Fraud Detection
Pixlpay includes a comprehensive fraud detection system to help protect your store from fraudulent transactions and chargebacks. This feature is available on the Pro plan and above.
Overview
The fraud detection system analyzes every checkout attempt in real-time, assigning a risk score based on multiple signals. Depending on your configuration, suspicious transactions can be:
- Blocked - Prevented from completing
- Flagged - Allowed but marked for review
- Verification Required - Customer must verify their identity
This helps you reduce chargebacks, prevent fraud losses, and maintain a healthy payment processing relationship with your payment providers.
Plan Requirement
Pro Plan Required
Fraud Detection is a Pro plan feature. Upgrade to Pro or higher to enable fraud protection for your store.
Detection Methods
Pixlpay's fraud detection system uses multiple signals to assess transaction risk:
VPN Detection
Detects when a customer is using a Virtual Private Network (VPN) to hide their real location. While VPNs have legitimate uses, they are commonly used by fraudsters to mask their identity.
Risk Points: 30
Proxy Detection
Identifies connections coming through proxy servers, which are often used to mask the customer's real IP address and location.
Risk Points: 25
Tor Detection
Detects transactions originating from Tor network exit nodes. The Tor network provides anonymous browsing and is frequently associated with fraudulent activity.
Risk Points: 50
Datacenter IP Detection
Identifies IP addresses belonging to datacenter/hosting providers rather than residential ISPs. Real customers typically don't make purchases from datacenter IPs.
Risk Points: 20
Velocity Checks
Monitors for suspicious patterns of multiple purchases:
- IP Velocity - Too many orders from the same IP address in a short time window
- Email Velocity - Too many orders using the same email address
You can configure:
- Maximum orders per IP address (1-100)
- Maximum orders per email (1-50)
- Time window in minutes (15-1440)
Risk Points: Up to 40 (IP) + 35 (Email) = 75
Disposable Email Detection
Identifies temporary or throwaway email addresses from services like Mailinator, Guerrilla Mail, and hundreds of others. Fraudsters often use disposable emails to avoid tracking.
Risk Points: 20
Geographic Mismatch
Flags transactions where the detected IP location differs from the billing address country. While travelers may trigger this, significant geographic mismatches can indicate fraud.
Risk Points: 25
Sanctioned Countries
Automatically blocks transactions from countries under international sanctions (OFAC list):
- Cuba
- Iran
- North Korea
- Syria
- Russia
- Belarus
Risk Points: 100 (automatic block)
You can also add custom blocked countries based on your business needs.
Risk Scoring
Each detection signal adds points to the transaction's risk score (capped at 100). The risk level is determined as follows:
| Risk Score | Risk Level |
|---|---|
| 0-39 | Low |
| 40-59 | Medium |
| 60-79 | High |
| 80-100 | Critical |
Sensitivity Levels
You can adjust the sensitivity to control how strictly transactions are evaluated:
| Sensitivity | Block Threshold | Flag Threshold | Verify Threshold |
|---|---|---|---|
| Low (Permissive) | 80 | 60 | 70 |
| Medium (Balanced) | 60 | 40 | 50 |
| High (Strict) | 40 | 20 | 30 |
Recommended Settings
For most gaming stores, Medium sensitivity provides a good balance between fraud prevention and false positives. Start with Medium and adjust based on your experience.
Dashboard Walkthrough
The Fraud Dashboard provides a complete view of fraud detection activity:
Statistics Overview
At the top of the dashboard, you'll see key metrics:
- Blocked Today - Transactions prevented from completing
- Flagged Today - Transactions marked for review
- Allowed Today - Transactions that passed checks
- Pending Review - Flagged transactions awaiting your review
- High Risk Today - Transactions scoring High or Critical
Settings Panel
The left panel allows you to configure fraud detection:
- Enable/Disable - Master toggle for fraud detection
- Sensitivity Level - Low, Medium, or High
- Action on Detection - What happens when fraud is detected
- Detection Signals - Toggle individual detection methods
Fraud Checks Table
The main table shows all fraud checks with:
- Time - When the check occurred
- Email - Customer email address
- IP / Location - IP address and detected location
- Risk - Score and risk level (Low/Medium/High/Critical)
- Action - What action was taken (Allowed/Flagged/Blocked)
- Signals - Which detection methods triggered (VPN, Proxy, Tor, etc.)
You can filter by:
- Risk level
- Action taken
- Review status
Reviewing Flagged Orders
When a transaction is flagged or blocked, you should review it to determine if it was legitimate:
- Navigate to the Fraud Dashboard
- Filter by Pending Review status
- Click Review on a fraud check
- Examine the signals and details
- Select an outcome:
- Legitimate - False positive, customer is genuine
- Fraud - Confirmed fraudulent activity
- Inconclusive - Unable to determine
- Add optional notes
- Click Submit Review
What to Look For
When reviewing flagged transactions:
- Geographic Mismatch - Check if the customer might be traveling or using a VPN for legitimate reasons
- VPN/Proxy - Gaming customers sometimes use VPNs; consider context
- Velocity - Did a customer make multiple legitimate purchases?
- Order History - Has this customer purchased before successfully?
TIP
If you find many false positives from VPN detection, consider whether your gaming audience commonly uses VPNs and adjust accordingly.
Configuring Thresholds
Detection Signals
Enable or disable individual detection methods based on your needs:
| Signal | Recommended | Notes |
|---|---|---|
| Block VPNs | Optional | May cause false positives with gaming audience |
| Block Proxies | Yes | Proxies are more suspicious than VPNs |
| Block Tor | Yes | Tor is rarely used for legitimate purchases |
| Block Sanctioned Countries | Yes | Required for compliance |
| Check Geographic Mismatch | Yes | Useful signal when combined with others |
| Velocity Checks | Yes | Essential for preventing card testing |
| Block Disposable Emails | Yes | Disposable emails are a strong fraud signal |
Velocity Settings
Configure velocity limits based on your typical customer behavior:
| Setting | Default | Recommendation |
|---|---|---|
| Orders per IP | 10 | Lower if you see card testing attacks |
| Orders per Email | 5 | Most customers don't need more |
| Time Window | 60 min | Shorter window = stricter |
Whitelists
You can whitelist trusted IPs and email addresses that should bypass fraud checks:
- Whitelisted IPs - Add IP addresses that should always be allowed (e.g., your office IP)
- Whitelisted Emails - Add email addresses that should always be allowed (e.g., known good customers)
Custom Blocked Countries
Beyond sanctioned countries, you can block additional countries based on your business needs:
- Go to Fraud Settings
- Find "Custom Blocked Countries"
- Add country codes (e.g., "NG" for Nigeria)
Best Practices
1. Start with Medium Sensitivity
Begin with Medium sensitivity and monitor for a week. Adjust up (High) if you see too much fraud, or down (Low) if you're blocking legitimate customers.
2. Review Flagged Transactions Regularly
Don't let flagged transactions pile up. Review them daily to:
- Identify patterns in false positives
- Catch real fraud attempts
- Fine-tune your settings
3. Use Multiple Signals
Don't rely on a single detection method. The combination of multiple signals provides more accurate fraud detection than any single method alone.
4. Consider Your Audience
Gaming communities often use VPNs for legitimate reasons (privacy, bypassing regional restrictions). Consider being more lenient with VPN detection while keeping other signals strict.
5. Monitor Chargeback Rates
Your ultimate metric is chargeback rate. If chargebacks decrease after enabling fraud detection, your settings are working.
6. Whitelist Trusted Sources
If you have regular customers or partners who frequently trigger false positives, add them to your whitelist rather than loosening global settings.
7. Block Disposable Emails
This is one of the highest-value signals. Legitimate customers rarely use disposable email addresses.
8. Keep Velocity Checks Enabled
Velocity checks are essential for detecting card testing attacks, where fraudsters try multiple small transactions to validate stolen cards.
Understanding Actions
| Action | Description | When to Use |
|---|---|---|
| Block | Prevents checkout completion | Highest protection, may increase false positives |
| Flag | Allows checkout but marks for review | Balanced approach, requires manual review |
| Verify | Requires additional customer verification | Good for borderline cases |
Troubleshooting
Too Many False Positives
If legitimate customers are being blocked:
- Lower the sensitivity level
- Disable VPN detection if your audience commonly uses VPNs
- Add known good customers to the whitelist
- Increase velocity limits
Not Catching Enough Fraud
If you're still seeing fraudulent transactions:
- Increase sensitivity level to High
- Enable all detection signals
- Lower velocity limits
- Switch action from "Flag" to "Block"
Specific Countries Causing Issues
If you're seeing fraud from specific countries:
- Add them to your custom blocked countries list
- Consider if you actually serve customers in those regions
Related Features
- Customer Bans - Manually ban problematic customers
- Activity Logs - Track all store activity
- Two-Factor Auth - Secure your store owner account