What is Airwallex’s risk engine? 

Airwallex’s risk engine empowers you to detect fraudulent payments from legitimate ones and allows you to take relevant action. Our risk engine uses internal models in conjunction with external datasets. 

Our risk engine provides you with a risk score. The risk score is the probability of the specific transaction being fraudulent. For example a risk score of 30 means that there is a 30% chance of the transaction being fraudulent.

We give you the flexibility to set your own risk appetite, when 3DS should be enabled or whether a transaction should be rejected. We also give you the power to manually review transactions. 

How do I configure the various risk thresholds?

In the webapp, navigate to the ‘Thresholds’ section. There you will find a slider which is a visual representation of your risk appetite. Note that 3DS (3 Domain Secure) is an additional layer of security that customers will have to go through to make a payment. This adds friction to the customer journey, but may also reduce the risk of fraud and may shift the liability of fraudulent transactions to the issuing bank. 

Use the green slider to set those transactions which you would like to allow without 3DS. 

Use the red slider to determine how many transactions you wish to reject without the use of 3DS. Those transactions with a score in the red zone will be rejected. 

Those transactions in the yellow zone will require either 3DS or a manual review.  

Are there exceptions to the risk engine? 

As a merchant, you will always know your business the best. As such we empower you to leverage our fraud and risk management capabilities. We offer you several ways to create rules and exemptions to the risk engine to manage your risk accordingly. Be aware that this may impact your fraud and chargeback rates; be also aware it can help to improve your authorisation rate in some specific cases.

1. Bypass List: Allows you to create a rule which will automatically bypass the risk engine and accept the transaction. As a precaution, we recommend you use the Alert List (c) rather than the Bypass List.
2. Reject List: Allows you to automatically reject transactions which have passed the risk engine. Note that you will not have an option to accept this transaction further.
3. Alert List: Any transaction on the Alert List will follow the alert review criteria ((either use 3D Secure, recommended, or trigger a manual review).