Search

Are you looking for test card numbers?

Would you like to contact support?

Risk-management icon

Case management

Manually review a transaction before it is captured, as a second layer of enforcement on top of standard risk rules.

Learn more

Manual review is one of the features of RevenueProtect.

For an extra layer of fraud protection, you may want to manually review a transaction before it is captured. Manual review is commonly used for:

  • High transaction values: If you have very high Average Transaction Values (ATVs), you may find that the monetary loss of even a single chargeback justifies the operational costs of manual review.

  • Expanding into high-risk markets: If you expand to a high-risk region, it is a good idea to manually review transactions to minimize fraudulent payments.

A transaction is sent to case management for manual review when it reaches a certain risk score or triggers a specific risk rule. The case will contain the payment details, the available risk information like shopper DNA and risk results, and fraud control options. A reviewer then accesses the case in the Customer Area and accepts or rejects the transaction.

Implementing manual review

These are the steps to implement manual review:

  1. Configure case management:

  2. Check whether the payment is in manual review. If the payment is in manual review, you will receive a fraudResultType: AMBER in the additionalData of:

    • the payment response.
    • the AUTHORISATION webhook.

      For PayPal, you will only receive fraudResultType: AMBER in the AUTHORISATION notification, not in the payment response.

    This means means the payment was authorised but not auto-captured, and was set aside for manual review.

  3. In your system, implement additional logic based on whether a transaction is in manual review. For example, you can delay shipment until the manual review has occurred.

  4. Manually review the transaction in the Customer Area and decide whether to accept or reject the transaction. The actions and notifications you configured, will now take place.

  5. Use the asynchronous notifications with eventCode MANUAL_REVIEW_ACCEPT or MANUAL_REVIEW_REJECT to update the status of the order in your system.

Set user roles

To be able to do manual case management in the Customer Area, your user needs to have the Merchant Manual Review role or the Risk Admin role. To add either of these roles:

  1. Log in to your Customer Area.
  2. Go to Account > Users.
  3. Select the user that you want to add a role to.
  4. In the Roles list, enable the Merchant Manual Review role or the Risk Admin role.
  5. Select Save.

Set a trigger for manual review

A transaction is sent to case management for manual review when:

  • The transaction reaches a specific risk score. You can set this Minimum score for manual review in the risk profile.
  • The transaction triggers a risk rule that has Send to case management turned on.

In either of these events, if the risk score is 100 or greater, the transaction is refused and not sent to case management even if you set a minimum score for manual review.

For example, if the Transaction Amount Check is set to flag transactions over $1000, and Send to case management is turned on, the transaction is sent to case management.

You have seven calendar days to reject a transaction after it was sent to case management for manual review. If you do nothing, the transaction is automatically accepted and the funds are captured. The corresponding case is logged as expired.

Configure actions and notifications

In your Customer Area, you can define the automatic action that needs take place and the notification you want to receive when a case is accepted or rejected during the manual review, or has expired.

  1. Log in to your Customer Area with your company-level account.
  2. Go to Risk > Risk Settings.
  3. Select Global Settings and scroll to Case Management
  4. Under Case Management behavior select your preferred options. Refer to:

Select modifications

At the time of manual review, the transaction has already been authorised by the issuing bank. From there, the Case Management behavior settings determine if the payment is automatically captured, refunded, or canceled when the case is accepted, rejected, or expired.

  • Accept - Select the modification when the case is accepted during manual review:

    • Capture: The payment is captured.

    • None: The payment is not modified.

  • Reject - Select the modification when the case is rejected during manual review:

    • Cancel: The payment is canceled or refunded, whichever is appropriate for the payment method.

    • None: The payment is not modified.

  • Expire - Select the modification when the case has expired:

    • Capture: The payment is captured.
    • Cancel: The payment is canceled or refunded, whichever is appropriate for the payment method.

    • None: The payment is not modified.

If the payment for an open case is captured, cancelled, or refunded outside of case management, the case will be closed.

Receive notifications

You can configure the Case Management behavior settings to receive notifications when a case is accepted, rejected, or expired.

  • Accept - Select the Send notification check box to receive an ACCEPT_NOTIFICATION with eventCode MANUAL_REVIEW_ACCEPT when the case is accepted during manual review.

  • Reject - Select the Send notification check box to receive a REJECT_NOTIFICATION with eventCode MANUAL_REVIEW_REJECT when the case is rejected during manual review.

  • Expire - Select a Notification option:

    • Accept: Receive an ACCEPT_NOTIFICATION when the case has expired and the account is configured to capture upon expiration. 
    • Reject: Receive a REJECT_NOTIFICATION when the case has expired and the account is configured to cancel upon expiration. 

    • None: No notification is sent when the case has expired.

It is important to implement additional logic to process rejections. For example, you can send a notification to the warehouse to not ship the goods in question. In the case of digital goods, you can choose to have the user's account disabled. 

Here is an example notification indicating the result of the manual review in the eventCode field.

{
   "live" : "true",
   "notificationItems" : [
      {
         "NotificationRequestItem" : {
            "amount" : {
               "currency" : "EUR",
               "value" : 52000
            },
            "eventCode" : "MANUAL_REVIEW_ACCEPT",
            "eventDate" : "2020-07-15T11:06:15+02:00",
            "merchantAccountCode" : "YOUR_MERCHANT_ACCOUNT",
            "merchantReference" : "TMRef1234",
            "originalReference" : "9914135462408734",
            "paymentMethod" : "mc",
            "pspReference" : "9914135462569048",
            "reason" : "accept",
            "success" : "true"
         }
      }
   ]
}

Review cases

The case management queue allows you to manually review cases, assign cases to reviewers, and accept or reject cases.

Access the case management queue

To review cases, users need to have the Merchant Manual Review role. See Set user roles.

  1. Log in to your Customer Area.
  2. Go to RiskCase Management.
  3. Select a list of cases:
    • Open cases: A list of assigned or unassigned cases that are not closed (not yet accepted or rejected).
    • My cases: Cases assigned to you.
    • Closed cases: Cases that are accepted or rejected, or that have expired.

Assign reviews

Assign reviews to specific reviewers to avoid duplication or overlap of effort:

  1. Access the case management queue.
  2. Select the check box to the left of the PSP references of cases you want to assign.
    At the bottom of the list of cases, options become available to assign, accept, and reject.
  3. In the Assign to drop-down list, select the merchant-level account that you want to assign the selected cases to. Your own account is always listed first.
  4. Select Confirm.
    The page refreshes and the name of the assignee is listed in the Assigned to column. If a case is assigned to you, it is now listed under My cases.

Accept or reject payments

You can accept or reject payments either from the opened case, or from the list of cases.

  1. Access the case management queue.

  2. In the list, either click on the case to open it and see all details, or select the check box next to the PSP reference of the case.

    To accept or reject several payments at once, select multiple check boxes.

  3. Select Accept to accept the payment(s) or Reject to reject the payment(s). 

Change decisions from past reviews

After a decision is made in a case, the payment moves from the Open cases list to the Closed cases list.

To change the decision on a past review:

  1. Access the case management queue.
  2. Select Closed cases.
  3. Select the case from the list.
  4. Under Case Details, select the Manual Status drop down.
  5. Select either Fraud or Genuine.

If the transaction was cancelled because the case was rejected during manual review, this is a permanent decision that cannot be reversed. However, it is still important to document the proper status for a manual review, because it enables reviewers to take this into account in future decisions to accept or reject payments.

See also