How to Submit Orders Originating from a Call Center or Kiosk
When a merchant submits orders with the same web page interface as a customer, the data regarding the merchant’s device is sent to Kount, not the customer’s device data. This causes order linking to occur and, in time, elevates the score of all orders associated with the persona subsequently impact Omniscore.
Note: Linking also occurs if the browser sessionID is used as the transaction sessionID and multiple orders are submitted from within the same browser session without closing the browser.
This type of linking can be avoided in three ways:
Increment the browser sessionID, appending the UNIX timestamp.
Choose a different methodology for creating the sessionID.
Ensure agents close the browser between orders.
Methods for receiving phone orders
Device Data Collector is not implemented
If the customer service agents navigate to a separate order entry page that does not implement the Device Data Collector:
Post Call Center/Phone Orders as a Mode=P.
Hard code the IP address specifically to 10.0.0.1.
Provide the phone number within the ANID field (if no phone number is available, pass 0123456789 hard coded).
Device Data Collector executed
If the customer service agents navigate to the same page as the customer (executes the Device Data Collector):
Use the Phone-to-Web Order Submission script examples below to exclude merchant owned IP addresses that should not be forwarded to Kount.
Post Customer Service Orders as a Mode=Q.
Hard code the IP address specifically to 10.0.0.1.
Note: In any of the above circumstances, if the email address is not provided to the agents, the agents must input noemail@kount.com as the email address to prevent linking.
Phone Order Scoring
Phone orders or Phone-to-Web orders often score high. They require certain elements of the order to be static, or hard coded, so that the orders won't be erroneously linked together. When these elements are not excluded from Kount's linking technology, the erroneous linking causes the Kount score to be elevated. It is typical to see a score of a 99 in these situations.
The most common linking elements that will cause a score to elevate are:
Session ID: Linking will occur if the browser session ID is used as the transaction session ID and multiple orders are submitted from within the same browser session without closing the browser.
Email Address: Linking can occur on the email address.
Phone Number: Linking can occur on the phone number.
IP Address: Linking can occur on an internal IP Address. Depending on how data is collected from the web page that agents visit to enter customer orders, an internal IP Address from your own server could be linking the orders together.
Device ID: Linking can occur on the Device Fingerprint of the agent entering the order. Depending on how data is collected from the web page that agents visit to enter customer orders, the agent's own device or computer could be linking the orders together.
The first step in troubleshooting why phone orders are scoring so high is to have your internal technical staff review the instructions found within the Phone-To-Web Order Submissions section of the Kount Integration Guide to ensure that the implementation directions were followed. Please do not hesitate to contact your Technical Account Manager if the Phone-To-Web implementation directions were followed but the elevated score is still occurring.
Script Examples
PHP example of the Phone-to-Web logo.htm script
/**
* Example analyzer re-direct script.
*
*
* <p>Expects to be called with 2 GET mode query parameters:
* <dl>
* <dt>m</dt>
* <dd>Company Merchant ID</dd>
* <dt>s</dt>
* <dd>Unique customer session ID</dd>
* </dl>
*
*/
// -- BEGIN CONFIGURATION --
/**
* Hostname of Company endpoint.
* MUST BE SET BY MERCHANT BEFORE USE
*
* @var string
*/
$COMPANY_SERVER = null;
/**
*
* List of ip addresses in dotted quad format (eg "127.0.0.1") that should
* not be redirected to the Company. These IP addresses are the public facing IP
* addresses that have been assigned by the merchant service provider.
*
* @var array
*/
$EXCLUDED_IPS = array();
// -- END CONFIGURATION --
function send_empty_page()
{
echo ’ < html > < head > < / head > < body > < / body > < / html > ';
}
// validate configuration
if (!isset($COMPANY_SERVER))
{
error_log("COMPANY_SERVER must be defined in " . FILE);
send_empty_page();
exit();
}
if (!isset($EXCLUDED_IPS) || !is_array($EXCLUDED_IPS))
{
error_log("EXCLUDED_IPS must be defined in " . FILE);
send_empty_page();
exit();
}
// validate input
$MERC = rawurlencode($_GET['m']);
$SESS = rawurlencode($_GET['s']);
// process request
$remoteIP = $_SERVER['REMOTE_ADDR'];
if (false !== array_search($remoteIP, $EXCLUDED_IPS))
{
// current visitor is in the exclude list send_empty_page();
}
else
{
// Redirect the browser header("HTTP/1.1 302 Found");
header("Location: https://{$COMPANY_SERVER}/logo.htm?m={$MERC}&s={$SESS}");
}
C# example of the Phone-to-Web logo.htm script
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
namespace KaptchaExample {
/// <summary>
/// Kaptcha redirect code sample.
///
/// In addition to the basic redirect functionality required by the
/// specification this class allows configuration of an "exclude list"
/// of IP addresses that should NOT be forwarded on to the Company's Kaptcha
/// server. This non-typical use case can arise when a Merchant is doing
/// phone-to-web orders in a call center and needs to keep Kaptcha data
/// from those call center orders from reaching the Company.
///
/// 2011 Company, Inc. All Rights Reserved.
/// </summary>
public partial class _Default: System.Web.UI.Page {
/// <summary>
/// Kaptcha URL provided by the Company. Check with your
/// representative for the correct value.
/// </summary>
protected
const string KaptchaUrl = "https://tst.kaptcha.com";
/// <summary>
/// Your merchant ID goes here. Check with your representative
/// for the correct value.
/// </summary>
protected
const string MerchantId = "999999";
/// <summary>
/// A list of excluded IP addresses. This should be populated with
/// a list of the IP addresses to be excluded.
/// </summary>
protected IList ExcludedIps = new ArrayList();
/// <summary>
/// The code to be executed on page load.
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void Page_Load(object sender, EventArgs e) {
this.LoadExcludedIps();
string ClientIp = Request.UserHostAddress;
if (this.ExcludedIps.Contains(ClientIp)) {
// The client is on the exclusion list. Might be a good
// idea to log this here.
} else {
Response.Redirect(this.KaptchaUrl + "/logo.htm?m=" + MerchantId + "&s=" + HttpContext.Current.Session.SessionID);
}
}
/// <summary>
/// Load up the IP addresses to be excluded here.
/// </summary>
protected void LoadExcludedIps()
Java example of the Phone-to-Web logo.htm script
package com.company.example;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.URLEncoder;
import java.util.Arrays;
import java.util.List;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.UnavailableException;
/**
* Example Kaptcha redirect script.
*
* <p>In addition to the basic redirect functionality required by the
* specification this servlet allows configuration of an "exclude list" of ip
* addresses that should NOT be forwarded on to the Kaptcha server. This
* non-typical use case can arise when a Merchant is doing phone-to-web orders
* in a call center and needs to keep Kaptcha data from those call center
* orders from reaching the Company.
*
* <p>The servlet uses ServletConfig provided configuration parameters to
* specify these settings:
* <dl>
* <dt>MERC</dt>
* <dd>REQUIRED</dd>
* <dd>Merchant ID assigned by the Company</dd>
*
* <dt>KAPTCHA_URL</dt>
* <dd>REQUIRED</dd>
* <dd>URL to the Kaptcha endpoint</dd>
* <dd>The proper values for testing and production will be provided to you
* during the boarding process by your Boarding Manager.</dd>
*
* <dt>EXCLUDE_IPS</dt>
* <dd>OPTIONAL</dd>
* <dd>Comma separated list of IP addresses in dotted-quad notation to
* exclude from the Katpcha redirect.</dd>
* </dl>
*
* <p>See your servlet container documentation for the proper file and format to
* provide ServletConfig parameters at deploy time.
*
* @copyright 2011 Company Inc.
*/
public class LogoHtmServlet extends HttpServlet {
/**
* Empty html response body.
*/
static final String EMPTY_HTML = "<html><head></head><body></body></html>";
/**
* Merchant ID assigned by the Company.
* Set via the MERC parameter in the ServletConfig.
*/
protected String merc;
/**
* URL to the Kaptcha endpoint.
* Set via the KAPTCHA_URL parameter in the ServletConfig.
*/
protected String kaptchaUrl;
/**
* List of ip addresses in dotted quad format (eg "127.0.0.1") that should
* not be redirected to the real Kaptcha server.
* Set via the EXCLUDE_IPS parameter in the ServletConfig. EXCLUDE_IPS
* should be a comma separated list of ip addresses to exclude (eg
* "127.0.0.1,127.0.0.2,127.0.0.3")
*/
protected List < String > excludedIps;
/**
* Initialize the servlet.
*
* @param config the ServletConfig object that contains configutation
* information for this servlet
* @throws ServletException if an exception occurs that interrupts the
* servlet's normal operation
* @throws UnavailableException if required configuration parameters are not
* supplied
*/
public void init(ServletConfig config) throws ServletException {
super.init(config);
this.merc = config.getInitParameter("MERC");
if (null == this.merc) {
throw new UnavailableException(
"Missing required servlet config parameter MERC");
}
this.kaptchaUrl = config.getInitParameter("KAPTCHA_URL");
if (null == this.merc) {
throw new UnavailableException(
"Missing required servlet config parameter KAPTCHA_URL");
}
final String exclude = config.getInitParameter("EXCLUDE_IPS");
if (null != exclude) {
this.excludedIps = Arrays.asList(exclude.split(","));
}
} //end init
/**
* Process an HTTP GET request.
*
* @param req HttpServletRequest that encapsulates the request to the
* servlet
* @param resp HttpServletResponse that encapsulates the response from the
* servlet
* @throws IOException if detected when handling the request
* @throws ServletException if the request could not be handled
*/
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
final String remoteIP = request.getRemoteAddr();
if (null != this.excludedIps && this.excludedIps.contains(remoteIP)) {
// current visitor is in the exclude list this.getServletContext().log(
"Excluding " + remoteIP + " from Katptcha processing");
// return an empty html response instead of redirecting response.setStatus(HttpServletResponse.SC_OK); response.setContentType("text/html");
final PrintWriter writer = response.getWriter();
writer.print(EMPTY_HTML);
writer.flush();
} else {
// normal processing path.
// get the id of the current session
final String sess = request.getSession().getId();
// construct the full URL to the Kaptcha server final String url = this.kaptchaUrl +
"?m=" + URLEncoder.encode(this.merc, "UTF-8") + "&s=" + URLEncoder.encode(sess, "UTF-8");
// Redirect the browser to Kaptcha response.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY); response.sendRedirect(url);
}
} //end doGet
} //end LogoHtmServlet