Fraud Prevention
EPaySe includes a multi-layered fraud detection system that automatically evaluates every transaction in real-time using 16+ specialized detection services.
Key Features
Risk Scoring
Every transaction receives a risk score from 0-100 based on multiple detection signals, determining automatic action.
Blacklists
Block known fraudulent IPs, emails, card BINs, phone numbers, countries, and customer names.
Custom Rules
Define custom fraud rules with conditions based on amount thresholds, velocity patterns, and cross-matching.
How Fraud Detection Works
Transaction Created
Customer submits payment with card, IP, email, and browser details
16+ Detection Services Run
Frequency, blacklist, velocity, cross-match, geographic, card testing, AML, behavioral checks
Risk Score Calculated
Each service contributes points; scores accumulate to a final risk score (0-100)
Decision Applied
ALLOW, FLAG, REVIEW, or BLOCK based on score thresholds
Risk Score Decisions
The fraud system assigns one of four decisions based on the calculated risk score:
| Decision | Score Range | Action |
|---|---|---|
ALLOW | 0 - 29 | Transaction proceeds normally |
FLAG | 30 - 59 | Transaction proceeds but flagged for monitoring |
REVIEW | 60 - 79 | Transaction held for manual review |
BLOCK | 80 - 100 | Transaction automatically blocked |
Example Fraud Check Result
{
"risk_score": 45,
"decision": "FLAG",
"matched_rules": [
{
"type": "velocity_email",
"message": "5 transactions from same email in last hour",
"score_contribution": 20
},
{
"type": "geo_mismatch",
"message": "IP country (NG) differs from card country (US)",
"score_contribution": 25
}
],
"check_details": {
"frequency": { "passed": true },
"blacklist": { "passed": true },
"velocity": { "passed": false, "reason": "Email velocity exceeded" },
"cross_match": { "passed": true },
"geographic": { "passed": false, "reason": "Country mismatch" }
}
}Detection Services
EPaySe runs multiple specialized detection services on every transaction:
Core Checkers
Frequency Checker
Limits transactions per merchant per time window. Can block immediately if threshold exceeded.
Blacklist Checker
Checks customer data against IP, email, card BIN, phone, country, and name blacklists.
Velocity Checker
Detects unusual transaction frequency patterns per IP, email, or card within time windows.
Cross-Match Checker
Identifies patterns like same email with different cards, or same card with different emails.
Advanced Detection
| Service | What It Detects |
|---|---|
| Card Testing Detection | Small-amount transactions on multiple cards (BIN attacks) |
| AML Structuring | Near-threshold amounts designed to avoid reporting limits |
| AML Smurfing | Many-to-one transaction patterns (layering) |
| Geographic Anomaly | IP country vs card issuing country mismatch |
| Behavioral Deviation | Stolen card patterns vs historical behavior |
| Chargeback Predictor | Friendly fraud prediction based on patterns |
| Browser Spoofing | Detects spoofed or manipulated browser details (S2S) |
Blacklist Management
Manage blacklists from the merchant dashboard at Fraud > Blacklists. Eight blacklist types are supported:
// Blacklist entry types and examples:
// IP Address: "192.168.1.1" or "10.0.0.0/24" (CIDR range)
// Email: "[email protected]"
// Card BIN: "411111" (first 6 digits)
// Card Number: "4111111111111111" (encrypted in storage)
// Card Last 4: "1234"
// Phone: "+1234567890"
// Country: "NG" (ISO 3166-1 alpha-2)
// Customer Name: "John Fraudster"| Type | Format | Notes |
|---|---|---|
IP Address | IPv4/IPv6 or CIDR | Supports range notation (10.0.0.0/24) |
Email | Valid email address | Exact match |
Card BIN | 4-8 digits | First 6 digits of card number |
Card Number | 13-19 digits | Encrypted in storage |
Country | 2-letter ISO code | Blocks all transactions from country |
Phone | International format | Exact match |
Customer Name | Full name (max 255) | Exact match |
Blacklist Expiry
expires_at field. Expired entries are ignored during fraud checks. Custom Fraud Rules
Create custom fraud rules from the dashboard at Fraud > Rules. Each rule type targets a specific fraud pattern:
| Rule Type | Description | Example |
|---|---|---|
velocity_ip | Limit transactions per IP | Max 10 per hour |
velocity_email | Limit transactions per email | Max 5 per hour |
velocity_card | Limit transactions per card | Max 3 per day |
amount_threshold | Flag high-value transactions | Flag if > $500 |
cross_match | Detect data mismatches | Same email, different cards |
geo_mismatch | IP vs card country mismatch | IP in Nigeria, card from US |
Managing Fraud in the Dashboard
The merchant dashboard provides comprehensive fraud management tools:
Dashboard > Fraud > Checks - View all fraud check results with risk scores, decisions, and matched rules for each transaction.
Dashboard > Fraud > Blacklists - Add, edit, and manage blacklist entries across all 8 types. Set expiry dates for temporary blocks.
Dashboard > Fraud > Rules - Create and manage custom rules with configurable conditions, actions, and score contributions.
Dashboard > Fraud > Card Rules - Set card-specific rules including BIN restrictions, country limits, and amount thresholds per card type.
Best Practices
Always pass the real customer IP address for accurate geographic risk scoring
Review flagged transactions regularly in the dashboard to catch false positives
Add known fraudulent patterns to blacklists immediately after identifying them
Set overly aggressive velocity rules that block legitimate high-volume customers
Ignore REVIEW decisions - they require manual verification before processing
Related Resources
Learn more about securing your payment integration.