Risk Management and Fraud Prevention Technical FAQs
This section provides answers to common questions raised in the past by Thredd customers regarding risk management and fraud prevention.
3D Secure
Q. How do you specify the language of the 3DS Challenge screens?
Thredd's 3D Secure service provides support for displaying the 3D Secure Challenge screens in multiple languages. You can specify the languages you want to support using the Challenge Screen tab of the 3DS Product Specification Form Thredd Product Setup form used for 3D Secure programme configuration. For details, contact your Implementation Manager.. For more information, see:
-
3D Secure Guide (Apata): Challenge Screens — for Program Managers using the Thredd Apata 3D Secure Service
-
3D Secure Guide (Cardinal): Cardinal Configuration of RDX Biometric and Screens — for Program Managers using the Thredd Cardinal 3D Secure Service
Please raise a Thredd support ticket if you require support for additional languages.
The 3D Secure language is set up at a card product level, and will apply by default to all cards issued under that product ID. You can override the default language and specify the language of the 3DS challenge screens at the individual card level:
|
3D Secure Service |
Using REST API |
Using SOAP Web Services |
|---|---|---|
|
Via Apata |
When creating or updating card, use the field |
Use the |
|
Via Cardinal |
Not available |
Not available |
Q. How do we manage BIN attacks?
In the event of a BIN attack, when viewing transactions in Thredd Portal Thredd Portal is Thredd's new web application for managing your cards and transactions on the Thredd Platform. or Smart Client Smart Client is Thredd's legacy desktop application for managing your account on the Thredd Platform., you will see a high volume of declined transactions with a Response Status (DE039) ‘14 - Invalid card number (no such number)’. Typically, these transactions have the same BIN, merchant name, and Acquirer ID (AID) and the Notes field shows the reason for the decline as unknown card number, unknown PAN, and unknown token.
Where a specific merchant location is repeatedly used for BIN attacks, with no valid transactions, Thredd can block the merchant location. Merchant locations where there is a mix of fraudulent and valid transactions are not blocked, as this would impact legitimate cardholder transactions. Thredd will also not block merchant locations where only a small volume of transactions which may indicate a BIN attack are observed.
For more information, refer to Fraud Transaction Monitoring Guides and Managing Risk: BIN Attacks.