Skip to main content

Overview

Ionic provides a comprehensive fraud protection suite to help merchants prevent fraudulent transactions, reduce chargebacks, and protect their business from financial loss.
Our multi-layered fraud prevention approach combines real-time fraud scoring, address verification, card validation, and authentication protocols to provide maximum protection.
Key Fraud Protection Features:
  • Kount Fraud Detection - Real-time fraud scoring and device fingerprinting
  • Address Verification System (AVS) - Address matching validation
  • Card Verification Value (CVV) - Security code validation
  • 3D Secure Authentication - Enhanced cardholder authentication (3DS 1.0 and 2.0)
  • Velocity Checking - Rapid transaction detection
  • Chargeback Management - Dispute tracking and notifications
  • EMV Liability Shift - Counterfeit fraud protection for card-present transactions
  • PCI DSS Level 1 Compliance - Industry-standard data security

Fraud Protection Layers

Real-Time Fraud Scoring

Kount provides advanced fraud detection using machine learning, device fingerprinting, and behavioral analysis to score every transaction in real-time.Key Benefits:
  • Real-time fraud risk scoring (0-100)
  • Device fingerprinting and tracking
  • Velocity checks across multiple dimensions
  • Customizable fraud rules and thresholds
  • Geolocation analysis
  • Email and phone validation
How It Works:
  1. Collect device data from customer browser
  2. Submit Kount session ID with transaction
  3. Kount analyzes 200+ data points in real-time
  4. Receive fraud score and recommendation
  5. Apply rules based on your risk tolerance
Integration Options:
  • Payment API integration
  • Collect.js integration
  • Gateway.js integration
  • Manual device data collection

Kount Fraud Detection

Implementation

1

Initialize Gateway.js

Include Gateway.js and create an instance with your API key
<script src="https://api.ionicfi.com/js/Gateway.js"></script>
<script>
  const gateway = Gateway.create({
    apiKey: 'YOUR_PUBLIC_API_KEY',
    environment: 'sandbox'
  });
</script>
2

Get Kount Service

Retrieve the Kount service instance
const kount = gateway.getKount();
3

Collect Device Data

Collect device fingerprinting data from customer browser
kount.collectDeviceData(function(sessionId) {
  console.log('Kount Session ID:', sessionId);
  // Store session ID for transaction submission
  window.kountSessionId = sessionId;
});
4

Submit with Transaction

Include Kount session ID in your payment request
// Submit payment with Kount data
submitPayment({
  type: 'sale',
  amount: '99.99',
  ccnumber: '4111111111111111',
  ccexp: '1225',
  cvv: '999',
  kount_session_id: window.kountSessionId
});
5

Review Fraud Score

Analyze the fraud score returned in the transaction response
// Response includes fraud score
{
  response: '1',
  responsetext: 'SUCCESS',
  kount_score: '25',
  kount_decision: 'A' // A=Approve, D=Decline, R=Review
}

Fraud Score Interpretation

Kount returns a fraud score from 0-100 with each transaction:
Score RangeRisk LevelRecommendationAction
0-20LowApproveProcess transaction normally
21-40Medium-LowApprove with monitoringProcess but flag for review if patterns emerge
41-60MediumReview requiredManual review before fulfillment
61-80Medium-HighDecline or reviewDecline automatically or require verification
81-100HighDeclineReject transaction
Configure your fraud score thresholds in the merchant control panel based on your risk tolerance and business model. E-commerce businesses may have different thresholds than digital goods merchants.

Testing Kount

In sandbox mode, use these email patterns to trigger specific fraud scores: 
# Low risk transaction
email=[email protected]
# Returns: kount_score=10 (Low risk)

# Medium risk transaction
email=[email protected]
# Returns: kount_score=50 (Medium risk, review required)

# High risk transaction
email=[email protected]
# Returns: kount_score=90 (High risk, decline)

# Critical risk transaction
email=[email protected]
# Returns: kount_score=95 (Critical risk)

AVS and CVV Validation

Implementing AVS/CVV Checks

<?php
function validateFraudChecks($result) {
    // Check primary response
    if ($result['response'] != '1') {
        return [
            'approved' => false,
            'message' => 'Transaction declined: ' . $result['responsetext']
        ];
    }

    // Define acceptable AVS codes
    $avs_acceptable = ['X', 'Y', 'A', 'Z', 'W', 'D', 'M'];
    $avs_match = in_array($result['avsresponse'], $avs_acceptable);

    // Check CVV
    $cvv_match = ($result['cvvresponse'] == 'M');

    // Determine if manual review needed
    $needs_review = !$avs_match || !$cvv_match;

    if ($needs_review) {
        // Flag for manual review
        flagForReview($result['transactionid'], [
            'avs' => $result['avsresponse'],
            'cvv' => $result['cvvresponse'],
            'reason' => !$avs_match ? 'AVS mismatch' : 'CVV mismatch'
        ]);
    }

    return [
        'approved' => true,
        'transaction_id' => $result['transactionid'],
        'needs_review' => $needs_review,
        'avs_match' => $avs_match,
        'cvv_match' => $cvv_match
    ];
}
?>

AVS Response Codes

CodeDescriptionStreetZIPRecommendation
XExact match✅ (9-digit)✅ Accept
YMatch✅ (5-digit)✅ Accept
AAddress only⚠️ Review
WZIP only (9-digit)⚠️ Review
ZZIP only (5-digit)⚠️ Review
NNo match⛔ Decline/Review
UUnavailable--⚠️ Review
RRetry--🔄 Retry
EAVS error--⚠️ Review
SNot supported--- Accept
GGlobal non-verifiable--- Accept

Testing AVS/CVV

Use these test cards to simulate different AVS/CVV scenarios:
Card NumberAVSCVVDescription
4111111111111111XMFull match - Low fraud risk
4000000000000002NNNo match - High fraud risk
4242424242424242YMAddress + ZIP match
4000000000000101AMAddress match only
4000000000000200ZMZIP match only
4000000000000085NMNo address match
4000000000000093YNCVV mismatch - Fraud indicator

3D Secure Authentication

Combined 3D Secure + Kount Integration

For maximum fraud protection, combine 3D Secure authentication with Kount fraud detection: 
const gateway = Gateway.create({
    apiKey: 'YOUR_PUBLIC_API_KEY',
    environment: 'sandbox'
});

const threeDSecure = gateway.get3DSecure();
const kount = gateway.getKount();

// Step 1: Collect Kount device data
kount.collectDeviceData(function(kountSessionId) {

    // Step 2: Collect payment token
    CollectJS.configure({
        callback: function(token) {

            // Step 3: Perform 3DS authentication
            threeDSecure.configure({
                amount: '99.99',
                currency: 'USD',
                billingAddress: {
                    firstName: 'John',
                    lastName: 'Doe',
                    address1: '123 Main St',
                    city: 'New York',
                    state: 'NY',
                    zip: '10001',
                    country: 'US'
                }
            });

            threeDSecure.authenticate(token, function(threeDSResult) {

                if (threeDSResult.authenticated) {
                    // Step 4: Submit with both 3DS and Kount data
                    submitPayment({
                        payment_token: token,
                        amount: '99.99',
                        // 3D Secure fields
                        cardholder_auth: threeDSResult.cardholder_auth,
                        cavv: threeDSResult.cavv,
                        xid: threeDSResult.xid,
                        eci: threeDSResult.eci,
                        // Kount fraud detection
                        kount_session_id: kountSessionId
                    });
                } else {
                    // Authentication failed - high fraud risk
                    showError('Authentication failed. Please try a different payment method.');
                }
            });
        }
    });
});

3D Secure Testing

Test 3D Secure authentication flows:
Card Number3DS ResultDescription
4000000000001000AuthenticatedFull authentication successful
4000000000001091AuthenticatedFrictionless flow (no challenge)
4000000000001018UnavailableAuthentication unavailable
4000000000001034FailedAuthentication failed
4000000000001042ChallengeChallenge flow required

Velocity Checking

Velocity Rule Configuration

Configure velocity rules in the merchant control panel to detect suspicious patterns: Common Velocity Rules:
Rule: Maximum 3 transactions per card per 10 minutesPurpose: Prevent fraudsters from testing stolen card numbersAction: Decline subsequent transactions, flag IP for review
Rule: Maximum 5 transactions per IP per hourPurpose: Detect automated fraud attemptsAction: Require CAPTCHA or additional verification
Rule: Maximum $1,000 per card per dayPurpose: Prevent large-scale fraudAction: Hold for manual review if exceeded
Rule: Maximum 3 failed attempts per card per dayPurpose: Detect card testing and brute force attemptsAction: Block card temporarily, alert fraud team

Testing Velocity Rules

Test velocity detection with rapid transactions: 
# Transaction 1
curl -X POST https://api.ionicfi.com/api/transact.php \
  -d "security_key=YOUR_KEY" \
  -d "type=sale" \
  -d "amount=10.00" \
  -d "ccnumber=4111111111111111" \
  -d "ccexp=1225" \
  -d "cvv=999"

# Transaction 2 (immediately after)
curl -X POST https://api.ionicfi.com/api/transact.php \
  -d "security_key=YOUR_KEY" \
  -d "type=sale" \
  -d "amount=10.00" \
  -d "ccnumber=4111111111111111" \
  -d "ccexp=1225" \
  -d "cvv=999"

# May trigger velocity check based on your configured rules

Chargeback Management

Chargeback Notifications

Receive real-time chargeback notifications via webhooks: 
{
  "event": "chargeback.received",
  "chargeback_id": "CB123456",
  "transaction_id": "123456789",
  "amount": "99.99",
  "reason_code": "10.4",
  "reason": "Other Fraud - Card Absent Environment",
  "due_date": "2025-11-15",
  "timestamp": "2025-10-30T10:30:00Z"
}
CodeDescriptionPrevention
10.1EMV Liability Shift CounterfeitUse EMV chip readers
10.2EMV Liability Shift Non-CounterfeitImplement 3D Secure
10.3Other Fraud - Card PresentVerify ID, check signature
10.4Other Fraud - Card AbsentUse AVS/CVV, 3D Secure, Kount
10.5Visa Fraud Monitoring ProgramMonitor fraud rates, strengthen security

Chargeback Prevention Strategies

Use 3D Secure

Shift liability and reduce fraud chargebacks by up to 70%

Verify AVS/CVV

Decline transactions with address or CVV mismatches

Enable Kount

Real-time fraud scoring prevents fraudulent transactions

Clear Descriptors

Use recognizable statement descriptors to prevent confusion

Save Evidence

Retain transaction logs, IP addresses, and delivery confirmation

Fast Fulfillment

Ship quickly and provide tracking to prevent “merchandise not received” claims

Fraud Prevention Best Practices

Required Fields for Fraud Prevention

Always collect these fields to maximize fraud detection:
FieldPurposeExample
cvvVerify physical card possession999
ipaddressGeolocation and velocity tracking192.168.1.1
emailCustomer verification and Kount scoring[email protected]
phoneCustomer verification212-555-1234
address1AVS validation123 Main St
cityAVS validationNew York
stateAVS validationNY
zipAVS validation10001
Best Practice: Including CVV significantly improves approval rates and reduces fraud. Always include customer IP address for fraud detection and geolocation analysis.

Fraud Detection Decision Flow

Implementation Checklist

  • Collect CVV for all card-not-present transactions
  • Enable AVS validation
  • Configure AVS/CVV decline rules
  • Collect customer IP address
  • Set up duplicate transaction checking
  • Implement Kount fraud detection
  • Configure fraud score thresholds
  • Set up velocity rules
  • Enable device fingerprinting
  • Create manual review workflows
  • Implement 3D Secure for high-risk transactions
  • Configure 3D Secure exemptions
  • Test authentication flows
  • Handle authentication failures gracefully
  • Set up chargeback webhooks
  • Monitor fraud rates daily
  • Review flagged transactions
  • Maintain transaction evidence
  • Track fraud trends and patterns

Testing Your Fraud Protection

Comprehensive Testing Scenarios

Test all fraud protection features before going live:
1

Test Kount Integration

# Test low risk
email=[email protected]
# Expected: kount_score=10

# Test high risk
email=[email protected]
# Expected: kount_score=90
2

Test AVS/CVV Validation

# Test AVS mismatch
ccnumber=4000000000000002
address1=123 Test St
zip=99999
# Expected: avsresponse=N

# Test CVV mismatch
ccnumber=4000000000000093
cvv=999
# Expected: cvvresponse=N
3

Test 3D Secure

# Test successful authentication
ccnumber=4000000000001000
# Expected: authenticated=true, cardholder_auth=Y

# Test failed authentication
ccnumber=4000000000001034
# Expected: authenticated=false
4

Test Velocity Rules

# Submit multiple rapid transactions with same card
# Expected: Subsequent transactions flagged or declined

Fraud Rate Monitoring

Key Metrics to Track

Monitor these metrics in your merchant control panel:
MetricTargetAction Threshold
Fraud Rate< 0.5%> 1% - Review settings
Chargeback Rate< 0.9%> 1% - Risk of penalties
3DS Authentication Success> 95%< 90% - Review flow
AVS Match Rate> 85%< 80% - Review requirements
CVV Match Rate> 95%< 90% - Review requirements
Average Kount Score< 30> 40 - Tighten rules
Excessive chargebacks (above 1%) can result in fines, increased processing fees, or account termination. Monitor fraud rates closely and adjust protection settings as needed.

Configuration

Merchant Control Panel Settings

Configure fraud protection in your merchant portal: Navigation: Settings > Fraud Prevention
  • Enable/disable AVS checking
  • Set acceptable AVS codes
  • Enable/disable CVV checking
  • Configure CVV mismatch action (decline/flag)
  • Set international AVS handling

Next Steps

Gateway.js Integration

Implement 3D Secure and Kount fraud detection

Response Codes

Understand AVS, CVV, and fraud response codes

Webhooks

Set up chargeback and fraud event notifications

Testing Guide

Test your fraud prevention implementation

Payment Variables

Fraud-related API parameters

Go Live Checklist

Prepare for production with fraud protection