Rule
Suspicious payments trigger red alerts. The overall score associated with a payment indicates the likelihood of fraud occurring. Red alerts trigger these events:

Payments are frozen to a zero (0) status until they are confirmed or released by a Fiserv or sponsor fraud specialist

Notifications of suspicious activity alerts are issued automatically to
Fiserv’s PeopleSoft system.
Note . Fiserv’s FraudNet system generates red alerts only. Yellow alerts are not being generated at this time.
The following table contains a list of current rules (reasons why the payment is being alerted as suspicious behavior). The values of the rules are subject to change.
Alert Description Definition
Subscriber Info Change ACHG The subscriber’s email address has changed recently.
Account Transfers Sleep A2AS
Bust-Out BUST
Monitors for previously created transactions being scheduled on a previously dormant account.
The subscriber is attempting to make a payment to a recently added payee and the payee’s address is located near the subscriber’s address.
Bust-Out II
DDA = Payee Account #
BUS2
EKITE
PKITE
The subscriber is attempting to make a payment to a recently added payee and the payee’s address is located far from the subscriber’s address.
Monitors for transactions where the funding account matches the receiving or payee account number. This rule monitors both electronic and paper transactions.
Ошибка! Текст указанного стиля в документе отсутствует.

Rule
Model
MOE (Merchant Online
Enrollment)
Managed Velocity Payment
Quick Hitter Rule
Personal Payments Receiver
Velocity
Personal Payment Sender
Velocity
Alert Description
MODEL
MOE
Definition
This is a statistical rule that is usually triggered by payment size. This is usually a large payment with a small chance of fraud.
This rule monitors all newly established MOE merchant payments in the Fiserv system.
Verify the payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees to become electronically enabled. This program is no longer being used, but fraud mitigation practices still exist to monitor MOE merchants who are still electronically enabled within the Fiserv bill payment network.
MVP
QH
PPRV
PPSV
This is an optional rule used to monitor velocity of payments within a particular industry or set of industries. Contact your assigned fraud specialist to establish the thresholds for this velocity rule. For example: this rule helps detect multiple payments being transmitted to various credit card numbers, not just the same number.
Multiple payments have been made to a newly added payee.
Measures velocity of transactions and cumulative dollar amounts received by an individual. Sponsors subscribing to ZashPay should work with their fraud specialist to establish the appropriate velocity and amount thresholds .
Measures velocity of transactions and cumulative dollar amounts sent by an individual. Sponsors subscribing to ZashPay should work with their fraud specialist to establish the appropriate velocity and amount thresholds.

Rule
Transfer Monitor
A2A Velocity
Alert Description
TRAN
Definition
Monitors newly created account-to-account transfers, timeframes, and amount thresholds per business unit specifications .
VELTRAN
BBMS
Monitors the velocity of account-to-account transfers being made by a specific subscriber. Variables are dependent on the specific business units’ needs.
Monitors transactions being remitted directly to financial institution branches for deposit into a checking account. (Effective Fall 2011)
Bank by Mail

Negative Files
These files consist of data from previously confirmed fraudulent activity. The data provided in the Negative
Files is used by FraudNet to identify any future payments that match the negative data. If an alert returns because of a Negative List Rule, there is associated data that was already placed in the Negative File .
Rule
Negative List
Negative List
– DDA
– Email
Negative List – Payee Account #
Negative List
Negative List
– SSN
– ZIP + 11
Alert Description
NLD
Definition
The subscriber’s bank account number is on a list of bank accounts associated with confirmed cases of fraud .
NLE
NLP
NLS
NLZ
The subscriber’s e-mail address is on a list of e-mail addresses associated with confirmed cases of fraud.
The subscriber’s account number with the payee is on a list of payee account numbers associated with confirmed cases of fraud.
The subscriber’s social security number is on a list of social security numbers associated with confirmed cases of fraud.
When a social security number is added, all payments made by that subscriber are alerted in FraudNet.
Prior to adding a social security number to the Negative List, you must obtain
“Declaration of Fraud”, which is a letter stating that the subscriber never has and never will use bill pay.
The payee’s 11-digit zip code is on a list of payee address zip codes linked to confirmed cases of fraud

Manual Alerts
The following manual alerts are added by Fiserv’s sponsors that were not originally detected through
FraudNet .
Rule
Manual Alert
Manual Alert Search
Alert Description
MA
MAS
Definition
Externally reported fraud that FraudNet missed or that failed to trigger an alert.
Generated by the sponsor to notify Fiserv of the missed data.
It is crucial that these accounts be entered into the FraudNet system so fraud analysts can track and modify client scoring parameters in the event their
detection statistics begin to drop.
A sponsor using FraudNet generated an alert for an item that was linked to confirmed fraud data (generally associated with e-mail address, zip code, or payee account number).