Zuora Fraud Protection is an opt-in payment fraud protection service that leverages the capabilities of Microsoft Dynamics 365 Fraud Protection. This service helps protect merchants from payment fraud and reduces chargeback rates through adaptive AI technology.
Before you begin
For tenants with the Multi-entity feature enabled, ensure that the ID of each tenant has been configured in Microsoft Dynamics 365 Fraud Protection. The enablement and configuration of Zuora Fraud Protection are applied for each tenant with its ID configured in Microsoft Dynamics 365 Fraud Protection.
To enable and configure Zuora Fraud Protection, follow these steps:
- Contact Zuora Global Support to set up Zuora Fraud Protection.
- Configure the fraud protection service in Microsoft.
- Configure the fraud protection service in Zuora.
Step 1. Contact Zuora Global Support to set up Zuora Fraud Protection
- If you do not have an account that is properly provisioned for using Microsoft Dynamics 365 Fraud Protection, set up an account for you in Microsoft.
- Enable Zuora Fraud Protection for your Zuora tenant.
In your request, you must include the following information:
- Your Zuora tenant ID(s)
The number of tenants that Zuora can provision for you is based on your entitlement plan.
- Email alias for any desired admin users
Zuora will create the appropriate Microsoft account for you and grant secure access to those administrators to manage users and user permissions within the Microsoft DFP portal. If the email alias is not provided, Zuora cannot provision access to the account.
Step 2. Configure the fraud protection service in Microsoft
After you receive confirmation from Zuora Support that your Microsoft account for Zuora Fraud Protection has been set up and the service has been enabled for your Zuora tenant, configure the service in the Microsoft DFP portal:
- Define lists
Define the lists describing the information that you consider risky or safe. For example, you can create a list to track payment instruments that you consider risky or user email addresses that you consider safe. The lists are used as part of fraud protection rules to determine how to manage the traffic on your merchant site.
For details about how to define lists, see Microsoft documentation.
- Define rules
After defining your lists, create rules that you want to apply to each data screening. Defining rules consists of using a variety of inputs, including lists, the risk score generated by the AI model, and additional parameters from the request payload. Based on the rules composed of these inputs, the fraud protection service converts an assessment into a decision.
- (Optional) Configure additional settings within the Microsoft DFP portal:
- Velocity checks
A velocity check restricts the frequency of events that can occur. This security check is important in identifying the patterns of activities, such as the rapid submission of the same credit card or IP address during bot attacks. Depending on your existing configurations in Zuora, the velocity check configured in Microsoft might have minimal impact. Zuora has built-in rate limiting measures that precede the fraud protection service. In addition, if Google reCAPTCHA Enterprise is enabled, the velocity check will also be handled within that integration.
For details about how to perform velocity checks, see Microsoft documentation.
- Transaction Acceptance Booster
Transaction Acceptance Booster helps you benefit from higher acceptance rates by sharing information with banking institutions. It is strongly recommended to enable this feature.
For details about how to enable Transaction Acceptance Booster, see Microsoft documentation.
- Velocity checks
Step 3. Configure the fraud protection service in Zuora
After you configure the fraud protection service in Microsoft, complete the following tasks in Zuora:
- Navigate to the settings for processing payments by clicking your username in the upper right, and then clicking Settings > Payments.
- Click Configure Fraud Protection Services. The Configure Fraud Protection Services page is displayed.
- Click Edit.
- Configure whether to screen the following types of data with the fraud protection service by selecting the options for your needs:
- Card transactions initiated through hosted payment pages
- Non-card transactions (Bank Transfer and ACH) initiated through hosted payment pages
- Card transactions submitted by any operations that create a payment through the Zuora UI, APIs, or payment runs
- Non-card transactions (Bank Transfer and ACH) submitted by any operations that create a payment through the Zuora UI, APIs, or payment runs
- If you want to upload and pass your chargeback data in Zuora to Microsoft, select Enable automatic chargeback data uploads. Your chargeback data will be used in training Microsoft's machine-learning model to ensure the maximum efficacy of the model. For more information, see Transactions uploaded as chargeback data.
- Click Save.
Transactions uploaded as chargeback data
After the Enable automatic chargeback data uploads setting is enabled, transactions invoked by the following events are sent to Microsoft as chargeback data if the refund is associated with a transaction through a Zuora Fraud Protection screening event:
refundTransactionType field in the request body is set to
Chargeback, the transaction invoked by the API operation is uploaded as chargeback data.
|Reverse a payment API operation
|All transactions invoked by this API operation are uploaded as chargeback data.
|Based on the job files or notifications returned from the gateway, data for chargeback Gateway Reconciliation events are uploaded.
- You can retrieve the data related to fraud protection services through the Payment Method Transaction Log and Payment Transaction Log objects in Data Source Export or Data Query. For more information, see the following articles:
- For more information about Zuora Fraud Protection, see the following articles: