Riskified Documentation
Decline Reason Guide


Intro

Unlike most fraud prevention systems, Riskified's solution is designed to approve as many orders as possible without incurring fraud-related chargebacks. Rather than alerting you about risky indicators or data mismatches, we analyze every order holistically, taking into account all available data in an effort to provide an explanation that will allow us to approve and guarantee it despite the challenges.

Our models are very complex and take into account multiple data points as well as fraud patterns identified in previous transactions. Therefore, for every declined transaction - there is usually a set of problematic indicators that our systems have determined are similar to previous fraud attempts and fraudulent chargebacks.

For every order Riskified recommends declining, we provide a decline category and reason. Decline categories can be exported for analysis via the dashboard of your Riskified account, while decline reasons are included in the order decision email notifications, and are available in the 'Orders' tab of your Riskified account.

Riskified's decisions are a recommendation, and you can always fulfill orders we decline. However, we strongly recommend against accepting payment for declined orders as they are likely to result in an 'unauthorized payment' chargeback.


'Fraudulent' Declines

Overview

This category includes orders that have been revealed as fraudulent by Riskified's models with the highest level of certainty. These are orders that exhibit unequivocal, concrete fraud indicators. For declines in this category, Riskified is most certain that the buyer is in fact maliciously using payment details without the rightful cardholder's authorization.

Decline reasons under this category:

  1. Order exhibits strong fraudulent indicators

    A combination of data points constitutes a pattern that matches a recognized fraudulent method-of-operation. The pattern could consist of a relation between entities in the order data (e.g email and shipping address), or any other calculation of data points (e.g behavioural analysis, network analysis, etc)

  2. Order placed by an unauthorized buyer using a proxy connection to mask their identity

    The fraudulent pattern recognized by Riskified includes a malicious use of a proxy ip that enables the buyer to conceal their location. This use of proxy is not a fraudulent indicator in itself, but combined with other elements of this order, it comprises a pattern that matches a recognized fraudulent method-of-operation.

  3. Order linked by data or device fingerprinting to fraudulent activity

    Utilizing its elastic linking technology, Riskified has detected this order to be a fraud attempt. Cross-referencing this order with your historical data as well as with other transactions across Riskified's ecosystem (hundreds of merchants across verticals) has revealed its fraudulent nature.


'High Risk' Declines

Overview

This category includes orders that exhibit data points and mismatches that, based on Riskified's chargeback analysis, are highly correlated with fraudulent behavior. Our fraud detection tools and models point to a very high likelihood of fraud in orders with this combination of data mismatches and buyer behavior.

Decline reasons under this category:

  1. Order exhibits data points that are highly correlated with fraudulent activity

    Certain data points or a combination of indicators in this order have been identified by Riskified as being highly correlated with fraud, as seen in previously incurred chargebacks.

  2. Order placed using a suspect proxy connection

    Not only does the order contain data points correlated with fraud, but we have also detected a proxy connection. While proxy usage is not a fraudulent indicator in itself, when combined with other elements of this order, it is very likely an indication that the buyer is attempting to conceal their true location.

  3. Order exhibits data mismatches that are highly correlated with fraudulent activity

    Data mismatches in this order have been identified by Riskified as being highly correlated with fraud, as seen in previously incurred chargebacks. These mismatches can be explicitly evident in the order data details (e.g a specific combination of shipping region and credit card issuing country) or may be detected implicitly by Riskified using data enrichment or other advanced fraud detection techniques.

  4. Buyer exhibits high risk behavioral patterns, altering one or more data points over time

    The high risk pattern detected in this order consists of repeated purchase attempts with alternating data points - a behaviour that is highly correlated with fraud.

  5. Details provided by the buyer suggest an attempt to mask true identity

    The digital fingerprint of the buyer (e.g. email, IP, online presence) indicates they are likely attempting to conceal their true identity in a manner that Riskified has identified as being highly correlated with fraud, as seen in previously incurred chargebacks.


'Considerable Risk' Declines

Overview

This category includes orders in which certain contextual parameters (e.g combination of shopping cart mix, behavioural analysis, and geographic location) statistically point to a probability of incurring a fraud-related chargeback.

Decline reasons under this category:

  1. Declined due to high purchase velocity pattern

    Riskified has identified that given the context of repeated purchase attempts within a certain time frame, it is likely to be fraudulent.

  2. Analysis could not resolve geographic mismatch between buyer and payment method

    Riskified's model and tools, including data enrichment and elastic linking, did not provide an explanation to account for the geographic data mismatches within the order (e.g. IP - shipping address, billing address - BIN country, etc).

  3. Identity of digital goods recipient could not be established

    Due to the high risk profile of digital goods orders, a positive digital fingerprint is required for approval. In this order, the identity of the digital goods recipient could not be established.

  4. Connection between multiple online identities could not be established

    This order exhibits multiple online entities, in a manner that may indicate identity-theft. Riskified's models and tools, including data enrichment and elastic linking, did not provide an explanation to account for the mismatches between the identities associated with the order.

  5. Details provided by the buyer are inaccurate or false

    Certain details provided by the buyer (e.g billing address, billing name, email) appear to be false or fabricated. Since these details are required for our analysis and verification models, the order cannot be approved.

  6. Data points are inconsistent with legitimate shopping patterns for this segment

    Based on merchant-specific and/or industry-specific research performed on large data-sets, order details match a segment with considerable chargeback risk.

  7. Data points pertaining to buyer are inconsistent with legitimate buying patterns

    Based on comprehensive analysis of the industry and product type, this order contains data elements that are inconsistent with legitimate buying patterns.

  8. Buyer’s accumulated order value is indicative of considerable risk

    Riskified’s analysis of the customer online fingerprint, shopping patterns and order amount over time and across merchants, indicates considerable risk.

  9. Order exhibits considerable statistical probability of returning as a chargeback

    The order was analyzed against historical data. It demonstrated a lack of positive indicators and did not yield sufficient probability to conclude the order is legitimate.


Technical Declines

Overview

Orders under this category are not risk-related declines. These are orders Riskified is not able to review due to problems with the format or validity of the data. For more information, please contact dataissues@riskified.com.

Decline reasons under this category:

  1. Order declined due to invalid or missing crucial field - Email Address

    Riskified requires a valid email address in order to review orders. Please note that this can also happen when the customer’s email is being masked or encrypted for some reason.

  2. Order declined due to invalid or missing crucial field - Browser ip

    Riskified requires the buyer’s browser ip in order to review orders. Please note that orders sent with an internal IP, your office IP or a 3rd party service IP also fall under the missing browser IP category.

  3. Order declined due to invalid or missing crucial field - Shipping address

    Riskified requires a valid shipping address (i.e street address, zipcode and country code) in order to review orders for tangible goods. In case of a chargeback, this address is later cross-referenced by Riskified against the delivery information.

  4. Order declined due to invalid or missing crucial field - Billing Phone

    Riskified requires a valid billing phone number in order to review orders in which email address is not applicable.

  5. Order declined because email address does not exist for a digital product

    Riskified performs data enrichment and validation for every processed order. If the provided email does not exist for a digitally received goods, the order is declined for technical reasons.

  6. Declined due to technical data issue

    A technical data issue not otherwise specified. Please contact dataissues@riskified.com to identify and correct.

Business Declines

Overview

Orders under this category have not been decided upon by Riskified. These are orders Riskified declined based on rules or policies defined by your organization.

Decline reasons under this category:

  1. Declined due to merchant 'business exclusion' policy

    Order was declined due to rules and/or a policy defined by your organization. To learn more, contact your Riskified account manager, or contact support@riskified.com.