Skip to main content

Overview of Zuora Fraud Protection


Overview of Zuora Fraud Protection

Zuora has partnered with Microsoft Dynamics 365 Fraud Protection to provide an opt-in payment fraud protection service called Zuora Fraud Protection. This service helps protect merchants from payment fraud and reduces chargeback rates through adaptive AI technology.

This feature is in the Early Adopter phase. We are actively soliciting feedback from a small set of early adopters. If you want to join this early adopter program, submit a request at Zuora Global Support.


Powered by Microsoft, Zuora Fraud Protection grants you pre-integrated access to the Microsoft Dynamics 365 Fraud Protection portal. In the Microsoft portal, you can train the machine learning model with your data, define rules to determine the validity of the fraud, and prevent any unwanted activities from reaching your payment gateways.

By enabling this fraud protection service in Zuora, you give consent to Zuora to share the data with Microsoft. Zuora continuously submits all rejected transactions to Microsoft on your behalf at no additional cost to consistently increase the accuracy of the machine learning model for your organization.

In Zuora, you can configure whether to screen the following types of data:

  • Transactions initiated through Zuora Hosted Payment Method (HPM) pages
  • Transactions submitted by any operations that create payments through the Zuora UI, APIs, or payment runs

Screening means each individual fraud evaluation that is performed by third-party Microsoft using their Purchase API. Each transaction undergoes a single screening. Before the transaction data is sent to the gateway side, Zuora Fraud Protection is triggered and transaction data is sent to Microsoft for evaluation via their Purchase API. This evaluation process is known as a screening. 

For transactions initiated through HPM, before the transaction request is evaluated by Zuora Fraud Protection, security settings enabled in Zuora for your hosted pages are performed, such as rate limiting checks, token expiration, and Google reCAPTCHA validation. If all prior checks pass, Zuora screens the transaction through the fraud protection service. For more information on the security measures for HPM, see Security measures for Payment Pages 2.0.

If the response received from Zuora Fraud Protection is Reject, Zuora sets the payment processing status to Error, which means the purchase transaction will not be sent for payment processing. If the response received from Zuora Fraud Protection is Review or Approve, Zuora sends the purchase transaction data to the payment gateway for normal processing. Review means an inconclusive result from Zuora Fraud Protection. Approve means the transaction passed the Zuora Fraud Protection review. 

The following image shows how Zuora Fraud Protection works with Microsoft Dynamics 365 Fraud Protection to evaluate transaction data.