FraudSmack is a powerful utility in helping merchants prevent chargebacks. As with
all complex tools, we expect you to have questions about how to use it. We address the most common
questions here, but if you have other questions, don't hesitate to contact us for more information at
FraudSmack@AquestSolutions.com
Is there a long-term contract?
No. You can cancel your monthly plan at any time by submitting a Trouble Ticket from the 'Member's Control Panel'.
We will close your account immediately when you request it, and you will not be billed for any future months.
Back to questions...
What if I don't use any queries for the month, do you still bill me?
Yes, you will be billed for the minimum base price of your monthly plan regardless of whether or not you use the service.
This will continue every month until you issue a Trouble Ticket to close your account. We will be glad to close your
account promptly when you request it, but you must let us know that you wish to discontinue the service.
Back to questions...
Do I have to use the web service or API to check a potential sale?
No. You can also check a potential sale manually using the 'Input Test' page in the 'Members
Control Panel'. You will still need the same information about your customer, including the IP
address.
Back to questions...
What if I exceed the number of monthly queries inlcuded in my account plan?
On the first query after you have exceeded your limit, FraudSmack will automatically
add the smallest block of extra queries that we offer to your account. This prevents you from having unwanted
service interruptions.
If you expect to exceed your limit
by a large number of queries, you can add a larger block from the control panel at a bulk rate. If you expect
to commonly exceed your limit, you should upgrade your account to a larger size to save money.
Back to questions...
Can I get emailed when a query is run through FraudSmack?
FraudSmack does not send emails, but you can have your code parse the 'DetailedRiskScore' object
that is returned, and then email that to you from your check out page. The sample code you can download from the
'Members Control Panel' already contains the code that will parse the 'DetailedRiskScore' and puts it into html
code. You can copy that code to build the body of the email to send to you.
Back to questions...
Should I run every sale through FraudSmack?
There is probably no need to run your existing customers through FraudSmack. If you do monthly recurring
billing, then it probably is not neccessary to run those customer's sale through FraudSmack.
We do suggest that you run all new customers through FraudSmack.
Back to questions...
Can I stop a specific IP address or IP address range from purchasing my products?
Yes, just login the 'Member's Control Panel' and use the 'Settings-IP Addresses' page to blacklist the
IP address or the IP address range. This will cause all queries that involve that IP
to return a result of 'DENY'.
Back to questions...
What parameters can I set or adjust to make FraudSmack conform to my needs?
We have anticipated that many of our customers would like to have more control over their fraud screening
and that trends in fraud will change in time and from merchant to merchant. For this reason, you can adjust
almost everything in the way FraudSmack scores your queries.
This includes:
- The 2 point values that trigger 'WARN' and 'DENY' results.
- The IP addresses you consider suspect.
- The email domains you consider suspect.
- The credit cards you consider suspect.
- The countries you consider suspect.
- The default point values used for calculating all Risk Factors.
- Whether or not you monitor suspect IP's, and credit cards of other FraudSmack members.
* When marking parameter values as suspect, you can either assign a custom point value or Blacklist
or Whitelist transactions that involve that value.
Back to questions...
What if I don't want to 'DENY' sales, but just want to manually review all risky sales?
You control how your code handles the results returned by FraudSmack. You can have
your code react the same way to 'DENY' as it does to 'WARN'. In fact, this would be advisable for
all FraudSmack users for the first month or 2 of service.
Back to questions...
How does FraudSmack know if an IP address is an open or anonymous proxy?
FraudSmack uses a combination of our own database of known open proxies, and live tests. It is
not feasible to do a complete live test, nor is there any database that will have up to the second lists of all open
proxies. Our method is very effective, much more effective than systems that use only a database or only live tests.
Back to questions...
The FraudSmackcode samples are all .Net code. Can FraudSmack only be used from .Net code?
FraudSmack is a standard web service and as such can be called from your code regardless of
your choice of programming language. Our samples are all .Net because we are a Microsoft Certified Partner and
we use .Net for our programming. If you would like to write an API for another programming technology and share
that with our other members, we would like to talk to you about that.
Back to questions...
What is the IP Flooding risk factor?
IP Flooding is when the same person (same IP address) repeatedly attempts transactions.
You can limit the number of attempted transactions from a particular IP address within a given time frame.
This helps you prevent fraudsters from trying to learn how to beat your fraud protection system using a brute force approach and prevents
them from attempting multiple credit cards..
For instance, you could limit a given IP address to 3 attempts within 24 hours. On the fourth, fifth, sixth...,
attempts, the transaction will be blacklisted and will result in a "DENY" regardless of the other information
provided by the customer. You control how many attempts are allowed and the time frame to monitor.
Back to questions...