What is iSpyFraud?
Welcome to the detailed user guide for iSpyFraud, a rule-set based fraud management utility that allows
merchants to configure extensive filters to aid in the detection of fraud by screening transactions
throughout the processing lifecycle. As it operates in real-time, iSpyFraud can decline transactions both
before and after authorization, which can potentially mitigate high chargeback volume and offer
merchants peace of mind when it comes to their own security, as well as that of their customers.
Though there are countless ways to use iSpyFraud based on varying scenarios merchants might
encounter, there are certain uses of the software that could be considered universally relevant,
1. Monitoring and controlling transactions during a given timeframe by setting rules based on a
combination of many parameters, including the following:
a. Transaction count
b. Transaction amount
c. IP address
d. User location
e. Credit card number
f. Credit card brand
2. Limiting internal credit card fraud or abuse attempts
3. Blocking transactions from specific countries
4. Reviewing suspect transactions in order to take action prior to settlement
The following instructions will aid merchants in choosing the settings that will prove most useful for
them depending on the specific needs of their business. In addition to this guide, assistance can be
accessed through our support team, which can be reached at (800) 617-4850 ext. 1 from 8 am-6pm
central time, or at firstname.lastname@example.org.
iSpyFraud Detailed Guide
When a merchant logs into the gateway, iSpyFraud can be found as a link under “Other Services” on the
left side of the page. The link will take the merchant to the program’s General tab.
Other than geography bans on transactions from certain countries, there are no default settings in
place. There are default geography bans on the following countries (as sent in the Country field):
Iran (Islamic Republic of)
Macedonia, the Former Yugoslav Republic of
The countries on this list are frequently the origin of fraudulent international transactions. The merchant
can remove any of them from the ban list at will (see User Ban tab section for instructions).
The General tab gives basic information about what iSpyFraud does and has a brief overview of its
contents. Note the tabs at the top of the screen, which browses to different sections within the iSpyFraud
The Thresholds tab allows a merchant to set a variety of parameters on attempted or approved
transactions, and these rules give the merchant the option to either Flag for Review or Deny
Transaction. There are two main sections, titled Add/Edit Credit Card Rules and Add/Edit IP Address
Rules, and the options in each section direct the merchant to set a threshold on a certain aspect of a
transaction. These thresholds can be set in a combination of ways to track and/or block certain types of
activity that may point to fraud.
For example, there are two rules pertaining to a single transaction amount. If the merchant doesn’t sell
anything under $20, they can set transactions for anything less than $20 to be flagged for review or
denied. This can help prevent card testing, in which a fraudster might charge small amounts to a large
number of credit cards.
In another case, a merchant with a subscription-based business might use the option to limit the attempted
number of transactions; the merchant can flag for review transactions beyond the initial subscription fee
that come from the same IP address within the same day to ensure that they’re not fraudulent.
To set thresholds, the merchant simply chooses (if applicable) whether they wish to screen attempted or
approved transactions (drop-down), enters the desired values, and then chooses whether the end result
of a suspicious transaction should be to flag it for review or deny its approval (dropdown). Once these
choices have been made, the merchant clicks “Update.” Each rule must be updated individually.
For a more in-depth look at some possible uses of the Thresholds tab, see Use Cases.
User Ban Tab
The bans/flags in this tab are considered static, in the sense that they don’t depend on the behavior of
the user (the consumer). In each section, the merchant chooses what users or types of users to ban/flag and any transactions originating with those users will either be banned outright or flagged for review,
depending on the merchant’s selections. Each section gives the option to View current bans and Add
new bans. When the merchant clicks to the “View” screen, they also have the option to Delete any
currently banned users.
There are seven sections in the User Ban tab:
1. IP Addresses
a. Merchants can ban/flag a single IP, multiple IPs from the same block, or a range of IPs
b. Merchants can specify a timeframe (number of days) in which to ban/flag IPs or make
the ban/flag indefinite
2. Credit Cards
a. Merchants can ban/flag a single credit card number, multiple credit card numbers, or all
credit card numbers with matching BINs
b. Merchant can specify a timeframe (number of days) in which to ban/flag credit card
numbers, or make the ban/flag indefinite
3. Geographical Information
a. Merchants can ban/flag transactions from any country
b. Merchants can specify a timeframe (number of days) in which to ban/flag a country, or
make the ban/flag indefinite
c. A ban/flag on a specific country will automatically check for any billing/shipping
addresses from that country and ban/flag users based on that information, and the
merchant can also choose whether or not to verify IP addresses from that country
4. US/Non-US IP Ban
a. Merchants can choose three actions (Nothing, Ban, or Flag for Review) for transactions
that have a billing country of US but a source IP address outside the US
i. Unlike with the other sections in this tab, there is no timeframe specified for
ii. Merchants who do not send the Country field with their transactions can set a
US Country Default, which will assume (for the purposes of this particular ban)
that the Billing Country is the US.
5. User Information
a. Merchants can ban/flag specific customers based on customer user IDs, which
merchants can assign via the use of Customer Vault. User IDs outside of Customer Vault
can also be submitted by the merchant via API or by providing the billing email in the
b. Merchants can specify a timeframe (number of days) in which to ban/flag certain users,
or make the ban/flag indefinite
6. Email Address
a. Merchants can ban/flag customers by email address, or ban/flag any customer using an
email address with a particular domain
b. Merchants can specify a timeframe (number of days) in which to ban/flag certain emails
or domains, or make the ban/flag indefinite
7. Batch Ban
a. Merchants can upload up to 5000 entries for a specific ban type at once
b. Types can be chosen using the radio buttons above the Batch Data Box—merchants can
select from IP/Range, Credit Card/Bank, User ID, and Email
i. Only one type of data may be uploaded at a time
c. Merchants can specify a timeframe (number of days) in which to ban/flag certain values,
or make the ban/flag indefinite
Note: For any of the IP Address selections to work, the Merchant must collect the public-facing IP
address from the consumer and provide it with the transaction.
For a more in-depth look at some possible uses of the User Ban tab, see Use Cases.
The Exceptions tab goes hand in hand with the User Ban tab, and is considered the “whitelist” to the
User Ban’s “blacklist.” In other words, merchants can use the Exceptions tab to make concessions for
certain known users that would otherwise be banned or flagged under the restrictions in the User Ban
Any exception overrules all other rules. For example, if credit card 4111111111111111 is added to
exceptions, the domain @gmail.com is banned, and the country Canada is banned, a transaction using
“4111111111111111, email@example.com, and Canada” will be approved.
Merchants can create exceptions for
Exception values can also be uploaded using the same process as batch bans.
Waiting Review Tab
Merchants can view and take action on flagged transactions here; merchants can either void
transactions that are in waiting review or allow them to settle by indicating that the review is complete.
If no action is taken, transactions awaiting review will settle at the time set in the Merchant's Settlement
Merchants will be able to see which rule triggered the review.
History Log Tab
The History Log offers the merchant a searchable record of all transactions scrubbed by iSpyFraud. This
log is useful for a merchant who is trying to assess the risk of potential fraud, or to evaluate known fraud
patterns. A drop-down menu allows merchants to limit a search by time/date of transaction, and
merchants can search by transaction ID, credit card number, email address, or IP address.
The log is color coded by transaction status: Accepted (green), Review (yellow), Exception (blue), or
Denied (red). For statuses of Review and Denied, a magnifying glass next to the response status allows
merchants to see which rule was triggered.
Frequently Asked Questions
Q: What types of merchants need iSpyFraud?
A: Though all merchants can benefit from the reassurance a fraud scrubbing utility offers, it’s true that
some merchants are more likely to be targeted by fraudsters than others. For example, merchants
who process international transactions are considered higher risk, as are those in certain verticals,
such as online gambling, online dating, membership-only websites with adult content, or even
unexpected ones like consumer electronics. Non-profits that accept donations are also at risk and
can benefit from iSpyFraud, as they are often used by fraudsters for card testing/spinning schemes.
It’s also anticipated that as EMV cards become standard in card present transactions, there will be a
rise in card not present fraud, meaning more e-commerce merchants will be at risk. iSpyFraud is an
ideal solution to combat the predicted spike in online credit card fraud.
Q: Does iSpyFraud work in card present transactions?
A: Although iSpyFraud was originally designed for e-commerce, it works equally well for card present
transactions. The software’s thresholds and rules do not discriminate between retail and keyed
transactions, nor is the utility’s scrubbing ability restricted by transaction origin (API, Virtual
Terminal, Batch Upload, etc.).
Q: Can iSpyFraud block someone from coming to my website?
A: No, iSpyFraud can only take action on transactions sent to the Gateway. It cannot block activity
happening on a website prior to data being sent to the gateway. Merchants can speak to their
hosting provider or web developer if they need to block an individual from accessing their website
Q: I’d like to use iSpyFraud on my website, but I don’t want to use the Gateway to process. Is this
A: No, iSpyFraud is an additional service that can be added onto a gateway account to scrub
transactions processing through it. It cannot be used as a standalone service. Merchants must be
processing through the gateway to take advantage of the iSpyFraud scrubbing service.