Search documentation:
	Help  Advanced
Published 05/13/2002

Appendix A

Frequently Asked Questions

This appendix provides answers to questions that customers often ask about Smart Authorization.

How do I implement Smart Authorization for my transactions?

Implementing Smart Authorization is easy. Contact CyberSource Customer Support. CyberSource will configure your account for Smart Authorization immediately with no changes to your existing credit card authorization system or online store. Your credit card authorization requests will then take immediate advantage of Smart Authorization.

If I'm currently using the CyberSource Payment Service, are there any required changes in my order processing system needed to use Smart Authorization?

No. No changes are required for your order flow or systems. For example, Smart Authorization and the CyberSource Payment Service return the same result for a transaction declined by the bank network. CyberSource conveniently returns an additional field which explains the cause the decline. This information is available in the transaction results or the support screens.

Can I override the results of Smart Authorization?

Yes. If Smart Authorization returns a decline on a transaction request, CyberSource will still return the bank authorization code when it is returned from the banking network. With the authorization code, you can bill your customer, using your standard systems or by using the CyberSource transaction screens.

If I'm using Smart Authorization, should I continue to screen my orders using AVS?

No. If you are using Smart Authorization, you should use the ignore_avs=yes setting of the CyberSource Authorization service. Smart Authorization's analysis uses the results of the banking network's AVS (Address Verification Service) check. If you are using AVS to decline orders, you are probably declining too many potentially good orders. An average of over 10% of online orders fail the AVS check. Using Smart Authorization will help you reduce this large portion of automatically rejected customers or decrease those that must be reviewed manually. Using AVS alone is not necessarily a good indicator of fraud. A positive AVS match is not necessarily a strong indicator of a good order.

Can I use Smart Authorization to create my own negative list?

Yes, by using the CyberSource support screens. A negative list allows you to identify customers or orders that you do not want to accept automatically.

Can I selectively send transactions to Smart Authorization?

No. In order to make Smart Authorization seamless for you, CyberSource supports all of the authorization requests for Smart Authorization.

Do the checks required for Smart Authorization add any time to the normal Authorization request response time?

Yes, but not significantly. Smart Authorization checks are done in parallel with the request to the banking network for the credit card authorization. The Smart Authorization and banking networks' results are completed through an optimized result engine and returned in real time.

Can I still process orders that fail because of Smart Authorization?

Yes. Smart Authorization is a risk management tool and is intended to help distinguish risky transactions from good ones. In certain situations, the system may inappropriately decline legitimate transactions. As long as credit card authorization occurs, you may choose to settle a transaction even though it fails because of Smart Authorization.

Does a high or low risk level affect a customer's credit rating? Will banks see the risk evaluation?

No. Risk evaluation information is used solely by CyberSource to validate orders.

If Smart Authorization and Card Verification Value (CVV) are both requested for a transaction, which fails first?

The CVV result.

Does a DCALL reply flag override Smart Authorization?

Yes. A DCALL reply indicates you must call the payment processor to proceed with the transaction.

If I am currently using CyberSource services, how will Smart Authorization show up on my invoice?

Smart Authorization replaces the Credit Card Authorization Service.

What kind of checks does Smart Authorization do?

Smart Authorization checks include:

• address verification
• phone number verification
• credit card is on negative list
• address is on negative list
• obscenities
• gibberish

A transaction's level of risk is usually determined by a combination of checks that are the result of analyzing order flow patterns. For example, a decline occurs if both the AVS and gibberish checks fails, but not from just one or the other. Certain transaction data can singularly result in a decline.

Does Smart Authorization return a risk "score?"

No. Smart Authorization returns a "pass" or "fail" to make the service easy to integrate. If a transaction passes all the risk checks, it continues processing normally. If it fails the risk checks, CyberSource returns a DCARDREFUSED reply flag, which is the same code returned if the banking network declines the credit card. This allows most CyberSource payment applications to use Smart Authorization without additional coding, which would otherwise be required if a score or new codes were returned for a decline.

If the credit card is declined, CyberSource returns an additional field to note whether the bank network or Smart Authorization has declined the card. If the decline is due to Smart Authorization, CyberSource will also return risk factor codes, which describe the reason for the decline.

What indicators do you return if Smart Authorization declines the transaction?

Smart Authorization returns one or more risk factor codes. See Table 2, "Risk Factor Codes" for a complete list of risk factor codes.

Can I see a list of the exact checks the fraud system uses?

No. The specific tests and values used by Smart Authorization are proprietary information.