Blocking rules
Overview
Blocking Rules are used to automatically block transactions that meet certain criteria without informing the cardholder of the reason that the transaction is declined. Blocking rules can be implemented to block transactions that are likely to be fraudulent, high risk, or that do not comply with regulatory requirements.
If the transaction is blocked by a blocking rule, it is declined by your bank. This saves merchants from having to pay fees for chargebacks and refunds, as the transactions are not forwarded for further processing.
How blocking rules work
Blocking rules are created using relational operators between values to determine if a transaction should be blocked. For example, you can set rules that block transactions based on the transaction amount, the cardholder's country, or the cardholder's email address, or that require certain conditions are met before the transaction is allowed to proceed.
You can create blocking rulesets at the organisation or company level, which applies to all merchant sites, or you can apply blocking rules to specific merchant sites. You can create multiple rulesets for each merchant, combining various criteria to control which transactions are blocked. Each rule within a ruleset is added separately, for example, you can create a rule that blocks transactions over a certain amount, and another rule that blocks transactions from a specific country.
If any rule within a ruleset is triggered during a transaction, the transaction is blocked by your bank's validation service.
Types of blocking rules available in OnlinePay
| Blocking Rule | Description | Operators | Value Field |
|---|---|---|---|
| Amount | Triggered based on the transaction amount. | - is less than - is less than or equal to - is equal to - is not equal to - is greater than | Accepts any number. |
| Currency Code | Triggered based on the currency code of the transaction. | - is equal to - is not equal to | Drop-down of all currency codes accepted by your bank. |
| Customer | Triggered based on the customer’s ID. | - is equal to - is not equal to | Accepts any text. |
| Customer Country Code | Triggered based on the shopper’s country code. | - is equal to - is not equal to | Drop-down of all country codes accepted by your bank. |
| Customer IP | Triggered based on the shopper’s IP address. | - is equal to - is not equal to | Accepts IP-formatted content. |
| Customer IP Country | Triggered based on the country code of the shopper’s IP address. | - is equal to - is not equal to | Drop-down of all country codes accepted by your bank. |
| Issuer Country | Triggered based on the country code of the shopper’s payment card issuer. | - is equal to - is not equal to | Drop-down of all country codes accepted by your bank. |
| Organization ID | Triggered based on the merchant entity that initiated the transaction. | - is equal to - is not equal to | Accepts any number. |
| 3DS Enrollment Status | Triggered based on the 3DS enrollment status during the 3DS process. | - is equal to - is not equal to | - Yes (Y) - Bank is participating - No (N) - Bank is not participating - Unavailable (U) - Bypass (B) |
| 3DS Authentication Status | Triggered based on the outcome of the 3DS authentication. | - is equal to - is not equal to | - Successful (Y) - Failed (N) - Authentication attempts (A) - Challenge required (C) - Rejected (R) |
| 3DS Error | Triggered if an error occurs during the 3DS process. | - is equal to - is not equal to | Accepts any number. |
Blocking rule access
Blocking rules are created by users with a Merchant Admin role in the OnlinePay dashboard and are applied at the merchant organisation level or to child organisations. Users with the following roles are able to view the blocking rules:
- Merchant Reviewer
- Merchant Supervisor
- Merchant User
Default blocking rules
The following blocking rules are included in OnlinePay by default:
-
3D Secure blocking rules that prevent transactions that are not fully authenticated by 3D Secure. These rules help protect merchants from fraud and are designed to block transactions that are not fully authenticated by 3D Secure.
Note
This may result in blocking legitimate transactions, as customers may abandon the transaction when prompted to enter a one-time password (OTP) for a 3D Secure transaction.
-
Issuer country rules are in place by default to reduce fraud. Default issuer country rules block transactions from countries other than:
- Australia
- New Zealand
- United States
- United Kingdom and Northern Ireland
- Japan
You can edit, delete, or create custom blocking rules that override these rules.
Important
If you disable the default 3D Secure blocking rules, you may be liable for chargebacks. Fully authenticated 3D Secure transactions are protected from chargebacks. The default blocking rules are in place to block any transaction that is not fully authenticated.
Where a chargeback occurs, merchants are responsible for repaying the card issuer the chargeback amount.
Fully authenticated 3DS transactions are protected from chargebacks. The blocking rules that your bank include by default block any transaction that is not fully authenticated.
Manage blocking rules
You can create, edit, or delete blocking rules in the OnlinePay dashboard in the Blocking Rulesets page.
Create a new blocking rule
Use the following process to create a new blocking rule using the OnlinePay dashboard:
-
In the OnlinePay dashboard, navigate to Administration > Advanced Settings > Blocking Rulesets.
-
Select the organisation where you want to apply the rule/s. If you have organisations with multiple merchant sites, you can select the organisation or select specific merchant site/s to which you want to apply the blocking rule/s.
-
If this is the first time you have created a blocking rule, you need to click Customise Rulesets. If you have previously modified the blocking rules or completed this step already, skip to step 5.
-
Click Customise to confirm that you want to override the inherited rulesets with your preferred custom rulesets.
-
Click Add new ruleset to create a new blocking rule.
-
In the Create ruleset screen you must provide a name or description of the rule or ruleset.
-
Select whether or not the ruleset will apply to all merchant sites within the selected organisation (child organisations), or to the specified organisation only.
-
Configure the ruleset by adding rules from the drop-down list, selecting the operator, and entering the value that triggers the rule. To complete adding a single rule, click Create ruleset.
For example, this ruleset blocks transactions where the transaction amount is greater than $1000.
-
To add additional rules to the ruleset, click Add rule and repeat step 8. This will add another condition to the ruleset. For the transaction to be blocked, all conditions must be met.
For example, this ruleset blocks transactions where the transaction amount is greater than $1000 and the customer country code is not Australia.
-
Click Create ruleset to save and apply the ruleset. The ruleset or rule will be applied to all future transactions on the selected merchant site/s.
Edit a blocking rule
You can edit a blocking rule from the Blocking Rulesets page in the OnlinePay dashboard.
-
In the OnlinePay dashboard, navigate to Administration > Advanced Settings > Blocking Rulesets.
-
Locate the ruleset that you want to edit, then click Edit ruleset.
-
Make the required changes to the ruleset.
You can remove a rule by clicking the delete icon
next to the rule, add a new rule by clicking Add rule, or change the operator or value of an existing rule. -
Click Save changes when you are finished.
Delete a blocking rule
You can delete a blocking rule from the Blocking Rulesets page in the OnlinePay dashboard.
-
In the OnlinePay dashboard, navigate to Administration > Advanced Settings > Blocking Rulesets.
-
Locate the ruleset that you want to delete, then click Delete ruleset.
-
In the confirmation dialog, click Delete blocking ruleset to confirm that you want to delete the selected ruleset.. This action cannot be undone.
To keep the ruleset, click Keep blocking ruleset.
Updated 7 months ago