Premium Fraud Management Tools
Server-Side Implementation
Using device data
Include the collected client device data via the top-level getDeviceData() parameter when creating a customer , payment method , or transaction .
Here's an example of passing device data with a transaction:
- Java
TransactionRequest transactionRequest = new TransactionRequest()
.amount(new BigDecimal("1000.00"))
.paymentMethodNonce(nonceFromTheClient)
.options()
.submitForSettlement(true)
.done()
.deviceData(request.queryParams("device_data"));
Result<Transaction> result = gateway.transaction().sale(transactionRequest);
And here's an example of passing device data with a payment method creation (thus triggering a verification request):
- Java
PaymentMethodRequest request = new PaymentMethodRequest()
.customerId("131866")
.paymentMethodNonce(nonceFromTheClient)
.options()
.verifyCard(true)
.done()
.deviceData(request.queryParams("device_data"));
Result<? extends PaymentMethod> result = gateway.paymentMethod().create(request);
When to pass device data
In general, we strongly recommend including device data on any event where:
- a customer adds credit card data to your Vault
- a customer initiates a transaction
We use both transactions and verification request data to ensure that you get the most comprehensive fraud protection possible. Our Premium Fraud Management Tools use device data to more accurately identify fraudulent requests.
This is especially important on verifications: verifying cards is the best way to stop fraudsters from getting into your Vault. Sending the verification with device data will ensure that preliminary fraud checks are being run in addition to normal AVS/CVV/risk threshold checks you may have enabled. This further augments the level of protection you have, helping to identify fraudulent patterns linked to a device sooner than if you only passed device data with transaction requests.
Skipping Premium Fraud Management Tools
If you do not want to perform Premium Fraud Management Tools checks on a specific transaction, pass Options.SkipAdvancedFraudChecking
when creating the transaction via the API:
- Java
TransactionRequest request = new TransactionRequest()
.amount("10.00")
.paymentMethodNonce(nonceFromTheClient)
.options()
.skipAdvancedFraudChecking(true)
.done()
.done()
Result<? extends Transaction> result = gateway.transaction().sale(request);
Additionally, you can choose to not perform Premium Fraud Management Tools checks on specific verifications by passing
Options.SkipAdvancedFraudChecking
in the following
calls:
Payment Method: Create
Payment Method: Update
Customer: Create
Customer: Update
Here is an example of how to use this option when creating a payment method:
- Java
PaymentMethodRequest request = new PaymentMethodRequest()
.customerId("131866")
.paymentMethodNonce(nonceFromTheClient)
.options()
.skipAdvancedFraudChecking(true)
.done()
.done()
Result<? extends PaymentMethod> result = gateway.paymentMethod().create(request);
Custom fields
Fraud Protection Advanced provides several fields that can be used to build conditional filters. However, you may have a specific set of fields pertaining to your business that you want to use in certain scenarios to mitigate fraud. Using Custom Fields, you can add such specific fields to the tool and then use them in building filter conditions.
Before you create any custom field in the tool, you must ensure the fields you want to use are passed as part of the payment transaction details. See our guide for steps to incorporate custom fields in your transaction API calls.
Response handling
We return the risk data on credit card verifications and on transactions with all compatible payment methods. The data includes the fraud service provider, the risk identifier, the device data captured flag, and the risk decision, which can provide further context on how a verification or transaction was scored by our Premium Fraud Management Tools. For users of Fraud Protection, the data will include the decision reasons. For users of Fraud Protection Advanced, the data will also include the risk score.
- Java
Transaction transaction = result.getTransaction();
transaction.getRiskData().getFraudServiceProvider();
// "Kount"
transaction.getRiskData().getId();
// "1SG23YHM4BT5"
transaction.getRiskData().getDecision();
// "Decline"
transaction.getRiskData().getDeviceDataCaptured();
// true
transaction.getRiskData().getDecisionReasons();
// ["reason1", "reason2"]
transaction.getRiskData().getRiskScore();
// 42
The possible values of the risk decision are Not Evaluated, Approve, Review, and Decline.
See also
Next Page: Webhooks →