Revindex Storefront

Understanding payment risk

Last updated on 2016-01-26 2 mins. to read

By default, for your security and best practices, Revindex Storefront will mark the payment as "Pending" to encourage the store admin to manually verify each order for fraud, validity of the order, etc. There is no confusion between paid and unpaid. "Pending" status simply means the payment is received but should be verified for correctness. If the credit card failed to charge in the first place, the order would go into the "Incomplete" status. If your site receives very few fraud depending on what you sell, you can create a Place order action rule to mark all orders as "Paid" immediately. A place order action rule only runs when the order is completed (payment received and customer got all the way to the confirmation page). Please see How to force order and payment status for more information.

Certain payment gateways such as PayPal will report payment approved but still places it on hold internally for international payments, payment received in another currency or when a high fraud risk has been detected. In this case, the money is authorized but not yet deposited and the merchant needs to log into PayPal to manually confirm the payment for the money to be deposited into the account. If you didn't confirm the payment in PayPal, you may find out days later that the money never got deposited or the customer cancelled the payment in between while your product has shipped.

Another example, if you're accepting credit card on your site, you may have fraud and this is indicated by the AVS response code. AVS stands for Address Verification System and can report street address match, postal code match only or full match. The credit card payment gateway will always approve the transaction, but in reality, the store owner needs to decide if the AVS result is acceptable for your store depending on what you sell, the amount of risk you are willing to tolerate. For example, some shops will reject the order if the AVS reports street address match only and not postal code match to avoid high number of charge backs.

Yet, another possibility is your site charged the order to a recently stolen credit card and the payment gateway approved the order. Usually the cardholder will report the card as stolen within 24 hours and the funds will be reversed. If your business suffers from high risk of fraud, you may want to wait a fixed amount of time prior to shipping out products. 

Revindex Storefront is built with security in mind to encourage best practices but you are certainly welcome to automate certain steps where it makes sense for your kind of business. Please see Fraud for more information on using fraud score to manage your business risk.


Powered by Revindex Wiki