Fraud Analysts Analyzing Transactions
Analyzing transactions is a multi-step process that can involve:
cara
Only GAs, OAs, and Fraud Analysts (FAs) can analyze the user transactions for the organizations that are in their scope. The MA, UAs, and CSRs cannot perform this task.
Analyzing transactions is a multi-step process that can involve:
While looking at all the transactions based on the criteria that you specified in the Transactions Summary page, if you locate one or more suspect transactions, then you can further look into the details of these transactions (Viewing Case Details). You can further locate a pattern by viewing similar transactions (Viewing Similar Transactions and Viewing Related Transactions). After you have analyzed the details and discovered patterns, you can mark suspect transactions for further investigation by the CSRs (Marking Transactions for Further Investigation).
How to View Transactions Summary
Transactions can be filtered based on two criteria:
- Generic search criteria, such as Organization, Channel, Card Number, Date and Time, Rule used, Merchant details, and Device details.See How to Search for Transactions Based on Search Criteria for more details on this.
- Transaction ID, in addition to Organization and Channel information. You should use this method only if you know the correct Transaction ID.See How to Search for Transactions Based on Transaction ID for more details on this.
What are the Fields in the Transaction Summary Page explains the fields that are displayed in a typical transaction summary.
How to Search for Transactions Based on Search Criteria
To search for transactions based on search criteria:
- Ensure that you are logged in with proper credentials (GA, OA, or Fraud Analyst.)
- Activate theCase Managementtab in the main menu.
- Under theCase Managementsection, click theAnalyze Transactionslink.
- From theSelect Organizationlist, select the organization whose data you want to filter in the report.When the administrator has access to multiple perspectives in the system, theALL ISSUERSandALL ACQUIRERSoptions are available in theSelect Organizationdrop-down list. Otherwise, you see theALLorganizations option.The Analyze Transactions page for criteria-based search appears.
- From theSelect Channeldrop-down list, select the channel for which you want to view the transactions. Possible values are:
- All Channels
- Default
- 3D Secure
- ATM
- POS
- ECOM
- IMPS Beneficiary
- IMPS Remitter
- Enter the user identification information.The field differs based on the channel configured for the organization, as follows:
- Default, ATM, POS, ECOM:Enter User Name
- 3D Secure:Enter Card Number
- IMPS:Enter User Name
- Acquirer Organization ATM and POS:Enter Terminal IDIf you selectedALL ISSUERS,ALL ACQUIRERS, orALLorganizations in Step 4, this field is not enabled.
Organizationare displayed. - To filter the transactions based on specific criteria, perform either of the following steps:
- Select the pre-defined date range based on which you want to filter the transaction data in theTransaction Date FromandTofields
- Select theLast Transactionsoption and then select the time interval (in minutes) for which you want to see the latest transactions that were performed.
- From theRisk Advicelist, select the advices based on which you would like to filter the data.
- From theSecondary Authentication Statuslist, select the statuses based on which you would like to filter the data.
- From theFraud Statuslist, select the statuses based on which you would like to filter the data.
- From theRulelist, select the rule based on which you would like to filter the transaction data.If you want to see the transactions for all rules that matched, then ensure that the defaultAll Rulesoption is selected.
- (Only for 3D Secure)Enter the merchant name in theMerchantfield, and select the criteria (Exact,Starts with,Ends with,Contains) based on which you want to filter the transaction data.
- Enter theDevice IDof the device for which you would like to filter the transaction data.This field is displayed only if you selected an Issuer Organization.
- SelectDecrypt Sensitive Informationif you want to display the data in clear text.
- ClickSubmitto generate the Transactions Summary page.You can export the information directly to a CSV file by clicking theExportbutton.For a description of the fields on the Transactions Summary page, see What Are the Fields in the Transaction Summary Page.
How to Search for Transactions Based on Transaction ID
To search for transactions based on Transaction ID:
- Ensure that you are logged in with proper credentials (GA, OA, or Fraud Analyst.)
- Activate theCase Managementtab in the main menu.
- Under theCase Managementsection, click theAnalyze Transactionslink.
- From theSelect Organizationlist, select the organization whose data you want to filter in the report.When the administrator has access to multiple perspectives in the system, theALL ISSUER,ALL ACQUIRERandALL BENEFICIARYoptions are available in theSelect Organizationdrop-down list. Otherwise, you see theALLorganizations option.
- ClickSwitch to Transaction ID Based Search.The Analyze Transactions page for transaction ID based search appears.
- From theSelect Channeldrop-down list, select the channel for which you want to view the transactions.
- Enter theTransaction IDof the transaction that you want to analyze.
- SelectDecrypt Sensitive Informationif you want to display the data in clear text.
- ClickSubmitto generate the Transactions Summary pageYou can export the information directly to a CSV file by clicking the Export button.You can view transactions specific to a channel by clicking the specific channel tabs.
For a description of the fields on the Transactions Summary page, see What Are the Fields in the Transaction Summary Page.
What Are the Fields in the Transaction Summary Page
The following table describes the fields listed in the Transactions Summary page for the
Default
channel. Fields
| Description
|
Details | Click the detail link to look into the details of the transaction. |
User Name | The name of the user performing the transaction. |
Fraud Status | The fraud status of the case. This field can have one of the following statuses:
|
Fraud Type | The type of fraud. |
Country | Based on the IP Address, the country from which the transaction was performed. |
IP Address | The IP address of the system or device used for the purchase transaction. |
Matched Rule | The rule that matched and for which RA flagged the transaction as risky. |
Transaction Date | The timestamp when the transaction was performed. |
Risk Score | The overall risk score returned by RA for the corresponding transaction. This is a value between 0 and 100. |
Risk Advice | The action suggested by RA after evaluating the Risk Score of the transaction. The possible actions are:
|
Device ID | The ID of the device used for the transaction. |
Model Score | The risk score returned by the Model for the transaction. This is a value between 0 and 100. |
Secondary Auth Status | If the Risk Advice is INCREASE AUTHENTICATION , then this column specifies the result of the additional authentication that your application returned as feedback to RA. |
Account Type | The account type associated with the transaction. This column is displayed only if you have configured account types for the organization. |
Rule Results | The result of all the rules for the transaction. The result is Y or N . |
Account ID | If there is an account ID associated with the user, then this column specifies the account ID that was used to perform the transaction. |
Device Type | The type of device involved in the transaction. |
Transaction ID | The unique ID generated for each user transaction. |
OS | The operating system on the device that was used to perform the transaction. |
Browser | The browser that was used to perform the transaction. |
Device ID Status | The status of the Device ID:
|
Action | The type of transaction performed by the user, which can be:
|
AFPN Advice | Displays the AFPN advice if AFPN was invoked during the transaction or later. |
Organization | The organization to which the user belongs. Note: This field is displayed only if you selected ALL organizations in your search. |
The following table describes the fields listed in the Transactions Summary page for the
3D Secure
channel. Fields
| Description
|
Details | Click the detail link to look into the details of the transaction. |
Card Number | The card number of the user performing the transaction. |
Fraud Status | The fraud status of the case. This field can have one of the following statuses:
|
Fraud Type | The type of fraud. |
Country | Based on the IP Address, the country from which the transaction was performed. |
IP Address | The IP address of the system or device used for the purchase transaction. |
Merchant | The merchant involved in the transaction. |
Currency | The currency used in the transaction. |
Amount | The total transaction amount. |
Organization's Base Currency | The base currency defined for the organization. |
Amount in Organization's Base Currency | The transaction amount converted to the organization base currency. |
Matched Rule | The rule that matched and for which RA flagged the transaction as risky. |
Transaction Date | The timestamp when the transaction was performed. |
Risk Score | The overall risk score returned by RA for the corresponding transaction. This is a value between 0 and 100. |
Risk Advice | The action suggested by RA after evaluating the Risk Score of the transaction. The possible actions are:
|
Device ID | The ID of the device used for the transaction. |
Model Score | The risk score returned by the Model for the transaction. This is a value between 0 and 100. |
Secondary Auth Status | If the Risk Advice is INCREASE AUTHENTICATION , then this column specifies the result of the additional authentication that your application returned as feedback to RA. |
Transaction Status | The status of the transaction. |
Rule Results | The result of all the rules for the transaction. The result is Y or N . |
Device Type | The type of device involved in the transaction. |
Transaction ID | The unique ID generated for each user transaction. |
OS | The operating system on the device that was used to perform the transaction. |
Browser | The browser that was used to perform the transaction. |
Device ID Status | The status of the Device ID:
|
Action | The type of transaction performed by the user, which can be:
|
AFPN Advice | Displays the AFPN advice if AFPN was invoked during the transaction or later. |
Organization | The organization to which the user belongs. Note: This field is displayed only if you selected ALL organizations in your search. |
The following table describes the fields listed in the Transactions Summary page for the
ATM
and POS
channels. Field
| Description
|
Details | Click the detail link to look into the details of the transaction. |
TXID | The unique ID generated for each transaction. |
USERNAME/Terminal ID | The card number of the user performing the transaction (in the case of Issuer organizations) or the Terminal ID from where the transaction was performed (in the case of Acquirer organizations). |
Fraud Status | The status of the fraud. |
Fraud Type | The type of fraud. |
Processing Code | A series of digits that describes the type of transaction and the accounts affected by the transaction. |
PAN | Primary Account Number that indicates the valid cardholder account number. |
Datetime Local Txn | The local time at the ATM from where the transaction originated. |
Transaction Datetime | Time (Hours-Mins) extracted from the date/time when the ISO 8583 message was constructed in, represented in GMT/UTC. |
Transaction Amount | Amount involved in the transaction. |
Reversal Amount | Amount reversed during the transaction. |
Action | The type of transaction performed by the user, which can be: ATM:
POS: PURCHASE |
Transaction Status | The status of the transaction. |
Reversal Status | The status of the reversal transaction. |
Transaction Action Code | The code assigned to the transaction action. |
MTI | Message Type Identifier. This is a 4-digit field that classifies the high-level function of the ISO 8583 message (consisting of Message Version, Message Class, Message Function, and Message Origin). |
Matched Rule | The rule that matched and for which RA flagged the transaction as risky. |
Score | The overall risk score returned by RA for the corresponding transaction. This is a value between 0 and 100. |
Merchant Category | Category code of the merchant involved in the transaction. |
POS Entry Mode | Indicates the method used to enter the account number. |
Acceptor Address | Address of the card acceptor. |
Acceptor City | City from which the transaction originated. |
Acceptor State | State from which the transaction originated. |
Card Accept Country | The code identifying the country of the acquiring institution. |
Acquirer Country | Country where the acquiring institution for the POS is located. |
Acceptor Terminal Id | Code that identifies a card acceptor terminal or a POS. |
Acceptor Id | ID of the card acceptor (merchant) operating the POS. |
ACQ Bin | Acquirer BIN of the merchant where the transaction was made. |
POS Condition Code | (Only POS) Indicates the transaction conditions at the POS. |
RRN | Retrieval Reference Number that helps identify and track all messages related to a given cardholder transaction. |
Response Code | The response to a request for a transaction. |
Advice | The action suggested by RA after evaluating the Risk Score of the transaction. The possible values are:
|
AFPN Advice | Displays the AFPN advice if AFPN was invoked during the transaction or later. |
Organization | The organization to which the user belongs. Note: This field is displayed only if you selected ALL organizations in your search. |
The following table describes the fields listed in the Transactions Summary page, specific to the
IMPS Beneficiary
and IMPS Remitter
channel. All other fields are the same as those in ATM or POS channels.Field
| Description
|
Beneficiary Account Number | The bank account number of the Beneficiary. This field is applicable for transactions of type Person to Account (P2A). This value is a combination of IFSC-code and bank account number. |
Beneficiary IMPSID | The user name used to identify the Beneficiary. |
Beneficiary Mobile Number | The mobile number of the Beneficiary. |
IMPS Mode | A 2-digit value that denotes the IMPS transaction type. |
Remitter IMPSID | The user name used to identify the Remitter. |
Remitter Mobile Number | The mobile number of the Remitter. |
The following table describes the fields listed in the Transactions Summary page, specific to the ECOM channel. All other fields are the same as those in ATM or POS channels.
Field
| Description
|
ECI Indicator | A 2-digit value that denotes how the eCommerce transaction was authenticated. |
Shopper country | The shopper's country. |
How to View Case Details
The Transactions Summary page can also be used to view details of any specific transaction or case.
To view details of a specific case, in the Transactions Summary page, click the required
detail
link in the corresponding Details
column. The transaction details are displayed on the resulting (Transaction Details) page. This page lists the details of the selected transaction, and also allows you to further filter transactions on the basis of available parameters.The following table describes the fields listed in the Transaction Details page.
Description
| |
Basic Transaction Details (Default and 3D Secure)
| |
Transaction ID | The unique identifier of the transaction. |
Transaction Date | The timestamp when the transaction was performed. |
Action | The type of transaction performed by the user, which can be:
|
User Name | (Only Default) The name of the user who performed the transaction. |
Card Number | (Only 3D Secure) The card number of the user who performed the transaction. |
Fraud Status | The current status of the fraud. Possible values are:
|
Device ID | The ID of the device used for the transaction. |
Risk Advice | An action suggested by the Risk Assessment module after evaluating the risk score of the selected transaction. The possible actions are:
|
Matched Rule | The rule that matched and for which RA flagged the transaction as risky. |
Secondary Auth Status | If the Risk Advice is INCREASE AUTHENTICATION , then this column specifies the result of the additional authentication that your application returned as feedback to RA. The possible values are Success and Failure. |
Transaction Status | (Only 3D Secure) The status of the transaction. |
Model Score | The risk score returned by the Model for the transaction. |
Risk Score | The overall risk score returned by RA for the corresponding transaction. This is a value from 0 through 100. |
User State | The state assigned to the user by the Customer Support Representative (CSR). Possible values are:
|
Basic Transaction Details (ATM and POS)
| |
TXID | The unique ID generated for each transaction. |
USERNAME/Terminal ID | The card number of the user performing the transaction (in the case of Issuer organizations) or the Terminal ID from where the transaction was performed (in the case of Acquirer organizations). |
Fraud Status | The current status of the fraud. Possible values are:
|
Transaction Amount | Amount involved in the transaction. |
Reversal Amount | The reversal amount involved in the transaction. |
Action | The type of transaction performed by the user, which can be: ATM:
POS: PURCHASE |
Transaction Status | The status of the transaction. |
Reversal Status | The status of the reversal transaction. |
Matched Rule | The rule that matched and for which RA flagged the transaction as risky. |
Score | The overall risk score returned by RA for the corresponding transaction. This is a value between 0 and 100. |
Merchant Category | (Only POS) Category code of the merchant involved in the transaction. |
POS Entry Mode | (Only POS) Indicates the method used to enter the account number. |
Acquirer Country | Country where the acquiring institution for the POS is located. |
Acceptor Terminal ID | Code that identifies a card acceptor terminal or a POS. |
Acceptor ID | ID of the card acceptor (merchant) operating the POS. |
ACQ Bin | Acquirer BIN of the merchant where the transaction was made. |
POS Condition Code | Indicates the transaction conditions at the POS. |
Advice | The action suggested by RA after evaluating the Risk Score of the transaction. |
User State | The state assigned to the user by the Customer Support Representative (CSR). Possible values are:
|
Other Transaction Details (Only 3D Secure)
| |
Merchant ID | Unique identifier of the merchant involved in the transaction. |
Merchant | Name of the merchant involved in the transaction |
Merchant URL | URL of the merchant involved in the transaction. |
Currency | The currency in which the transaction was performed. |
Amount | The total transaction amount. |
Organization's Base Currency | The base currency defined for the organization. |
Amount in Organization's Base Currency | The transaction amount converted to the organization base currency. |
Location Details (Only Default and 3D Secure)
| |
IP Address | The IP address of the system or device used for the purchase transaction. |
City | The city where the transaction was performed by the user. |
State | The state to which the user belongs. |
Country | The country to which the user belongs. |
Connection Type | The connection type between the user’s device and their Internet Service Provider. The possible values are:
|
Line Speed | The speed of the user’s internet connection. This is based on the Connection Type. |
IP Routing Type | The IP routing method used for the connection. The possible values are:
|
Anonymizer Type | The type of anonymizer, if any, used for the connection. The possible values are:
|
Risk Assessment Details
| |
MFP Match % | The match percentage of the incoming Machine FingerPrint (MFP) with the value stored in the RA database. This is a numeric value. |
User Known | Whether the User Known rule matched. The possible values are:
|
Exception User Check | Whether the Exception User Check rule matched. The possible values are:
|
Negative Country Check | Whether the Negative Country Check rule matched. The possible values are:
|
Device MFP Match | Whether the Device MFP Match rule matched. The possible values are:
|
Trusted IP/Aggregator Check | Whether the Trusted IP/Aggregator Check rule matched. The possible values are:
|
Untrusted IP Check | Whether the Untrusted IP Check rule matched. The possible values are:
|
User Velocity Check | Whether the User Velocity Check rule matched. The possible values are:
|
DeviceID Known | Whether the Device ID Known rule matched. The possible values are:
|
Device Velocity Check | Whether the Device Velocity Check rule matched. The possible values are:
|
Zone Hopping Check | Whether the Zone Hopping Check rule matched. The possible values are:
|
User Associated with DeviceID | Whether the User-Device Association was found in the RA database. The possible values are:
|
Device Details
| |
Device Type | Type of device involved in the transaction. |
OS | The operating system on the device that was used to perform the transaction. |
Browser | The browser that was used to perform the transaction. |
Device ID Status | The status of the Device ID:
|
How to View Similar Transactions
The small table at the end of the transaction details enables you to specify filter criteria to extract fine-grained data for similar transactions from the RA database.
Transactions can be further filtered on the basis of the following parameters:
- Same User Name: (Only Default) By selecting this option, you can extract all transactions that belong to the same user whose data you are currently viewing.
- Same Device ID: (Default and 3D Secure) By selecting this option, you can extract all transactions done by using the same device that is used for the current transaction details that you are viewing.
- Same IP Address: (Default and 3D Secure) By selecting this option, you can extract all transactions that have the same IP address as the current transaction details that you are viewing.
- Same Card Number:(Only 3D Secure) By selecting this option, you can extract all transactions that have been made using the same card number as the current transaction details that you are viewing.
- Same Merchant:(Only 3D Secure) By selecting this option, you can extract all transactions that have been made at the same merchant as the current transaction details that you are viewing.
- Same PAN:(Only ATM and POS for Issuer organizations) By selecting this option, you can extract all transactions that belong to the same PAN as the current transaction details that you are viewing.
- Same Terminal ID:(Only ATM and POS for Acquirer organizations) By selecting this option, you can extract all transactions that were performed from the same terminal as the current transaction details that you are viewing.
- Transaction Date: By specifying a date range (using theFromandTofields), you can further filter all transactions that were performed in the specified time period.
- Last Transactions:By selecting the required time interval (in minutes), you can further filter all the latest transactions that were performed in the specified interval.
How to View Related Transactions
To view the related transactions:
- In the Transaction Details page, select from the following options depending on the channel:
- Same User Name
- Same Device ID
- Same IP Address
- Same Card Number
- Same Terminal ID
- Same Merchant
- Same PAN
- Perform either of the following steps:
- Enter a date range in theTransaction Date FromandTofields.
- Select theLast Transactionsoption and then select latest time interval for which you want to see the related transactions.
- ClickShow.The Transactions Summary page appears, displaying the records that matched the criteria.
How to Mark Transactions for Further Investigation
After you have analyzed the details of suspect transactions or discovered patterns, you can mark suspect transactions for further investigation by the CSRs. To do so:
- Ensure that you are logged in with the required privileges (GA, OA, or Fraud Analyst.)
- Display the Transactions Summary page, as discussed in How to View Transactions Summary.
- Review the transactions that are displayed based on the criteria that you specified.See How to View Case Details.
- If you want to display similar patterns, follow the steps in How to View Similar Transactions.
- Scroll back to the Transactions Summary table.
- Select the transactions that you suspect by selecting the check boxes corresponding to the transaction in the table.
- Click theMark for Investigationbutton to generate cases for the transactions you marked.These cases will now appear in the case lists for the CSRs to work on.