to create the device fingerprint. |
FINGERPRINT |
The unique fingerprint of the device placing the order. |
FLASH |
A flag to indicate if the device placing order has flash enabled or not. |
DEVICE_COUNTRY |
The country of origin set on the device by the user. |
HTTP_COUNTRY |
The user's home country that the device owner has set in the device’s control panel settings. |
JAVASCRIPT |
A flag to indicate if the device placing order has Javascript enabled or not. |
KAPT |
Whether or not device data was collected by the Kount's Device Data Collector process. |
LANGUAGE |
The language the device owner has set in the device’s control panel settings. |
LOCALTIME |
The local time the device owner has set in the device’s control panel settings. |
MOBILE_DEVICE |
Indicates if the device placing the order is of a mobile nature (iPhone, Android, Blackberry, iPad, etc.). |
MOBILE_FORWARDER |
If the device is mobile, this indicates if it is using a forwarder to process the carrier’s service. |
MOBILE_TYPE |
iPhone, Android, Blackberry, iPad, etc. |
NETW |
Riskiest network type associated with the Persona within the last 14 days. |
PC_REMOTE |
Indicates if the device is enabled to use PC Remote software. |
PROXY |
Indicates if a Proxy server is detected. |
REGN |
Region associated with the highest risk region, with GEOX, and other persona fields. This field is the riskiest region among clustered transactions in the persona. The data can come from the DDC or merchant data from RIS – depending on which one has the riskiest region. If no collector data is used, then the value would only come from RIS. However, if the data coming from the collector indicates the device is mobile, then this value is prioritized because it is more accurate, even if it is less risky than other transactions in the cluster. This region data comes from the DDC device_location table and from the RIS ris_detail table. |
GEOX |
Indicates the riskiest geographical location associated with the Persona. |
TIMEZONE |
The time zone the device owner has set in the device’s control panel settings. The value listed represents the number of minutes from Greenwich Meantime. Divide by 60 to get the number of hours. |
VOICE_DEVICE |
Indicates if the device is voice-activated (related to mobile devices and devices equipped with accessibility or screen-reading software). |