How to Submit Phone Orders Originating from a Call Center Environment

When a merchant submits phone orders with the same web page interface as a customer, the data regarding the merchant’s device is sent to Kount, not the customer’s device data. This causes order linking to occur and, in time, elevates the score of all orders associated with the persona subsequently impact OmniScore.

NOTE: Linking also occurs if the browser sessionID is used as the transaction sessionID and multiple orders are submitted from within the same browser session without closing the browser.

This type of linking can be avoided in three ways:

  • Increment the browser sessionID, appending the UNIX timestamp.
  • Choose a different methodology for creating the sessionID.
  • Ensure agents close the browser between orders.

Methods for receiving phone orders

Device Data Collector is not implemented

If the customer service agents navigate to a separate order entry page that does not implement the Device Data Collector:

  1. Post Call Center/Phone Orders as a Mode=P.
  2. Hard code the IP address specifically to 10.0.0.1.
  3. Provide the phone number within the ANID field (if no phone number is available, pass 0123456789 hard coded).

Device Data Collector executed

If the customer service agents navigate to the same page as the customer (executes the Device Data Collector):

  1. Use the Phone-to-Web Order Submission script examples below to exclude merchant owned IP addresses that should not be forwarded to Kount.
  2. Post Customer Service Orders as a Mode=Q.
  3. Hard code the IP address specifically to 10.0.0.1.
NOTE: In any of the above circumstances, if the email address is not provided to the agents, the agents must input noemail@kount.com as the email address to prevent linking.

Script Examples

PHP example of the Phone-to-Web logo.htm script
/**
 * Example analyzer re-direct script.
 *
 *
 * <p>Expects to be called with 2 GET mode query parameters:
 * <dl>
 * <dt>m</dt>
 * <dd>Company Merchant ID</dd>
 * <dt>s</dt>
 * <dd>Unique customer session ID</dd>
 * </dl>
 *
 */
// -- BEGIN CONFIGURATION --

/**
 * Hostname of Company endpoint.
 * MUST BE SET BY MERCHANT BEFORE USE
 *
 * @var string
 */
$COMPANY_SERVER = null;
/**
 *
 * List of ip addresses in dotted quad format (eg "127.0.0.1") that should
 * not be redirected to the Company. These IP addresses are the public facing IP
 * addresses that have been assigned by the merchant service provider.
 *
 * @var array
 */
$EXCLUDED_IPS = array();
// -- END CONFIGURATION --
function send_empty_page()
{
    echo ’ < html > < head > < / head > < body > < / body > < / html > ';
}
// validate configuration
if (!isset($COMPANY_SERVER))
{
    error_log("COMPANY_SERVER must be defined in " . FILE);
    send_empty_page();
    exit();
}
if (!isset($EXCLUDED_IPS) || !is_array($EXCLUDED_IPS))
{
    error_log("EXCLUDED_IPS must be defined in " . FILE);
    send_empty_page();
    exit();
}
// validate input
$MERC = rawurlencode($_GET['m']);
$SESS = rawurlencode($_GET['s']);
// process request
$remoteIP = $_SERVER['REMOTE_ADDR'];
if (false !== array_search($remoteIP, $EXCLUDED_IPS))
{
    // current visitor is in the exclude list send_empty_page();
    
}
else
{
    // Redirect the browser header("HTTP/1.1 302 Found");
    header("Location: https://{$COMPANY_SERVER}/logo.htm?m={$MERC}&s={$SESS}");
}
C# example of the Phone-to-Web logo.htm script
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
namespace KaptchaExample {
  /// <summary>
  /// Kaptcha redirect code sample.
  ///
  /// In addition to the basic redirect functionality required by the
  /// specification this class allows configuration of an "exclude list"
  /// of IP addresses that should NOT be forwarded on to the Company's Kaptcha

  /// server. This non-typical use case can arise when a Merchant is doing
  /// phone-to-web orders in a call center and needs to keep Kaptcha data
  /// from those call center orders from reaching the Company.
  ///
  /// 2011 Company, Inc. All Rights Reserved.
  /// </summary>
  public partial class _Default: System.Web.UI.Page {
      /// <summary>
      /// Kaptcha URL provided by the Company. Check with your
      /// representative for the correct value.
      /// </summary>
      protected
      const string KaptchaUrl = "https://tst.kaptcha.com";
      /// <summary>
      /// Your merchant ID goes here. Check with your representative
      /// for the correct value.
      /// </summary>
      protected
      const string MerchantId = "999999";
      /// <summary>
      /// A list of excluded IP addresses. This should be populated with
      /// a list of the IP addresses to be excluded.
      /// </summary>
      protected IList ExcludedIps = new ArrayList();
      /// <summary>
      /// The code to be executed on page load.
      /// </summary>
      /// <param name="sender"></param>
      /// <param name="e"></param>
      protected void Page_Load(object sender, EventArgs e) {
        this.LoadExcludedIps();
        string ClientIp = Request.UserHostAddress;
        if (this.ExcludedIps.Contains(ClientIp)) {
          // The client is on the exclusion list. Might be a good
          // idea to log this here.
        } else {
          Response.Redirect(this.KaptchaUrl + "/logo.htm?m=" + MerchantId + "&s=" + HttpContext.Current.Session.SessionID);
        }
      }
      /// <summary>
      /// Load up the IP addresses to be excluded here.
      /// </summary>
      protected void LoadExcludedIps()
Java example of the Phone-to-Web logo.htm script
package com.company.example;

import java.io.IOException;
import java.io.PrintWriter;
import java.net.URLEncoder;
import java.util.Arrays;
import java.util.List;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.UnavailableException;

/**
* Example Kaptcha redirect script.
*
* <p>In addition to the basic redirect functionality required by the
* specification this servlet allows configuration of an "exclude list" of ip
* addresses that should NOT be forwarded on to the Kaptcha server. This
* non-typical use case can arise when a Merchant is doing phone-to-web orders
* in a call center and needs to keep Kaptcha data from those call center
* orders from reaching the Company.
*
* <p>The servlet uses ServletConfig provided configuration parameters to
* specify these settings:
* <dl>
* <dt>MERC</dt>

* <dd>REQUIRED</dd>
* <dd>Merchant ID assigned by the Company</dd>
*
* <dt>KAPTCHA_URL</dt>
* <dd>REQUIRED</dd>
* <dd>URL to the Kaptcha endpoint</dd>
* <dd>The proper values for testing and production will be provided to you
* during the boarding process by your Boarding Manager.</dd>
*
* <dt>EXCLUDE_IPS</dt>
* <dd>OPTIONAL</dd>
* <dd>Comma separated list of IP addresses in dotted-quad notation to
* exclude from the Katpcha redirect.</dd>
* </dl>
*
* <p>See your servlet container documentation for the proper file and format to
* provide ServletConfig parameters at deploy time.
*
* @copyright 2011 Company Inc.
*/
public class LogoHtmServlet extends HttpServlet {
    /**
     * Empty html response body.
     */
    static final String EMPTY_HTML = "<html><head></head><body></body></html>";
    /**
     * Merchant ID assigned by the Company.
     * Set via the MERC parameter in the ServletConfig.
     */
    protected String merc;
    /**
     * URL to the Kaptcha endpoint.
     * Set via the KAPTCHA_URL parameter in the ServletConfig.
     */
    protected String kaptchaUrl;
    /**
     * List of ip addresses in dotted quad format (eg "127.0.0.1") that should
     * not be redirected to the real Kaptcha server.
     * Set via the EXCLUDE_IPS parameter in the ServletConfig. EXCLUDE_IPS
     * should be a comma separated list of ip addresses to exclude (eg
     * "127.0.0.1,127.0.0.2,127.0.0.3")
     */
    protected List < String > excludedIps;
    /**
    * Initialize the servlet.
    *
    * @param config the ServletConfig object that contains configutation

    * information for this servlet
    * @throws ServletException if an exception occurs that interrupts the
    * servlet's normal operation
    * @throws UnavailableException if required configuration parameters are not
    * supplied
    */
    public void init(ServletConfig config) throws ServletException {
        super.init(config);
        this.merc = config.getInitParameter("MERC");
        if (null == this.merc) {
            throw new UnavailableException(
                "Missing required servlet config parameter MERC");
        }
        this.kaptchaUrl = config.getInitParameter("KAPTCHA_URL");
        if (null == this.merc) {
            throw new UnavailableException(
                "Missing required servlet config parameter KAPTCHA_URL");
        }
        final String exclude = config.getInitParameter("EXCLUDE_IPS");
        if (null != exclude) {
            this.excludedIps = Arrays.asList(exclude.split(","));
        }
    } //end init
    /**
     * Process an HTTP GET request.
     *
     * @param req HttpServletRequest that encapsulates the request to the
     * servlet
     * @param resp HttpServletResponse that encapsulates the response from the
     * servlet
     * @throws IOException if detected when handling the request
     * @throws ServletException if the request could not be handled
     */

    public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

        final String remoteIP = request.getRemoteAddr();
        if (null != this.excludedIps && this.excludedIps.contains(remoteIP)) {
            // current visitor is in the exclude list this.getServletContext().log(
            "Excluding " + remoteIP + " from Katptcha processing");
        // return an empty html response instead of redirecting response.setStatus(HttpServletResponse.SC_OK); response.setContentType("text/html");
        final PrintWriter writer = response.getWriter();

        writer.print(EMPTY_HTML);
        writer.flush();
    } else {
        // normal processing path.
        // get the id of the current session
        final String sess = request.getSession().getId();
        // construct the full URL to the Kaptcha server final String url = this.kaptchaUrl +
        "?m=" + URLEncoder.encode(this.merc, "UTF-8") + "&s=" + URLEncoder.encode(sess, "UTF-8");
        // Redirect the browser to Kaptcha response.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY); response.sendRedirect(url);
    }
} //end doGet
} //end LogoHtmServlet
Was this article helpful?
0 out of 0 found this helpful