Policies, sometimes referred to as “Risk Policies” are , is a comprehensive risk management system designed to automate and streamline decision-making processes for Merchants and transactions on the platform to group a batch of Risk Decisions at once automatically.
Policies - What makes up a policy?
A policy is made up of 5 components, . Facilitators can create and configure Policies that serve as a set of rules and conditions governing how various risk services and checks are applied.
Policies provide a powerful and customizable platform for automating risk management decisions, leveraging a variety of native and third-party risk review services and checks, and offering a flexible framework to adapt to the dynamic nature of Merchant and Transaction risk assessment.
A Policy is made up of 7 components: Stage, Target Decisions, Sub-Decisions, Rules, Dependencies, and Failover Dependencies. See the table below for descriptions of each:
Policy Component | Description | |
Decisions | A configuration of risk rules allowing Facilitators or Referrers to set specific risk criteria to determine the automated action that should occur to a Stage | The Merchant boarding or Transaction processing stage where the Policy will be applied. |
Target | The Partition (Facilitator portfolio), Division (a Referrer’s portfolio), or Entity (Referrer or Merchant). | |
Status | Whether or not the Policy will be actively applied (Active or Inactive). | |
Decisions | A configuration of risk rules allowing Facilitators or Referrers to set specific risk criteria to determine the automated action that should occur to a transaction or entity. | |
Sub-Decisions | Specific Decision criterial criteria used to initiate the Decision Action. | |
Rules | Conditional Sub-Decision criteria to further refine the Decision Action requirement. | |
Dependencies | The result of another Decision acts as a prerequisite to trigger the current policy. | |
Failover Dependencies | The action that should be taken if a Decision dependency fails or an error occurs to avoid the Decision action. |
...
Decision dependency fails or an error occurs to avoid the Decision action. |
...
Stage
The Stage determines at what Merchant Boarding or Transaction processing status that the Policy should take effect:
Stage | Description | Status Type |
---|---|---|
Create Entity | When an entity is created. | Merchant Boarding |
Pre-board | When the entity is created, but not yet boarded. | Merchant Boarding |
Underwriting | When an entity is being risk-reviewed for boarding. | Merchant Boarding |
Post-board | After the entity has passed risk review and completed boarding. | Merchant Boarding |
Transaction | For any transaction processing event. | Transaction Processing |
Activation | When a payment terminal is activated in a payment transaction. | Transaction Processing |
Auth | When a credit card is authorized for a transaction. | Transaction Processing |
Post-Auth | After a credit card has already been authorized for a transaction. | Transaction Processing |
Capture | When a credit card payment is captured. | Transaction Processing |
Refund | When a transaction refund is issued. | Transaction Processing |
E-Check | When an eCheck transaction is processed. | Transaction Processing |
Change Review | When a bank account change request occurs from an entity. | Merchant Boarding |
Decisions
Decisions serve as the central control points within a Policy, coordinating the application of Sub-Decisions, Rules and Dependencies with the initially specified risk service.
You can find all available Decisions here:
Expand | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Sub-Decisions
...
Policy Component
...
Description
...
Subtype
...
Match Rule
...
Risk Level
...
Operator
...
Value
...
Action
...
|
...
Sub-Decisions
Decisions utilize a modular approach called Sub-Decision to break down decisions tied to individual risk services like Realtime Member Search, ThreatMetrix, Equifax Consumer Credit Report, and more.
Policy Component | Description |
Subtype | The specific risk service or check corresponding to a distinct Decision type. |
Match Rule | Decides how the Sub-Decision is applied, either “All” (every owner meeting the criteria) or “Any” (only one owner having to meet the criteria). |
Risk Level | Optional prioritization based on the Merchant’s Risk Score (0-100), with Low (67-100), Medium (34-67), or High (0-33). |
Operator | Criteria filters determining the action based on the provided data from the risk service. |
Value | Specific data values associated with specific Operators. |
Action | The automated process(es) triggered when the Operator and Value criteria are met. |
...
Subtypes
Subtypes are used to further specify the criteria needing to be met by the specific risk service data returned.
See the subtypes available for each decision below:
Realtime Member Search
Expand | ||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||
|
Realtime Business Search
Expand | ||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||
|
Mastercard Match
Expand | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Business Instant ID
Expand | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Consumer Instant ID
Expand | ||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||
|
Consumer Instant ID (Basic)
Expand | ||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||
|
ThreatMetrix
Expand | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||
|
ThreatMetrix Transactions
Expand | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||
|
ThreatMetrix Emailage
Expand | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
ThreatMetrix FraudPoint
Expand | ||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
|
ThreatMetrix PhoneFinder
Expand | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
LegitScript Register
Expand | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
|
Equifax Consumer Credit Report
Expand | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||
|
Charity Check
Expand | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||
|
GIACT Inquiry
Expand | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||
|
GIACT Transaction Inquiry
Expand | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||
|
GIACT gAuthenticate
Expand | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||
|
GIACT Transaction gAuthenticate
Expand | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||
|
Payrix Payload Attribute
Expand | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Payrix Payload Transaction Attribute
Expand | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Risk Rating
Expand | ||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||
|
Transaction Size
Expand | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
|
Transaction Attribute
Expand | ||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||
|
Transaction Authorization
Expand | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
|
AVS Response
Expand | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
|
Country Block
Expand | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
|
Transaction Metrics
Expand | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
TIN Check
Expand | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||
|
Trulioo Identity Document Verification (IDV)
Expand | ||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||
|
Trulioo Business Verification
Expand | ||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||
|
Trulioo Async Business Verification
Expand | ||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||
|
Trulioo Anti-Money Laundering Identity Document Verification (AML IDV)
Expand | ||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||
|
Plaid Get Identity
Expand | ||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||
|
Plaid Identity Match
Expand | ||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||
|
Plaid Transaction Identity Match
Expand | ||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||
|
Plaid Transaction Get Identity
Expand | ||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||
|
Plaid Transaction Get Authorization (Auth)
Expand | ||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||
|
Baseline Transaction Metrics Outlier Ticket Size
Expand | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||
|
Match Rule
Match Rules are criteria deciding how the sub-decision will be applied based on who triggers it.
All - Requires every owner to meet the criteria for the action to be applied.
Any - Requires only one owner to meet the criteria for the action to be applied.
Risk Level
Risk Level sets an optional prioritization to apply the sub-decision action based on the Merchant’s Risk Score range, between 0 and 100, 0 being the highest risk and 100 being the lowest. This Merchant Risk Score is displayed on the Merchant Risk Management Details page:
Low - 67-100
Medium - 34 to 66
High - 0 to 33
Operators
Operators act as the criteria filter for each Sub-Decision to read the data provided and trigger the configured Decision action accordingly.
Operator | Description | Example |
---|---|---|
Truthy | The operator and the value of “True” in a true/false boolean to trigger the Decision action. | Conflict with DOB: Truthy - There is a conflict with the entity member’s date of birth. |
Falsy | The operator and the value of “False” in a true/false boolean to trigger the Decision action. | Plaid Verification: Falsy - No Plaid Verification has occurred for the entity. |
Is Present | If any result is present, trigger the Decision action. | OFAC Watch List Match: Is Present - Entity appeared on an OFAC Watch List. |
Is Empty | If no result is present, trigger the Decision action. | Entity TC Date: Is Empty - No Entity Terms and Conditions Agreement Date was found. |
Greater than or equal to threshold. | Sets a range above the preset threshold value to trigger the Decision action at or above. | Entity Score: Greater than or equal to 89. |
Less than or equal to threshold. | Sets a range below the preset threshold value to trigger the Decision action at or below. | FICO Score: Less than or equal to 650. |
Matches Value | If result is an exact match to the set value, trigger the Decision action. | Risk Indicator Code: Matches Value “10” - The input business name matches a name on the OFAC file. |
No Match | If the result does not match the set value, trigger the Decision action. | [Charity] Subsection Code: No Match - The result does not match a valid non-profit entity type. |
Value
Each Value will be dependent on the available Operators for each Subtype.
Truthy, Falsy,Is Present, and IsEmpty Operators do not require a Value to be set.
Greater than or equal to threshold, Less than or equal to threshold, Matches Value, and No Match Operators require a specific Value to be set:
Applicable Values for each risk service being reviewed are available in the Subtypes sections above.
Actions
Decision Actions are set automated processes that take place when the specific Subtype’s Operator and Value criteria are met.
Action | Description |
---|---|
Skipped | The Sub-Decision will skip the transaction or Merchant without taking the specific action of that Sub-Decision, but may still apply to other Sub-Decision in a Policy. |
Pass | The Merchant or Transaction meets the criteria and is allowed to pass without any action taking place. |
None | No Action will occur. |
Errored | Respond to Merchant Boarding or Transaction processing with an error. |
Reserve | The funds for the transaction will not be released until the Transaction is manually reviewed. |
Hold | The transaction not be captured until it is manually released. |
Block | Block the Transaction from proceeding or Merchant from boarding. This returns an error. |
Post Review Only | The Merchant or Transaction is flagged for review, but no immediate action is taken allowing for a Post Review decision to be made |
Approve | The Merchant or Transaction is released from any holds and approved to board or process respectively. |
Manual Review | The Merchant or Transaction in question is held for manual review. |
...
Rules
Rules are additional Sub-Decision criteria that can be optionally applied in a series of and/or linking, similar to traditional Conditional Rules shown on Decisions.
Note: All additional criteria and parameters for Rules are the same as those available from the Sub-Decision
...
Dependencies
Each Decision supports other conditional Decisions known as Dependencies. All Dependencies of the Decision will execute first and the Decision itself will only run if all dependencies have passed.
There must be at least one Decision with no dependencies in the list of Decisions.
...
Failover Dependencies
An optional type of dependency in case of a timeout error from the initial subtype’s risk service.
...