Introduction

Nuvei guarantees to do its best to detect and prevent fraud in real-time and offline, but at the end of the day, the Nuvei platform is a decision supportive system and your cooperation and actions are crucial to secure your processing account in the long term.

The purpose of this guide is to provide you with a smooth onboarding process, in a way that makes you aware of the risks involved in card-not-present (CNP) processing, as well as Nuvei’s products and services built from years of experience with mitigating risks.

The guide provides you with an overview of common terminology and regulations and describes your initial fraud screening profile that was customized for you during your onboarding process.

Your initial profile detailed in this guide might be different according to the rules’ compatibility/efficiency and emerging fraud trends.

To learn more about risk services contact us at RiskSupport@nuvei.com.

Nuvei Services

There are many fraud-screening services to help merchants assess the risk of a transaction and authenticate the cardholder to prevent chargebacks.

Nuvei provides you with three types of services for mitigating chargebacks:

• Standard services include real-time fraud prevention through Nuvei’s Rule Engine, access to the Case Management System, Screening Profile Overview and Chargeback Re-presentments.
• Personalized services include personal risk analysts.
• Added Value services include the 3D-Secure Authentication Program, Dynamic 3D, AVS check and CVV check.

Standard Services

Fraud Prevention Rule Engine

Nuvei’s rule engine provides real-time fraud prevention via your Nuvei payment page. The rule engine runs during the pre-authorization phase of a transaction and its decision can impact the flow of the authorization in the acquirer bank. Nuvei’s fraud screening rules can block or flag transactions for review for a particular user that matches the logical conditions of the rules. In addition, rules can be configured to automatically blacklist transactions according to elements such as credit card, email address, user ID, IP address and more.

The risk engine has three responses to transactions: accept the transaction, reject it, or flag it for review.

When the risk engine accepts a transaction, the transaction passes to the acquirer bank.

When the risk engine rejects a transaction, the transaction is not passed to the acquirer bank for authorization, and the merchant receives a detailed response with the reasons why that the transaction was rejected.

When the rule engine flags a transaction for review, the transaction passes to the Acquirer bank and the merchant receives a response with the reasons for review.

Additionally, you can refund or void suspicious transactions before they become chargebacks through the Case Management System.

Nuvei’s risk platform is proactive in combating fraudulent transactions and can be customized to your needs to automatically blacklist customers according to specific fraud rules or when a transaction has been reported as a chargeback.

Screening Profile Overview

Listed below are categories of rules available in the rule engine.

For the specific rules that have been configured to your account, please refer to the Control Panel, Risk > Client Fraud Rules:

The table below provides a list of the categories that are mapped to groups of Nuvei’s fraud screening rules. A category is displayed in the Nuvei Control Panel in the Transaction Report when a transaction is filtered due to a Custom Fraud Screen.

#	Rule Categories	#	Rule Categories
1	3D-Secure information	15	Inconsistency by IP address
2	Airline information	16	IP information
3	Banned Countries	17	List management global level
4	Billing information	18	List Management industry level
5	Credit Card Information	19	List management merchant level
6	Customer verification	20	Merchant information
7	Default Parameters	21	Merchant limits
8	Duplicate Charges	22	Merchant velocities
9	Geo-location	23	Names Conflict
10	Global Limits	24	Restricted Gambling Countries
11	Global velocities	25	Shipping information
12	Inconsistency by Billing address	26	Transactional information
13	Inconsistency by Credit Card	27	User information
14	Inconsistency by Email address	28	User Seniority

Case Management System

Nuvei’s Case Management system enables you to be proactive in your risk management. Through the Case Management system, your Risk Team can collaborate with the Nuvei Risk Team to mitigate the risks of fraudulent transactions and is embedded within Nuvei’s portal.

Through the Case Management system, real-time alerts are received for transactions that have been flagged for review by the rule engine, offline reports, or the Nuvei Risk Team.

With the Case Management system, you can independently review transactions, flag users, issue refunds, void transactions, perform follow-ups, blacklist and whitelist users and parameters such as Email addresses, and send live feedback to the Nuvei Risk Team. Nuvei logs all alerts and feedback in the system.

Merchants can cancel/void transactions prior to the transmission of the transaction to the acquiring bank. This allows merchants to decrease chargebacks and prevent even greater losses in cases where an affiliate sends bad traffic.

All alerts and merchant feedback are documented in the system. Nuvei’s Risk Team is able to measure the efficiency of fraud detection for each merchant’s account. The Risk Team can then further customize parameters and fine-tune the merchant’s risk profiles for better performance.

Chargeback Re-presentments

Nuvei handles disputes on behalf of clients. For more information about the re-presentment process and necessary documents, please refer to Appendix 5.

Personalized Services

Personalized services are customized services, which Nuvei can provide you in addition to standard services.

Risk Analyst

A personal risk analyst is responsible for your account in terms of monitoring and payment optimization including, but not limited to, reviewing fraud screening rules efficiency, chargeback ratio, fraud trends and conversion ratio. Your risk analyst is your focal point for any inquiry, customized analysis, or reports. The Risk Team handles post-process actions, such as blocks and whitelists, as well as answering merchant emails and inquires. For merchants eligible for personalized services, the Risk Team also performs manual reviews of suspicious transactions.

Emails to the risk analysts should be sent to RiskSupport@nuvei.com. They are then forwarded to your personal risk analyst.

You can reach a risk analyst at: +44 20 3051 3031 ext. 5666

Added Value Services

Added value services are provided by Nuvei in addition to the standard and personalized services. This section provides a brief description of the Nuvei’s added value services.

3D-Secure Authentication Program

3D-Secure is a credit card authentication program implemented by Visa and Mastercard to reduce fraudulent purchases by verifying the cardholder’s identity during online transactions. The Nuvei Gateway can act as an MPI (Merchant Plug-in) for 3D-Secure when processing transactions.

The benefits of implementing 3D-Secure include a reduction in disputed transactions and chargebacks with fraud reasons and their resulting financial expenses.

3D stands for three domains:

• Issuer Domain

The issuer is responsible for managing the enrollment of their cardholders to the service and the authentication of the cardholder during an online purchase.

• Acquirer Domain

The acquirer is responsible for ensuring that the merchant participating in the transaction is operating under a merchant agreement and is also responsible for the actual processing of the authenticated transaction.

• Interoperability Domain

This domain facilitates the transaction exchange between the other two domains with a common protocol and shared services.

Transaction Flow

 

ECI

An Electronic Commerce Indicator (ECI) value is the result of a 3DS authentication request, returned by a Directory Server (“issuer ACS”) (namely Visa, MasterCard, JCB, and American Express).

Possible ECI data values:

ECI = 5 (VISA), 2 (Mastercard): This value is set by the ACS in the Payer Authentication Response message when the cardholder successfully passes 3D-Secure payment authentication leading to a shift in liability.

ECI = 6 (VISA), 1 (Mastercard): This value is set by the merchant when the merchant attempted to authenticate the cardholder using 3D-Secure, but the issuer or cardholder was not participating, or set by an ACS when the issuer or cardholder was not participating, or an issuer ACS was not able to respond, leading to a shift in liability.

ECI = 7 (VISA), 6 (Mastercard): This value is set by the Merchant when the payment transaction was conducted over a secure channel (for example, SSL/TLS), but payment authentication was not performed, or when the issuer responded that authentication could not be performed, leading to no shift in liability.

Below is a table that contains the ECI Values:

CC type	ECI	Enrollment	Authentication	CHB protection
MasterCard	1	N		Yes
		Y	A	Yes
	2	Y	Y	Yes
			A	Yes
	6	U		No
		E		No
		Y	N	No
			E	No
			U	No
			A	No
Visa	5	Y	Y	Yes
			A	Yes
	6	N		Yes
		Y	A	Yes
	7	U		No
		E		No
		Y	N	No
			E	No
			U	No
			A	No

Whether you have a liability shift or not depends on the combination of the enrollment and authentication result.

Results Explanations

Result	Enrollment	Authentication
N	Cardholder not participating	Authentication failed
U	Unable to authenticate	Authentication could not be performed
E	Critical field validation failed	Error
Y	Card participate	Authentication successful
A	-	Attempts processing performed

Exceptional Cases

Every user has the right to ask their issuer bank for clarification and details. Even though a transaction was processed through 3D-Secure, a retrieval request or report as fraud may occur when a cardholder does not recognize a charge in their credit card’s monthly statement.

It is also possible to get a chargeback from any user who is authenticated via 3D-Secure, but only under the following circumstances:

1. The chargeback reason is a customer service reason.
2. The credit card is a commercial (corporate, business, gift card) credit card and the user was not fully authenticated.
3. When the ECI result is (for MasterCard: ECI=6) (for VISA: ECI=7) and the enrollment status or authentication status returned an error (U, E, N).

Enhanced 3D Options: Dynamic 3D

The Dynamic 3D feature allows Nuvei to dynamically manage a 3D-Secure flow for suspicious orders based on multiple criteria in the rule engine in real-time.

Nuvei minimizes the merchants’ risk of chargebacks and fraud, while converting high-risk traffic into payments instead of automatically rejecting them during the fraud screening flow.

Suspicious flagged users are given an option to pay via a secured flow, and if authentication has been successfully completed, Nuvei accepts these transactions as legitimate transactions and ensures a liability shift in the event of a chargeback.

Routing parameters include the following parameters:

• Credit card company
• Transaction amount
• Currency
• Issuer bank
• BIN
• Device type
• BIN or Billing country
• BIN – Billing location mismatch
• Seniority by card or email
• Website

CVV Check

CVV2 (Card Verification Value) reduces credit card fraud by ensuring that the card number is legitimate, and that the customer physically possesses the credit card. The CVV number is printed on the back side of a credit card next to the signature panel.

Nuvei connects to Visa, Mastercard and AMEX networks to verify that the card verification number that appears on the back of a credit card matches the credit card number provided by the customer.

The result can be seen in the Transaction Search section in the Control Panel or in the API response from our server.

The possible CVV2 responses are listed below:

Code	Result
M	CVV2 Match
N	CVV2 No Match
P	Not Processed
U	Issuer is not certified and/or has not provided Visa the encryption keys
S	CVV2 processor is unavailable

AVS Check

Address Verification Service (AVS) enables merchants to verify the address of a cardholder. Nuvei’s AVS checking service verifies the billing address of the credit card provided by the customer against the address on file at the credit card company.

AVS has almost full coverage in the US, Canada, and UK. (For rest of the world it is supported when the issuer supports it.) In order to be able to receive AVS results you need to make sure that you send the relevant information in the Address, City, ZIP Code, State, and Country fields for all transactions processed from these countries.

The result can be seen in the transaction search in the Control Panel and in the API response from our server.

When sending a transaction for address verification, you receive one of the following responses from the issuing bank:

Code	Summary	Value Description
X / Y / D / M / F	Match	Street address and ZIP code both match.
A / B	Partial Match	Street address matches, but ZIP code does not match.
W / Z / P	Partial Match	Street address does not match, but ZIP code matches.
N / I / C	No Match	Street address and ZIP code do not match.
G / S	Not Supported	Issuing bank does not support AVS.
U	System Unavailable	• Address information unavailable. Returned if non-US. • AVS is not available or the AVS in a U.S. bank is not functioning properly.
R	System Unavailable	Retry - Issuer's System Unavailable or Timed Out.