Circuit Breaker

Circuit Breaker was created to give you the peace of mind that comes from heightened security. It’s the first fraud prevention solution in open banking and it gives merchants the power to block suspicious transactions as well as the fraudsters behind them.

Circuit Breaker is an intelligent system that uses rules to automatically identify suspicious activity. Each rule has a score, which is added to a transaction every time a rule is triggered. The final score will determine whether the transaction is blocked or sent to the bank for completion.

It’s a flexible system that allows you to adjust the rules in line with your needs.

Why we created Circuit Breaker

Open banking doesn’t create new fraud risks per se – but there are opportunities that fraudsters can exploit, such as account takeovers and targeting banks’ own PSD2 implementations. The fraud prevention systems used by banks are designed for a card payments world. Applying them to open banking means that, occasionally, merchants get blocked in the event of a fraud attack – often without explanation.

Circuit Breaker is the first system designed exclusively for open banking. The key difference is it filters transactions before sending them to the bank. The result is exceptional security and flexible control.

If you need any assistance, please email us at support@volt.io

Rules: How they work

Each Circuit Breaker rule has a score. When a transaction is initiated, the score of each triggered rule is added together. If the combined score reaches 100 then the transaction is blocked. If the total is lower than 100, the transaction is passed to the bank. 

Here’s an example:

This rule adds 10 points to the total score. This is low enough that it won’t be able to block any transaction by itself, but if the same payer initiated seven or more transactions in conjunction with the following rule, the seventh transaction would be blocked:

As the scores for these rules are 10 and 90, they will total 100 when triggered in the same transaction. As a result, the transaction is blocked.

Circuit Breaker is designed to be flexible, recognising that not every merchant has the same requirements or criteria. With this in mind, you’re able to add filters to rules, allowing you to automatically block transactions likely to be fraudulent.

An example may be that you’ve noticed fraudulent activity in a particular country using a specific scheme. Your filter could flag transactions coming from that country and using that scheme, while all other schemes from that country are approved. Similarly, the same scheme from other countries could be approved. When the scheme and country are together in one transaction, it gets blocked. You can create as many filters as you require.

Rules: What they are

Circuit Breaker’s rules are based on:

  • Transaction amount
  • Volume of transactions
  • Number of initiated transactions

Transaction amount

With this rule, transactions are blocked depending on the amount of money being sent. For example, if you notice that fraudsters are trying to use small amounts of money, you could create a rule that triggers when they send an amount under a certain threshold. Likewise, you can create a rule that triggers when they send higher amounts.

In the pictured example, the rule states “is greater than” with an amount of EUR1000. If the transaction was EUR1000.01, the rule would be triggered and the transaction declined.

Alternatively, you can set it as “is less than” an amount. For broader security, you could create multiple versions of the transaction amount rule, including a “less than” threshold and a “greater than” one.

Please also note that this rule is specific to the currency. The pictured example shows EUR1000, so it only applies to transactions in euros. A transaction of 1000 in GBP or USD would not trigger the rule. We recommend creating transaction amount rules for each currency you accept payments in.

Volume of transactions

This rule is triggered if the same payer reference is used on multiple payments that exceed a stated amount of money in a given timeframe. In the pictured example, if more than EUR1500 is sent in one hour, the rule will trigger and give a score of 30:

In this scenario, a person could send EUR1499 and the rule would not be triggered. If the same payer reference sent EUR1.01 within an hour, the rule would trigger. 

With this rule, you can set the amount of money and timeframe at whatever makes most sense for your business. If you receive suspicious activity of USD200 in two hours, that can be your rule. Likewise, it could be GBP3,000 in eight hours. Combine this with filters to have advanced levels of protection, like triggering the rule to specific regions.

Number of initiated transactions

This rule looks exclusively at how many transactions a payer reference tries to initiate in a given period of time. In the pictured example, the rule is set to trigger if the same payer reference tries to initiate four or more transactions within 10 minutes, applying a score of 60.

Statuses

Once the final score is calculated, the transaction details will show the score and one of two statuses: approved_by_risk or refused_by_risk.

approved_by_risk means that Circuit Breaker has analysed the transaction and scored it less than 100. The transaction was sent to the bank for completion. Please note that this does not mean it has been paid; the bank can still refuse to complete the payment.

refused_by_risk means that Circuit Breaker gave a final score of 100 or above. The transaction was blocked before being sent to the bank.

Blocklist

Circuit Breaker allows you to create a blocklist that automatically blocks transactions based on your selected criteria. Simply choose your criteria, set a value for each one, and select ‘block’.

Transactions can be blocked by:

  • Payer reference
  • Document ID
  • Email address
  • IBAN
  • Bank
  • Device ‘fingerprint’ (digital signature)
  • IP address

Of course, you also have control to unblock whenever you need to:

Device fingerprint
By gathering information from the hardware and software of the payer’s device, a ‘fingerprint’ (or digital signature) is created. Volt automatically generates this fingerprint when the shopper reaches our checkout, so there’s no action required from you.

Payer’s reference
This is a unique reference used to identify a payer. It’s generated and sent by the merchant under payer > reference.

Document ID
Document ID refers to a physical document that provides proof of a person’s identity, such as a tax ID or household bill. It is sent by the merchant under payer > documentId.

Email address
The payer’s email address, sent by the merchant under payer > email.

IBAN
The IBAN used by the shopper, selected from a drop-down list.

Bank
The bank or bank branch used by the payer.

IP address
The IP address sent by the merchant under payer > ip.

We strongly recommend using Circuit Breaker alongside Connect.