Transaction Risk Overview
Last updated: Sept 23rd, 4:28pm
The Transaction Risk API, or Risk as a Service (RaaS), is a set of stand-alone services that provide PayPal partners and merchants with a higher level of risk management. These services are designed to help reduce fraudulent payment activity and, in some cases, can help verify transactions that may have otherwise failed.
Overview
PayPal partners and merchants can Set transaction context to send additional data, or transaction context, about a customer to PayPal before PayPal processes a customer's transaction. PayPal uses this data to perform a pre-transaction risk management evaluation.
The transaction context can contain location and environment information and other customer information, such as a customer's transaction history, that the merchant collects based on customer account activity on the merchant's website.
PayPal cannot directly obtain this data because the customer is on the merchant's and not the PayPal website. This data can help PayPal with the credit approval process.
In the diagram:
| 1. | Checkpoints. |
| 2. | You call the Transaction Risk API before you call other PayPal transaction APIs. |
| 3. | The service lets PayPal collect important information about the customer's history before the transaction is initiated. |
Each transaction and its associated context has a unique tracking ID. PayPal might request additional fields and merchants can also request additional data in the form of key-and-value pairs.
Tracking ID
Each transaction and its associated context has a unique tracking_id. Merchants can call the Transaction Risk API with the same tracking_id for the same transaction and set the context for the transaction. PayPal uses the transaction context data when it processes the transaction to help provide a higher level of risk management. In some cases, this additional data can help validate transactions that might otherwise fail.
PayPal uses the tracking_id property to tie the transaction context sent by the merchant to the related transaction on the PayPal side, enabling PayPal to use that data to help approve the transaction.
You specify the tracking ID as tracking_id in the URI. The tracking ID is the unique merchant-assigned ID that is used to track the payment. PayPal uses this value to reference the transaction context data when it processes the transaction.
The tracking_id can be any value as long as it is unique. Typically, the merchant generates this value internally. However, PayPal prefers that it is fewer than 32 characters in length.
Note: Do not use the same tracking_id across multiple transactions, at least within the span of a few days. If you use the same tracking_id more than once in 48 hours, the wrong transaction data might get used for a transaction, which can cause the transaction to fail.
These payment calls pass the tracking ID:
| API | Tracking ID |
|---|---|
| REST API | Set the tracking_id in the URI to the UUID generated by the partner.Also, set the HTTP PayPal-Client-Metadata-Id request header to the tracking ID. |
| SOAP API | Set the tracking_id in the URI to match fields sent in the payment call. |
For more information, see these classic payment calls:
| Classic API | Field | See |
|---|---|---|
DoReferenceTransaction |
MERCHANTSESSIONIDMerchantSessionId |
DoReferenceTransaction API Operation (NVP) DoReferenceTransaction API Operation (SOAP) |
DoExpressCheckoutPayment |
TOKENToken |
DoExpressCheckoutPayment API Operation (NVP) DoExpressCheckoutPayment API Operation (SOAP) |
AdaptivePayment |
tracking_id |
Pay API Operation |
Additional data
Depending on the offline data analysis or merchant context, PayPal might request additional fields and merchants can also request additional fields in the form of key-and-value pairs. To get the names of keys that must be sent in additional_data, contact your PayPal account manager.
Additional information
For information about classic payment calls, see: