Fraud Abuse Strategy Setup
Summary
The Fraud and Abuse strategy setup is a critical decision point that determines how risk assessment and gate entry decisions are managed in your Just Walk Out store. This process involves choosing how you want to handle shopper risk evaluation and payment mechanism validation.
Permission setup
Access to the Fraud and Abuse strategy is governed by the user permission in the merchant portal. The Fraud and Abuse strategy is automatically enabled for the stores have delegated payment processor. The logged in user also needs to have the Connector Configuration permission in the merchant portal
Step by step process
1. Pre-auth
Pre-Auth Definition: Pre-authorization on a credit card is a temporary hold placed on a portion of the shopper's available credit limit while visiting a Just Walkout store to verify that the card is valid and card is valid and can accept a charge.
The user journey starts on the Connector Configurations page. The user can add a new configuration by clicking on the add button
The user can modify a current configuration by clicking the pencil icon to edit the value or keep the current configuration by clicking on Cancel button
Based on the configured store capabilities the user will see options to configure the applicable accounts. The user will be required to provide at least one input for each relevant method to ensure successful communication between the company integration application and Amazon systems. The user is able to configure up-to 5 accounts for each method.
2. Fraud and Abuse
Fraud and Abuse is used to assess the risk of an authenticated shopper during a shopping session to determine whether to open the Just Walk Out gate, this includes a combination of risk profile and outstanding balance status for the payment mechanism used to shop at the Just Walk Out enabled store.
A shopper payment mechanism outstanding balance is a basic running balance of charges and payments when used in a Just Walk Out technology enabled store. The two components are optional capabilities depending upon the merchants desired level of risk.
Fraud and Abuse Strategies
Amazon Managed: Amazon is responsible for performing the fraud and abuse check, so you are not required to deploy a Fraud and Abuse Connector. This option is available with stores where Amazon is responsible for payment orchestration and is in the payment funds flow.
Retailer Managed with Amazon Recommendation: This option allows you to receive recommendations from the Amazon Fraud and Abuse service; however, you control the final decision on whether to open the gate and the amount you desire to pre-auth on the shopper’s payment instrument. You can base your decision entirely on Amazon's recommendations or add an extra layer of company-specific rules to the decision-making process. This management strategy allows for two implementation options:
Retailer Managed: This strategy gives you complete control of the Fraud and Abuse decision-making process. In this strategy, Amazon fully delegates all Fraud and Abuse gate management and pre-authorization charges to you. In this scenario, you must set up a Fraud and Abuse Connector and integrate it with your backend systems.
None: The None strategy configuration allows you to disable all Fraud & Abuse evaluations, meaning that shoppers enter the Just Walk Out technology enabled store without any checks on outstanding bad debt or risk assessment. By selecting this strategy, you acknowledge that no fraud risk assessments will be performed above those conducted by the payment processor for card validation. This configuration bypasses the standard fraud prevention infrastructure and should only be chosen after careful consideration of the associated risks and implementation of alternative security controls.
| Capabilities | Payment Processor | Risk Model | Outstanding Balance | Management Strategy Selection | Risk Assessment Responsibility |
|---|---|---|---|---|---|
| Ordering, Payment Processing and Post Purchase by Amazon | Amazon | Yes | Yes | Amazon Managed | No customer action required |
| Ordering by Customer, Payment and Post Purchase by Amazon | Amazon | Yes | Yes | Amazon Managed | No customer action required |
| Ordering by Amazon, Payment Processing delegated, Post Purchase by Amazon | Stripe, Adyen, Shift4, Freedom Pay | No | Yes | Amazon Managed | No customer action required |
| Ordering, Payment Processing and Post Purchase by Customer (App Entry) | Customer selected | No | No | Retailer Managed | Customer responsible for shopper risk assessment |
| Ordering, Payment Processing and Post Purchase by Customer | Stripe, Adyen, Shift4, Freedom Pay | No | No* | Amazon and Retailer Managed* | *Amazon can manage the outstanding balance if the feedback API is implemented |
| Ordering, Payment Processing and Post Purchase by Customer | World Pay | Yes | Yes | Amazon Managed | No customer action required |
To select the fraud and abuse strategy, please work with the Amazon team to determine the best option for the Just Walk Out enabled store.
3. Merchant portal setup
Step 1: Click on "Store Setup" tab on the homepage
Step 2: Select the relevant store
Step 3: After the page loads, a dropdown named "Store Entry" would be present, verify if fraud and abuse is present inside this list.
Step 4: If present, click on the next button on the bottom right of the page till we reach fraud and abuse section.
Step 5: Setting up your fraud and abuse strategy
| Strategy | Risk Model | Outstanding Balance | Responsibility |
|---|---|---|---|
| Amazon Managed | Input to Gate decision | Amazon Maintained | Amazon |
| Amazon Recommendation | Suggested input to gate decision | Amazon Maintained | Retailer/Amazon |
| Customer Managed | Retailer owned | Retailer Managed | Retailer |
| None | Completely disabled | Not Applicable | Requires valid contract |
Note: The None strategy configuration allows you to disable all Fraud & Abuse evaluations, meaning that shoppers enter the Just Walk Out technology enabled store without any checks on outstanding bad debt or risk assessment. By selecting this strategy, you acknowledge that no fraud risk assessments will be performed above those conducted by the payment processor for card validation. This configuration bypasses the standard fraud prevention infrastructure and should only be chosen after careful consideration of the associated risks and implementation of alternative security controls.
Available strategy options depend on the specific Retail integration partnership with Amazon. The attached screenshot illustrates all possible strategies for a sample store.
For any additional questions, please consult with your Amazon team contact.
Note: If "Amazon Managed" OR "None" is selected and saved as a strategy, the backend is updated and would not require connector setup. If the other strategies are selected, they would only be saved after the connector is setup.
Step 6: Setting up your Connector
The user will be required to provide two inputs for each endpoint to ensure successful communication between the Amazon systems and the company integration application. Endpoint (connector URL) and Endpoint Type (public or private API)
- Endpoint - A hostname for an API in API Gateway that is deployed to a specific Region.
- Endpoint Type - An API endpoint type refers to the hostname of the API. The API endpoint type can be edge-optimized, regional, or private. Depending on where the majority of the API traffic originates from. For more details on API types see AWS documentation.
Amazon Just Walkout services provide the ability to use Private or Public API endpoints. If you choose Edge-optimized or Regional AWS API GWs as the type of your end point, then you will need to select Public. Only Private AWS API Gateways need to be set as Private.
If this is your first time setting up the connector, you would be prompted to this page
If you already have set up a connector and want to edit your connector, click on the pencil icon beside the "Run Test" button
Step 7: Testing your connector
The user will be able to perform connectivity testing after completing the connector configuration. Connectivity testing ensures that the Amazon systems can communicate with the company systems. Further verification and testing is required before launching a store to ensure appropriate operations. For complete list of onboarding processes please coordinate with the Amazon team.
Connector API URL - Endpoint URL provided as an input for the connectors. A hostname for an API in API Gateway that is deployed to a specific Region.
Type - API endpoint type which was chosen by you during configuration.
Connectivity Details - This is the connector connectivity status with details about the previous api call. It can have below values:
-
Untested - The endpoint is saved recently and testing is not completed
-
Tested - This endpoint is tested and would have all the details of this under
View Detailsbutton.
Run Test - Triggers a request from the Amazon systems to the company configured connector endpoint.
