Skip to main content

Enable and configure Zuora Fraud Protection

Zuora

Enable and configure Zuora Fraud Protection

Zuora Fraud Protection is an opt-in payment fraud protection service that leverages the capabilities of Microsoft Dynamics 365 Fraud Protection. This service helps protect merchants from payment fraud and reduces chargeback rates through adaptive AI technology.

Before you begin

For tenants with the Multi-entity feature enabled, ensure that the ID of each tenant has been configured in Microsoft Dynamics 365 Fraud Protection. The enablement and configuration of Zuora Fraud Protection are applied for each tenant with its ID configured in Microsoft Dynamics 365 Fraud Protection. 

Procedure

To enable and configure Zuora Fraud Protection, follow these steps:

  1. Contact Zuora Global Support to set up Zuora Fraud Protection.
  2. Configure the fraud protection service in Microsoft.
  3. Configure the fraud protection service in Zuora.

Step 1. Contact Zuora Global Support to set up Zuora Fraud Protection

To set up Zuora Fraud Protection, submit a request to Zuora Global Support and Zuora will perform the following tasks:

  • If you do not have an account that is properly provisioned for using Microsoft Dynamics 365 Fraud Protection, set up an account for you in Microsoft.
  • Enable Zuora Fraud Protection for your Zuora tenant. 

In your request, you must include the following information:

  • Your Zuora tenant ID(s)

    The number of tenants that Zuora can provision for you is based on your entitlement plan.

  • Email alias for any desired admin users

Zuora will create the appropriate Microsoft account for you and grant secure access to those administrators to manage users and user permissions within the Microsoft DFP portal. If the email alias is not provided, Zuora cannot provision access to the account.

Step 2. Configure the fraud protection service in Microsoft

After you receive confirmation from Zuora Support that your Microsoft account for Zuora Fraud Protection has been set up and the service has been enabled for your Zuora tenant, configure the service in the Microsoft DFP portal:

  1. Define lists

    Define the lists describing the information that you consider risky or safe. For example, you can create a list to track payment instruments that you consider risky or user email addresses that you consider safe. The lists are used as part of fraud protection rules to determine how to manage the traffic on your merchant site.

    For details about how to define lists, see Microsoft documentation.

  2. Define rules

    After defining your lists, create rules that you want to apply to each data screening. Defining rules consists of using a variety of inputs, including lists, the risk score generated by the AI model, and additional parameters from the request payload. Based on the rules composed of these inputs, the fraud protection service converts an assessment into a decision.

    For details about how to define rules, see Microsoft documentation. For examples of rules, see Examples of rules used in Zuora Fraud Protection.

  3. (Optional) Configure additional settings within the Microsoft DFP portal:
    • Velocity checks

      A velocity check restricts the frequency of events that can occur. This security check is important in identifying the patterns of activities, such as the rapid submission of the same credit card or IP address during bot attacks. Depending on your existing configurations in Zuora, the velocity check configured in Microsoft might have minimal impact. Zuora has built-in rate limiting measures that precede the fraud protection service. In addition, if Google reCAPTCHA Enterprise is enabled, the velocity check will also be handled within that integration.

      For details about how to perform velocity checks, see Microsoft documentation.

    • Transaction Acceptance Booster

      Transaction Acceptance Booster helps you benefit from higher acceptance rates by sharing information with banking institutions. It is strongly recommended to enable this feature.

      For details about how to enable Transaction Acceptance Booster, see Microsoft documentation.

Step 3. Configure the fraud protection service in Zuora

After you configure the fraud protection service in Microsoft, complete the following tasks in Zuora:

  1. Navigate to the settings for processing payments by clicking your username in the upper right, and then clicking Settings > Payments.
  2. Click Configure Fraud Protection Services. The Configure Fraud Protection Services page is displayed.
  3. Click Edit.
  4. Configure whether to screen the following types of data with the fraud protection service by selecting the options for your needs:
    • Card transactions initiated through hosted payment pages
    • Non-card transactions (Bank Transfer and ACH) initiated through hosted payment pages
    • Card transactions submitted by any operations that create a payment through the Zuora UI, APIs, or payment runs
    • Non-card transactions (Bank Transfer and ACH) submitted by any operations that create a payment through the Zuora UI, APIs, or payment runs
  5. If you want to upload and pass your chargeback data in Zuora to Microsoft, select Enable automatic chargeback data uploads. Your chargeback data will be used in training Microsoft's machine-learning model to ensure the maximum efficacy of the model. For more information, see Transactions uploaded as chargeback data.
  6. Click Save.

Additional information

Transactions uploaded as chargeback data

After the Enable automatic chargeback data uploads setting is enabled, transactions invoked by the following events are sent to Microsoft as chargeback data if the refund is associated with a transaction through a Zuora Fraud Protection screening event:

Event Description
If the refundTransactionType field in the request body is set to Chargeback, the transaction invoked by the API operation is uploaded as chargeback data.
Reverse a payment API operation All transactions invoked by this API operation are uploaded as chargeback data.
Based on the job files or notifications returned from the gateway, data for chargeback Gateway Reconciliation events are uploaded.

Related information