omniPay is designed to enable businesses to securely collect sensitive payment information from the customer’s browser.
As part of the payment processing workflow, omniPay provide advanced fraud detection by looking at signals about both device characteristics and user activity indicators that help distinguish between legitimate and fraudulent transactions. These signals are highly indicative of fraud, and power omniPay’s fraud prevention system. The signals are transmitted to Omnibasis’s backend with information about payment transaction.
Our goal is to maximize payments from legitimate customers while minimizing fraud. Fraud can be one of the most challenging aspects of running an online business. Even businesses that don’t typically see significant amounts of fraud can see sudden, unexpected, and costly attacks. To prevent fraud we collect and analyze information that helps us identify bad actors and bots, including both transactional data (such as amount, customer shipping address, date, and so on) and advanced fraud detection signals (device and activity signals).
The details of what we collect and how we use it are disclosed in our privacy policy and cookie policy.
Types of signals
Device characteristics
Device characteristics are signals about a customer’s browser, screen, or device. They help Omnibasis identify configurations consistent with anomalous browsing behavior, as well as compare this behavior to similar patterns observed across other businesses on Omnibasis. Combinations of these parameters that are rare or unlikely to reflect a real user’s computing environment can expose fraudulent transactions.
Activity indicators
Advanced fraud detection signals also include activity indicators from the shopping experience that help us distinguish legitimate shoppers from fraudulent purchasers and bots. For example, bots tend to move through a website and checkout form much faster than a real person would; card numbers are also frequently copy-pasted rather than typed. These signals include mouse activity indicators and how long a user spends on different pages in the shopping experience, which are both predictive of bot-like behavior across the duration of a session.
Omnibasis doesn’t gather any data about the contents of the page outside of payment information fields. Signals corresponding to user activity are scoped to a single shopping session on a single site or app and aren’t linked across different shopping sessions, sites, or apps.
When signals are collected
The more activity Omnibasis’s fraud engines can observe, the better Omnibasis’s fraud prevention will be. Omnibasis can capture signals through out of the customer checkout workflow with the richest possible set of such signals to distinguish fraudulent purchasers from real customers.
Data privacy
This advanced fraud detection signal data is never used for advertising and won’t be rented, sold, or given to advertisers, as outlined in our privacy policy. Omnibasis only uses this data for fraud detection and security purposes, and retains it for as long as it’s useful for the purposes of fraud detection and security.
Internally, this data is subject to strict access control policies enforced by Omnibasis, and restricted to a small number of Omnibasis employees working on fraud prevention and security.
Disable advanced fraud detection
omniPay business customers can decide to disable the collection of advanced fraud detection signals on their own websites and apps. Doing so increases their risk of fraud, especially card testing.
Additionally, disabling advanced fraud detection doesn’t affect the collection of events logged when a customer interacts with payment method fields in your checkout page nor basic device information collected during 3D Secure 2 authentication (we’re required to send this information to the issuing bank for their risk analysis).