Working with Miscellaneous Frauds (WMFF)
Purpose: You can establish miscellaneous frauds based on postal code, check, credit card, email address, or IP address.
The system checks the Miscellaneous Fraud table only if the Fraud Checking (A68) system control value is selected.
Quotes: The system does not check the Miscellaneous Fraud table until you convert a quote to an order; see Entering Pre-Order Quotes and Converting Quotes to Orders.
Defining miscellaneous frauds: The Type field indicates the type of information that is evaluated for fraud. Once you define the Type, enter the information that is fraudulent in the Code field.
Fraud Type |
Results |
C Credit Card |
The system compares the credit card number on a credit card pay type against the credit card numbers in the Miscellaneous Fraud table. If the credit card number on a credit card pay type matches a credit card number in the Miscellaneous Fraud table, the system places the order pay type on hold with a hold reason of CF (credit card fraud). Note: If you Use Credit Card Encryption (I97) or credit card tokenization, you cannot define miscellaneous fraud based on credit card. |
E Email Address |
The system compares the email addresses related to the order against the email addresses in the Miscellaneous Fraud table. Depending on which email address related to the order matched an email in the Miscellaneous Fraud table, the system puts the order on hold as follows: • order-level email address: EO hold • individual customer: EI hold (Note: The system puts the order on hold only if the individual is the placer on the order.) • recipient, permanent ship-to customer or order-level shipping address: ES hold (Note: The system puts the order on hold for a recipient customer only if the matching email is the recipient’s primary email address) • sold-to customer: EC hold (Note: The system puts the order on hold only if the customer’s primary email address matches) • bill-to customer: EB hold (Note: The system puts the order on hold if the bill-to is on the order or just assigned to the sold-to customer) |
|
Setting up a fraud email address: When setting up a fraud email address, you can define a specific email address or you can use the asterisk (*) as a wildcard match. Options are: • text@domain.com: the email is flagged as fraud if it matches the specific email address. Example: If the fraud email is johnsmith@kab.com, then this specific email will be flagged as fraud, but johnsmithers@kab.com will not be flagged as fraud. • *@domain.com: the email is flagged as fraud if its domain matches the specified domain. Example: If the fraud email is *@kab.com, then any email whose domain is kab.com will be flagged as fraud. js@kab.com will be flagged as fraud, but js@twb.com will not be flagged as fraud. • *text@domain.com: the email is flagged as fraud if the text before the @ sign ends with the specified characters and is at the specified domain. Example: If the fraud email is *smith@kab.com, then any email whose text before the @ sign ends with smith and whose domain is kab.com will be flagged as fraud. johnsmith@kab.com will be flagged as fraud, but johnsmitty@kab.com will not be flagged as fraud. • text*@domain.com: the email is flagged as fraud if the text before the @ sign starts with the specified characters and is at the specified domain. Example: If the fraud email is john*@kab.com, then any email whose text before the @ sign starts with john and whose domain is kab.com will be flagged as fraud. johnsmith@kab.com and johnsmitty@kab.com will be flagged as fraud, but jsmith@kab.com will not be flagged as fraud. |
I IP Address |
When creating an order through the generic order API, the system updates the IP address in the Order Header Extended table if an ip_addr is provided in the Inbound Order XML Message (CWORDERIN). The system then compares the IP address for the order with the IP addresses in the Miscellaneous Fraud table. IP address matching is based on a full or partial IP address specified in the Miscellaneous Fraud table, which permits asterisks to be used as “wild cards.” Example: If the Miscellaneous Fraud record is 1.2.*.*, then any IP addresses that begin with 1.2 will cause orders to go on hold (1.2.3.4, 1.2.99.7, etc.). About IP address: The IP (internet protocol) address identifies where an order originates. The IP address is expressed as a series of four numbers separated by three periods (for example, 192.168.255.255). Each number in the series must be from 1 to 255. Depending on the type of network where the customer is logged in, the first one, two, or three numbers between the periods typically represent the hosting network itself. The remainder of the IP address can be permanently assigned to the user’s location (static IP address), or can be temporarily assigned each time the user logs in (dynamic IP address). In the case of a dynamically assigned IP address, creating a Miscellaneous Fraud record for the entire address would not be helpful, because the last portion of the address will be different every time. In this case, you can create a Miscellaneous Fraud record for the beginning portion(s) of the IP address, because this portion of the IP address identifies the hosting network. If the ip_addr matches the Miscellaneous Fraud record, the system puts the order on IP (IP address) hold and writes a message such as SYS HLD---IP ADDRESS HOLD (where IP ADDRESS HOLD is the description of the hold reason code) to the Order Transaction History table. |
K Check |
The system compares the micra number (routing number) on a check pay type against the micra numbers in the Miscellaneous Fraud table. If the micra number on the check pay type matches a micra number in the Miscellaneous Fraud table, the system places the order pay type on KF (check fraud) hold. |
Z Zip Code |
The system compares the postal code defined for a customer address against the postal codes in the Miscellaneous Fraud table. Setting up a fraud zip code: If you enter a 5-digit postal code in the Miscellaneous Fraud table, the system considers a postal code a match if the first 5 positions of the postal code defined for a customer address match the postal code in the Miscellaneous Fraud table. Example: if you enter 96624 in the Miscellaneous Fraud table, the system considers a customer address with postal code 96624 or postal code 96624-1620 as fraud. If the postal code for a customer matches a postal code in the Miscellaneous Fraud table, the system: • places the order bill to customer on ZB (bill to zip fraud) hold (the postal code for the bill to is fraudulent). • places the order sold to customer on ZS (sold to zip fraud) hold (the postal code for the sold to is fraudulent). • places the order ship to customer on ZH (ship to zip fraud) hold (the postal code for the ship to is fraudulent). |
For more information: See Introducing Order Hold Reason Codes for more information on defining fraudulent hold reason codes.
In this topic:
• Work With Miscellaneous Frauds Screen
• Create Miscellaneous Fraud Screen
Work With Miscellaneous Frauds Screen
How to display this screen: Enter WMFF in the Fast Path field at the top of any menu or select this option from a menu.
Note: Depending on the user’s authority to credit card information, the system writes a record to the Credit Card Audit table when this screen is displayed. See the Data Security and Encryption Guide for more information.
Field |
Description |
Type |
Indicates the type of information that is evaluated for fraud. Valid values are: • Check = the system compares the micra number (routing number) on a check pay type against the micra numbers in the Miscellaneous Fraud table. • Credit Card = the system compares the credit card number on a credit card pay type against the credit card numbers in the Miscellaneous Fraud table. Note: If you Use Credit Card Encryption (I97) or credit card tokenization, you cannot define miscellaneous fraud based on credit card. • Email = the system compares the email address against the email addresses in the Miscellaneous Fraud table. • IP Address = the system compares the ip_addr in the Inbound Order XML Message (CWORDERIN) when creating an order through the generic order API. • Zip = the system compares the postal code defined for a customer address against the postal codes in the Miscellaneous Fraud table. Optional. |
Code |
The information that is considered fraudulent, based on the code defined in the Type field. Check code The micra number located on the check. The micra number is also referred to as a routing number. Alphanumeric, 15 positions, optional. Credit card code The credit card number defined for a credit card pay type. Masking: If you do not have authority to the Display Full Credit Card Number (B14) secured feature, the credit card number displays in the default format specified at the Credit Card Number Layout Screen. For example, ************1443 may display instead of the entire credit card number. See Credit Card Number Format for an overview. Alphanumeric, 15 positions, optional. |
|
Email address The email address defined for an order or customer (individual, sold to, bill to, or ship to). Alphanumeric, 50 positions; optional. IP address The full or partial IP address received for an order API (e-commerce) order. The IP address specified here can include asterisks (*) for “wild card” matching. For example, if the Miscellaneous Fraud record is 1.2.*.*, then any IP addresses that begin with 1.2 will cause orders to go on hold (1.2.3.4, 1.2.99.7, etc.). Zip code The postal code defined for the customer’s address. You can enter an extended, non-hyphenated code, or the initial 5 digits of the postal code. Alphanumeric, 9 positions, optional. |
Screen Option |
Procedure |
Create a miscellaneous fraud customer |
Select Create to advance to the Create Miscellaneous Fraud Screen. |
Change miscellaneous fraud information |
Select Change for a fraudulent customer to advance to the Change Miscellaneous Fraud Screen. At this screen you can only change fraud information. See Create Miscellaneous Fraud Screen for field descriptions. Note: Depending on the user’s authority to credit card information, the system writes a record to the Credit Card Audit table when this screen is displayed for a C (credit card) fraud record. See the Data Security and Encryption Guide for more information. |
Delete a miscellaneous fraud record |
Select Delete for a fraudulent customer to delete it. |
Display a miscellaneous fraud |
Select Display for a fraudulent customer to advance to the Display Miscellaneous Fraud Screen. You cannot change any information on this screen. See Create Miscellaneous Fraud Screen for field descriptions. Note: Depending on the user’s authority to credit card information, the system writes a record to the Credit Card Audit table when this screen is displayed for a C (credit card). See the Data Security and Encryption Guide for more information. |
Create Miscellaneous Fraud Screen
To create: Use this screen to add a fraudulent postal code, check, email address, or credit card to the Miscellaneous Fraud table.
How to display this screen: At the Work With Miscellaneous Frauds Screen, select Create.
Field |
Description |
Fraud type |
Indicates the type of information that is evaluated for fraud. Valid values are: • Check = the system compares the micra number (routing number) on a check pay type against the micra numbers in the Miscellaneous Fraud table. • Credit Card = the system compares the credit card number on a credit card pay type against the credit card numbers in the Miscellaneous Fraud table. • Email = the system compares the email address against the email addresses in the Miscellaneous Fraud table. • IP Address = the system compares the ip_addr in the Inbound Order XML Message (CWORDERIN) when creating an order through the generic order API. • Zip = the system compares the postal code defined for a customer address against the postal codes in the Miscellaneous Fraud table. Required. |
Fraud information |
The information that is considered fraudulent, based on the code defined in the Type field. Check code The micra number located on the check. The micra number is also referred to as a routing number. Alphanumeric, 15 positions, optional. Credit card code The credit card number defined for a credit card pay type. Masking: If you do not have authority to the Display Full Credit Card Number (B14) secured feature, the credit card number displays in the default format specified at the Credit Card Number Layout Screen. For example, ************1443 may display instead of the entire credit card number. See Credit Card Number Format for an overview. Alphanumeric, 15 positions, optional. Email address The email address defined for an order or customer (individual, sold to, bill to, or ship to).When setting up a fraud email address, you can define a specific email address or you can use the asterisk (*) as a wildcard match. Options are: • text@domain.com: the email is flagged as fraud if it matches the specific email address. Example: If the fraud email is johnsmith@kab.com, then this specific email will be flagged as fraud, but johnsmithers@kab.com will not be flagged as fraud. • *@domain.com: the email is flagged as fraud if its domain matches the specified domain. Example: If the fraud email is *@kab.com, then any email whose domain is kab.com will be flagged as fraud. js@kab.com will be flagged as fraud, but js@twb.com will not be flagged as fraud. • *text@domain.com: the email is flagged as fraud if the text before the @ sign ends with the specified characters and is at the specified domain. Example: If the fraud email is *smith@kab.com, then any email whose text before the @ sign ends with smith and whose domain is kab.com will be flagged as fraud. johnsmith@kab.com will be flagged as fraud, but johnsmitty@kab.com will not be flagged as fraud. • text*@domain.com: the email is flagged as fraud if the text before the @ sign starts with the specified characters and is at the specified domain. Example: If the fraud email is john*@kab.com, then any email whose text before the @ sign starts with john and whose domain is kab.com will be flagged as fraud. johnsmith@kab.com and johnsmitty@kab.com will be flagged as fraud, but jsmith@kab.com will not be flagged as fraud. |
|
IP address The full or partial IP address received for an order API order. The IP address specified here can substitute asterisks (*) as “wild cards” for one or more of the four numbers that make up the IP address. For example, if the Miscellaneous Fraud record is 1.2.*.*, then any IP addresses that begin with 1.2 will cause orders to go on hold (1.2.3.4, 1.2.99.7, etc.). The system validates that your entry includes four numbers between 1 and 255, separated by three periods. Matching begins at the first number of the series and works back, which means that one or more numbers in the series can consist of a “wild card” asterisk; however, once the IP address includes an asterisk, the remainder of the IP address cannot include any more numbers. The system displays an error message if your entry: • includes any non-numeric characters • begins with a wild card (for example, *.22.33.44) • includes a wild card but does not end with one (for example, 12.*.33.4 or 11.2.*.4) • includes both a wild card and a number between periods (for example, 123.45.67*.* or 1.2.3.4*) • includes a number greater than 255 • includes any blank spaces Alphanumeric, 15 positions; optional. Zip code The postal code defined for the customer’s address. When setting up a fraud zip code, if enter a 5-digit postal code in the Miscellaneous Fraud table, the system considers a postal code a match if the first 5 positions of the postal code defined for a customer address match the postal code in the Miscellaneous Fraud table. Example: if you enter 96624 in the Miscellaneous Fraud table, the system considers a customer address with postal code 96624 or postal code 96624-1620 as fraud. Alphanumeric, 50 positions; optional. |
