Risk Factor Codes
CyberSource Advanced Fraud Screen (AFS) uses Risk Factor Codes, which provide additional information about an AFS score, to help you rapidly assist customers whose orders have been declined. These codes provide valuable information for your customer service representatives at your call center, helping them decide how best to resolve customer inquiries.
Risk Factor Codes empower customer service agents to identify reasons for a high score enabling them, in some cases, to "save" sales that look suspicious but that are actually good orders. They can also provide you and CyberSource with information that can be used to better calibrate the system to maximize fraud detection and minimize future insults.
As a merchant, you are encouraged to build custom support screens that integrate the Risk Factor Codes into your customer service process. These fields are also displayed on the support screens that CyberSource provides. In some cases, you might prefer to use these results to decipher and filter the Risk Factor Codes, in real time, to initiate customer service measures.
Risk Factor Codes
| Excessive Address Change | A | The customer changed the billing address two or more times in the last six months. |
| Card BIN or authorization risk | B | Risk factors are related to credit card BIN and/or card authorization checks. |
| High number of account numbers | C | The customer used more than six credit cards numbers in the last six months. |
| Domain (Host) Impact | D | The customer had a risky IP or email address.. |
| Positive list | E | The customer is on your positive list. |
| Negative list | F | The account number, street address, email address, or IP address for this order appears on your negative list. |
| Geolocation Inconsistency | G | The customer's email domain, phone number, billing address, shipping address, or IP address is suspicious. |
| Excessive name changes | H | The customer changed the name two or more times in the last six months. |
| Internet Inconsistency | I | The IP address and email domain are not consistent with the billing address. |
| Nonsensical Input | N | The customer name and address fields contain meaningless words or language. |
| Obscenities | O | The end user input contains obscene words. |
| Identity morphing | P | Multiple values of an identity element are linked to a value of a different identity element. For example, multiple phone numbers are linked to a single account number. |
| Phone Inconsistencies | Q | The customer's phone number is suspicious. |
| Risky Order | R | This order displays multiple high-risk correlations among the transaction, consumer, and merchant information. |
| Time hedge | T | The customer is attempting a purchase outside of the expected hours. |
| Unverifiable Address | U | The billing or shipping address cannot be verified. |
| Velocity | V | The account number was used many times in the past 15 minutes. |
| Marked as suspect | W | The billing or shipping address is similar to an address previously marked as suspect. |
| Gift Order | Y | The street address, city, state, or country of the billing and shipping addresses do not correlate. |
| Invalid value | Z | Because the request contains an unexpected value, a default value was substituted. Although the transaction can still be processed, examine the request carefully for abnormalities in the order. |
| Time | | Displays the order time in the customer's local time in 00:00 format. |
| Host Severity | | Numeric 0-5 format; the risk associated with the customer's email domain; 0 = low risk; 5 = high risk. |
