Skip to content
This repository has been archived by the owner on Apr 14, 2023. It is now read-only.

Does not support Braintree Risk Threshold Rules well #309

Open
RyanofWoods opened this issue Dec 10, 2021 · 1 comment
Open

Does not support Braintree Risk Threshold Rules well #309

RyanofWoods opened this issue Dec 10, 2021 · 1 comment
Labels

Comments

@RyanofWoods
Copy link
Contributor

Braintree comes with free basic fraud protection. One of the tools is Risk Threshold Rules (velocity checks) [1]. Many of the fields [2] cannot be used as the extension is not currently providing enough data when creating customers and transactions, or the data is inconsistent with what they want.

[1] https://developer.paypal.com/braintree/articles/guides/fraud-tools/basic/risk-threshold-rules
[2] https://developer.paypal.com/braintree/articles/guides/fraud-tools/basic/risk-threshold-rules#fields

Fields/data that can be used for the rules:

  • Billing Postal Code: not provided on transactions
  • Credit Card Number: extension only uses tokens and not raw cc data, but this should be useable?
  • Order ID: Solidus makes this order-id unique for each transaction, so for example the "Unique Credit Card Numbers per Order ID" check will not work
  • Customer ID: is given on transactions, but might not be that useful as a customer might be created for each purchase, so you cannot utilize the "Unique Credit Card Numbers per Customer ID" check (I need to check this more)
  • Customer Email, not given when customer is vaulted
  • Payment Method Token: integrated and vaulted on customer and transactions

Proposed solutions:

  • Make Order ID be consistent across transactions for the same order
  • Provide Billing Postal Code
  • Provide email when creating customer

The following fields need checking if they can be currently used for the checks:

  • Credit Card Number
  • Payment Method Token
  • Customer ID (does this change per payment? Any differences between guest and user?)
RyanofWoods added a commit to RyanofWoods/solidus-solidus_paypal_braintree that referenced this issue Dec 10, 2021
Issue: solidusio#309

Braintree comes with free basic fraud protection. One of the tools
is Risk Threshold Rules (velocity checks) [1]. One of the checks is
checking amount of transactions per customer email. However, the email
was not being attached to the customer when creating it before the
transaction.

This fixes that so developers can utilize this check.

[1] https://developer.paypal.com/braintree/articles/guides/fraud-tools/basic/risk-threshold-rules
@kennyadsl kennyadsl added the bug label Sep 2, 2022
@stale
Copy link

stale bot commented Nov 11, 2022

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix label Nov 11, 2022
@gsmendoza gsmendoza removed the wontfix label Nov 11, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

No branches or pull requests

3 participants