Skip to main content

Fraud Protection

Protect your business from fraudulent transactions with intelligent fraud detection powered by machine learning, IP geolocation, and customizable risk rules.

Overviewโ€‹

Omise Fraud Protection helps merchants identify and prevent fraudulent transactions before they're processed. The system analyzes multiple signals including card details, transaction patterns, IP geolocation, and historical behavior to assess risk in real-time.

Key Features:

  • โœ… Real-time analysis - Instant risk assessment during checkout
  • โœ… Machine learning - AI-powered fraud detection models
  • โœ… IP geolocation - Detect location mismatches
  • โœ… Velocity checks - Identify suspicious transaction patterns
  • โœ… Configurable rules - Custom risk thresholds
  • โœ… Manual review - Flag transactions for review
  • โœ… Chargeback protection - Reduce dispute rates

How It Worksโ€‹

Risk Scoringโ€‹

Transactions are assigned a risk score (0-100):

Score RangeRisk LevelAction
0-30Low riskAutomatically approved
31-70Medium riskFlagged for manual review
71-100High riskAutomatically blocked*

*Configurable thresholds based on your risk tolerance

Fraud Detection Signalsโ€‹

1. IP Geolocationโ€‹

Analyzes customer's IP address to detect:

  • Location mismatch (IP country vs card country)
  • Known proxy/VPN usage
  • High-risk countries
  • Data center IPs (non-residential)
// IP data available in charge object
{
    "ip": "203.113.128.45",
    "ip_country": "TH",
    "card_country": "US",  // Mismatch flagged
    "fraud_score": 65
}

2. Velocity Checksโ€‹

Monitors transaction patterns:

  • Multiple cards from same IP
  • Same card used rapidly
  • Unusual purchase frequency
  • High-value orders from new customers

Example patterns flagged:

  • 5+ transactions within 10 minutes
  • Same card on 3+ different websites
  • Sudden spike in order value

3. Card Verificationโ€‹

Validates card details:

  • BIN (Bank Identification Number) analysis
  • Card type consistency
  • AVS (Address Verification Service) match
  • CVV verification result

4. Historical Behaviorโ€‹

Analyzes past transactions:

  • Customer's chargeback history
  • Previously disputed cards
  • Blacklisted card numbers
  • Known fraud patterns

5. Transaction Characteristicsโ€‹

Examines order details:

  • Unusually large amounts
  • High-risk product categories
  • Shipping to different country
  • Multiple delivery addresses

Implementationโ€‹

Enable Fraud Protectionโ€‹

Fraud Protection is enabled by default for all Omise accounts. No code changes required - it works automatically with every charge.

Access Fraud Scores via APIโ€‹

const charge = await omise.charges.retrieve('chrg_test_...');

console.log('Risk Score:', charge.risk_score);  // 0-100
console.log('IP Country:', charge.ip_country);
console.log('Card Country:', charge.card.country);

Charge object with fraud data:

{
  "id": "chrg_test_5rt6s9vah5lkvi1rh9c",
  "amount": 100000,
  "status": "pending",
  "risk_score": 45,
  "risk_level": "medium",
  "ip": "203.113.128.45",
  "ip_country": "TH",
  "card": {
    "country": "TH",
    "financing": "credit"
  }
}

Manual Review Workflowโ€‹

app.post('/webhooks/omise', async (req, res) => {
    const event = req.body;

    if (event.key === 'charge.complete') {
        const charge = event.data;

        // Check risk score
        if (charge.risk_score > 70) {
            // High risk - investigate
            await flagForManualReview(charge.id);
            await notifyFraudTeam(charge);
        } else if (charge.risk_score > 40) {
            // Medium risk - additional checks
            await performAdditionalVerification(charge);
        }
        // Low risk - process normally
    }

    res.sendStatus(200);
});

Custom Risk Rulesโ€‹

async function assessCustomerRisk(charge) {
    let riskScore = charge.risk_score;

    // Add custom rules
    if (charge.amount > 500000) {  // Orders > เธฟ5,000
        riskScore += 10;
    }

    if (isNewCustomer(charge.metadata.customer_id)) {
        riskScore += 15;
    }

    if (charge.ip_country !== charge.card.country) {
        riskScore += 20;
    }

    if (hasRecentChargebacks(charge.customer)) {
        riskScore += 30;
    }

    return riskScore;
}

Configurationโ€‹

Set Risk Thresholdsโ€‹

// Example configuration
const FRAUD_CONFIG = {
    autoApprove: 30,   // Auto-approve if score <= 30
    manualReview: 70,  // Manual review if 30 < score <= 70
    autoReject: 90     // Auto-reject if score > 90
};

async function processCharge(charge) {
    const score = await assessCustomerRisk(charge);

    if (score <= FRAUD_CONFIG.autoApprove) {
        return await approveCharge(charge.id);
    } else if (score <= FRAUD_CONFIG.manualReview) {
        return await flagForReview(charge.id);
    } else {
        return await rejectCharge(charge.id);
    }
}

IP Whitelist/Blacklistโ€‹

const TRUSTED_IPS = new Set([
    '203.113.128.0/24',  // Office network
    '54.169.12.34'       // Known good customer
]);

const BLOCKED_IPS = new Set([
    '192.0.2.0/24',      // Known fraud network
    '198.51.100.45'      // Repeat offender
]);

function checkIPReputation(ip) {
    if (BLOCKED_IPS.has(ip)) {
        return { blocked: true, reason: 'IP blacklisted' };
    }

    if (TRUSTED_IPS.has(ip)) {
        return { trusted: true, riskAdjustment: -20 };
    }

    return { neutral: true };
}

Dashboard Managementโ€‹

View Fraud Scoresโ€‹

  1. Log in to Omise Dashboard
  2. Navigate to Charges
  3. View risk indicators:
    • ๐ŸŸข Low risk - Green badge
    • ๐ŸŸก Medium risk - Yellow badge
    • ๐Ÿ”ด High risk - Red badge

Manual Review Queueโ€‹

  1. Go to Fraud โ†’ Review Queue
  2. See flagged transactions
  3. Review transaction details:
    • Customer information
    • IP geolocation data
    • Transaction history
    • Risk factors
  4. Take action:
    • Approve - Process payment
    • Reject - Cancel charge
    • Request more info - Contact customer

Fraud Reportsโ€‹

  1. Navigate to Reports โ†’ Fraud Analytics
  2. View metrics:
    • Fraud rate by period
    • Blocked transactions
    • False positive rate
    • Chargeback correlation

Best Practicesโ€‹

1. Collect Customer Informationโ€‹

const charge = await omise.charges.create({
    amount: 100000,
    currency: 'THB',
    card: tokenId,
    description: 'Order #12345',
    metadata: {
        customer_id: 'cust_001',
        customer_email: 'john@example.com',
        customer_phone: '+66876543210',
        order_id: '12345',
        shipping_address: '123 Main St, Bangkok',
        billing_address: '123 Main St, Bangkok',
        previous_orders: 5,
        account_age_days: 180
    }
});

2. Implement 3D Secureโ€‹

Add 3D Secure for high-risk transactions to shift liability:

if (charge.risk_score > 50) {
    // Require 3D Secure for medium/high risk
    const charge = await omise.charges.create({
        amount: amount,
        currency: 'THB',
        card: tokenId,
        return_uri: 'https://yourdomain.com/callback'  // Enables 3DS
    });
}

3. Velocity Limitingโ€‹

const RATE_LIMITS = {
    per_card: { count: 3, window: 3600000 },  // 3 per hour
    per_ip: { count: 5, window: 3600000 },    // 5 per hour
    per_customer: { count: 10, window: 86400000 }  // 10 per day
};

async function checkVelocity(charge) {
    const cardCharges = await getRecentCharges({
        card_last_digits: charge.card.last_digits,
        since: Date.now() - RATE_LIMITS.per_card.window
    });

    if (cardCharges.length >= RATE_LIMITS.per_card.count) {
        return { blocked: true, reason: 'Too many charges on card' };
    }

    return { allowed: true };
}

4. Address Verificationโ€‹

// Collect and verify addresses
const token = await Omise.createToken("card", {
    name: cardholderName,
    number: cardNumber,
    expiration_month: month,
    expiration_year: year,
    security_code: cvv,
    // Include billing address for AVS
    postal_code: postalCode,
    city: city,
    country: country
});

5. Monitor False Positivesโ€‹

// Track rejected charges that were legitimate
async function trackFalsePositive(charge, wasFraud) {
    await db.falsePositives.create({
        charge_id: charge.id,
        risk_score: charge.risk_score,
        was_fraud: wasFraud,
        factors: {
            ip_mismatch: charge.ip_country !== charge.card.country,
            high_amount: charge.amount > 500000,
            new_customer: charge.metadata.is_new_customer
        }
    });

    // Adjust rules based on data
    if (!wasFraud && charge.risk_score > 60) {
        console.log('Consider adjusting risk thresholds');
    }
}

6. Customer Communicationโ€‹

async function handleSuspiciousOrder(charge) {
    // Email customer for verification
    await sendEmail({
        to: charge.metadata.customer_email,
        subject: 'Please verify your order',
        body: `
            We noticed unusual activity on your order #${charge.metadata.order_id}.

            For your security, please confirm:
            1. This is your order
            2. Shipping address is correct
            3. Payment card is yours

            Click here to verify: ${verificationLink}
        `
    });

    // Wait for confirmation before processing
    await waitForCustomerVerification(charge.id);
}

Common Fraud Patternsโ€‹

Pattern 1: Card Testingโ€‹

Indicators:

  • Multiple small charges (เธฟ10-เธฟ50)
  • Rapid succession
  • Different cards, same IP
  • High decline rate

Prevention:

// Detect card testing
if (recentCharges.length > 10 && avgAmount < 5000) {
    blockIP(charge.ip);
    notifySecurityTeam();
}

Pattern 2: Geographic Mismatchโ€‹

Indicators:

  • IP in Thailand
  • US-issued card
  • Shipping to third country

Prevention:

if (charge.ip_country !== charge.card.country) {
    requireAdditionalVerification();
}

Pattern 3: High-Value First Orderโ€‹

Indicators:

  • New customer
  • Large order (>เธฟ10,000)
  • Rush shipping
  • Different billing/shipping address

Prevention:

if (isNewCustomer && amount > 1000000 && isRushShipping) {
    requirePhoneVerification();
    contactCustomerDirectly();
}

FAQโ€‹

Is Fraud Protection included in my Omise account?

Yes, basic Fraud Protection is included for all Omise merchants at no additional cost. Advanced features may require specific account configurations.

Can I customize fraud rules?

Yes, you can implement custom risk assessment logic on top of Omise's fraud scores. Contact support@omise.co for advanced rule configuration.

What happens to blocked transactions?

Blocked transactions are declined before reaching the payment processor. The customer sees a generic error message and can attempt payment with a different method.

How do I reduce false positives?
  • Start with conservative thresholds and adjust based on data
  • Collect more customer information (email, phone, address)
  • Implement customer verification flows
  • Use 3D Secure for borderline cases
  • Monitor and analyze declined legitimate transactions
Does fraud protection guarantee no chargebacks?

No system can prevent all chargebacks, but fraud protection significantly reduces risk. Combine with 3D Secure for additional liability protection.

Can I dispute a fraud protection decision?

For transactions flagged for manual review, you can approve them in your dashboard. For automatically blocked transactions, contact support with evidence if you believe it's a false positive.

How does IP geolocation work with VPNs?

VPN and proxy IPs are often flagged as medium risk. Legitimate customers using VPNs can still complete purchases, but may face additional verification.

Next Stepsโ€‹

  1. Enable Fraud Protection
  2. Set up risk thresholds
  3. Implement manual review workflow
  4. Configure 3D Secure
  5. Monitor fraud metrics
  6. Optimize false positive rate