# Transaction Filtering
source: https://developer.mastercard.com/mastercard-gateway/documentation/security-and-fraud/risk-management/transc-filtering/index.md

Transaction filtering enables the gateway to reject or mark transactions for review based on simple rules configured by you and your payment service provider in the Merchant Administration and Merchant Manager portals respectively. The rules are evaluated based on the principle of gates or hurdles. Even if a single rule fails, the gateway rejects the transaction, and the order will not be allowed to proceed.

Key benefits:

* Reduces fraud costs by reducing the amount of fraud.
* Offers real-time decisioning rather than post transaction analysis solution.
* Allows you to block or review transactions, thereby minimizing false positives.
* Reduces chargeback costs by reducing the number of chargebacks.
* Allows you to stop re-offenders by blocking chargeback payers from re-transacting.
* Allows you to override payer authentication scheme security by blocking issuers who do not process EMV 3-D Secure correctly. Only Authorization, Pay, Verify, and Standalone Capture transactions are assessed for risk. Risk assessment on other transactions such as refunds, standalone refunds, or voids is not performed.

If risk assessment on Verify is not performed (due to the Bypass Risk flag), then the gateway allows you to risk assessing the first financial transaction received on the order following Verify unless you also opt to bypass risk on that transaction.

## Configuring rules {#configuring-rules}

You can configure the following transaction filtering rules in the Merchant Administration portal. Your payment service provider may configure rules for you in the Merchant Manager portal, in addition to rules that apply to all their merchants.

|      Risk Rule       |                                   Allows the gateway to...                                    |
|----------------------|-----------------------------------------------------------------------------------------------|
| Trusted cards        | always accept transactions with these card numbers.                                           |
| Suspect cards        | always reject transactions with these card numbers.                                           |
| IP Address Range     | reject/review transactions originating from high-risk IP addresses.                           |
| IP Country Rules     | reject/review transactions originating from IP addresses associated with high-risk countries. |
| Card BIN Rules       | reject/review transactions based on card BIN ranges.                                          |
| EMV 3-D Secure Rules | reject/review transactions based on the EMV 3-D Secure authentication result of the payer.    |
| AVS Rules            | reject/review transactions based on the AVS response.                                         |
| CSC Rules            | reject/review transactions based on the CSC response.                                         |

Warning: Even if you have not configured any transaction filtering rules, your payment service provider may have configured transaction filtering rules and these will always be applied to your transactions.

## Risk details {#risk-details}

When you are configured to use transaction filtering, transactions processed through the gateway will be assessed against the rules, and the risk assessment result `risk.response.gatewayCode` will be returned in the transaction response. Orders that are flagged for review as a result of risk assessment may be reviewed to be accepted or rejected in Merchant Administration. The review decision will be returned in the `risk.response.review.decision` field.
**Risk Assessment Result API Reference** [\[REST\]](https://developer.mastercard.com/mastercard-gateway/documentation/api-reference/v100/rest/api-ops/index.md#transaction.md) [\[NVP\]](https://developer.mastercard.com/mastercard-gateway/documentation/api-reference/v100/nvp/api-ops/index.md#transaction.md)

You can choose to bypass risk assessment by providing `risk.bypassMerchantRiskRules` field in the transaction request. The rules configured by your payment service provider will still be applied.
**Bypass Risk API Reference** [\[REST\]](https://developer.mastercard.com/mastercard-gateway/documentation/api-reference/v100/rest/api-ops/index.md#transaction.md) [\[NVP\]](https://developer.mastercard.com/mastercard-gateway/documentation/api-reference/v100/nvp/api-ops/index.md#transaction.md)

You can search for the order or transaction in Merchant Administration using the risk assessment result or the review decision status. The risk assessment details are displayed on the order and transaction details page.