The Payments page in Cloud MT shows you all the payments (and payment attempts) made through your Ecommerce site.
Towards the right-hand side of each line, you'll see a link entitled Security Info:
What you see when you click on Security Info depends on the payment gateway you use:
CitrusPay is Citrus-Lime's own payment solution. If you're using CitrusPay, Citrus-Lime acts as both your gateway and your acquirer — in other words, Citrus-Lime sorts out both the technology layer and the movement of funds. You don't need a separate Ecommerce Merchant ID (MID) from an acquirer like Barclaycard or First Data when you're using CitrusPay.
CitrusPay Gateway Security Info
If you're using CitrusPay Gateway for card payments on your Ecommerce site, Citrus-Lime provides the gateway (i.e. the technology layer) for your card payments, but you will have an external acquirer (e.g. Barclaycard / First Data) who provides you with a Merchant ID (MID). The acquirer receives the transaction from the gateway and then communicates with your customer's card network and their bank, before actually settling the funds from the customer's bank account to yours.
CitrusPay Security Info
If the transaction was processed through CitrusPay, then clicking on View Security Info will open up a further window in which you can see details of the security checks which were performed. Here is an example:
Some of these details are purely transaction reference information that doesn't relate back to anything you will see elsewhere in Cloud MT or Cloud POS. Where this is the case, we've not provided a description below.
CvcResult
This tells you whether or not the 3-digit security code on the back of the card (CVC/CVV) matched what the bank has on file.
ThreeDAuthenticated
Shows whether the customer successfully passed 3D Secure authentication (e.g., Verified by Visa, Mastercard Secure).
This confirms the bank verified the cardholder’s identity.
AuthCode
The authorisation code that was provided by your merchant acquirer.
MerchantReference
Your internal reference or order identifier for the transaction. This is used to tie the payment to a specific order in your system.
NetworkTxReference
A payment network transaction reference assigned by Visa/Mastercard/etc. This is useful when tracing a transaction with the bank or processor.
AvsResult
AVS = Address Verification Service. This shows whether the billing address and/or postcode provided by the customer match the card issuer’s records.
RefusalReasonRaw
The issuer’s raw response code describing the outcome (e.g., approved, insufficient funds, card blocked). Despite the slightly confusing name, even approved payments will have a result here (usually “approved”).
FraudRiskLevel
This gives an indication of transaction riskiness. Scoring is originally calculated on a scale of 0-99, with a higher score representing a higher risk that the transaction is fradulent. In the main Payments page grid, you will see a numerical score in the ‘Fraud’ column, and in the Security Info window, you will see a translation of this score, as follows:
| Numerical Score | Translated Score |
| 0 | veryLow |
| 25 | low |
| 50 | medium |
| 75 | high |
| 100 | veryHigh |
FraudResultType
A simplified fraud decision outcome:
GREEN (low risk)
AMBER (medium risk)
RED (high risk)
CitrusPay Gateway Security Info
If the transaction was processed through the CitrusPay Gateway, then clicking on View Security Info will open up a further window in which you can see details of the security checks which were performed. (Please note that some details in this example have been omitted for security reasons.)
What do these details mean?
Some of these details are purely transaction reference information that doesn't relate back to anything you will see elsewhere in Cloud MT or Cloud POS. Where this is the case, we've not provided a description below.
Address Matched
Whether the billing address submitted by the customer matches the cardholder address registered with the card issuer.
Postcode Matched
Whether the postcode submitted by the customer matches the cardholder postcode registered with the card issuer.
AVS CV2 Check
Confirms if both above checks matched.
NOTE: Not all card issuers support Address / Postcode / CV2 checking, so you may see 'Not Checked' here, particularly if the customer's billing address is outside the UK. For billing addresses within the UK, you would expect to see 'Matched'.
Card Verification Matched
Confirms if the CV2 ('three digits on the back') submitted by the customer matches those known to the card issuer.
Auth Number
The authorisation code that was provided by your merchant acquirer.
Risk Processor
Kount is the risk checking application that is used to perform additional security checks on the transaction.
Risk Check Response
The verdict from the risk check process.
Risk Check Score
This gives an indication of transaction riskiness, ranging from 0.1 (unsafe) to 99.9 (safe). A safe transaction will have a relatively high score and an unsafe transaction will have a relatively low score.
Interpreting the Risk Check Score
This table provides guidelines for interpreting the Risk Check Score:
Risk Check Score |
Risk Level |
90 - 99.9 |
Very safe, multiple indicators of safety found |
80 - 89.9 |
Indicators of safety found |
70 - 79.9 |
Typically a mix of safe and risky indicators |
| 60 - 69.9 | Indicators of risk found |
| 0.1 - 59.9 | Very risky, significant indicators of risk found |
Card Type
The card type used during the transaction.
Customer Location
Where Kount has identified the customer was located when the order was placed.
Number of Cards Owned and seen by Kount
The Kount platform gathers information about each transaction it sees pass through websites that use Kount for risk checking. This statistic refers to the number of cards associated with this customer that Kount has seen, not just on your Ecommerce site but across all sites which use Kount.
Devices Owned and seen by Kount
The figure given here shows how many different devices the customer has been seen to use to make transactions on websites that use Kount for risk checking.
Number of associated email addresses seen by Kount
This statistic gives the number of email addresses associated with the device and payment card used for a transaction attempt, on any website that uses Kount.
Orders checked in last 14 days
The total number of transactions on your website that were placed by this customer in the last 14 days. A figure of 0 means this is the first transaction.
Max orders in a 6-hour period
The total number of transactions placed by this customer on your website within the busiest six-hour period, within the last 14 days. A figure of 0 means one transaction has been made within the busiest six-hour window.
Time on user's computer
The date and time on the device used to place the order, at the point the order was placed.
If I suspect a transaction is fraudulent, what should I do?
Your business may have its own protocols in respect of what to do if you suspect an order is fraudulent.
If you have carried out your own due diligence and are unwilling to process the order, then an option available to you is to cancel the transaction in Cloud POS.
To cancel a transaction in Cloud POS, recall the order and then go to the Customer Orders menu (with the clipboard icon) and click on Remove All Items And Tender:
You will see the following prompt. Click Yes to proceed:
Next, you'll see a prompt asking if you wish to refund the value of the order, as in the example below:
Enter the Ecommerce tender name (as shown above) and click on Continue to remove the items from the order and one of the following actions will happen:
- If you cancel the transaction in Cloud POS on the same day that the order was placed, this will cancel the payment (rather than it being considered a refund). The transaction will never be sent to your acquirer for settlement.
- If you cancel the transaction in Cloud POS on any day after the date the transaction took place, the transaction will have been settled to your acquirer, who will treat it as a refund.
