Home > Risk management
The Risk Management service consists of a range of automated checks that Worldpay applies to credit cards and Direct Debit payment attempts.
These checks are extra to the standard checks in Worldpay's payment service. They help reduce the risk of chargebacks from credit card companies or banks.
You can use the Risk Management page to add details (IP addresses, email addresses, cardholder names) to referral lists.
You may want to add entries to referral lists when, in the course of trading online, you encounter shoppers who abuse their card privileges or you suspect are involved in fraud attempts.
When a shopper makes a purchase from your website, our Risk Management service runs automated checks, and as part of these checks, entries on your referral lists are compared with data in a shopper's payment. If a match is found then payment processing is stopped before the authorisation request is made to the card issuer, and the transaction is given a payment status of REFUSED.
If it is active on your system, the Risk Management service works as follows:
1. Worldpay subjects all payment attempts to a number of risk screening checks.
2. Each check assigns a value, called the risk score, to payment attempts that trigger that particular check. The risk scores are set to default scores when your system is installed.
3. The sum of the risk scores indicates the likeliness of a fraudulent payment.
4. If a payment attempt obtains a total risk score over 50, a Caution message is displayed. If the total risk score is over 75, a Warning message is displayed. If the total risk score is equal to, or larger than, the predefined risk score limit of 100, it is automatically refused before being sent to the acquirer for authorisation. Note also that scores can be negative ('whitelists') or positive.
There are five types of check:
Referral list:These checks are based on stop lists and whitelists for credit card numbers and bank account numbers.
Velocity checks:These checks look at the number or the total amount of previous payments for a particular credit card or bank account number
Shopper Session:These checks analyse the current payment behaviour of the shopper as recorded in the session
Consistency checks:These checks look for logical patterns in shopper and payment data
Post-authorisation checks: These apply to payments already authorised, and require CVC/AVS data to be sent to the acquirer
For merchants who offer credit card payment methods with Card Validation (CVC/CVV) or Address Verification (AVS), additional checks can be applied on the CVC/CVV and AVS response from the acquirer after the payment has been authorised.
If one of these post-authorisation checks is triggered, its risk score is added to the existing total risk score of the payment. Authorised payments with a total risk score equal to, or larger than, a predefined risk score limit of 100 are automatically cancelled (rather than refused).
For more information about Risk Management, refer to the Risk Management Service Guide.