OrderSpy - Eliminate chargebacks and reduce credit card fraud with OrderSpy


		JUMP TO: Home Page Examples Signup Setup & API Support Contact

Real-time fraud detection compatible with most payment systems and shopping carts.

Evaluates risk probability of accepting an order and gives advice to the merchant.

Searches multiple databases of known fraudulent orders and IP addresses.

Uses more than 40 types of matches, tests, and checks to compute fraud score.

Back-tested on over 12,000 online orders from 2001-2005 with an error rate of under 2%.

Easy to setup and configure with step-by-step instructions.

Easily deploy OrderSpy with:

Setup Instructions & Support Documentation

This page contains information on how to setup OrderSpy for your shopping cart or payment system:

Setup Flow Chart
API Parameters Table
Calling the OrderSpy Interface
Example Using the GET Method
Example Using the POST Method
Implementation Examples in Perl, PHP, and Python
Country Codes Supported by OrderSpy

Setup Process Flow Chart

Order Page		Send to OrderSpy		Retrieve Response

You may need to make modifications to your order page to prepare it for sending customer data to OrderSpy. Data should be posted to a script on your server that acts as a proxy between your gateway and the order page.		Modify your shopping cart software to send your customer data to the OrderSpy interface. See the example source code below that shows how to post the data to OrderSpy in Perl. You may modify the code for your needs.		After your order processing system has posted customer data to OrderSpy, a fraud score and other information will be returned. You may use this information to send yourself fraud reports or to reject orders in real-time.

API Parameters Table

Input Parameters	Value Formats and Explanations
license	xxxxxxxxxx This is your License Key that you receive when you purchase the OrderSpy service.
`ip`	111.111.111.111 IP Address of the customer.
`name`	Customer Name
street	Customer Street Address
zip	Customer Zip Code
city	Customer City
state	Customer State
country	Customer Country Can be the country code (ISO A2 or ISO A3) or the country name, e.g. "Australia".
phone	Customer Phone Number
bin	Bank Identification Number The first six numbers of the card number. If provided, allows card to country matching and card issuer lookup.
adminemail	Administrator E-mail Address Will send fraud report for each transaction if provided.
ordernumber	Transaction Order Number
`output`	score, summary, csv Setting 'score' will give a number from 0 to 100. This is the Fraud Score. Setting 'summary' will return the summary. Setting 'csv' will return the basic elements of the summary in comma separated form.
httpvia	$ENV{'HTTP_VIA'} Helps determine if customer is using a proxy.
httpxforwardedfor	$ENV{'HTTP_X_FORWARDED_FOR'} Helps determine if customer is using a proxy.
httpclientip	$ENV{'HTTP_CLIENT_IP'} Helps determine if customer is using a proxy.

Note: Although only the license, ip, and country inputs are required, the more inputs provided to OrderSpy, the more accurate the fraud score and advice will be.

Calling The OrderSpy Interface

OrderSpy may be accessed by either the GET or POST methods on the non-secure HTTP server or secure HTTPS server. We highly recommend using the POST method in combination with the secure HTTPS server.

Example GET Methods For OrderSpy Implementation

To use the GET method on the non-secure server, use:

http://www.orderspy.com/os2.cgi?license=xxxxxxxxxx&adminemail=user@yourdomain.com&name=Sonia M Paulino
&email=spaulino76@charter.net&ip=24.247.160.149&country=USA&street=553 S Lafayette St.&city=South Lyon
&state=MI&zip=48178&bin=431699&ordernumber=050401183316268&output=score&all=1

Example POST Method Source Codes For OrderSpy Implementation

Below is example Perl source code that demonstrates how to implement OrderSpy:

##################################### Begin Perl Code For OrderSpy

require LWP::UserAgent;
use HTTP::Request::Common;
use URI::Escape;

my $ua = LWP::UserAgent->new();

### Replace the $os_ variables with the corresponding order form variables.
$os_license = "license";
$os_name = "name";
$os_street = "street";
$os_city = "city";
$os_state = "state";
$os_zip = "zip";
$os_country = "country";
$os_email = "email";
$os_phone = "phone";
$os_orderid = "orderid";
$os_ip = $ENV{'REMOTE_ADDR'};
$os_bin = substr(cardnumber,0,6);

### Maximum fraud score allowed.
$fraud_threshold = 50;

### Message the customer sees when fraud score exceedes threshold.
$decline_message = "Sorry, your order is declined.";

### Sends fraud reports to this E-mail address.
$adminemail = 'user@yourdomain.com';

### Sets the output type. Can be 'score', 'summary', or 'csv'.
$output = 'score';

### CHANGE NOTHING BEYOND THIS LINE UNLESS YOU KNOW WHAT YOU ARE DOING!

my $content = 'license=' . uri_escape($os_license) . 'adminemail=' . uri_escape($adminemail) . '&name=' . uri_escape($os_name) . '&email=' . uri_escape($os_email) . '&ip=' . uri_escape($os_ip) . '&country=' . uri_escape($os_country) . '&street=' . uri_escape($os_street) . '&city=' . uri_escape($os_city) . '&state=' . uri_escape($os_state) . '&zip=' . uri_escape($os_zip) . '&phone=' . uri_escape($os_phone) . '&bin=' . uri_escape($os_bin) . '&orderid=' . uri_escape($os_orderid) . '&output=' . uri_escape($output)';

my $response = $ua->post('http://www.orderspy.com/os2.cgi', content=>$content);

if ($response->is_success) {
     $contentresponse = $response->content;
     $score = $contentresponse;
}

if ($score >= $fraud_threshhold){
     print "$message";
     exit;
}

##################################### End Perl Code For OrderSpy

Below is example PHP source code that demonstrates how to implement OrderSpy:

<?php
//################################## Begin PHP Code For OrderSpy

//### Replace the $os_ variables with the corresponding order form variables.
$os_license = "license";
$os_name = "name";
$os_street = "street";
$os_city = "city";
$os_state = "state";
$os_zip = "zip";
$os_country = "country";
$os_email = "email";
$os_phone = "phone";
$os_orderid = "orderid";
$os_ip = $_SERVER['REMOTE_ADDR'];
$os_bin = substr("cardnumber",0, 6);

//### Maximum fraud score allowed.
$fraud_threshhold = 50;

//### Message the customer sees when fraud score exceedes threshold.
$decline_message = 'Sorry, your order is declined.';

//### Sends fraud reports to this E-mail address.
$adminemail = 'user@yourdomain.com';

//### Sets the output type. Can be 'score', 'summary', or 'csv'.
$output = 'score';

//### CHANGE NOTHING BEYOND THIS LINE UNLESS YOU KNOW WHAT YOU ARE DOING!

$content = 'license=' . urlencode($os_license).'&adminemail=' . urlencode($adminemail).'&name=' . urlencode($os_name).'&email=' . urlencode($os_email).'&ip=' . urlencode($os_ip).'&country=' . urlencode($os_country).'&street=' . urlencode($os_street).'&city=' . urlencode($os_city).'&zip=' . urlencode($os_zip).'&phone=' . urlencode($os_phone).'&bin=' . urlencode($os_bin).'&orderid=' . urlencode($os_orderid).'&output=$output';

$curl_send = curl_init('http://www.orderspy.com/os2.cgi');
curl_setopt($curl_send, CURLOPT_HEADER, 0);
curl_setopt($curl_send, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl_send, CURLOPT_POSTFIELDS, $content);
curl_setopt($curl_send, CURLOPT_SSL_VERIFYPEER, FALSE);
print $score = curl_exec($curl_send);
if (curl_errno($curl_send)==0) {
     if ($score>=$fraud_threshhold) {
          print $decline_message;
          exit;
     }
}
curl_close($curl_send);

//################################## End PHP Code For OrderSpy
?>

Below is example Python source code that demonstrates how to implement OrderSpy:

##################################### Begin Python Code For OrderSpy

import urllib
import urllib2
import os

### Replace the os_ variables with the corresponding order form variables.
os_license = 'license'
os_name = 'name'
os_street = 'street'
os_city = 'city'
os_state = 'state'
os_zip = 'zip'
os_country = 'country'
os_email = 'email'
os_phone = 'phone'
os_orderid = 'orderid'
os_ip = os.environ.get('REMOTE_ADDR','')
os_bin = 'bin'

### Maximum fraud score allowed.
fraud_threshhold = 50

### Message the customer sees when fraud score exceedes threshold.
decline_message = 'Sorry, your order is declined.'

### Sends fraud reports to this E-mail address.
adminemail = 'user@yourdomain.com'

### Sets the output type. Can be 'score', 'summary', or 'csv'.
output = 'score'

### CHANGE NOTHING BEYOND THIS LINE UNLESS YOU KNOW WHAT YOU ARE DOING!

content = urllib.urlencode({'license': os_license, 'adminemail': adminemail, 'name': os_name, 'email': os_email, 'ip': os_ip, 'country': os_country, 'street': os_street, 'city': os_city, 'state': os_state, 'zip': os_zip, 'phone': os_phone, 'bin': os_bin, 'orderid': os_orderid, 'output': output})

try:
     req = urllib2.Request("http://www.orderspy.com/os2.cgi")
     req.add_data(content)
     f = urllib2.urlopen(req)
except IOError, e:
     print 'Failure!'
else:
     score=int( f.read() )
     if score>=fraud_threshhold:
          print decline_message

##################################### End Python Code For OrderSpy

Below is example ASP source code that demonstrates how to implement OrderSpy:

<%
'##################################### Begin ASP Code For OrderSpy

Dim objXMLHttp
Set objXMLHttp = CreateObject("MSXML2.ServerXMLHTTP")

'### Replace the os_ variables with the corresponding order form variables.
os_license = "license"
os_name = "name"
os_street = "street"
os_city = "city"
os_state = "state"
os_zip = "zip"
os_country = "country"
os_email = "email"
os_phone = "phone"
os_orderid = "orderid"
os_ip = Request.ServerVariables("REMOTE_ADDR")
os_bin = "bin"

'### Maximum fraud score allowed.
fraud_threshhold = 50

'### Message the customer sees when fraud score exceedes threshold.
decline_message = "Sorry, your order is declined."

'### Sends fraud reports to this E-mail address.
adminemail = "user@yourdomain.com"

'### Sets the output type. Can be 'score', 'summary', or 'csv'.
output = "score"

'### CHANGE NOTHING BEYOND THIS LINE UNLESS YOU KNOW WHAT YOU ARE DOING!

content = "license=" & Server.URLEncode(os_license) & "&adminemail=" & Server.URLEncode(adminemail) & "&name=" & Server.URLEncode(os_name) & "&email=" & Server.URLEncode(os_email) & "&ip=" & Server.URLEncode(os_ip) & "&country=" & Server.URLEncode(os_country) & "&street=" & Server.URLEncode(os_street) & "&city=" & Server.URLEncode(os_city) & "&state=" & Server.URLEncode(os_state) & "&zip=" & Server.URLEncode(os_zip) & "&phone=" & Server.URLEncode(os_phone) & "&bin=" & Server.URLEncode(os_bin) & "&orderid=" & Server.URLEncode(os_orderid) & "&output=" & Server.URLEncode(output)

objXMLHttp.Open "POST", "http://www.orderspy.com/os2.cgi", False
objXMLHttp.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
objXMLHttp.send (content)

If objXMLHttp.Status = 200 Then
score = objXMLHttp.responseText
End If

Set objXMLHttp = Nothing

if score>=fraud_threshhold then
response.write decline_message
end if

'##################################### End ASP Code For OrderSpy
%>

Country Codes & Names OrderSpy Recognizes

OrderSpy accepts the following country names in ISO A-2 and A-3 formats to simplify compatibility.

Country Name	`ISO A2`	`ISO A3`
Afghanistan	`AF`	`AFG`
Albania	`AL`	`ALB`
Algeria	`DZ`	`DZA`
American Samoa	`AS`	`ASM`
Andorra	`AD`	`AND`
Angola	`AO`	`AGO`
Anguilla	`AI`	`AIA`
Antarctica	`AQ`	`ATA`
Antigua and Barbuda	`AG`	`ATG`
Argentina	`AR`	`ARG`
Armenia	`AM`	`ARM`
Aruba	`AW`	`ABW`
Australia	`AU`	`AUS`
Austria	`AT`	`AUT`
Azerbaijan	`AZ`	`AZE`
Bahamas	`BS`	`BHS`
Bahrain	`BH`	`BHR`
Bangladesh	`BD`	`BGD`
Barbados	`BB`	`BRB`
Belarus	`BY`	`BLR`
Belgium	`BE`	`BEL`
Belize	`BZ`	`BLZ`
Benin	`BJ`	`BEN`
Bermuda	`BM`	`BMU`
Bhutan	`BT`	`BTN`
Bolivia	`BO`	`BOL`
Bosnia and Herzegovina	`BA`	`BIH`
Botswana	`BW`	`BWA`
Bouvet Island	`BV`	`BVT`
Brazil	`BR`	`BRA`
British Indian Ocean Territory	`IO`	`IOT`
Brunei Darussalam	`BN`	`BRN`
Bulgaria	`BG`	`BGR`
Burkina Faso	`BF`	`BFA`
Burundi	`BI`	`BDI`
Cambodia	`KH`	`KHM`
Cameroon	`CM`	`CMR`
Canada	`CA`	`CAN`
Cape Verde	`CV`	`CPV`
Cayman Islands	`KY`	`CYM`
Central African Republic	`CF`	`CAF`
Chad	`TD`	`TCD`
Chile	`CL`	`CHL`
China	`CN`	`CHN`
Christmas Island	`CX`	`CXR`
Cocos (Keeling) Islands	`CC`	`CCK`
Colombia	`CO`	`COL`
Comoros	`KM`	`COM`
Congo (Brazzaville)	`CG`	`COG`
Congo (Kinshasa)	`CD`	`COD`
Cook Islands	`CK`	`COK`
Costa Rica	`CR`	`CRI`
C?e d'Ivoire	`CI`	`CIV`
Croatia	`HR`	`HRV`
Cuba	`CU`	`CUB`
Cyprus	`CY`	`CYP`
Czech Republic	`CZ`	`CZE`
Denmark	`DK`	`DNK`
Djibouti	`DJ`	`DJI`
Dominica	`DM`	`DMA`
Dominican Republic	`DO`	`DOM`
Ecuador	`EC`	`ECU`
Egypt	`EG`	`EGY`
El Salvador	`SV`	`SLV`
Equatorial Guinea	`GQ`	`GNQ`
Eritrea	`ER`	`ERI`
Estonia	`EE`	`EST`
Ethiopia	`ET`	`ETH`
Falkland Islands	`FK`	`FLK`
Faroe Islands	`FO`	`FRO`
Fiji	`FJ`	`FJI`
Finland	`FI`	`FIN`
France	`FR`	`FRA`
French Guiana	`GF`	`GUF`
French Polynesia	`PF`	`PYF`
French Southern Territories	`TF`	`ATF`
Gabon	`GA`	`GAB`
Gambia	`GM`	`GMB`
Georgia	`GE`	`GEO`
Germany	`DE`	`DEU`
Ghana	`GH`	`GHA`
Gibraltar	`GI`	`GIB`
Greece	`GR`	`GRC`
Greenland	`GL`	`GRL`
Grenada	`GD`	`GRD`
Guadeloupe	`GP`	`GLP`
Guam	`GU`	`GUM`
Guatemala	`GT`	`GTM`
Guinea	`GN`	`GIN`
Guinea-Bissau	`GW`	`GNB`
Guyana	`GY`	`GUY`
Haiti	`HT`	`HTI`
Heard Island and McDonald Islands	`HM`	`HMD`
Honduras	`HN`	`HND`
Hong Kong	`HK`	`HKG`
Hungary	`HU`	`HUN`
Iceland	`IS`	`ISL`
India	`IN`	`IND`
Indonesia	`ID`	`IDN`
Iran	`IR`	`IRN`
Iraq	`IQ`	`IRQ`
Ireland	`IE`	`IRL`
Israel	`IL`	`ISR`
Italy	`IT`	`ITA`
Jamaica	`JM`	`JAM`
Japan	`JP`	`JPN`
Jordan	`JO`	`JOR`
Kazakhstan	`KZ`	`KAZ`
Kenya	`KE`	`KEN`
Kiribati	`KI`