NS8 Protect does not have any Order Rules implemented by default. Users are instead encouraged to create their own set of custom rules to suit their workflow. However, for merchants with no prior experience building Order Rules, this may be a daunting task. This guide provides a set of suggested basic Order Rules to get you started with automating order processing.
These Order Rules are intended as a generic baseline that is applicable to many different stores, as they work to automatically process good orders while still effectively screening for fraud. You can further increase their efficiency by customizing these Order Rules to suit your store's specific needs.
These suggested Order Rules are based off the experiences of our users, available order data, and systems that have worked well in the past. Although these Order Rules are broadly applicable for most merchants, you must still exercise good judgement in assessing how these rules will affect your particular business. Associated factors include your industry, customers, risk tolerance, and individual business practices. NS8 holds no liability for orders that are approved or canceled by these Order Rules, so review and implement them at your own risk.
From the Order Rules screen, we will create three types of rules, as listed below:
- Negative List (Cancel): This Order Rule will automatically cancel any orders placed by known bad actors, based on their email address, IP address, or location data.
- Flag for Review (High Risk): This Order Rule will change an order's NS8 Risk to "High" if certain risk criteria are met.
- Positive List (Approve): This Order Rule will automatically approve any orders placed by low-risk customers.
Keep in mind that Order Rules are subject to hierarchy, meaning they are executed in the order they appear within NS8 Protect. If you already have existing Order Rules implemented, you must decide where these new Order Rules will be placed. Typically, we recommend putting these default Order Rules after any existing rules in order to ensure that your current rules will be run first.
This Order Rule cancels all orders that meet certain criteria. These criteria generally correspond to fraudulent customers that you have previously encountered, as identified by their email address or IP address. If there is a country with which your store does not do business (for example, if you cannot ship to that country, or your product conflicts with local laws and regulations), you may wish to automatically cancel any orders from that country.
If you already have an existing list of bad customers whose orders should be canceled, you can copy and paste these entries into the negative list Order Rule as well. You can add rules and groups to create complex Order Rules that block multiple customers. If your Order Rules become too complex to manage, breaking them down into smaller parts may be useful to you.
The following Order Rules will flag orders that meet the criteria for different risk factors. We have broken these Order Rules into multiple distinct rules, which makes it easier to understand why an order has been flagged and allows you to enable or disable certain checks as needed.
The first Order Rule in this sequence will adjust the risk level for orders below a certain EQ8 Score. You can skip this Order Rule if you have already configured your "Assign NS8 Risk for Orders" slider on the Settings page accordingly.
The second Order Rule in this sequence will adjust the risk level for orders based on their Payment Risk Score.
The third Order Rule in this sequence will adjust the risk level for orders based on whether the user's IP address matches the country in their billing and shipping addresses. If your store only sells digital goods, you may wish to eliminate the shipping address check.
The fourth Order Rule in this sequence will adjust the risk level for orders if the CVV result code indicates an address mismatch or other issue.
The fifth Order Rule in this sequence will adjust the risk level for orders if the AVS result code indicates an address mismatch or other issue.
The last Order Rule in this sequence will adjust the risk level for orders if there was something suspicious about the user's session as they browsed your site.
This Order Rule approves all orders that meet certain criteria for being low-risk. If you want to test this rule before fully implementing auto-approval Order Rules into your workflow, try changing the resulting action to "Set NS8 Order Risk to 'Low'" in order to see how many orders are affected by the rule.
One popular addition is to build a price condition into approval Order Rules so that only orders below a certain total price are automatically approved. This will ensure that abnormally large orders are still subject to manual review to prevent fraud. Your price threshold will vary based on your typical order size and risk tolerance.
Once you have created all of the above Order Rules, you should double-check that their hierarchy is correct. Remember that Order Rules are run from top to bottom, and action is only taken for the first applicable rule, at which point no further rules will be run. If no Order Rules are applicable, no action will be taken on that order.