Fraud Score
POST https://api.fraudio.com/v1/transactions/score
Endpoint Overview
Our Fraud Score endpoint collects transaction events and generates fraud scores and recommendations using our Payment Fraud Detection product. The specific events that are collected vary depending on the integration type:
- For a pre-auth integration, you should send pre-auth authorizations and pre-auth auth_captures.
- This means that post-auth fields such as
eci
,cavvresult
,avsresult
,cvvresult
, andresponsecode
will be empty.
- This means that post-auth fields such as
- For a post-auth integration, you should send post-auth authorizations and post-auth auth_captures.
- This allows you to send post-auth fields such as
eci
,cavvresult
,avsresult
,cvvresult
, andresponsecode
, which can be determined since the transaction has already been authenticated and authorised.
- This allows you to send post-auth fields such as
tip
If you're not sure whether you're integrating pre-auth or post-auth, please contact our Support Team.
Request Parameters
Request parameters in JSON format
Toggle to view an example of request parameters in JSON format
json
{
"customer": "customer-placeholder",
"transactionid": "49fp3l68395gs24g",
"transactiontype": "void",
"originalamount": 251.41,
"currency": "012",
"timestamp": 1646063615,
"cardbin": "442742",
"merchant": "Fred & Freddy Sports Store",
"parenttransactionid": "4583409307",
"cardtoken": "49fp3l68395gs24g",
"acceptorip": "542.6.8.838",
"cardexpirydate": "03/21",
"channel": "moto",
"channelsubtype": "paymentlink",
"lastfourdigits": "4932",
"mcccode": "5969",
"merchantip": "128.0.0.1",
"posentrymode": "012",
"recurring": "true",
"recurringparentid": "09a70bd7-2993-4df6-a693-99c26ee4bedb",
"registrationdate": 100041643253.143105,
"threedsused": "true",
"transactionip": "152.0.6.152",
"acceptorid": "6ad3b45e-0f14-4522-885b-dd8049fc773c",
"acceptorcity": "London",
"acceptorcountry": "056",
"acceptorpostalcode": "38010",
"acceptorstatecode": "38010",
"acceptorstreetaddress": "29 Ravenscroft, Covingham",
"acquirer": "Acquirer X",
"acquirercountry": "056",
"avsused": "true",
"bankaccountnumber": "NL15INGB4014343434343",
"cardaccess": "pinaccess",
"cardholder": "John Spencer",
"cardholderemail": "support@fraudio.com",
"cardholderphonenumber": "+31 71 000 0000",
"cavvused": "true",
"cvvused": "true",
"digitalwalletoperator": "staged",
"gateway": "staged",
"initialrecurring": "true",
"issuingplan": "merchant plan 1",
"kyclevel": "5",
"kyclevelnorm": 0.5,
"limitprofile": "5",
"merchantcity": "London",
"merchantcountry": "528",
"merchantemail": "support@fraudio.com",
"merchantpostalcode": "w1b 3hh",
"merchantstatecode": "GA",
"merchanturl": "www.foreverliving.com",
"mid": "1532512",
"ocptenabled": "true",
"processor": "Processor Y",
"shopperemail": "support@fraudio.com",
"shoppername": "John Spencer",
"shopperphonenumber": "+31 71 000 0000",
"submerchant": "Shoestore X",
"terminaltype": "cat1",
"transactioncountry": "056",
"transactionpostalcode": "w1b 3hh",
"transactionstatecode": "GA",
"transactionstreetaddress": "29 Ravenscroft, Covingham",
"avsresult": "A",
"cvvresult": "S",
"eci": "02",
"responsecode": "05",
"success": "true",
"authresult": "success",
"cavvresult": "5",
"ddresult": "ZXC* Site Access 4343-432-333",
"gatewaydeclinereason": "Card Disabled",
"ucafindicator": "2"
}
Request parameters: Field Reference Table
Field | Data Type | Payment Fraud (Issuer) | Payment Fraud (Acquirer / Processor) | Merchant Fraud / AML | Description |
---|---|---|---|---|---|
transactionid | String | Critical & Required | Critical & Required | Critical & Required | The unique identifier of the transaction event. Every transaction event, so auth , capture , auth_capture , etc., has its own unique ID. |
transactiontype | String | Critical & Required | Critical & Required | Critical & Required | The type of transaction event. Possible values are: auth , capture , auth_capture , refund , void , top_up , incremental_auth , atm or reversal . Details about each possible value below.auth : An authorization is used to reserve funds on the customer's card without yet deducting them.capture : A capture is used to immediately deduct authorised funds (up to the amount auth'd) from a customer's card. A capture should always be linked to at least one authorization via the parenttransactionid .auth_capture : A simultaneous combination of auth and capture in the same transaction, for when there is no need to perform these operations separately.refund : A refund transaction returns credit to a customer's payment method.void : A void transaction is the explicit discarding of authorization of funds.top_up : Increases the available credit of a credit card.incremental_auth : A transaction that increases the authorised amount of a confirmed auth transaction that has not yet been captured.atm : An automated teller machine (atm) transaction.reversal : A reversal annuls the transaction and re-credits the customer's payment method. This happens directly after the transaction has taken place but before the funds have been fully processed.none : Use only when the transactiontype is unknown. |
timestamp | Double | Critical & Required | Critical & Required | Critical & Required | The UTC time at which the transaction was made. When sending events in realtime, this will usually be 'now'. Only Unix Timestamps are accepted. |
originalamount | Double | Critical & Required | Critical & Required | Critical & Required | Amount/value of the transaction in the original currency. Must be a nonnegative value. |
currency | String | Critical & Required | Critical & Required | Critical & Required | Numerical currency code of the currency used for the transaction (ISO 4217). |
channel | String | Critical & Required | Critical & Required | Critical & Required | Indicates the specific type of channel used for a transaction. Accepted values with their description: - ecom : Ecommerce transaction, this is a card-not-present transaction done over the internet.- pos : Point of Sale transaction, also known as card-present.- moto : A mail or telephone order is a card-not-present transaction where the cardholder gives permission to process the transaction by providing order and payment details by mail (not email), fax, or telephone. |
customer | String | Critical & Required | Critical & Required | Critical & Required | The name of Fraudio's client that makes the API call. |
merchant | String | Critical & Required | Critical & Required | Critical & Required | The name or identifier of the merchant. This field uniquely identifies the merchant, and should not be confused with the MID. Any name or unique identifier is accepted. |
mcccode | String | Critical & Required | Critical & Required | Critical & Required | A Merchant Category Code (MCC) is a four-digit number listed for financial services. An MCC is used to classify a business by the types of goods or services it provides. Only ISO 18245 mcc codes are accepted. |
cardbin | String | Critical & Required | Critical & Required | Critical & Required | The Bank Identification Number (BIN), also known as the Issuer Identification Number (IIN), is the first six or eight digits of the card number. |
responsecode | String | Critical & Required | Critical & Required | Critical & Required | The response code is a numerical code that indicates the outcome of authorization checks of issuing banks.. The code must be a 2 character ISO8583-1987 response. |
success | String | Critical & Required | Critical & Required | Critical & Required | Indicates if the transaction was successfully completed with no technical error. Accepted values are: true , false or none .- true : Successfully completed.- false : Unsuccessfully completed..- none : Unknown. |
acceptorcountry | String | Important | Important | Important | Countrycode of country where the card acceptor is located. Only ISO 3166-1 numeric country codes are accepted. |
acceptorip | String | Important | Important | Important | The acceptor IP address is the IP address of the card acceptor's terminal. For card-present transactions this terminal, which is used by the merchant to process payments, is typically located on the merchant's premises. |
avsresult | String | Important | Important | Important | AVS (Address Verification System) result is the outcome of a check performed for Card-not-Present and MOTO transactions on the billing address provided by the shopper to see if the provided address matches the address on file with the card issuer. This helps verify the identity of the shopper vs the actual cardholder. It is more likely that the shopper is the cardholder when the billing address details match. Accepted values are: - A: Addresses match/ZIP codes do not. - B: Street addresses match, but ZIP codes not verified due to incompatible formats. - C: Street address and postal/ZIP codes not verified due to incompatible formats. - D: Street addresses and postal/ZIP codes match (VISA). Customer name incorrect, ZIP codes match (AMEX / JCB). - E: Customer name incorrect, billing address and ZIP code match. - F: Street addresses and postal codes match (VISA). Customer name incorrect, billing address matches (AMEX / JCB). - G: Address information not verified for international transaction. - I: Address information not verified. - K: Customer name matches. - L: Customer name and ZIP code match. - M: Street addresses and postal/ZIP codes match. - N: No match. - O: Customer name and billing address match. - P: Postal/ZIP codes match. Acquirer sent both postal/ZIP code and street address, but street address not verified due to incompatible formats. - R: Retry: System unavailable or timed out. Issuer ordinarily performs address verification but was unavailable. - S: AVS not supported. - T: Nine-digit zip code matches, address does not match. - U: Information is unavailable. - W: For U.S. Addresses, nine-digit postal code matches, address does not. For address outside the U.S. postal code matches, address does not (MasterCard / Discover). Customer name, billing address, and postal code are all correct ( AMEX / JCB). - X: For U.S. addresses, nine-digit postal code and addresses matches. For addresses outside the U.S., postal code and address match. - Y: Street address and postal/ZIP match. - Z: Postal/ZIP match, street addresses do not match or street address not included in request. - none : Unknown. |
avsused | String | Important | Important | Important | Indicates if AVS (Address Verification System) is enabled. AVS checks are performed for Card-not-Present and MOTO transactions on the billing address provided by the shopper to see if the provided address matches the address on file with the card issuer. This helps verify the identity of the shopper vs the actual cardholder. It is more likely that the shopper is the cardholder when the billing address details match. Before authentication it can already be known whether AVS is enabled, the result (avsresult) will only be known after authentication. Accepted values are: - true : AVS enabled.- false : AVS disabled.- none : Unknown. |
cardexpirydate | String | Important | Important | Important | The expiry date of the card. Accepted format: MM/yy. |
cardtoken | String | Important | Important | Important | The card token is the encryption that is used to identify the credit card. Any salted hash is accepted. |
cavvresult | String | Important | Important | Important | The Cardholder Authentication Verification Value (CAVV) is a value that allows VISA to validate the integrity of the Verified by Visa (VbV) transaction data for VISA 3Ds transactions. Accepted values are: - 0: CAVV authentication results invalid, no verification performed. - 1: CAVV failed verification (authentication), Issuer approves authorization. - 2: CAVV passed verification (authentication), Issuer approves authorization. - 3: CAVV passed verification (attempt), Issuer approves authorization. - 4: CAVV failed verification (attempt), Issuer approves authorization. - 5: Not Used - Reserved. - 6: CAVV not verified (VisaNet flag for Issuer not selected), Issuer approves authorization. - 7: CAVV failed verification (attempt), Issuer approves authorization. - 8: CAVV passed verification (attempt), Issuer approves authorization. - 9: CAVV failed verification (attempt), Issuer approves authorization. - A: CAVV passed verification (attempt), Issuer approves authorization. - B: CAVV passed verification (authentication). - C: CAVV failed verification (attempt). - D: CAVV failed verification (authentication). - none : Unknown. |
cavvused | String | Important | Important | Important | Indicates if Cardholder Authentication Verification Value (CAVV) is enabled for the transaction. Before authentication it can already be known whether CAVV is enabled, the result (cavvresult) will only be known after authentication. Accepted values are: - true : CAVV enabled.- false : CAVV disabled.- none : Unknown. |
channelsubtype | String | Important | Important | Important | Indicates the subtype of channel used for a transaction. This is a subfield of channel. Accepted values with their description: - paymentlink : The payment is done using a link that is shared by the merchant, also known as PayByLink transactions.- telephoneorder : MoTo transactions where the order and payment details are provided by telephone.- mailorder : MoTo transactions where the order and payment details are provided by mail (not email).- none : Unknown. |
cvvresult | String | Important | Important | Important | Card Verification Value (CVV) result is the outcome of a check performed on the security code provided by the shopper to see if it matches the code on file with the card issuer. Accepted values: - M : CVV2 Match.- N : CVV2 No Match.- P : Not processed.- S : CVV2 should be on the card.- U : Issuer does not participate in CVV2 service, or participates but has not provided the encryption keys, or both.- X : No response from association.- none : Unknown. |
cvvused | String | Important | Important | Important | Indicates if Card Verification Value (CVV) checks are done for the transaction. Card Verification Value (CVV) checs are performed on the security code provided by the shopper to see if it matches the code on file with the card issuer. Before authentication it can already be known whether CVV is enabled, the result (cvvresult) will only be known after authentication. Accepted values are: - true : CVV checks are done.- false : CVV checks are not done.- none : Unknown. |
eci | String | Important | Important | Important | The Electronic Commerce Indicator (ECI) is the value indicating the outcome of 3D-Secure (3DS) authentication attempted on transactions where 3DS is enabled. Different card schemes use different values. Accepted values for Visa / American Express / JCB / Discover / Diners are: - 05 : Both cardholder and card issuing bank are 3D enabled. 3D card authentication is successful.- 06 : Either cardholder or card issuing bank is not 3D enrolled.- 07 : Authentication is unsuccessful or not attempted.- none : Unknown.Accepted values for MasterCard are: - 02 : Both cardholder and card issuing bank are 3D enabled. 3D card authentication is successful.- 01 : Either cardholder or card issuing bank is not 3D enrolled.- 00 : Authentication is unsuccessful or not attempted.- none : Unknown. |
lastfourdigits | String | Important | Important | Important | The last four digits of the card number. |
merchantcountry | String | Important | Important | Important | Countrycode of country where the merchant is registered. Only ISO 3166-1 numeric country codes are accepted. |
merchantip | String | Important | Important | Important | The IP address of the merchant refers to the IP address where the merchant is registered. It is important to distinguish between the acceptor IP and the merchant IP. The acceptor IP is the location of the merchant's server where the payment is received. Therefore, a merchant can have multiple acceptor IPs, but only one merchant IP. |
mid | String | Important | Important | Important | The MID, or Merchant ID, is a unique identifier assigned to a merchant by their payment processor. It's important to note that the MID does not uniquely identify the merchant, but rather it identifies the merchant's account. This is because a merchant can have multiple MIDs, as they may have separate merchant accounts for different aspects of their business. |
parenttransactionid | String | Important | Important | Important | The identifier that links separate events of one transaction. The parenttransactionid can link auths with captures, voids and refunds and it can link auth_captures with refunds and voids. Any name or unique identifier is accepted. For example: In order to link a capture with an authorization, you need to specify the transactionid of the corresponding auth or auth_capture as the parenttransactionid |
posentrymode | String | Important | Important | Important | The Point of Sale (POS) entry mode is the code (3 digits) that identifies the method used to capture the PAN entry mode and the PIN entry capability. ISO 8583 (field 22) POS entry mode consists of 2 parts: 1. PAN (Primary Account Number) entry mode (the first 2 digits): - 00 : Unknown.- 01: Key entered / Manual. 02: Magnetic stripe. 03: Bar code. 05: ICC (integrated circuit card, that is, chip). 07: Auto entry via contactless EMV. 10: Merchant has Cardholder Credentials on File. 80: Fallback from integrated circuit card (ICC) to magnetic stripe. 81: Electronic commerce. 91: Auto entry via contactless magnetic stripe. 0: Unknown 1: Terminal can accept PINs. 2: Terminal cannot accept PINs. none`: Completely unknown posentrymode. |
recurring | String | Important | Important | Important | Indicates if the payment is recurring or not. Accepted values are true , false or none .- true : Is recurring.- false : is not recurring.- none : Unknown. |
threedsused | String | Important | Important | Important | Indicates if 3D-Secure (3DS) is enabled for the transaction. Before authentication it can already be known whether 3DS is enabled, the result (eci) will only be known after authentication. Accepted values are: - true : 3-D Secure has been used.- false : 3-D Secure has not been used.- none : Unknown. |
transactioncountry | String | Important | Important | Important | The country code of the shopper's device from which the card-not-present transaction is made. Only ISO 3166-1 numeric country codes are accepted. |
transactionip | String | Important | Important | Important | IP-address of the shopper's device with which the card-not-present transaction is made. |
gatewaydeclinereason | String | n.a. | Important | Important | The gateway decline reason is a code provided by the payment gateway indicating the reason for a declined transaction. Declinecodes differ from gateway to gateway, therefore the reason of the decline is preferred. Any declinereason is accepted. E.g. Application Incomplete, Duplicate, Fraud, Risk Thresholds, Card Disabled. |
shopperemail | String | Supplementary | Supplementary | Important | The email address of the shopper. |
shoppername | String | Supplementary | Supplementary | Important | The name or identifier of the shopper. Any name or unique identifier is accepted. |
shopperphonenumber | String | Supplementary | Supplementary | Important | The phone number of the shopper. |
acceptorcity | String | Supplementary | Supplementary | Supplementary | City where the card acceptor is located. Any city name is accepted. |
acceptorid | String | Supplementary | Supplementary | Supplementary | The name or identifier of the acceptor. Any name or unique identifier is accepted. |
acceptorpostalcode | String | Supplementary | Supplementary | Supplementary | Postal code where the card acceptor is located. Any postal code is accepted. |
acceptorstatecode | String | Supplementary | Supplementary | Supplementary | State where the card acceptor is located. Any state code is accepted. |
acceptorstreetaddress | String | Supplementary | Supplementary | Supplementary | Street address where the card acceptor is located. Without acceptorip this field becomes important. Any street address is accepted. |
acquirer | String | Supplementary | Supplementary | Supplementary | The acquirer is a financial institution with whom the merchant has a bank account. |
acquirercountry | String | Supplementary | Supplementary | Supplementary | Countrycode of country where the acquirer is registered. Only ISO 3166-1 numeric country codes are accepted. |
authresult | String | Supplementary | Supplementary | Supplementary | Indicates if the transaction successfully passed all authentication and authorization checks. Accepted values are: - fail: failed authentication and authorization. - success: successful authentication and authorization. - none : Unknown. |
cardaccess | String | Supplementary | Supplementary | Supplementary | Information on how the card was accessed. Accepted values are: - pinaccess: Card is accessed by using a pincode. - signatureaccess: Card is accessed by using a signature. - hybrid: Card is accessed by using a pincode and a signature. - none : Unknown. |
cardholder | String | Supplementary | Supplementary | Supplementary | The name or identifier of the cardholder. This is not the same as the cardtoken, as a cardholder can have multiple credit cards (cardtokens). Any name or unique identifier is accepted. |
cardholderemail | String | Supplementary | Supplementary | Supplementary | The email address of the card holder. |
cardholderphonenumber | String | Supplementary | Supplementary | Supplementary | The phone number of the card holder. |
ddresult | String | Supplementary | Supplementary | Supplementary | The dynamic descriptor result returned by the processor is the text that represents businesses on bank account statements. Can be up to 22 characters long. |
deviceid | String | Supplementary | Supplementary | Supplementary | The mobile device id or any other device id. Any id is accepted. |
deviceos | String | Supplementary | Supplementary | Supplementary | The operating system (os) of the mobile device. Any os is accepted. |
devicephonenumber | String | Supplementary | Supplementary | Supplementary | The phone number of the mobile device. Any phone number is accepted. |
initialrecurring | String | Supplementary | Supplementary | Supplementary | Indicates if the transaction is the first of a series of recurring transactions. Accepted values are: - true : The transaction is the first of a series of recurring transactions.- false : The transaction is not the first of a series of recurring transactions.- none : Unknown. |
merchantadvicecode | String | Supplementary | Supplementary | Supplementary | The merchant advice code is a code provided by the merchant's payment processor that indicates the reason for a declined transaction, and how it can be retried. |
merchantcity | String | Supplementary | Supplementary | Supplementary | City where the merchant is registered. Without merchantip this field becomes important. Any city is accepted. |
merchantpostalcode | String | Supplementary | Supplementary | Supplementary | Postal code where the merchant is registered. Without merchantip this field becomes important. Any postal code is accepted. |
merchantstatecode | String | Supplementary | Supplementary | Supplementary | State where the merchant is registered. Without merchantip this field becomes important. Any state code is accepted. |
merchantstreetaddress | String | Supplementary | Supplementary | Supplementary | Street address where the merchant is registered. Without merchantip this field becomes important. Any street address is accepted. |
processor | String | Supplementary | Supplementary | Supplementary | A payment processor is a company (often a third party) appointed by a merchant to handle transactions from various channels such as credit cards and debit cards for merchant acquiring banks. |
proxyused | String | Supplementary | Supplementary | Supplementary | Indicates whether a proxy server was used. |
recurringparentid | String | Supplementary | Supplementary | Supplementary | The identifier that links back to the initial recurring transaction (the first of a series of recurring transactions). |
submerchant | String | Supplementary | Supplementary | Supplementary | The name or identifier of the submerchant, which is a merchant that processes under a payment service provider or payment facilitator. These services use one merchant account to process the transactions of many sub-merchants, thereby eliminating the need for each sub-merchant to open and maintain a fully-fledged merchant account. Any name or unique identifier is accepted. |
terminaltype | String | Supplementary | Supplementary | Supplementary | The type of unattended POS terminal, also known as Cardholder-Activated Terminal (CAT) types. Accepted values are: - cat1: Automated Dispensing Machine - cat2: Self Service Terminal - cat3: Limited Amount Terminal - cat4: InFlight Terminal - cat6: Electronic Commerce - cat7: Transponder - cat9: MPOS (mobile POS) - none : Unknown. |
transactioncity | String | Supplementary | Supplementary | Supplementary | City of the shopper's device with which the card-not-present transaction is made |
transactionpostalcode | String | Supplementary | Supplementary | Supplementary | Postal code of the shopper's device with which the card-not-present transaction is made. |
transactionstatecode | String | Supplementary | Supplementary | Supplementary | State of the shopper's device with which the card-not-present transaction is made. |
transactionstreetaddress | String | Supplementary | Supplementary | Supplementary | Street address of the shopper's device with which the card-not-present transaction is made. |
ucafindicator | String | Supplementary | Supplementary | Supplementary | The Universal Cardholder Authentication (UCAF) indicator indicates to what extend the UCAF data collection is supported for MasterCard 3DS transactions. Accepted values are: - 0: UCAF data collection is not supported by the merchant. - 1: UCAF data collection is supported by the merchant, and UCAF data may be present and contain an attempted AAV. - 2: UCAF data collection is supported by the merchant and UCAF data must be present and contain a fully authenticated AAV. - none : Unknown. |
kyclevel | String | n.a. | Supplementary | Important | The Know-Your-Customer level of the merchant. Any indication level is accepted. |
limitprofile | String | n.a. | Supplementary | Important | The limit profile of a merchant is a set of limits imposed on the daily/weekly/monthly transaction amounts. A low limit profile number denotes low limits on all transactions. |
merchantemail | String | n.a. | Supplementary | Important | The email address of the merchant. |
merchantturnover | String | n.a. | Supplementary | Important | Expected monthly turnover (auths and authcaptures) to be processed through the merchant’s account in euros. |
merchanturl | String | n.a. | Supplementary | Important | URL of merchant web site or page where transaction took place. Any URL is accepted. |
registrationdate | Double | n.a. | Supplementary | Important | The time UTC at which the merchant got registered. Only Unix Timestamps are accepted. |
ubo | String | n.a. | Supplementary | Important | The full name of the Ultimate Beneficial Owner (UBO). The UBO is the individual that is registered as the owner of the merchant account. |
ubocountry | String | n.a. | Supplementary | Important | Countrycode of country where the ubo is registered. Only ISO 3166-1 numeric country codes are accepted. |
gateway | String | n.a. | Supplementary | Supplementary | A payment gateway is a merchant service that facilitates a payment transaction by the transfer of information between a payment portal (such as a website, mobile phone or interactive voice response service) and the front end processor or acquiring bank. |
iso | String | n.a. | Supplementary | Supplementary | The full name of the Independent Sales Organisation (ISO) that accepts credit card payments for the merchant account that is in its portfolio. |
isocountry | String | n.a. | Supplementary | Supplementary | The country of the ISO. |
kyclevelnorm | Double | n.a. | Supplementary | Supplementary | A normalized know-your-customer level of the merchant between 0 and 1, where 0 is a totally unknown and untrusted merchant and 1 is a fully known and absolutely trusted merchant. |
ocptenabled | String | n.a. | Supplementary | Supplementary | Indicates if ocpt is enabled for this merchant. When ocpt is enabled, payout back to the cardholder is supported. |
payfac | String | n.a. | Supplementary | Supplementary | The full name of the Payment Facilitator that has the merchant account in its portfolio. |
payfaccountry | String | n.a. | Supplementary | Supplementary | The country of the Payment Facilitator. |
uboemail | String | n.a. | Supplementary | Supplementary | The email address of the ubo. |
ubophonenumber | String | n.a. | Supplementary | Supplementary | The phone number of the ubo. |
ubostreetaddress | String | n.a. | Supplementary | Supplementary | Street address where the ubo is registered. Without merchantip this field becomes important. Any street address is accepted. |
bankaccountnumber | String | n.a. | n.a. | Supplementary | IBAN (International Bank Account Number). Bank account number or ID is also sufficient. |
digitalwalletoperator | String | n.a. | n.a. | Supplementary | Indicates the Digital Wallet Operator (DWO). A digital wallet refers to an electronic system that allows customers to pay for purchases without presenting a physical credit or debit card. Customers load their card details into a digital wallet app, and pay by tapping their device on a compatible terminal or by selecting their choice from stored payment methods when making an online purchase. Accepted values are: - staged: A staged digital wallet transaction is done with a wallet that uses multiple “stages” to complete the transaction (a “funding” stage and a “payment” stage) and doesn’t necessarily pass along card information to the card brand or issuer. - pass_through: A pass-through digital wallet transaction is done with a wallet where card payment information is used directly in the transaction, and passed along to the issuer and card network. - none : Unknown. |
Response Parameters
Status Code | Status Message | Description | Schema |
---|---|---|---|
200 | OK | Standard response for successful HTTP requests. | 200 OK - Fraud score response |
4xx , 500 , 501 , 502 , 503 , 504 | error | Various error messages for unsuccessful HTTP requests. | Problem response |
Code Samples
- Shell
- Python
- Java
- Perl
- PHP
curl -X POST 'https://api.fraudio.com/v1/transactions/score' \
-H 'Content-Type: application/json' \
-H "authorization: Bearer $ACCESS_TOKEN" \
--data-raw '{
"customer":"customer-placeholder",
"transactionid":"49fp3l68395gs24g",
"transactiontype":"void",
"originalamount":251.41,
"currency":"012",
"timestamp":1646063615,
"cardbin":"442742",
"merchant":"Fred&FreddySportsStore",
"parenttransactionid":"4583409307",
"cardtoken":"49fp3l68395gs24g",
"acceptorip":"542.6.8.838",
"cardexpirydate":"03/21",
"channel":"moto",
"channelsubtype":"paymentlink",
"lastfourdigits":"4932",
"mcccode":"5969",
"merchantip":"128.0.0.1",
"posentrymode":"012",
"recurring":"true",
"recurringparentid":"09a70bd7-2993-4df6-a693-99c26ee4bedb",
"registrationdate":100041643253.143105,
"threedsused":"true",
"transactionip":"152.0.6.152",
"acceptorid":"6ad3b45e-0f14-4522-885b-dd8049fc773c",
"acceptorcity":"London",
"acceptorcountry":"056",
"acceptorpostalcode":"38010",
"acceptorstatecode":"38010",
"acceptorstreetaddress":"29Ravenscroft,Covingham",
"acquirer":"Acquirer X",
"acquirercountry":"056",
"avsused":"true",
"bankaccountnumber":"NL15INGB4014343434343",
"cardaccess":"pinaccess",
"cardholder":"JohnSpencer",
"cardholderemail":"support@fraudio.com",
"cardholderphonenumber":"+31 71 000 0000",
"cavvused":"true",
"cvvused":"true",
"digitalwalletoperator":"staged",
"gateway":"staged",
"initialrecurring":"true",
"issuingplan":"merchant plan 1",
"kyclevel":"5",
"kyclevelnorm":0.5,
"limitprofile":"5",
"merchantcity":"London",
"merchantcountry":"528",
"merchantemail":"support@fraudio.com",
"merchantpostalcode":"w1b3hh",
"merchantstatecode":"GA",
"merchanturl":"www.foreverliving.com",
"mid":"1532512",
"ocptenabled":"true",
"processor":"ProcessorY",
"shopperemail":"support@fraudio.com",
"shoppername":"John Spencer",
"shopperphonenumber":"+31 71 000 0000",
"submerchant":"ShoestoreX",
"terminaltype":"cat1",
"transactioncountry":"056",
"transactionpostalcode":"w1b3hh",
"transactionstatecode":"GA",
"transactionstreetaddress":"29Ravenscroft,Covingham",
"avsresult":"A",
"cvvresult":"S",
"eci":"02",
"responsecode":"05",
"success":"true",
"authresult":"success",
"cavvresult":"5",
"ddresult":"ZXC*SiteAccess4343-432-333",
"gatewaydeclinereason":"CardDisabled",
"ucafindicator":"2"
}'
import json
import os
import requests
scoring_endpoint = "https://api.fraudio.com/v1/transactions/score"
access_token = os.environ["ACCESS_TOKEN"]
transaction = {
"customer": "customer-placeholder",
"transactionid": "49fp3l68395gs24g",
"transactiontype": "void",
"originalamount": 251.41,
"currency": "012",
"timestamp": 1646063615,
"cardbin": "442742",
"merchant": "Fred&FreddySportsStore",
"parenttransactionid": "4583409307",
"cardtoken": "49fp3l68395gs24g",
"acceptorip": "542.6.8.838",
"cardexpirydate": "03/21",
"channel": "moto",
"channelsubtype": "paymentlink",
"lastfourdigits": "4932",
"mcccode": "5969",
"merchantip": "128.0.0.1",
"posentrymode": "012",
"recurring": "true",
"recurringparentid": "09a70bd7-2993-4df6-a693-99c26ee4bedb",
"registrationdate": 100041643253.143105,
"threedsused": "true",
"transactionip": "152.0.6.152",
"acceptorid": "6ad3b45e-0f14-4522-885b-dd8049fc773c",
"acceptorcity": "London",
"acceptorcountry": "056",
"acceptorpostalcode": "38010",
"acceptorstatecode": "38010",
"acceptorstreetaddress": "29Ravenscroft,Covingham",
"acquirer": "Acquirer X",
"acquirercountry": "056",
"avsused": "true",
"bankaccountnumber": "NL15INGB4014343434343",
"cardaccess": "pinaccess",
"cardholder": "JohnSpencer",
"cardholderemail": "support@fraudio.com",
"cardholderphonenumber": "+31 71 000 0000",
"cavvused": "true",
"cvvused": "true",
"digitalwalletoperator": "staged",
"gateway": "staged",
"initialrecurring": "true",
"issuingplan": "merchant plan 1",
"kyclevel": "5",
"kyclevelnorm": 0.5,
"limitprofile": "5",
"merchantcity": "London",
"merchantcountry": "528",
"merchantemail": "support@fraudio.com",
"merchantpostalcode": "w1b3hh",
"merchantstatecode": "GA",
"merchanturl": "www.foreverliving.com",
"mid": "1532512",
"ocptenabled": "true",
"processor": "ProcessorY",
"shopperemail": "support@fraudio.com",
"shoppername": "John Spencer",
"shopperphonenumber": "+31 71 000 0000",
"submerchant": "ShoestoreX",
"terminaltype": "cat1",
"transactioncountry": "056",
"transactionpostalcode": "w1b3hh",
"transactionstatecode": "GA",
"transactionstreetaddress": "29Ravenscroft,Covingham",
"avsresult": "A",
"cvvresult": "S",
"eci": "02",
"responsecode": "05",
"success": "true",
"authresult": "success",
"cavvresult": "5",
"ddresult": "ZXC*SiteAccess4343-432-333",
"gatewaydeclinereason": "CardDisabled",
"ucafindicator": "2",
}
headers = {
"authorization": f"Bearer {access_token}",
"Content-Type": "application/json",
}
r = requests.post(scoring_endpoint, headers=headers, data=json.dumps(transaction))
print(r.json())
package com.fraudio;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
public class FraudScore {
public static void main(String[] args) throws IOException, URISyntaxException, InterruptedException {
String fraudScoreEndpoint = "https://api.fraudio.com/v1/transactions/score";
String accessToken = System.getenv("ACCESS_TOKEN");
String transaction = "{\"customer\": \"customer-placeholder\",\"transactionid\":\"49fp3l68395gs24g\",\"transactiontype\":\"void\",\"originalamount\":251.41,\"currency\":\"012\",\"timestamp\":1646063615,\"cardbin\":\"442742\",\"merchant\":\"Fred&FreddySportsStore\",\"parenttransactionid\":\"4583409307\",\"cardtoken\":\"49fp3l68395gs24g\",\"acceptorip\":\"542.6.8.838\",\"cardexpirydate\":\"03/21\",\"channel\":\"moto\",\"channelsubtype\":\"paymentlink\",\"lastfourdigits\":\"4932\",\"mcccode\":\"5969\",\"merchantip\":\"128.0.0.1\",\"posentrymode\":\"012\",\"recurring\":\"true\",\"recurringparentid\":\"09a70bd7-2993-4df6-a693-99c26ee4bedb\",\"registrationdate\":100041643253.143105,\"threedsused\":\"true\",\"transactionip\":\"152.0.6.152\",\"acceptorid\":\"6ad3b45e-0f14-4522-885b-dd8049fc773c\",\"acceptorcity\":\"London\",\"acceptorcountry\":\"056\",\"acceptorpostalcode\":\"38010\",\"acceptorstatecode\":\"38010\",\"acceptorstreetaddress\":\"29Ravenscroft,Covingham\",\"acquirer\":\"Acquirer X\",\"acquirercountry\":\"056\",\"avsused\":\"true\",\"bankaccountnumber\":\"NL15INGB4014343434343\",\"cardaccess\":\"pinaccess\",\"cardholder\":\"JohnSpencer\",\"cardholderemail\":\"support@fraudio.com\",\"cardholderphonenumber\":\"+31 71 000 0000\",\"cavvused\":\"true\",\"cvvused\":\"true\",\"digitalwalletoperator\":\"staged\",\"gateway\":\"staged\",\"initialrecurring\":\"true\",\"issuingplan\":\"merchant plan 1\",\"kyclevel\":\"5\",\"kyclevelnorm\":0.5,\"limitprofile\":\"5\",\"merchantcity\":\"London\",\"merchantcountry\":\"528\",\"merchantemail\":\"support@fraudio.com\",\"merchantpostalcode\":\"w1b3hh\",\"merchantstatecode\":\"GA\",\"merchanturl\":\"www.foreverliving.com\",\"mid\":\"1532512\",\"ocptenabled\":\"true\",\"processor\":\"ProcessorY\",\"shopperemail\":\"support@fraudio.com\",\"shoppername\":\"John Spencer\",\"shopperphonenumber\":\"+31 71 000 0000\",\"submerchant\":\"ShoestoreX\",\"terminaltype\":\"cat1\",\"transactioncountry\":\"056\",\"transactionpostalcode\":\"w1b3hh\",\"transactionstatecode\":\"GA\",\"transactionstreetaddress\":\"29Ravenscroft,Covingham\",\"avsresult\":\"A\",\"cvvresult\":\"S\",\"eci\":\"02\",\"responsecode\":\"05\",\"success\":\"true\",\"authresult\":\"success\",\"cavvresult\":\"5\",\"ddresult\":\"ZXC*SiteAccess4343-432-333\",\"gatewaydeclinereason\":\"CardDisabled\",\"ucafindicator\":\"2\"}";
HttpRequest request = HttpRequest.newBuilder()
.uri(new URI(fraudScoreEndpoint))
.header("authorization", String.format("Bearer %s", accessToken))
.header("Content-Type", "application/json")
.POST(HttpRequest.BodyPublishers.ofString(transaction))
.build();
HttpClient client = HttpClient.newHttpClient();
HttpResponse < String > response = client.send(request, HttpResponse.BodyHandlers.ofString());
String responseBody = response.body();
System.out.println("Response Code: " + response.statusCode() + "\nResponse Body: " + responseBody);
}
}
use LWP::UserAgent;
use HTTP::Request::Common;
my $fraud_score_endpoint = 'https://api.fraudio.com/v1/transactions/score';
my $access_token = $ENV{"ACCESS_TOKEN"};
my $transaction = '{"customer": "customer-placeholder","transactionid":"49fp3l68395gs24g","transactiontype":"void","originalamount":251.41,"currency":"012","timestamp":1646063615,"cardbin":"442742","merchant":"Fred&FreddySportsStore","parenttransactionid":"4583409307","cardtoken":"49fp3l68395gs24g","acceptorip":"542.6.8.838","cardexpirydate":"03/21","channel":"moto","channelsubtype":"paymentlink","lastfourdigits":"4932","mcccode":"5969","merchantip":"128.0.0.1","posentrymode":"012","recurring":"true","recurringparentid":"09a70bd7-2993-4df6-a693-99c26ee4bedb","registrationdate":100041643253.143105,"threedsused":"true","transactionip":"152.0.6.152","acceptorid":"6ad3b45e-0f14-4522-885b-dd8049fc773c","acceptorcity":"London","acceptorcountry":"056","acceptorpostalcode":"38010","acceptorstatecode":"38010","acceptorstreetaddress":"29Ravenscroft,Covingham","acquirer":"Acquirer X","acquirercountry":"056","avsused":"true","bankaccountnumber":"NL15INGB4014343434343","cardaccess":"pinaccess","cardholder":"JohnSpencer","cardholderemail":"support@fraudio.com","cardholderphonenumber":"+31 71 000 0000","cavvused":"true","cvvused":"true","digitalwalletoperator":"staged","gateway":"staged","initialrecurring":"true","issuingplan":"merchant plan 1","kyclevel":"5","kyclevelnorm":0.5,"limitprofile":"5","merchantcity":"London","merchantcountry":"528","merchantemail":"support@fraudio.com","merchantpostalcode":"w1b3hh","merchantstatecode":"GA","merchanturl":"www.foreverliving.com","mid":"1532512","ocptenabled":"true","processor":"ProcessorY","shopperemail":"support@fraudio.com","shoppername":"John Spencer","shopperphonenumber":"+31 71 000 0000","submerchant":"ShoestoreX","terminaltype":"cat1","transactioncountry":"056","transactionpostalcode":"w1b3hh","transactionstatecode":"GA","transactionstreetaddress":"29Ravenscroft,Covingham","avsresult":"A","cvvresult":"S","eci":"02","responsecode":"05","success":"true","authresult":"success","cavvresult":"5","ddresult":"ZXC*SiteAccess4343-432-333","gatewaydeclinereason":"CardDisabled","ucafindicator":"2"}';
my $req = HTTP::Request -> new(POST => $fraud_score_endpoint);
$req -> header('authorization' => "Bearer $access_token", "Content-Type" => "application/json");
$req -> content($transaction);
my $ua = LWP::UserAgent -> new;
my $resp = $ua -> request($req);
my $message = $resp -> decoded_content;
print "Received reply: $message";
<?php
$fraud_score_endpoint = "https://api.fraudio.com/v1/transactions/score";
$access_token = $_SERVER["ACCESS_TOKEN"];
$transaction =
"{\"customer\": \"customer-placeholder\", \"transactionid\":\"49fp3l68395gs24g\",\"transactiontype\":\"void\",\"originalamount\":251.41,\"currency\":\"012\",\"timestamp\":1646063615,\"cardbin\":\"442742\",\"merchant\":\"Fred&FreddySportsStore\",\"parenttransactionid\":\"4583409307\",\"cardtoken\":\"49fp3l68395gs24g\",\"acceptorip\":\"542.6.8.838\",\"cardexpirydate\":\"03/21\",\"channel\":\"moto\",\"channelsubtype\":\"paymentlink\",\"lastfourdigits\":\"4932\",\"mcccode\":\"5969\",\"merchantip\":\"128.0.0.1\",\"posentrymode\":\"012\",\"recurring\":\"true\",\"recurringparentid\":\"09a70bd7-2993-4df6-a693-99c26ee4bedb\",\"registrationdate\":100041643253.143105,\"threedsused\":\"true\",\"transactionip\":\"152.0.6.152\",\"acceptorid\":\"6ad3b45e-0f14-4522-885b-dd8049fc773c\",\"acceptorcity\":\"London\",\"acceptorcountry\":\"056\",\"acceptorpostalcode\":\"38010\",\"acceptorstatecode\":\"38010\",\"acceptorstreetaddress\":\"29Ravenscroft,Covingham\",\"acquirer\":\"Acquirer X\",\"acquirercountry\":\"056\",\"avsused\":\"true\",\"bankaccountnumber\":\"NL15INGB4014343434343\",\"cardaccess\":\"pinaccess\",\"cardholder\":\"JohnSpencer\",\"cardholderemail\":\"support@fraudio.com\",\"cardholderphonenumber\":\"+31 71 000 0000\",\"cavvused\":\"true\",\"cvvused\":\"true\",\"digitalwalletoperator\":\"staged\",\"gateway\":\"staged\",\"initialrecurring\":\"true\",\"issuingplan\":\"merchant plan 1\",\"kyclevel\":\"5\",\"kyclevelnorm\":0.5,\"limitprofile\":\"5\",\"merchantcity\":\"London\",\"merchantcountry\":\"528\",\"merchantemail\":\"support@fraudio.com\",\"merchantpostalcode\":\"w1b3hh\",\"merchantstatecode\":\"GA\",\"merchanturl\":\"www.foreverliving.com\",\"mid\":\"1532512\",\"ocptenabled\":\"true\",\"processor\":\"ProcessorY\",\"shopperemail\":\"support@fraudio.com\",\"shoppername\":\"John Spencer\",\"shopperphonenumber\":\"+31 71 000 0000\",\"submerchant\":\"ShoestoreX\",\"terminaltype\":\"cat1\",\"transactioncountry\":\"056\",\"transactionpostalcode\":\"w1b3hh\",\"transactionstatecode\":\"GA\",\"transactionstreetaddress\":\"29Ravenscroft,Covingham\",\"avsresult\":\"A\",\"cvvresult\":\"S\",\"eci\":\"02\",\"responsecode\":\"05\",\"success\":\"true\",\"authresult\":\"success\",\"cavvresult\":\"5\",\"ddresult\":\"ZXC*SiteAccess4343-432-333\",\"gatewaydeclinereason\":\"CardDisabled\",\"ucafindicator\":\"2\"}";
$options = [
"http" => [
"header" =>
"authorization: Bearer $access_token" .
"Content-Type: application/json",
"method" => "POST",
"content" => $transaction,
],
];
$context = stream_context_create($options);
$result = file_get_contents($fraud_score_endpoint, false, $context);
print $result;
?>