Authorize.net AFDS fraud filter tuning guide
- AFDS ships with reasonable defaults but is often left un-tuned — filters that trigger 10%+ of your declines need attention.
- Start by identifying which filters produce the most blocks; replace generic with specific where possible.
- Layer velocity + geo + AVS + custom rules for the best accuracy-vs-friction tradeoff.
On this page
Authorize.net's Advanced Fraud Detection Suite (AFDS) is included with every Authorize.net account but underused by most operators. Properly tuned, it blocks actual fraud with minimal friction. Out of the box, it either over-blocks good customers or under-protects, depending on the default configuration your ISO shipped you.
Here is the tuning guide that works for most high-risk operators.
1. Access AFDS
Authorize.net merchant portal → Tools → Fraud Detection Suite. Lists all filters, shows recent trigger counts. Start here.
2. Baseline current performance
Pull 30 days of filter triggers. Identify which filters triggered most. Cross-reference with actual chargeback data — filters that blocked charges that would have been disputed are protecting you. Filters that blocked charges that later approved on retry or via another method are over-blocking.
3. Suspicious Transaction Filter (STF)
AFDS ships with STF which uses Authorize.net's fraud scoring. Default threshold is "suspicious" level; adjust to your vertical. For high-risk verticals, keep default or slightly tighter. For standard e-commerce, may loosen to reduce false positives.
4. Shipping Address Verification
Matches shipping to billing address. Block on mismatch is too aggressive for most operators (gifts, corporate cards, work shipping addresses). Change to "decline non-matching" to "review if non-matching" — flag for manual review rather than auto-decline.
5. AVS response filter
Decline on full AVS match fail. Keep on. Decline on ZIP-only match fail is too aggressive; keep the ZIP-match as approval.
6. Transaction amount filters
Block transactions above $X. Set X to your 99th percentile order value or 2x average order value. Orders above this get manual review.
7. Velocity filters
(a) Block if same card used 3+ times in 15 minutes.
(b) Block if 10+ unique cards from same IP in 5 minutes (card testing signal).
(c) Block if same email 5+ attempts in 30 minutes.
These catch card stuffing without affecting legitimate customers.
8. Geo IP filter
Block charges from countries you do not ship to. For US-only operators: block all non-US IPs on shipping intent. For global: allow all; use per-country rules for high-risk regions.
9. Hourly and daily velocity
Max charges per customer per hour/day. Set based on your business model. Subscription boxes: 1-2/hour, 3-5/day. Digital goods: 10-20/day.
10. IP blocklist
Known bad IPs from your fraud attempts. Maintain over time. Third-party IP reputation services can feed this.
11. Custom rules
AFDS supports custom rules combining multiple conditions. Examples:
- Block if amount > $500 AND billing country != shipping country.
- Review if new customer AND amount > 1.5x AOV.
- Block if email domain is "disposable."
Custom rules outperform single-attribute filters.
12. Monthly review ritual
Pull filter performance monthly. Adjust one or two rules based on data. Fraud evolves; rules go stale. Consistent tuning beats aggressive setup followed by neglect.
Common filter mistakes
(a) Enabling all filters at default settings = false positives. (b) Blocking on single-attribute triggers = too rigid. (c) Never reviewing filter performance = silent over-blocking. (d) Mimicking Radar exactly = duplicates without complementing.
AFDS vs Stripe Radar
Radar is machine-learning based with built-in rules. AFDS is more rule-based. Both work; AFDS is more configurable at a granular level but requires more hand-tuning. Operators using Authorize.net + AFDS sometimes add Kount for ML layer.
Integration with gateway
AFDS filters run before the transaction reaches the acquirer. Blocked transactions count as declines in your reporting. Returned codes: E00012, E00013, etc. Your dunning logic needs to distinguish AFDS blocks from issuer declines.
Where AFDS falls short
Machine learning fraud detection (Sift, Signifyd). Behavioral biometrics (Arkose). Device fingerprinting (ThreatMetrix). For high-volume or high-risk operators, AFDS alone is insufficient. Layer additional tooling.
The multi-layer stack
AFDS baseline + Kount or Signifyd for ML + device fingerprinting = comprehensive. Expect 0.4-1% of volume spent on fraud tooling for that quality. Cheap relative to chargeback costs at scale. See pricing, fraud tool comparison, or apply for a fraud stack audit.
13. The quarterly tuning ritual
Q1: winter fraud patterns (gift card testing). Q2: spring consumer confidence shifts. Q3: back-to-school / electronic season fraud. Q4: holiday fraud wave. Tune filters quarterly matching seasonal patterns.
14. Filter ordering
AFDS evaluates filters in sequence; order matters for performance. Put cheapest filters first (IP block, country filter) so expensive filters (velocity, custom rules) only run on charges that pass initial screens. Ordering reduces processing time and scales better on high-volume accounts.
15. Integration with third-party tools
AFDS baseline + Kount = best-in-class for high-risk. Kount scores each transaction, AFDS filters by threshold. Layered defense catches fraud that single-tool approaches miss. Budget $500-3,000/month for Kount depending on volume.
16. Reporting on filter effectiveness
Monthly report: filter triggers, blocked amount, false-positive complaints, chargeback on non-blocked charges. Identify filters with high blocks but low chargeback protection value — those are over-blocking. Retire or re-tune.
17. Working with your ISO
Your ISO may have default AFDS configurations applied to new accounts. Ask for a copy of the default settings. Often overly aggressive for standard operators; loosen where data supports.