Client Login

ID

Password

UID Information

We have added a new fraud prevention feature to help prevent “card tester” fraud through order forms that use our HTML connection method.* This new feature allows Standard, Split and BuyNow orders to be submitted using a unique identifier (UID) instead of your five-digit Gateway ID. Since the UID is used through an existing order form field (‘vendor_id’), your use of the new feature requires only minimal changes to your current order forms and/or shopping cart.

*If you are submitting all of your orders either (a) via our XML connection method, or (b) via our Virtual Terminal, this new feature does not apply to you. Instead, see the Note for XML and Virtual Terminal Users at the bottom of this page.

Why Did We Add This Feature?

We have seen an increase in the number of fraudsters using automated software to find active five-digit Gateway IDs and subsequently use them to submit fraudulent “card tester” transactions. By requiring a randomly generated Unique ID in place of the Gateway ID, you will block this type of fraud on your account.

What Does The UID Feature Do?

By using the new Unique ID feature, you can prevent the most common type of form “spoofing” fraud that we see.

How Does It Work?

There is a new fraud setting that, when activated, will only allow Standard, Split and BuyNow orders to be processed if the “vendor_id” field containes the UID value configured for your gateway. By requiring the random 15-20 character value of the UID, the system prevents fraudsters from guessing your five-digit Gateway ID and submitting spoofed forms.

What Are The Limitations?

If a fraudster visits your site and views the source code in your order form, they will be able to determine the UID that you have set up. The good news is that it’s not easy for fraudsters to search for sites that process through paymentclearing. This greatly reduces the chance of someone stumbling onto your site through a search engine and extracting your UID. If, however, a fraudster has specifically targeted you for some reason and is familiar with your site, then the new UID feature will be of minimal use; you should instead explore the additional fraud-prevention features we offer (such as “Proof of Life”).

How Is It Activated?

We’ve simplified the process for you. In the Account Settings area of your Control Panel, under the “Advanced Features” section, you will see a new field called “Order Form UID”. You can either use the value listed or click the “Reset” button to the side to generate a new UID. Have your web developer or programmer enter this UID as the value in your “vendor_id” fields (in place of your five-digit Gateway ID). Once you’ve made that change, click the “Require Order Form UID” check box in your Account Settings, and your protection is activated.

What Will This Change?

This new feature offers you greater protection but requires very little of you. You will continue to use your five-digit Gateway ID and password to access your Control Panel. It won’t effect your Virtual Terminal access or your “Transactions by Telephone” service at all. In addition, you will not be required to use the UID on your forms; you can simply opt not to use this new fraud prevention feature. If you do choose to use the new feature, all you need to do is to have your web developer change the value for “vendor_id” in your forms and carts, and then activate the “Require Order Form UID” in your Account Settings.

How To Reset Your UID Without Taking Down Your Site

In the situation where you can’t afford to have any downtime and need to reset your UID, you can use the following steps. In most situations a well coordinated change of your order forms and UID should cause little opportunity for rejected orders.

1. Disable the ‘Require Unique Order Form IDs’ settings which will allow you to use your gateway ID in the order form ‘vendor_id’ field.
2. Update your order form’s ‘vendor_id’ field to contain your Gateway ID.
3. Reset your order form UID.
4. Update your order form’s ‘vendor_id’ field to contain your new order form UID.
5. Enable the ‘Require Unique Order Form IDs’ setting.

Note for XML and Virtual Terminal Users

The UID feature is designed to increase security on HTML-based transactions. If you are processing all orders via our XML connection method, you will continue to use the higher-level security credentials that you are currently using.

Alternately, if you are not accepting any orders via a website and the only way you are processing transactions is via our Virtual Terminal, the UID instructions do not apply to you.

In either of these cases, rather than using the UID feature, please simply disable your website’s ability to relay orders via HTML:

1. Log into your Control Panel.
2. Click on Account Settings.
3. Scroll down to the FRAUD CONTROL section.
4. Un-check the box next to ALLOW NON-VT SALES?
5. Scroll to the bottom of the page and click UPDATE to save the change.

 

---

Connect with us: Twitter Facebook
iTransact is PCI compliant What this means for you

Copyright © 2012, The iTransact Group LLC Home | Legal Notice | Privacy Policy | Sitemap
iTransact is a registered ISO/MSP of Wells Fargo Bank, N.A., Walnut Creek, CA