Risk Engine
OnCharge evaluates every checkout session against multiple risk signals before allowing payment submission. The risk engine runs inside the checkout iframe, invisible to the shopper unless a step-up is required.
Risk Signals
| Signal | Source | What it detects |
|---|---|---|
| reCAPTCHA v3 | Bot likelihood score (0.0–1.0) | |
| IP Intelligence | BigDataCloud | VPN, TOR, proxy, datacenter/hosting ASN |
| Email Validation | ZeroBounce | Disposable/temporary email addresses |
| Phone Validation | NumCheckr | VoIP/disposable phone numbers |
| Browser Checks | Client-side | WebDriver, headless Chrome, automation flags |
| Timing | Client-side | Minimum checkout duration (prevents scripted submissions) |
Risk Score & Decisions
Each signal contributes points to a 0–100 risk score. The engine makes one of three decisions:
| Score | Decision | Action |
|---|---|---|
| 0–30 | Accept | Payment proceeds normally |
| 31–60 | Review | SMS OTP step-up required before payment |
| 61–100 | Reject | Payment blocked with generic error message |
Global Shared Blocklist
OnCharge maintains a cross-merchant blocklist. If a shopper causes a chargeback on one merchant, they can be automatically blocked from checking out on all other OnCharge merchants.
Identifiers (email, phone) are HMAC-hashed with a server-side pepper before storage. Raw PII is never stored in the global blocklist tables. The ban message shown to shoppers is generic and does not reveal which merchant triggered the ban or the specific reason.
Bans can be configured with an expiration period (default: 365 days) and can be manually revoked by admins through the dashboard.
Policy Toggles
The following risk policies can be configured per deployment:
- Global ban enabled — master toggle for cross-merchant blocklist (default: on)
- Ban on chargeback — automatically ban shopper on chargeback events (default: on)
- Ban duration — how long bans last in days (default: 365)
- Identifier types — which identifiers to hash and check (default: email, phone)
Privacy
All risk evaluation happens server-side. Shopper-facing UI shows only generic messages. Risk scores, signal details, and blocklist data are never exposed to merchants or shoppers through the API. Only administrators can access blocklist entries through the admin dashboard.