Risk & fraud controls

Stop fraud without stopping good payments

topropay scores every payment in real time. Trusted buyers clear fast. Risk gets a step-up or a block. The same engine that routes across hundreds of EU acquirers also screens, authenticates and defends each transaction — behind one API.

Four controls, one engine

Layered defence on every transaction

Fraud control is not one switch. It is scoring, authentication, rules and recovery working together. topropay runs all four for you, tuned to your own risk appetite.

01 Scoring

Every payment scored before it clears

Each authorisation is scored on device, BIN, geo, amount and velocity. Trusted traffic flows straight through. Risky traffic is held, stepped up or routed for review — all before capture.

Signals
device · BIN · geo · velocity
Action
allow · step-up · review
Tuning
rules edit, no redeploy
02 Authentication

3DS2 and SCA, applied only when needed

Strong Customer Authentication runs per payment under PSD2. Exemptions are checked live. Low-risk baskets stay frictionless. The checkout only sees a challenge when the data says it should.

Standard
3DS2 · PSD2 SCA
Exemptions
checked in real time
Goal
less needless friction
03 Rules

Velocity limits and block lists you own

Set limits per card, per device, per IP and per market. Block, allow and review lists are yours to edit. Policy is declarative, so a risk analyst changes it without a code release.

Scope
card · device · IP · market
Lists
block · allow · review
Owner
your risk team
04 Recovery

Chargebacks defended end to end

Disputes are pulled from each acquirer into one queue. Evidence is gathered and packaged for the issuer. Repeat offenders are flagged. You work one workflow, not one per bank.

Queue
one feed, all acquirers
Output
packaged evidence
Flags
repeat-fraud patterns

The path of one decision

How a payment is screened

One API call carries the whole risk decision. Here is what happens between your checkout and a clean approval.

  1. 01

    Capture signals

    Your checkout sends one authorisation. We read device, BIN, geo and behaviour signals in the same call — no extra integration on your side.

  2. 02

    Score in real time

    The risk engine scores the payment in milliseconds. It weighs your rules against live fraud patterns seen across the network.

  3. 03

    Decide the path

    Trusted payments clear at once. Borderline payments get a 3DS2 step-up. Clear fraud is blocked before any money moves.

  4. 04

    Learn and report

    Every outcome feeds back into scoring. Declines, disputes and recoveries land in one report your finance and risk teams share.

Trust, as infrastructure

Controls that sit below your stack

PCI DSS L1

Card data never touches you

Card numbers are tokenised inside our PCI DSS Level 2 vault. Your servers see a token, not a card. That shrinks both your risk and your audit scope.

PSD2 · SCA

Compliance built in, not bolted on

SCA logic and exemption checks ship with the platform. As rules move toward PSD3, the controls move with them. You do not rebuild a thing.

Network data

Patterns no single merchant sees

Fraud signals are shared across the network in an anonymised form. A pattern caught on one acquirer helps protect your traffic too.

Talk to our payments engineers

Tune fraud control to your risk appetite.

Book a discovery call. We map your current decline and chargeback rates, model the lift from smart scoring and 3DS2 routing, then scope a single-API rollout across your EU markets — no PSP renegotiation, no stack rebuild.