Integrate FraudNet

DOCSCURRENT

Last updated: Feb 27th, 7:43am

FraudNet is a PayPal-developed, JavaScript library embedded into a merchant’s web page to collect browser-based data to help reduce fraud. Upon checkout, data elements are sent to PayPal Risk Services for fraud and risk assessment. FraudNet is for desktop browsers only.

Data collected by FraudNet is used for risk analysis and authentication. PayPal does not share FraudNet data with third parties for their own independent benefit.

To integrate FraudNet, embed a short code snippet in the merchant website and add a custom header to the PayPal call.

1

Embed FraudNet snippet

Embed a FraudNet JavaScript and noscript/ snippet into the page where you're integrating FraudNet. The integration code is based on the non-blocking script loader pattern.

JavaScript

There are 2 parts to the JavaScript snippet:

Element Description
FraudNet parameters A script/ parameter block that passes fnparams input parameters to FraudNet.
Loading script A script/ element with code that asynchronously loads the FraudNet JavaScript.

Noscript

The noscript/ snippet runs when JavaScript isn't enabled for the application. This element operates independently from the JavaScript snippet.

Parameters

The JavaScript and noscript/ snippets pass parameters to FraudNet. The s and f FraudNet parameters are required for both integrations.

Script attributes

The loading script of the JavaScript snippet uses this attribute in the <script> declaration:

Parameter Description Type Required
fncls This attribute passes the fnparams key needed to connect with the FraudNet service. The key is fnparams-dede7cc5-15fd-4c75-a9f4-36c430ee3a99. string Required for Javascript snippets

Parameter attributes

The JavaScript and noscript/ snippets use these 2 attributes:

Parameter Description Type Required Notes
`f` The `FraudNet Session Identifier` passes a unique and random identifier for the current transaction or session. String Required Maximum length: 32
`s` Passes a unique flow ID for each web page. See the Modify the code section for details about how to create this ID. String Required Maximum length: 32

The JavaScript snippet also uses this attribute.

Parameter Description Type Required
sandbox Set to true for a transaction in a sandbox environment. For a live payment, you can either set this to false or omit this attribute. boolean Required for sandbox

All other FraudNet parameters are optional.

JavaScript snippet

The JavaScript snippet requires an fncls attribute set to fnparams-dede7cc5-15fd-4c75-a9f4-36c430ee3a99.

To find and process parameters, FraudNet JavaScript searches for a script of type application/json with an attribute fncls, and its value must match that string.

FraudNet parameters

Run the following fnparams configuration script on a modern browser with JavaScript enabled to pass parameters to FraudNet.

    1<scripttype="application/json"fncls="fnparams-dede7cc5-15fd-4c75-a9f4-36c430ee3a99">
    2{
    3"f":"<32_character_GUID>",
    4"s":"<merchant_id>_<page_id>",
    5"sandbox":false
    6}
    7</script>

    Loading script

    There are 2 options for passing the FraudNet data on the web page:

    Option 1: Insert this code after the fnparams configuration script:

      1<scripttype="text/javascript"src="https://c.paypal.com/da/r/fb.js"></script>

      Option 2: Append this code after your logic and pass your configuration as options:

        1{
        2fnUrl:"https://c.paypal.com/da/r/fb.js";
        3}
        4function_loadFraudnetConfig(options){
        5var script =document.createElement("script");
        6 script.src= options.fnUrl;
        7document.body.appendChild(script);
        8}



        Modify the code

        • Set a unique and random identifier for the current transaction or session in the FraudNet f parameter, also known as FraudNet Session Identifier. The maximum length of the parameter is 32 characters.
        • Send the FraudNet f parameter value in the PAYPAL-CLIENT-METADATA-ID HTTP header for the Create order API request in Step 2 of the Integrate Pay upon Invoice page.
        • Set a unique identifier for each web page in the FraudNet s parameter, also known as Source Website Identifier. The maximum length of the parameter is 32 characters. Use <merchant_id>_<page_id> to create unique identifiers for the sparameter. Locate these values as follows:
          • merchant_id - go to your profile and select Account Settings > Business Information > PayPal Merchant ID.
          • page_id - use one of the following values: home-page, search-result-page, category-page, product-detail-page, cart-page, inline-cart-page, checkout-page.
        2

        Content Security Policy integration

        CSP tags

        If you are using Content Security Policy (CSP), you must add the following URLs in CSP to an allowlist:

        Tag Attribute (live)
        img-src https://c.paypal.com, https://b.stats.paypal.com
        frame-src https://c.paypal.com
        script-src https://c.paypal.com

        CSP scripts

        If your Content Security Policy doesn't allow inline-scripts, use one of the following options:

        • Add unsafe-inline as a directive in your script-src policy, such as Content-Security-Policy: script-src 'unsafe-inline'. This allows access to all inline-resources throughout your app.
        • Implement a nonce value to allowlist the script.

        Allowlist inline scripts

        You can allowlist specific, inline scripts without using the unsafe-inline directive. Do this by using either a cryptographic nonce (a number used once) or a SHA hash.

        To use a nonce, add a nonce attribute in the script tag. You must generate a nonce at random with each page load and insert it into the CSP and the FraudNet script. PayPal recommends encoding a nonce value in Base64 using a cryptographically secure random number generator with at least 128 bits of data.

          1<scriptnonce=abcRANDOM_NONCE_VALUExyz>
          2alert('Hello, world.');
          3</script>
          4Content-Security-Policy: script-src 'nonce-abcRANDOM_NONCE_VALUExyz'

          If you accept cookies, we’ll use them to improve and customize your experience and enable our partners to show you personalized PayPal ads when you visit other sites. Manage cookies and learn more