Zuora Fraud Protection is an opt-in payment fraud protection service that leverages the capabilities of Microsoft Dynamics 365 Fraud Protection. This service helps protect merchants from payment fraud and reduces chargeback rates through adaptive AI technology.
Before you begin
For tenants with the Multi-entity feature enabled, ensure that the ID of each tenant has been configured in Microsoft Dynamics 365 Fraud Protection. The enablement and configuration of Zuora Fraud Protection are applied for each tenant with its ID configured in Microsoft Dynamics 365 Fraud Protection.
To enable and configure Zuora Fraud Protection, follow these steps:
- Contact Zuora Global Support to set up Zuora Fraud Protection.
- Configure the fraud protection service in Microsoft.
- Configure the fraud protection service in Zuora.
Contact Zuora Global Support to set up Zuora Fraud Protection
- If you do not have an account that is properly provisioned for using Microsoft Dynamics 365 Fraud Protection, set up an account for you in Microsoft.
- Enable Zuora Fraud Protection for your Zuora tenant.
In your request, you must include the following information:
- Your Zuora tenant ID(s)
The number of tenants that Zuora can provision for you is based on your entitlement plan.
- Email alias for any desired admin users
Zuora will create the appropriate Microsoft account for you and grant secure access to those administrators to manage users and user permissions within the Microsoft DFP portal. If the email alias is not provided, Zuora cannot provision access to the account.
Configure the fraud protection service in Microsoft
After you receive confirmation from Zuora Support that your Microsoft account for Zuora Fraud Protection has been set up and the service has been enabled for your Zuora tenant, configure the service in the Microsoft DFP portal:
- Train the machine learning model
Before using Zuora Fraud Protection, it is highly recommended that you use the Data Upload function in Microsoft to train Microsoft’s machine learning model for your business needs. If this action is not taken, the data used in the machine learning algorithms will be generic and might not give you the expected results. The recommendation is to provide up to 6 months of historical data on payment method registration and payment.
For details about how to upload data, see Microsoft documentation.
- Define lists
After training the model, define the lists describing the information that you consider risky or safe. For example, you can create a list to track payment instruments that you consider risky or user email addresses that you consider safe. The lists are used as part of fraud protection rules to determine how to manage the traffic on your merchant site.
For details about how to define lists, see Microsoft documentation.
- Define rules
After defining your lists, create rules that you want to apply to each data screening. Defining rules consists of using a variety of inputs, including lists, the risk score generated by the AI model, and additional parameters from the request payload. Based on the rules composed of these inputs, the fraud protection service converts an assessment into a decision.
For details about how to define rules, see Microsoft documentation.
- (Optional) Configure additional settings within the Microsoft DFP portal:
- Velocity checks
A velocity check restricts the frequency of events that can occur. This security check is important in identifying the patterns of activities, such as the rapid submission of the same credit card or IP address during bot attacks. Depending on your existing configurations in Zuora, the velocity check configured in Microsoft might have minimal impact. Zuora has built-in rate limiting measures that precede the fraud protection service. In addition, if Google reCAPTCHA Enterprise is enabled, the velocity check will also be handled within that integration.
For details about how to perform velocity checks, see Microsoft documentation.
- Transaction Acceptance Booster
Transaction Acceptance Booster helps you benefit from higher acceptance rates by sharing information with banking institutions. It is strongly recommended to enable this feature.
For details about how to enable Transaction Acceptance Booster, see Microsoft documentation.
- Velocity checks
Configure the fraud protection service in Zuora
After you configure the fraud protection service in Microsoft, complete the following tasks in Zuora:
- Navigate to the settings for processing payments by clicking your username in the upper right, and then clicking Settings > Payments.
- Click Configure Fraud Protection Services. The Configure Fraud Protection Services page is displayed.
- Click Edit.
- Select Enable Fraud Protection.
- In the Fraud Protection Type drop-down list, select Zuora Fraud Protection.
- Configure whether to screen the following types of data with the fraud protection service by selecting the options for your needs:
- Card transactions initiated through HPM
- Non-card transactions initiated through HPM
- Card transactions submitted by any operations that create a payment through the Zuora UI, APIs, or payment runs
- Non-card transactions submitted by any operations that create a payment through the Zuora UI, APIs, or payment runs
- Click Save.
You can retrieve the data related to fraud protection services through the Payment Method Transaction Log and Payment Transaction Log objects in Data Source Export or Data Query. For more information, see the following articles:
- Payment Method Transaction Log data source
- Payment Transaction Log data source
- Construct SQL queries in Data Query
For an introduction of Zuora Fraud Protection, see Overview of Zuora Fraud Protection.