Risk

Transaction rules

Cardflo's transaction rules provide granular control over how individual payments are processed. Merchants can define specific parameters that dictate whether a transaction is accepted, declined, routed to a particular acquirer, or subjected to additional verification.

This level of control optimises payment flows, manages risk, and enhances conversion rates by applying logic precisely where needed.

Category
Risk
Capabilities
10
Available on
All plans
Apply now

The overview

Transaction rules represent the logic layer within a payment gateway or orchestration platform that governs the lifecycle of an individual payment request. By applying conditional statements to inbound data, these rules determine the path of a transaction before it reaches the acquirer.

Logic is typically structured using attributes such as the Bank Identification Number (BIN), Merchant Category Code (MCC), or geographical metadata. This mechanism allows a merchant to manage risk profiles and cost structures in real time.

Rather than treating all traffic as uniform, rules enable the segmentation of payments by risk level, value, or origin. This ensures that high-value transactions may require more stringent verification like SCA, while low-friction paths are maintained for low-risk scenarios.

This granularity is essential for businesses operating across multiple jurisdictions where local regulations and scheme rules vary. Effective rule implementation focuses on balancing fraud prevention with the preservation of authorisation rates.

How it works

  1. Attribute extraction and identification

    When a customer initiates a payment at the checkout, the system identifies specific metadata associated with the request. This includes the card issuer country, the specific BIN, the currency, and the Merchant Identification Number.

    These variables serve as the foundational data points upon which subsequent logic is applied.

  2. Application of conditional logic

    The transaction passes through a sequence of pre-defined 'if-then' statements. For example, a rule might specify that if a transaction exceeds a certain value and originates from a high-risk region, it must be diverted.

    This stage determines the immediate fate of the payment before any network calls occur.

  3. Fraud and authentication filtering

    Based on the internal logic, the system decides whether to trigger Strong Customer Authentication via 3DS.

    Rules can be configured to request 3DS only when risk thresholds are met, thereby reducing friction for low-value or trusted payments while maintaining compliance with relevant PSD2 or regional regulations.

  4. Direction to optimal gateway

    Once the transaction is validated, the rules engine chooses the most appropriate acquirer. This decision may be based on the lowest interchange-plus costs, the highest historical authorisation rates for the specific card type, or the need to meet volume commitments stipulated in merchant service agreements.

  5. Authorisation and response handling

    The request is transmitted to the selected acquirer. Upon receiving a response, the rules engine can interpret decline codes.

    If a soft decline occurs, the system may initiate an automated retry through a different route, provided the merchant's ruleset permits subsequent attempts for that specific failure reason.

Why it matters

Authorisation rate optimisation

Static routing often results in unnecessary declines due to regional card preferences or issuer-specific inconsistencies. By using rules to match transactions with the acquirer most likely to approve them, a merchant can increase successful captures.

This involves categorising transactions into groups that align with the strengths of different processing partners, ensuring that technical or risk-based refusals are minimised across the entire portfolio.

Mitigation of processing costs

Payment costs are rarely uniform across different card schemes or regions. Transaction rules allow for the prioritisation of routes with lower scheme fees or interchange costs.

By identifying local cards and routing them through domestic acquirers, businesses avoid the higher costs associated with cross-border processing. This systematic approach ensures that the most cost-effective path is chosen for every individual line item processed by the gateway.

Compliance and risk management

Regulatory environments like PSD2 require specific authentication behaviours. Transaction rules provide the mechanism to enforce these requirements without applying them universally.

Merchants can automate the exclusion of specific high-risk jurisdictions or restrict certain MCCs if they fall outside of risk appetite. This reduces the burden on manual review teams and protects the merchant from excessive chargeback rates or potential penalties from card schemes.

Use cases

Cross-border retail

A merchant selling globally can use rules to route payments through local acquirers in the European Union to capitalise on lower interchange rates, while using a different partner for North American traffic to optimise authorisation.

SCA exemptions

A subscription service can apply rules that automatically request exemptions for low-value recurring transactions, ensuring that customers are not interrupted by unnecessary 3-D Secure challenges that could lead to churn.

High-risk mitigation

An electronics retailer can implement rules that trigger 3DS for all first-time buyers whose shipping and billing addresses do not match, while allowing returning customers to proceed through a faster checkout.

Cost-based routing

A high-volume airline can direct all premium card transactions to a specific provider with a better blended-pricing structure for corporate cards, reducing the total fee burden on high-interchange payments.

By the numbers

2-5%
Authorisation improvement

Typical uplift observed in the industry when transitioning from static routing to a multi-acquirer setup using smart transaction rules.

10-20%
Reduction in processing costs

Standard range of savings reported by merchants who implement cost-based routing for cross-border and regional domestic transactions.

<50ms
Average rule processing time

The expected performance threshold for modern payment orchestration engines when executing complex conditional logic at the gateway level.

Ready to route with Transaction rules?

Talk to our team about a live rollout on your acquiring stack.

Apply now

What you get with Transaction rules

  • Configure logic based on specific Bank Identification Number ranges for precise issuer targeting.
  • Restrict or permit transactions according to the cardholder's geographic location or IP address.
  • Automate the routing of high-value payments to acquirers with superior risk-modelling capabilities.
  • Enforce Strong Customer Authentication based on transaction value and regional regulatory requirements.
  • Identify and segment transactions by Merchant Category Code to manage industry-specific risk profiles.
  • Direct domestic card traffic to local acquirers to minimise cross-border fees and interchange.
  • Implement automated retries for soft declines by switching to secondary processing partners.
  • Assign specific Merchant Identification Numbers for different product lines or business units dynamically.
  • Filter transactions based on historical fraud data and internal blacklists at the gateway level.
  • Apply specific currency conversion rules based on the cardholder's native currency and FX rates.
See Transaction rules on your acquiring stack.

A short scoping call, then a written plan for your MIDs.

Apply now

Questions about Transaction rules

How do transaction rules affect the speed of the checkout process?

Rules are typically processed within the gateway in milliseconds. The logic is applied before the authorisation request is sent to the network.

While complex rulesets require more processing power, a well-managed engine ensures that the latency impact is negligible. In most cases, the speed gains from avoiding unnecessary authentication steps or routing to more efficient acquirers outweigh the initial processing time at the logic layer.

Can rules be used to prevent specific types of chargebacks?

Yes, rules can mitigate chargeback risk by identifying patterns associated with friendly fraud or stolen credentials. By enforcing 3DS on suspicious transactions or blocking high-risk IP ranges, a merchant can stop potentially fraudulent transactions before they reach the issuer.

However, rules cannot prevent all chargebacks, as some occur post-settlement for reasons unrelated to the initial authorisation logic.

What is the difference between a hard decline and a soft decline in rule logic?

A hard decline is a permanent refusal from the issuer, such as for a stolen card, where rules should not attempt a retry. A soft decline indicates a temporary issue, such as insufficient funds or a technical timeout.

Transaction rules can be configured to recognise these differences, allowing the system to intelligently retry soft declines through an alternative route while immediately stopping hard declines to avoid scheme penalties.

Is it possible to route transactions based on the cost of processing?

Merchants can use rules to direct transactions to whichever acquirer offers the best pricing for that specific card type.

For example, if one acquirer has a better rate for commercial cards, the rules engine can identify the card type via the BIN and route the transaction accordingly. This ensures that the merchant is not overpaying for interchange-plus or scheme fees on high-cost transactions.

Can I set different rules for recurring payments versus one-off transactions?

Payment systems distinguish between Merchant Initiated Transactions and Customer Initiated Transactions. Rules can be configured to apply different risk filters to these categories.

Typically, a CIT might require 3DS for the initial setup, while subsequent MITs are permitted through the ruleset without further customer intervention, provided the appropriate tokens and indicators are present in the request.

How does BIN-based routing work in a transaction ruleset?

BIN routing uses the first six to eight digits of a card number to identify the issuer and card product type. Rules are set to recognise these digits and apply specific logic.

For instance, a merchant might route all 'Gold' or 'Platinum' cards to an acquirer with higher approval thresholds for premium cards, or route all domestic debit cards to a local provider.

Get started

Ready for velocity?

Tell us about your business. We'll match you with the right acquiring partners and the right route, typically inside a week.

Apply now
Apply now