Kount Fraud Detection
Scottsdale Mint uses Kount (an Equifax company) as its primary fraud prevention system. All credit card, ACH, and certain other payment transactions are evaluated by Kount before being processed.
What is Kount?โ
Kount is a machine-learning-based fraud detection platform that:
- Assigns a risk score (0โ99) to each transaction
- Makes an automated decision (Approve, Decline, or Review)
- Provides a rules engine for custom fraud policies
- Handles ENS (Event Notification Service) for post-transaction fraud events (chargebacks, review decisions)
Supported Payment Methodsโ
Kount fraud screening applies to:
- Credit card payments (PPCP hosted fields)
- Debit card payments
- ACH transactions (bank account details evaluated)
Kount does NOT screen:
- Bank wire (manual fulfillment hold used instead)
- Cryptocurrency (different risk model)
Integration Pointsโ
1. JavaScript Data Collector (Client-Side)โ
Kount's kdt.js (Data Collector) script is loaded on checkout pages. It collects:
- Browser fingerprint
- Device characteristics
- Session ID (linked to the order)
The Kount session ID is generated and passed to the payment gateway during checkout form submission.
<!-- Added by suma-elementor theme or suma-patches -->
<script src="https://tst.kaptcha.com/collect/sdk?m=MERCHANT_ID"></script>
The merchant ID changes between environments. Production uses the live Kount merchant account; staging and dev use test credentials.
2. Pre-Auth API Call (Server-Side)โ
Before the payment gateway processes a card, the WordPress plugin calls Kount's Risk Inquiry (RIS) API with:
| Field | Description |
|---|---|
MACK | Merchant acknowledgement (Y) |
SESS | Kount session ID (from client-side JS) |
UNIQ | Unique order ID |
TOTL | Order total in cents |
IPAD | Customer IP address |
MACK | Merchant key |
SHTP | Shipping type |
| Card data | AVS, CVV results (from gateway) |
| Address | Billing and shipping addresses |
| Cart items | Product names, SKUs, prices |
The RIS response includes:
SCORโ Risk score (0โ99; higher = riskier)AUTOโ Decision (A=Approve,D=Decline,R=Review)GEOXโ Geolocation countryBRNDโ Card brand
3. Decision Handlingโ
| Kount Decision | WordPress Action |
|---|---|
A (Approve) | Proceed to payment gateway capture |
D (Decline) | Order rejected; customer shown generic error; Wonolog logs decline reason |
R (Review) | Payment proceeds; order set to wc-on-hold; fraud team notified |
ENS (Event Notification Service) Webhookโ
After a transaction, Kount may send asynchronous updates via ENS webhooks. See ENS Webhook for full details.
Configurationโ
| ENV Variable | Description |
|---|---|
KOUNT_MERCHANT_ID | Kount merchant account ID |
KOUNT_API_KEY | Kount API key |
KOUNT_ENV | test or production |
KOUNT_SITE | Kount site identifier (e.g., SCOTTSDALEMINT) |
Patch Appliedโ
The Kount-Remove-Unecessary-Logging.patch patch reduces verbose Kount logging that was flooding Lambda CloudWatch logs:
patches/Kount-Remove-Unecessary-Logging.patch
This patch removes error_log() calls from the Kount plugin that were not actionable and created excessive noise.
Kount Admin Interfaceโ
Kount provides a web-based admin console at https://awc.kount.net where authorized staff can:
- Review flagged orders
- Build and tune fraud rules
- View risk scores and reasons
- Approve or decline reviewed transactions
- Manage chargebacks
Access requires a Kount account with appropriate user permissions.
Responding to Fraud Reviewsโ
When an order in WooCommerce is wc-on-hold due to a Kount review:
- Log in to the Kount Agent Web Console
- Find the transaction by order number or session ID
- Review the risk signals (device fingerprint, IP location, velocity checks)
- Make a decision:
- Approve โ Kount sends ENS webhook โ WordPress auto-captures payment โ Order โ
wc-processing - Decline โ Kount sends ENS webhook โ WordPress voids payment โ Order โ
wc-cancelled
- Approve โ Kount sends ENS webhook โ WordPress auto-captures payment โ Order โ
Troubleshootingโ
| Issue | Check |
|---|---|
| All transactions declining | Verify KOUNT_ENV is correct; test mode may not accept live orders |
| Orders stuck on-hold | Check Kount AWC for pending reviews; verify ENS webhook URL is reachable |
| Kount script not loading | Check CSP headers; Kount CDN domain must be whitelisted |
| Risk score always 0 | kdt.js may not be loading; verify session ID is being passed |