point of sale consumer finance online (customer not ... process... · • maximum transaction...

Point of Sale Consumer Finance

Online (Customer Not Present) Credit Application Process v2.0

Copyright © Braemar Finance 2017 This document contains the proprietary information of Braemar Finance and may not be reproduced in any form or disclosed to any third party without the written permission of a duly authorised representative of Braemar Finance.

Table of Contents

Table of Contents .............................................................................................................................................................. 2 Introduction ........................................................................................................................................................................ 3

The Credit Application Process......................................................................................................................................................... 3 Figure 1 : consumer prequalification ....................................................................................................................................... 4

Personal Details ............................................................................................................................................................................... 4 Figure 2 : Personal Details ........................................................................................................................................................ 4

Address, Employment & Banking Details .................................................................................................................................. 4 Figure 3 : address, employment and bank account details................................................................................................. 4

Customer Consent .......................................................................................................................................................................... 5 Figure 4 : search consent ......................................................................................................................................................... 5

Pre-contract Credit Information & Direct Debit Mandate ........................................................................................................ 6 Figure 5 : pre-contract credit information and direct debit mandate ................................................................................. 6

Credit Agreement & E-Signature .................................................................................................................................................. 7 Figure 6 : credit agreement and e-signature ......................................................................................................................... 7

Deposit Confirmation ...................................................................................................................................................................... 8 Figure 7 : deposit confirmation ................................................................................................................................................. 8

Referred Applications .................................................................................................................................................................... 9 Figure 8 : refer response. ......................................................................................................................................................... 9

Declined Applications .................................................................................................................................................................... 9 Figure 9 : decline response ...................................................................................................................................................... 9

3-D Secure Authenticated Card Payments..................................................................................................................... 10 Figure 10 : Deposit via 3-D Secure authenticated card payment ........................................................................... 10

3-D Secure Merchant Plug In Configuration .............................................................................................................. 10 AVS/CV2 Configuration .............................................................................................................................................. 11

3-D Secure Card Payment Log ................................................................................................................................ 11 Meta-data Log .............................................................................................................................................................12

CreditSentry ..................................................................................................................................................................... 12 Summary .......................................................................................................................................................................... 12

Braemar Finance Fast Track

Introduction

This document outlines the process that enables customers to apply online for point of sale credit products. The process is designed to be secure and efficient. At the same time it is quick and simple for customers and easily implemented and managed by retailers. The process complies with all relevant legislation including the Consumer Credit Directive (2010).

This online credit application process is a component of the Braemar Finance Fast Track Platform. The platform also includes richly functional Application Performance Interface (API) and a web based account management and reporting system called Retailer Portal.

The process complies with all relevant legislation including the Consumer Credit Directive (2010) and operates 24 hours a day, 365 days a year. If we are unable to provide an instant credit decision, we advise the consumer that their application has been successfully received and that once the lender has responded, we will send an email with instructions on how to complete their purchase. During normal operation the consumer can complete the process in around 5 minutes.

The Credit Application Process

The credit application form is now displayed. The form has been carefully developed to present correctly on a range of devices including desktops and laptop computers as well as full size tablets.

The description of product or services, deposit and finance details are displayed in the credit summary in the header throughout the application process. The footer contains links to information referred to during the application. Each link opens in a new browser window, sized and positioned to not obscure the application behind.

The customer confirms their sale particulars and that they are eligible for finance.

Figure 1 consumer prequalification


Personal Details The customer is prompted to enter their personal details as shown below. Date of birth must be selected from a drop down menu. Underage customers cannot proceed beyond this point. Email address is captured and confirmed. Finally we record the customer’s permission to sign the application and agreement on screen. Validation confirms that all fields are complete to the agreed syntax, the email address is legitimate, that both email fields match and that the checkbox statements are ticked.

Figure 2: Personal Details

The credit check performed by Braemar Finance (upon receipt of the application in step 7 below) includes one or more “consumer listed at address” positive matches.

Address, Employment & Banking Details The customer is prompted to enter the first line of their address as it is automatically recognised using the Postcode Anywhere database. In the unlikely event that the customer can’t find their address it can be entered manually. The customer is then prompted to select the number of years at this address. If they select less than 3 years, a previous address entry form appears. The form automatically captures up to 3 previous addresses

Figure 3: address, employment and bank account details


Customer Consent The customer is now prompted for their consent to perform a credit search.

Figure 4: search consent

The customer must tick the checkboxes to grant their consent before they can proceed.


Pre-contract Credit Information & Direct Debit Mandate If the application is approved, pre-contract credit information and direct debit mandate is now presented to the customer in a single scrollable page. The customer is prompted to review the pre-contract credit information and must tick a checkbox to confirm they have done so.

Figure 5: pre-contract credit information and direct debit mandate

Next the customer is presented with a completed Direct Debit mandate. We ask the customer to tick a checkbox to confirm that they are authorised as a sole signatory on the account and that they authorise the creation of the direct debit mandate.


Credit Agreement & E-Signature Finally the customer is prompted to review and sign their credit agreement by ticking a checkbox beneath.

Figure 6: credit agreement and e-signature


Deposit Confirmation After the consumer has submitted their completed application they must then pay their deposit.

Figure 7: deposit confirmation

Upon confirmation that the payment has been approved, we notify the business via https POST’s, email or both. The consumer is notified on screen as shown below and also via email. A link to the final executed copy of their credit agreement (validated with an agreement number and signed on behalf of Braemar Finance) and Direct Debit is provided.


Referred Applications If the system cannot return an instant decision, the application is referred to an underwriter for manual review. This normally takes just a few minutes, however for applications received after 5.15pm Monday to Friday or during especially busy periods a decision may not be returned until the next working day. We notify both the business and the customer by email immediately when a decision is returned.

Figure 8: refer response

Our database records the status and each change as it occurs. This means that the customer will always see the correct and relevant message regardless of their route through the process.

Declined Applications If the application is declined the retailer prints a decline letter that gives the customer further information.

Figure 9 : decline response

The same information is also emailed to the customer.

Our database records the status and each change as it occurs. This means that the consumer will always see the

correct and relevant message regardless of their route through the process.


3-D Secure Authenticated Card Payments

3-D Secure is a protocol used as an added layer of security for online credit and debit card transactions. It was developed by Visa to improve the security of Internet payments. The protocol uses XML messages sent over SSL connections with client authentication. This ensures the authenticity of both peers, the server and the client, using digital certificates. It is marketed to consumers under the Verified by Visa and MasterCard SecureCode branding.

Figure 10 : Deposit via 3-D Secure authenticated card payment

When the consumer makes a card payment following an ACCEPT response, they are redirected to the website of the card issuing bank to authorise the transaction. The consumer must then enter a password tied to the card.

Regardless of value (£1 security deposit or >£1 conventional finance deposit) is routed to the payment merchant account of Braemar Finance. The repayment terms of the credit agreement are written accordingly.

3-D Secure Merchant Plug In Configuration A Merchant Plug-In (MPI) is a software module designed to facilitate 3D-Secure verification. The MPI identifies the account number and queries card issuer servers to determine if it is enrolled in a 3D-Secure program and returns the web site address of the issuer Access Control Server (ACS) if it is found.

Each card issuer is required to maintain an ACS used to support cardholder authentication. A customer authenticates to this ACS by providing their username and password and the ACS signs the result (success or failure). This signature is then passed through the customer's browser and to the MPI. The plug-in verifies the ACS signature and decides if it wishes to proceed with the transaction.

We use the Protx MPI which is Visa and MasterCard compliant. We have configured the MPI as follows:

• Minimum transaction value: £1 • Maximum transaction value: £12,000 or 50% of cost • Perform 3-D Secure Authentication: Enabled • Allow Non 3-D Secure cards to be authorised: Disabled • Allow Cards from Non 3-D Secure issuers to be authorised: Disabled • Allow 3-D Secure failures to continue for Authorisation: Disabled • Allow authorisations if MPI error occurs: Disabled


AVS/CV2 Configuration AVS (Address Verification System) is a system used to verify the identity of the person claiming to own a credit card. The system will check the billing address of the credit card provided by the user with the address on file at the credit card company. AVS verifies the numeric portions of a cardholder's billing address. For example, if your address is 101 High Street, London, W1A 1AA, the AVS will check will return a match on 101 and W1A 1AA.

CV2 (Card Verification Value) is a security feature for credit or debit card transactions, giving increased protection against credit card fraud.CV2 is often asked for by merchants for them to secure "card not present" transactions occurring over the Internet, by mail or over the phone.

We have configured AVS and CV2 as follows:

• Minimum transaction value: £1 • Maximum transaction value: £12.000 or 50% of cost • Allow no data matches (both AVS and CV2 checks fail): Disabled • Allow address match only (CV2 check fails, address check succeeds): Disabled • Allow CV2 Match only (address check fails, CV2 succeeds): Enabled • Allow AVS data not checked (card issuer check not performed): Enabled

3-D Secure Card Payment Log The following data is logged on our servers when the consumer pays a deposit by means of a 3 -D Secure authenticated credit or debit card.

Data Logged Data Type Successful | Failed transaction Timestamp Card holder surname matches applicant surname Boolean Flag Number of attempts Integer (max. 2) Address Verification System (AVS) Boolean Flag Cardholder Verification Value (CVV/CV2) Boolean Flag


Meta-data Log The following data is logged on our servers during the application process.

Data Logged Data Type Browser information & operating system Free text 3 year address history check Free text Field validation as defined by the lender Various Consumers IP address Integer IP geo-location metrics Physical location (country,

city and geographic coordinates), distance from home address (in miles), High risk country, ISP, open proxy, anonymous proxy, transparent proxy, free email provider and high risk email provider.

CreditSentry

CreditSentry, our proprietary risk management software, is integrated within the credit application process. It’s designed to help rbusinessess and lenders identify and prevent fraudulent finance applications, at the point of sale, both online and in a face-to-face retail environment.

CreditSentry combines a powerful rules engine with the capture and analysis of detailed transaction meta-data to reveal fraudulent and spurious credit applications.

Every application is examined in real time as the consumer completes the form. CreditSentry can be configured to instantly reject clearly spurious applications before they are submitted to the lender and passively highlight suspicious credit attempts for manual review. The wealth of meta-data captured with each credit attempt simplifies this task.

Metrics include transaction value, GeoIP (the physical location of the computer used), velocity checks (number of recent credit applications and responses), previous fraud sources, high-risk postcodes, anonymous/open proxies and other sensitive information. A 'blacklisting' feature allows retailers to easily block nuisance customers, IP’s, email and postal addresses.

Summary

This process provides lenders, businesses and consumers with a secure and convenient way to submit online retail finance applications.

Over 70% of UK consumers shop online using a credit or debit. They are already familiar and comfortable with the process. The 3DS verification process allows them to submit and complete an online credit application easily in less than 5 minutes.

The process has been extensively tested against all known security weaknesses including SQL injection, browser flaws and database/scripting language version compromises.


point of sale consumer finance online (customer not ... process... · • maximum transaction...

Documents