Does not support Braintree Risk Threshold Rules well

[RyanofWoods]

Braintree comes with free basic fraud protection. One of the tools is Risk Threshold Rules (velocity checks) [1]. Many of the fields [2] cannot be used as the extension is not currently providing enough data when creating customers and transactions, or the data is inconsistent with what they want.

[1] https://developer.paypal.com/braintree/articles/guides/fraud-tools/basic/risk-threshold-rules [2] https://developer.paypal.com/braintree/articles/guides/fraud-tools/basic/risk-threshold-rules#fields

Fields/data that can be used for the rules:

• Billing Postal Code: not provided on transactions
• Credit Card Number: extension only uses tokens and not raw cc data, but this should be useable?
• Order ID: Solidus makes this order-id unique for each transaction, so for example the "Unique Credit Card Numbers per Order ID" check will not work
• Customer ID: is given on transactions, but might not be that useful as a customer might be created for each purchase, so you cannot utilize the "Unique Credit Card Numbers per Customer ID" check (I need to check this more)
• Customer Email, not given when customer is vaulted
• Payment Method Token: integrated and vaulted on customer and transactions

Proposed solutions:

• Make Order ID be consistent across transactions for the same order
• Provide Billing Postal Code
• Provide email when creating customer

The following fields need checking if they can be currently used for the checks:

• Credit Card Number
• Payment Method Token
• Customer ID (does this change per payment? Any differences between guest and user?)

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.