Recipient Verification is an optional feature of our Plug-In & SaaS Products.
Recipient verification is a common fraud prevention tool used both in card-present & card-not-present (CNP) transactions. Ingo recipient verification is used as a form of Know-Your-Customer (KYC) compliance. Custom configuration options are available based upon information passed to Ingo during instantiation.
Clients are required to provide Recipient Information to Ingo Payments with the Session Mgmt API request as a component of our identity verification processes. Clients are able to customize their risk tolerance and resulting behaviors based on the matching of information passed during instantiation vs. manual user input.
When configured, Recipient Verification is performed within the iFrame by 'Verifying Customer Input Data' against 'Client Provided Recipient Information'.
Risk Value Definitions
| Property | Type | Required/Optional | Description | Risk Values |
|---|---|---|---|---|
| FirstName | String |
Required | First Name of the intended Recipient. | Hard / Soft / Bypass |
| LastName | String |
Required | Last Name of the intended Recipient. | Hard / Soft / Bypass |
| Address1 | String |
Required | Address Line 1 of the intended Recipient. | Hard / Soft / Bypass |
| Address2 | String |
Optional | Address Line 2 of the intended Recipient. | Hard / Soft / Bypass |
| City | String |
Required | City of the intended Recipient. | Hard / Soft / Bypass |
| State | String |
Required | State of the intended Recipient. | Hard / Soft / Bypass |
| ZipCode | String |
Required | Zip Code of the intended Recipient. | Hard / Soft / Bypass |
| Consumer Maximum Attempts | Integer |
Required | Number of matching attempts before a Hard Failure without continue. | 1-10 |
Address Verification Service is an optional feature for Card based disbursements.
The Address Verification Service, or AVS, is one of the most widely used fraud prevention tools in card-not-present (CNP) transactions. AVS checks are commonly used by CNP merchants to verify the validity of cardholder entered information. An AVS check compares the billing address used in the transaction with the issuing bank’s address information for the cardholder. Clients can use AVS response information in their decision on whether or not to accept or cancel the payment request.
Many card issuers may utilize a form of fuzzy matching logic when performing AVS checks for near-match scenarios. Ingo neither controls or has insight into the matching algorithms used by each issuing institutions. Ingo will collect AVS information from the cardholder, deliver this information to the issuer, ingest the AVS response code from the issuer, and handle the response based on individual client configurations.
Clients have the ability to configure their risk profiles by indicating desired behaviors to perform based upon AVS responses when a Full AVS success message is not received.
When configured, AVS is performed within the 'API Methods - Verify' via direct API request or the Web/Mobile PluginSDK.
Risk Value Definitions
| Issuer / Network Response | Type | Risk Values |
|---|---|---|
| Street address matches but the zip does not | String |
Hard or Soft |
| Street address matches but zip could not be verified due to incompatible formats | String |
Hard or Soft |
| Street address and zip could not be verified due to incompatible formats | String |
Hard or Soft |
| Zip matches but street address does not | String |
Hard or Soft |
| Zip matches but street address could not be verified due to incompatible formats | String |
Hard or Soft |
| Issuer is not an AVS participant or Issuer did not return an AVS result | String |
Hard or Soft |
| Address information not verified | String |
Hard or Soft |
| Retry – Issuer unavailable or timed out | String |
Hard or Soft |
| Consumer Maximum Attempts | Integer |
1-10 |
CVV is an optional feature for Card based disbursements.
CVV is an anti-fraud security feature to assist in verifying a Recipient is in possession of the funding destination card. For Visa/Mastercard, the three-digit CVV number is printed on the signature panel on the back of the card immediately after the card's account number.
As an additional funding verification method, Ingo can perform a CVV check as a requirement of the transaction. Clients have the option to advise Ingo if they would like CVV to be turned ON/OFF. When turned ON, issuer network response will result in either a Success or Hard Failure. Based on client configurations, recipients will be given a maximum number of attempts to successfully input the CVV data. Once this limit is reached, a terminal event will be recorded.
When configured, CVV is performed within the 'API Methods - Verify' via direct API request or the Web/Mobile PluginSDK.
Risk Value Definitions
Account Number Validation is an optional feature for ACH based disbursements.
The Account Number Validation Service, or ANV, is a common fraud prevention tool used in ACH transaction processing. ANV checks are commonly used to verify the active status of bank account information entered. An ANV check compares the bank account used in the transaction with the issuing bank’s account status information. Clients can use ANV response to validate bank account numbers and status.
Risk Value Definitions
| Network Validation Response | Type | Risk Values |
|---|---|---|
| ANV - No Data Available or non-participating account issuer | String |
Hard or Soft |
| ANV – Positive Data – non participating account issuer | String |
Hard or Soft |
| ANV - Invalid Acct Number | String |
Hard |
| ANV - Invalid RTN | String |
Hard |
Name on Account Validation is an optional feature for ACH based disbursements.
The Name on Account Validation Service, or NAV, is a common fraud prevention tool used in ACH transaction processing. NAV checks are commonly used to verify the name association of bank account information entered. An NAV check compares the name on the bank account used in the transaction with the issuing bank’s account information. Clients can use NAV response to validate the recipient is associated with the bank account information entered.
Address checks are commonly used to verify the address association of bank account information entered. An Account Address Verification check compares the customer input address used in the transaction with the issuing bank’s account information. Clients can use the NAV response to additionally validate the recipient's address is associated with the bank account information entered.
Risk Value Definitions
| Network Validation Response | Type | Risk Values |
|---|---|---|
| NAV - No Data | String |
Hard or Soft |
| NAV - Cust Name or Name and Address no match | String |
Hard or Soft |
| NAV - Cust or Bus Name No Match | String |
Hard or Soft |
| NAV - Address No Match | String |
Hard or Soft |
Note: PayPal Account Verification data elements are provided by clients within the initial API request as required parameters to support disbursements.
| Risk Management Verification Services | DataType |
|---|---|
| First Name | Soft / Hard |
| Last Name | Soft / Hard |
| Address | Soft / Hard |
| City | Soft / Hard |
| State | Soft / Hard |
| ZipCode | Soft / Hard |
| Is the Primary Email | Soft / Hard |
| Is an Associated Email | Soft / Hard |
Soft Response: Record event and Approve Transaction for next steps
Hard Response: Record Event and Prompt Customer to select an alternate payment method.
OFAC Lists Verification is a conditional feature based upon a client's individual use case
The Office of Foreign Assets Control (OFAC) is a financial intelligence and enforcement agency of the U.S. Treasury Department. It administers and enforces economic and trade sanctions in support of U.S. national security and foreign policy objectives. OFAC regulations prohibit transactions with certain persons and organizations listed on the OFAC website as "Terrorists" and "Specially Designated Nationals and Blocked Persons," as well as listed embargoed countries and regions. Firms must check this list on an ongoing basis to ensure that potential customers and existing customers are not prohibited persons or entities and are not from embargoed countries or regions before transacting any business with them.
As an additional layer into a Client’s KYC & AML program, Ingo can perform OFAC checking for each recipient presented in our payment processing gateway.
When configured, OFAC is performed when processing payments using existing tokens. An OFAC check is initiated within the 'API Methods - Process' or 'ServerSDK - ProcessPayment Method' request whereas the last OFAC validation exceeds 30 days.
Transactional Velocity Limits are required and apply to all disbursement methods for a single Customer Account Number (card or non-card).
Varying transaction velocity limits are often instituted by card networks, payment processors, and card issuers. Ingo Payments has no visibility into the velocity limits of card issuing institutions which often impose a stricter velocity limit than both the card networks and processors.
In the role of processor, Ingo Payments enforces transactional velocity limits at a single 'Customer Account Number' level by default. Your Integration Manager will allow you to select custom limits to manage velocity.
All time periods are rolling except the daily limit, which resets at midnight Mountain Time, each night.
| VELOCITY LIMIT |
|---|
| Maximum Single Transaction $ Amount |
| Maximum Daily Total $ Amount |
| Maximum 7 Day Total $ Amount |
| Maximum 15 Day Total $ Amount |
| Maximum 30 Day Total $ Amount |
| Maximum 30 Day Total Number of Push Payment Transactions |
The IPG Platform will decline transactions that breach these limits. Please see the Status Codes section for a listing of applicable codes.