Learn more
Manual review is one of the features of RevenueProtect.
For an extra layer of fraud protection, you may want to manually review a transaction before it is captured. Manual review is commonly used for:
-
High transaction values: If you have very high Average Transaction Values (ATVs), you may find that the monetary loss of even a single chargeback justifies the operational costs of manual review.
- Expanding into high-risk markets: If you expand to a high-risk region, it is a good idea to manually review transactions to minimize fraudulent payments.
A transaction is sent to case management for manual review when it reaches a certain risk score or triggers a specific risk rule. The case will contain the payment details, the available risk information like shopper DNA and risk results, and fraud control options. A reviewer then accesses the case in the Customer Area and accepts or rejects the transaction.
Implementing manual review
These are the steps to implement manual review:
-
Configure case management:
- Set user roles.
- Set a trigger for manual review.
- Configure actions and notifications that need to take place when a decision is made in case management.
- Include the
fraudResultType
field within theadditionalData
object by navigating to Account > API & URLs > Additional data settings > Fraud result.
-
In the payment response, check the
additionalData
to see whether the payment is in manual review:fraudResultType
: AMBER means the payment was authorised but not auto-captured, and was set aside for manual review.
-
In your system, implement additional logic based on whether a transaction is in manual review. For example, you can delay shipment until the manual review has occurred.
-
Manually review the transaction in the Customer Area and decide whether to accept or reject the transaction. The actions and notifications you configured, will now take place.
- Use the asynchronous notifications with
eventCode
MANUAL_REVIEW_ACCEPT or MANUAL_REVIEW_REJECT to update the status of the order in your system.
Set user roles
To be able to do manual case management in the Customer Area, your user needs to have the Merchant Manual Review role or the Risk Admin role. To add either of these roles:
- Log in to your Customer Area.
- Go to Account > Users.
- Select the user that you want to add a role to.
- In the Roles list, enable the Merchant Manual Review role or the Risk Admin role.
- Select Save.
Set a trigger for manual review
A transaction is sent to case management for manual review when:
- The transaction reaches a specific risk score. You can set this Minimum score for manual review in the risk profile.
- The transaction triggers a risk rule that has Send to case management turned on.
In either of these events, if the risk score is 100 or greater, the transaction is refused and not sent to case management even if you set a minimum score for manual review.
For example, if the Transaction Amount Check is set to flag transactions over $1000, and Send to case management is turned on, the transaction is sent to case management.
You have seven calendar days to reject a transaction after it was sent to case management for manual review. If you do nothing, the transaction is automatically accepted and the funds are captured. The corresponding case is logged as expired.
Configure actions and notifications
In your Customer Area, you can define the automatic action that needs take place and the notification you want to receive when a case is accepted or rejected during the manual review, or has expired.
- Log in to your Customer Area with your company-level account.
- Go to Risk > Risk Settings.
- Select Global Settings and scroll to Case Management
- Under Case Management behavior select your preferred options. Refer to:
Select modifications
At the time of manual review, the transaction has already been authorised by the issuing bank. From there, the Case Management behavior settings determine if the payment is automatically captured, refunded, or canceled when the case is accepted, rejected, or expired.
-
Accept - Select the modification when the case is accepted during manual review:
- Capture: The payment is captured.
-
None: The payment is not modified.
-
Reject - Select the modification when the case is rejected during manual review:
- Cancel: The payment is canceled or refunded, whichever is appropriate for the payment method.
-
None: The payment is not modified.
-
Expire - Select the modification when the case has expired:
- Capture: The payment is captured.
- Cancel: The payment is canceled or refunded, whichever is appropriate for the payment method.
-
None: The payment is not modified.
If the payment for an open case is captured, cancelled, or refunded outside of case management, the case will be closed.
Receive notifications
You can configure the Case Management behavior settings to receive notifications when a case is accepted, rejected, or expired.
-
Accept - Select the Send notification check box to receive an ACCEPT_NOTIFICATION with
eventCode
MANUAL_REVIEW_ACCEPT when the case is accepted during manual review. -
Reject - Select the Send notification check box to receive a REJECT_NOTIFICATION with
eventCode
MANUAL_REVIEW_REJECT when the case is rejected during manual review. -
Expire - Select a Notification option:
- Accept: Receice an ACCEPT_NOTIFICATION when the case has expired and the account is configured to capture upon expiration.
- Reject: Receive a REJECT_NOTIFICATION when the case has expired and the account is configured to cancel upon expiration.
-
None: No notification is sent when the case has expired.
It is important to implement additional logic to process rejections. For example, you can send a notification to the warehouse to not ship the goods in question. In the case of digital goods, you can choose to have the user's account disabled.
Here is an example notification indicating the result of the manual review in the eventCode
field.
{
"live" : "true",
"notificationItems" : [
{
"NotificationRequestItem" : {
"amount" : {
"currency" : "EUR",
"value" : 52000
},
"eventCode" : "MANUAL_REVIEW_ACCEPT",
"eventDate" : "2020-07-15T11:06:15+02:00",
"merchantAccountCode" : "YOUR_MERCHANT_ACCOUNT",
"merchantReference" : "TMRef1234",
"originalReference" : "9914135462408734",
"paymentMethod" : "mc",
"pspReference" : "9914135462569048",
"reason" : "accept",
"success" : "true"
}
}
]
}
Review cases
The case management queue allows you to manually review cases, assign cases to reviewers, and accept or reject cases.
Access the case management queue
To review cases, users need to have the Merchant Manual Review role. See Set user roles.
- Log in to your Customer Area.
- Go to Risk > Case Management.
- Select a list of cases:
- Open cases: A list of assigned or unassigned cases that are not closed (not yet accepted or rejected).
- My cases: Cases assigned to you.
- Closed cases: Cases that are accepted or rejected, or that have expired.
Assign reviews
Assign reviews to specific reviewers to avoid duplication or overlap of effort:
- Access the case management queue.
- Select the check box to the left of the PSP references of cases you want to assign.
At the bottom of the list of cases, options become available to assign, accept, and reject. - In the Assign to drop-down list, select the merchant-level account that you want to assign the selected cases to. Your own account is always listed first.
- Select Confirm.
The page refreshes and the name of the assignee is listed in the Assigned to column. If a case is assigned to you, it is now listed under My cases.
Accept or reject payments
You can accept or reject payments either from the opened case, or from the list of cases.
- Access the case management queue.
-
In the list, either click on the case to open it and see all details, or select the check box next to the PSP reference of the case.
To accept or reject several payments at once, select multiple check boxes.
- Select Accept to accept the payment(s) or Reject to reject the payment(s).
Change decisions from past reviews
After a decision is made in a case, the payment moves from the Open cases list to the Closed cases list.
To change the decision on a past review:
- Access the case management queue.
- Select Closed cases.
- Select the case from the list.
- Under Case Details, select the Manual Status drop down.
- Select either Fraud or Genuine.
If the transaction was cancelled because the case was rejected during manual review, this is a permanent decision that cannot be reversed. However, it is still important to document the proper status for a manual review, because it enables reviewers to take this into account in future decisions to accept or reject payments.