Authorize.net Advanced Fraud Protection Suite (AFPS)


Below we will cover the most important filters in AFPS that we believe will give you the most protection. These are the Transaction IP Velocity filter, the Amount filter, the Daily Velocity filter and the Hourly Velocity filter. 
  1. Login to your Authorize.net account and click Fraud Protection Suite. This can be found in the Tools menu on the left column, or in the center under Products & Services. The first time you use this, you may need to confirm your agreement to the terms and conditions.



  2. There are various filters that you can enable and configure. The examples below are our recommendations only. Your needs may be different. You have the option to configure them as you choose. 

    1. Transaction IP Velocity filter
      Although credit card thieves have the ability to use different IP addresses, it is unlikely that they will use a different IP for each card number attempt. It's not worth their while. Enabling and configuring this filter should be all it takes to thwart their attempt to use your form to test their stolen credit cards.

      We recommend that this filter be enabled and set to allow a maximum of five (5) or maybe ten (10) transactions, but no more. (The screenshot below has it set to three (3). Be sure to set the Filter Action as "Decline the transaction."


      (It is not necessary to add your own IP address to the exclusion list, as in the screenshot above, because the CMS Program does not presently submit any IP address when processing cards. So this filter will not affect the CMS Program).

    2. Amount filter
      Often, credit card thieves will use a very small amount ($1, or $0.01) to test the cards. Their rational is that they hope that if the card does go through, the card owner will not be bothered to report such a small charge. Setting a filter for the amount will further thwart their efforts. Setting an upper limit will also protect you from innocent errors where a person making a donation may forget to put in a period and you can end up charging the person $18,000 instead of $180.00 (!) -- and then have to deal with refunds and hope that the processor will refund you the fees...

    3. Daily and Hourly Velocity filters
      If, for whatever reason, the first two filters did not stop the hackers (perhaps they are changing their IP addresses dynamically and using regular amounts), the Daily and Hourly Velocity filters add an additional layer of protection. You can set them to be above the highest number you would ever expect on a given hour/day. Keep in mind though, to remove these filters (temporarily) if your running a campaign (e.g. End of Year) where your hourly and daily velocity will be much higher than usual.


    4. Regional IP Address Filter
      This filter allows you to block entire regions from being able to process to your account. For example, you can block Africa, Asia and South America. You can also go into each Region and specific which countries to allow or block. For example, for the Middle East, you can allow Israel and the "West Bank" but block the rest.

Note that in all filters, I chose to "Decline the transaction." If you were to chose "Authorize and hold for review," while it may disrupt the card thieves somewhat, you will still be charged Authorization fees.

Other filters that you may consider enabling are
  • Suspicious Transaction Filter
  • Enhanced AVS and CVV Handling Filters
  • And more...
In summary: We want to be able to charge cards online; it is convenient, efficient and makes running our organization smooth. At the same time, it is the responsibility of the merchant account owner (that would be you), to do all he can to prevent fraud on his site, if for no other reason than for his own protection.
Will hackers fine a way around these extensive and powerful filters? Perhaps. But if that happens we will take further action and implement additional protection.

Once Authorize.net's Fraud Protection is enabled and configured on your account, you can safely turn on (check) Instant Charge, otherwise, we recommend that you leave Instant Charge turned off (unchecked). 

In CMS Connected, click Online Form Setup or click Form Designer on the CMS Connected Dashboard.



(If you are using an older version of the Form Designer, click the Previous Version at the top right. There you can select your form, click Edit and then enable or disable (check or uncheck) the Instant Charge feature (Credit Cards tab).