This risk check initiates when a duplicate merchant reference is used within a specific time frame. Do not use dummy data as a merchant reference. As the merchant reference is not generated by shoppers, the rule is not meant to prevent fraudulent payments.
A threshold for the time frame.
When the system stores the merchant reference (pre auth or post auth).