What is iSpyFraud?

Welcome to the detailed user guide for iSpyFraud, a rule-set based fraud management utility that allows

merchants to configure extensive filters to aid in the detection of fraud by screening transactions

throughout the processing lifecycle. As it operates in real-time, iSpyFraud can decline transactions both

before and after authorization, which can potentially mitigate high chargeback volume and offer

merchants peace of mind when it comes to their own security, as well as that of their customers.

Basic Uses

Though there are countless ways to use iSpyFraud based on varying scenarios merchants might

encounter, there are certain uses of the software that could be considered universally relevant,


1. Monitoring and controlling transactions during a given timeframe by setting rules based on a

combination of many parameters, including the following:

a. Transaction count

b. Transaction amount

c. IP address

d. User location

e. Credit card number

f. Credit card brand

2. Limiting internal credit card fraud or abuse attempts

3. Blocking transactions from specific countries

4. Reviewing suspect transactions in order to take action prior to settlement

The following instructions will aid merchants in choosing the settings that will prove most useful for

them depending on the specific needs of their business. In addition to this guide, assistance can be

accessed through our support team, which can be reached at (800) 617-4850 ext. 1 from 8 am-6pm

central time, or at support@nmi.com.

iSpyFraud Detailed Guide

Getting Started

When a merchant logs into the gateway, iSpyFraud can be found as a link under “Other Services” on the

left side of the page. The link will take the merchant to the program’s General tab.

Other than geography bans on transactions from certain countries, there are no default settings in

place. There are default geography bans on the following countries (as sent in the Country field):






Czech Republic



Iran (Islamic Republic of)




Macedonia, the Former Yugoslav Republic of




Russian Federation



Viet Nam


The countries on this list are frequently the origin of fraudulent international transactions. The merchant

can remove any of them from the ban list at will (see User Ban tab section for instructions).

General Tab

The General tab gives basic information about what iSpyFraud does and has a brief overview of its

contents. Note the tabs at the top of the screen, which browses to different sections within the iSpyFraud


Thresholds Tab

The Thresholds tab allows a merchant to set a variety of parameters on attempted or approved

transactions, and these rules give the merchant the option to either Flag for Review or Deny

Transaction. There are two main sections, titled Add/Edit Credit Card Rules and Add/Edit IP Address

Rules, and the options in each section direct the merchant to set a threshold on a certain aspect of a

transaction. These thresholds can be set in a combination of ways to track and/or block certain types of

activity that may point to fraud.

For example, there are two rules pertaining to a single transaction amount. If the merchant doesn’t sell

anything under $20, they can set transactions for anything less than $20 to be flagged for review or

denied. This can help prevent card testing, in which a fraudster might charge small amounts to a large

number of credit cards.

In another case, a merchant with a subscription-based business might use the option to limit the attempted

number of transactions; the merchant can flag for review transactions beyond the initial subscription fee

that come from the same IP address within the same day to ensure that they’re not fraudulent.

To set thresholds, the merchant simply chooses (if applicable) whether they wish to screen attempted or

approved transactions (drop-down), enters the desired values, and then chooses whether the end result

of a suspicious transaction should be to flag it for review or deny its approval (dropdown). Once these

choices have been made, the merchant clicks “Update.” Each rule must be updated individually.

For a more in-depth look at some possible uses of the Thresholds tab, see Use Cases.

User Ban Tab

The bans/flags in this tab are considered static, in the sense that they don’t depend on the behavior of

the user (the consumer). In each section, the merchant chooses what users or types of users to ban/flag and any transactions originating with those users will either be banned outright or flagged for review,

depending on the merchant’s selections. Each section gives the option to View current bans and Add

new bans. When the merchant clicks to the “View” screen, they also have the option to Delete any

currently banned users.

There are seven sections in the User Ban tab:

1. IP Addresses

a. Merchants can ban/flag a single IP, multiple IPs from the same block, or a range of IPs

b. Merchants can specify a timeframe (number of days) in which to ban/flag IPs or make
the ban/flag indefinite

2. Credit Cards

a. Merchants can ban/flag a single credit card number, multiple credit card numbers, or all
credit card numbers with matching BINs

b. Merchant can specify a timeframe (number of days) in which to ban/flag credit card

numbers, or make the ban/flag indefinite

3. Geographical Information

a. Merchants can ban/flag transactions from any country

b. Merchants can specify a timeframe (number of days) in which to ban/flag a country, or
make the ban/flag indefinite

c. A ban/flag on a specific country will automatically check for any billing/shipping
addresses from that country and ban/flag users based on that information, and the
merchant can also choose whether or not to verify IP addresses from that country

4. US/Non-US IP Ban

a. Merchants can choose three actions (Nothing, Ban, or Flag for Review) for transactions
that have a billing country of US but a source IP address outside the US

i. Unlike with the other sections in this tab, there is no timeframe specified for
this ban

ii. Merchants who do not send the Country field with their transactions can set a
US Country Default, which will assume (for the purposes of this particular ban)
that the Billing Country is the US.

5. User Information

a. Merchants can ban/flag specific customers based on customer user IDs, which
merchants can assign via the use of Customer Vault. User IDs outside of Customer Vault
can also be submitted by the merchant via API or by providing the billing email in the

b. Merchants can specify a timeframe (number of days) in which to ban/flag certain users,
or make the ban/flag indefinite

6. Email Address

a. Merchants can ban/flag customers by email address, or ban/flag any customer using an
email address with a particular domain

b. Merchants can specify a timeframe (number of days) in which to ban/flag certain emails
or domains, or make the ban/flag indefinite

7. Batch Ban

a. Merchants can upload up to 5000 entries for a specific ban type at once

b. Types can be chosen using the radio buttons above the Batch Data Box—merchants can
select from IP/Range, Credit Card/Bank, User ID, and Email

i. Only one type of data may be uploaded at a time

c. Merchants can specify a timeframe (number of days) in which to ban/flag certain values,
or make the ban/flag indefinite

Note: For any of the IP Address selections to work, the Merchant must collect the public-facing IP

address from the consumer and provide it with the transaction.

For a more in-depth look at some possible uses of the User Ban tab, see Use Cases.

Exceptions Tab

The Exceptions tab goes hand in hand with the User Ban tab, and is considered the “whitelist” to the

User Ban’s “blacklist.” In other words, merchants can use the Exceptions tab to make concessions for

certain known users that would otherwise be banned or flagged under the restrictions in the User Ban


Any exception overrules all other rules. For example, if credit card 4111111111111111 is added to

exceptions, the domain @gmail.com is banned, and the country Canada is banned, a transaction using

“4111111111111111, test@gmail.com, and Canada” will be approved.

Merchants can create exceptions for

 IP Address

 Credit Card

 User ID

 Email Address

Exception values can also be uploaded using the same process as batch bans.

Waiting Review Tab

Merchants can view and take action on flagged transactions here; merchants can either void

transactions that are in waiting review or allow them to settle by indicating that the review is complete.

If no action is taken, transactions awaiting review will settle at the time set in the Merchant's Settlement


Merchants will be able to see which rule triggered the review.

History Log Tab

The History Log offers the merchant a searchable record of all transactions scrubbed by iSpyFraud. This

log is useful for a merchant who is trying to assess the risk of potential fraud, or to evaluate known fraud

patterns. A drop-down menu allows merchants to limit a search by time/date of transaction, and

merchants can search by transaction ID, credit card number, email address, or IP address.

The log is color coded by transaction status: Accepted (green), Review (yellow), Exception (blue), or

Denied (red). For statuses of Review and Denied, a magnifying glass next to the response status allows

merchants to see which rule was triggered. 

Frequently Asked Questions

Q: What types of merchants need iSpyFraud?

A: Though all merchants can benefit from the reassurance a fraud scrubbing utility offers, it’s true that

some merchants are more likely to be targeted by fraudsters than others. For example, merchants

who process international transactions are considered higher risk, as are those in certain verticals,

such as online gambling, online dating, membership-only websites with adult content, or even

unexpected ones like consumer electronics. Non-profits that accept donations are also at risk and

can benefit from iSpyFraud, as they are often used by fraudsters for card testing/spinning schemes. 

It’s also anticipated that as EMV cards become standard in card present transactions, there will be a

rise in card not present fraud, meaning more e-commerce merchants will be at risk. iSpyFraud is an

ideal solution to combat the predicted spike in online credit card fraud.

Q: Does iSpyFraud work in card present transactions?

A: Although iSpyFraud was originally designed for e-commerce, it works equally well for card present

transactions. The software’s thresholds and rules do not discriminate between retail and keyed

transactions, nor is the utility’s scrubbing ability restricted by transaction origin (API, Virtual

Terminal, Batch Upload, etc.).

Q: Can iSpyFraud block someone from coming to my website?

A: No, iSpyFraud can only take action on transactions sent to the Gateway. It cannot block activity

happening on a website prior to data being sent to the gateway. Merchants can speak to their

hosting provider or web developer if they need to block an individual from accessing their website


Q: I’d like to use iSpyFraud on my website, but I don’t want to use the Gateway to process. Is this


A: No, iSpyFraud is an additional service that can be added onto a gateway account to scrub

transactions processing through it. It cannot be used as a standalone service. Merchants must be

processing through the gateway to take advantage of the iSpyFraud scrubbing service.