Payment Fraud Score
POST https://api.fraudio.com/v1/transactions/payment-fraud-score
Endpoint Overview
Purpose
Evaluate payment transaction events and provide a fraud score along with recommendations using our Payment Fraud Detection product.
Applicability
The fields that are applicable depend on the integration type:
1. Pre-auth Integration
- Events to Send: Pre-auth authorizations (
auth
) and pre-auth authcaptures (auth_captures
). - Note: Post-auth fields (
eci
,cavvresult
,avsresult
,cvvresult
,success
, andresponsecode
) will be empty for these events, as the transaction has not been authenticated or authorized yet.
2. Post-auth Integration
- Events to Send: Post-auth authorizations (
auth
) and post-auth authcaptures (auth_captures
). - Note: This allows the inclusion of post-auth fields (
eci
,cavvresult
,avsresult
,cvvresult
, andresponsecode
), reflecting the already completed authentication and authorization process.
Request Parameters
Request parameters in JSON format
Toggle to view an example of request parameters in JSON format
json
{
"customer": "customer-placeholder",
"transactionid": "49fp3l68395gs24g",
"transactiontype": "auth_capture",
"amount": 251.41,
"currency": "012",
"currencyunit": "major",
"timestamp": 1646063615,
"cardbin": "442742",
"merchant": "12451215",
"parenttransactionid": "4583409307",
"cardtoken": "49fp3l68395gs24g",
"acceptorip": "542.6.8.838",
"cardexpirydate": "03/21",
"channel": "moto",
"channelsubtype": "paymentlink",
"lastfourdigits": "4932",
"mcccode": "5969",
"merchantip": "128.0.0.1",
"posentrymode": "012",
"recurring": "true",
"recurringparentid": "09a70bd7-2993-4df6-a693-99c26ee4bedb",
"registrationdate": 100041643253.143105,
"threedsused": "true",
"transactionip": "152.0.6.152",
"acceptorid": "6ad3b45e-0f14-4522-885b-dd8049fc773c",
"acceptorcity": "London",
"acceptorcountry": "056",
"acceptorpostalcode": "38010",
"acceptorstatecode": "38010",
"acceptorstreetaddress": "29 Ravenscroft, Covingham",
"acquirer": "Acquirer X",
"acquirercountry": "056",
"avsused": "true",
"bankaccountnumber": "NL15INGB4014343434343",
"bookingdate": 1702851883,
"bookingprocessingdate": 1705443883,
"bookingreference": "6UTAKBKI",
"cardaccess": "pinaccess",
"cardholder": "John Spencer",
"cardholderemail": "support@fraudio.com",
"cardholderphonenumber": "+31 71 000 0000",
"cavvused": "true",
"checkindate": 1703715883,
"checkoutdate": 1704147883,
"cvvused": "true",
"digitalwalletoperator": "staged",
"gateway": "staged",
"initialrecurring": "true",
"issuingplan": "merchant plan 1",
"kyclevel": "5",
"kyclevelnorm": 0.5,
"limitprofile": "5",
"merchantname": "Shoes & Co.",
"merchantcity": "London",
"merchantcountry": "528",
"merchantemail": "support@fraudio.com",
"merchantpostalcode": "w1b 3hh",
"merchantstatecode": "GA",
"merchanturl": "www.foreverliving.com",
"mid": "1532512",
"ocptenabled": "true",
"operationdate": 1703543083,
"operationid": "FKPAIPRXNV",
"processor": "Processor Y",
"shopperemail": "support@fraudio.com",
"shoppername": "John Spencer",
"shopperphonenumber": "+31 71 000 0000",
"submerchant": "Shoestore X",
"terminaltype": "cat1",
"transactioncountry": "056",
"transactionpostalcode": "w1b 3hh",
"transactionstatecode": "GA",
"transactionstreetaddress": "29 Ravenscroft, Covingham",
"avsresult": "A",
"cvvresult": "S",
"eci": "02",
"responsecode": "05",
"success": "true",
"authresult": "success",
"cavvresult": "5",
"ddresult": "ZXC* Site Access 4343-432-333",
"gatewaydeclinereason": "Card Disabled",
"ucafindicator": "2"
}
Request parameters: Field Reference Table
Field | Data Type | Payment Fraud (Issuer) | Payment Fraud (Acquirer / Processor) | Merchant Fraud / AML | Description |
---|---|---|---|---|---|
transactionid | String | Critical & Required | Critical & Required | Critical & Required | The unique identifier of the transaction event. Every transaction event, so auth , capture , auth_capture , etc., has its own unique ID. |
transactiontype | String | Critical & Required | Critical & Required | Critical & Required | The type of transaction event, for events that need to be scored. Accepted values are: - auth : An authorization is used to reserve funds on the customer's card without yet deducting them.- auth_capture : A simultaneous combination of auth and capture in the same transaction, for when there is no need to perform these operations separately. |
timestamp | Double | Critical & Required | Critical & Required | Critical & Required | The UTC time at which the transaction was made. When sending events in realtime, this will usually be 'now'. Only Unix Timestamps are accepted. |
amount | Double | Critical & Required | Critical & Required | Critical & Required | The transaction amount in the unit specified by the 'currencyunit' field. Note: The unit used in this field should be explicitly stated in the 'currencyunit' field. |
currency | String | Critical & Required | Critical & Required | Critical & Required | The 3-digit ISO code for the currency used in the transaction. |
currencyunit | String | Critical & Required | Critical & Required | Critical & Required | This field defines the unit of currency used in the 'amount' field. Accepts only major (e.g., 12.30) or minor (e.g., 1230) unit values. This choice should align with the unit used in the 'amount' field. |
channel | String | Critical & Required | Critical & Required | Critical & Required | Indicates the specific type of channel used for a transaction. Accepted values with their description: - ecom : Ecommerce transaction, this is a card-not-present transaction done over the internet.- pos : Point of Sale transaction, also known as card-present.- moto : A mail or telephone order is a card-not-present transaction where the cardholder gives permission to process the transaction by providing order and payment details by mail (not email), fax, or telephone.- atm : Automated Teller Machine transaction, where a card is used at an ATM for activities such as cash withdrawals and deposits. |
merchant | String | Critical & Required | Critical & Required | Critical & Required | The unique identifier of the merchant. This field uniquely identifies the merchant, and should not be confused with the MID. Any unique identifier is accepted. |
mcccode | String | Critical & Required | Critical & Required | Critical & Required | A Merchant Category Code (MCC) is a four-digit number listed for financial services. An MCC is used to classify a business by the types of goods or services it provides. Only ISO 18245 mcc codes are accepted. |
cardbin | String | Critical & Required | Critical & Required | Critical & Required | The Bank Identification Number (BIN), also known as the Issuer Identification Number (IIN), is the first six or eight digits of the card number. |
lastfourdigits | String | Critical & Required | Critical & Required | Critical & Required | The last four digits of the card number. |
cardexpirydate | String | Critical & Required | Critical & Required | Critical & Required | The expiry date of the card. Accepted format: MM/yy. |
cardtoken | String | Critical & Required | Critical & Required | Critical & Required | The card token is the encryption that is used to identify the credit card. Any salted hash is accepted. |
responsecode | String | Critical & Required | Critical & Required | Critical & Required | The response code is a numerical code that indicates the outcome of authorization checks of issuing banks. The code must be a 2 character ISO8583-1987 response. |
success | String | Critical & Required | Critical & Required | Critical & Required | This indicates the overall result of the transaction. Accepted values are: - true : Transaction fully completed without any failures (both technical and non-technical).- false : Any part of the transaction failed or did not meet the necessary criteria, regardless of technical success.- none : The outcome of the transaction is uncertain or not yet known.Please use true only for fully successful transactions. Use false if there's any doubt or known issues, and none when outcome information is incomplete. |
acceptorcountry | String | Important | Important | Important | Countrycode of country where the card acceptor is located. Only ISO 3166-1 numeric country codes are accepted. |
acceptorip | String | Important | Important | Important | The acceptor IP address is the IP address of the card acceptor's terminal. For card-present transactions this terminal, which is used by the merchant to process payments, is typically located on the merchant's premises. |
avsresult | String | Important | Important | Important | AVS (Address Verification System) result is the outcome of a check performed for Card-not-Present and MOTO transactions on the billing address provided by the shopper to see if the provided address matches the address on file with the card issuer. Accepted values are: - A : Addresses match/ZIP codes do not.- B : Street addresses match, but ZIP codes not verified due to incompatible formats.- C : Street address and postal/ZIP codes not verified due to incompatible formats.- D : Street addresses and postal/ZIP codes match (VISA).Customer name incorrect, ZIP codes match (AMEX / JCB). - E : Customer name incorrect, billing address and ZIP code match.- F : Street addresses and postal codes match (VISA). Customer name incorrect, billing address matches (AMEX / JCB).- G : Address information not verified for international transaction.- I : Address information not verified.- K : Customer name matches.- L : Customer name and ZIP code match.- M : Street addresses and postal/ZIP codes match.- N : No match.- O : Customer name and billing address match.- P : Postal/ZIP codes match. Acquirer sent both postal/ZIP code and street address, but street address not verified due to incompatible formats.- R : Retry: System unavailable or timed out. Issuer ordinarily performs address verification but was unavailable.- S : AVS not supported.- T : Nine-digit zip code matches, address does not match.- U : Information is unavailable.- W : For U.S. Addresses, nine-digit postal code matches, address does not. For address outside the U.S. postal code matches, address does not (MasterCard / Discover). Customer name, billing address, and postal code are all correct ( AMEX / JCB).- X : For U.S. addresses, nine-digit postal code and addresses matches. For addresses outside the U.S., postal code and address match.- Y : Street address and postal/ZIP match.- Z : Postal/ZIP match, street addresses do not match or street address not included in request.- none : Unknown. |
avsused | String | Important | Important | Important | Indicates if AVS (Address Verification System) is enabled. AVS checks are performed for Card-not-Present and MOTO transactions on the billing address provided by the shopper to see if the provided address matches the address on file with the card issuer. This helps verify the identity of the shopper vs the actual cardholder. It is more likely that the shopper is the cardholder when the billing address details match. Before authentication it can already be known whether AVS is enabled, the result (avsresult) will only be known after authentication. Accepted values are: - true : AVS enabled.- false : AVS disabled.- none : Unknown. |
cavvresult | String | Important | Important | Important | The Cardholder Authentication Verification Value (CAVV) is a value that allows VISA to validate the integrity of the Verified by Visa (VbV) transaction data for VISA 3Ds transactions. Accepted values are: - 0 : CAVV authentication results invalid, no verification performed.- 1 : CAVV failed verification (authentication), Issuer approves authorization.- 2 : CAVV passed verification (authentication), Issuer approves authorization.- 3 : CAVV passed verification (attempt), Issuer approves authorization.- 4 : CAVV failed verification (attempt), Issuer approves authorization.- 5 : Not Used - Reserved.- 6 : CAVV not verified (VisaNet flag for Issuer not selected), Issuer approves authorization.- 7 : CAVV failed verification (attempt), Issuer approves authorization.- 8 : CAVV passed verification (attempt), Issuer approves authorization.- 9 : CAVV failed verification (attempt), Issuer approves authorization.- A : CAVV passed verification (attempt), Issuer approves authorization.- B : CAVV passed verification (authentication).- C : CAVV failed verification (attempt).- D : CAVV failed verification (authentication).- none : Unknown. |
cavvused | String | Important | Important | Important | Indicates if Cardholder Authentication Verification Value (CAVV) is enabled for the transaction. Before authentication it can already be known whether CAVV is enabled, the result (cavvresult) will only be known after authentication. Accepted values are: - true : CAVV enabled.- false : CAVV disabled.- none : Unknown. |
channelsubtype | String | Important | Important | Important | Indicates the subtype of channel used for a transaction. This is a subfield of channel. Accepted values with their description: - paymentlink : The payment is done using a link that is shared by the merchant, also known as PayByLink transactions.- telephoneorder : MoTo transactions where the order and payment details are provided by telephone.- mailorder : MoTo transactions where the order and payment details are provided by mail (not email).- none : Unknown. |
cvvresult | String | Important | Important | Important | Card Verification Value (CVV) result is the outcome of a check performed on the security code provided by the shopper to see if it matches the code on file with the card issuer. Accepted values: - M : CVV2 Match.- N : CVV2 No Match.- P : Not processed.- S : CVV2 should be on the card.- U : Issuer does not participate in CVV2 service, or participates but has not provided the encryption keys, or both.- X : No response from association.- none : Unknown. |
cvvused | String | Important | Important | Important | Indicates if Card Verification Value (CVV) checks are done for the transaction. Card Verification Value (CVV) checs are performed on the security code provided by the shopper to see if it matches the code on file with the card issuer. Before authentication it can already be known whether CVV is enabled, the result (cvvresult) will only be known after authentication. Accepted values are: - true : CVV checks are done.- false : CVV checks are not done.- none : Unknown. |
eci | String | Important | Important | Important | The Electronic Commerce Indicator (ECI) is the value indicating the outcome of 3D-Secure (3DS) authentication attempted on transactions where 3DS is enabled. Different card schemes use different values. Accepted values for Visa / American Express / JCB / Discover / Diners are: - 05 : Both cardholder and card issuing bank are 3D enabled. 3D card authentication is successful.- 06 : Either cardholder or card issuing bank is not 3D enrolled.- 07 : Authentication is unsuccessful or not attempted.- none : Unknown.Accepted values for MasterCard are: - 02 : Both cardholder and card issuing bank are 3D enabled. 3D card authentication is successful.- 01 : Either cardholder or card issuing bank is not 3D enrolled.- 00 : Authentication is unsuccessful or not attempted.- none : Unknown. |
merchantcountry | String | Important | Important | Important | Countrycode of country where the merchant is registered. Only ISO 3166-1 numeric country codes are accepted. |
merchantip | String | Important | Important | Important | The IP address of the merchant refers to the IP address where the merchant is registered. It is important to distinguish between the acceptor IP and the merchant IP. The acceptor IP is the location of the merchant's server where the payment is received. Therefore, a merchant can have multiple acceptor IPs, but only one merchant IP. |
mid | String | Important | Important | Important | The unique identifier assigned to a merchant by their payment processor. It's important to note that the MID does not uniquely identify the merchant, but rather it identifies the merchant's account. This is because a merchant can have multiple MIDs, as they may have separate merchant accounts for different aspects of their business. |
parenttransactionid | String | Important | Important | Important | The identifier that links separate events of one transaction. The parenttransactionid can link auths with captures, voids and refunds and it can link auth_captures with refunds and voids. Any unique identifier is accepted. For example: In order to link a capture with an authorization, you need to specify the transactionid of the corresponding auth or auth_capture as the parenttransactionid |
posentrymode | String | Important | Important | Important | The Point of Sale (POS) entry mode is the code (3 digits) that identifies the method used to capture the PAN entry mode and the PIN entry capability. ISO 8583 (field 22) POS entry mode consists of 2 parts: 1. PAN (Primary Account Number) entry mode (the first 2 digits): - 00 : Unknown.- 01 : Key entered / Manual.- 02 : Magnetic stripe.- 03 : Bar code.- 05 : ICC (integrated circuit card, that is, chip).- 07 : Auto entry via contactless EMV.- 10 : Merchant has Cardholder Credentials on File.- 80 : Fallback from integrated circuit card (ICC) to magnetic stripe.- 81 : Electronic commerce.- 91 : Auto entry via contactless magnetic stripe.2. PIN entry capability (the third digit): - 0 : Unknown- 1 : Terminal can accept PINs.- 2 : Terminal cannot accept PINs.- none : Completely unknown posentrymode. |
recurring | String | Important | Important | Important | Indicates if the payment is recurring or not. Accepted values are: - true : Is recurring.- false : is not recurring.- none : Unknown. |
threedsused | String | Important | Important | Important | Indicates if 3D-Secure (3DS) is enabled for the transaction. Before authentication it can already be known whether 3DS is enabled, the result (eci) will only be known after authentication. Accepted values are: - true : 3-D Secure has been used.- false : 3-D Secure has not been used.- none : Unknown. |
transactioncountry | String | Important | Important | Important | The country code of the shopper's device from which the card-not-present transaction is made. Only ISO 3166-1 numeric country codes are accepted. |
transactionip | String | Important | Important | Important | IP-address of the shopper's device with which the card-not-present transaction is made. |
gatewaydeclinereason | String | n.a. | Important | Important | The gateway decline reason is a code provided by the payment gateway indicating the reason for a declined transaction. Declinecodes differ from gateway to gateway, therefore the reason of the decline is preferred. Any declinereason is accepted. E.g. Application Incomplete, Duplicate, Fraud, Risk Thresholds, Card Disabled. |
shopperemail | String | Supplementary | Supplementary | Important | The email address of the shopper. |
shoppername | String | Supplementary | Supplementary | Important | The name of the shopper. Any name is accepted. |
shopperphonenumber | String | Supplementary | Supplementary | Important | The phone number of the shopper. |
acceptorcity | String | Supplementary | Supplementary | Supplementary | City where the card acceptor is located. Any city name is accepted. |
acceptorid | String | Supplementary | Supplementary | Supplementary | The name or unique identifier of the acceptor. Any name or unique identifier is accepted. |
acceptorpostalcode | String | Supplementary | Supplementary | Supplementary | Postal code where the card acceptor is located. Any postal code is accepted. |
acceptorstatecode | String | Supplementary | Supplementary | Supplementary | State where the card acceptor is located. Any state code is accepted. |
acceptorstreetaddress | String | Supplementary | Supplementary | Supplementary | Street address where the card acceptor is located. Without acceptorip this field becomes important. Any street address is accepted. |
acceptordeviceid | String | Supplementary | Supplementary | Supplementary | The unique identifier for the physical device on which the acceptor (terminal) is installed. Note that a single acceptor (terminal) can be associated with multiple acceptor devices. |
acceptordevicegeocoordinates | String | Supplementary | Supplementary | Supplementary | Geographic coordinates of the acceptor's device. Only ISO 6709 format is accepted. Accepted format: {sign}{latitude}{sign}{longitude}/ . |
acquirer | String | Supplementary | Supplementary | Supplementary | The acquirer is a financial institution with whom the merchant has a bank account. |
acquirercountry | String | Supplementary | Supplementary | Supplementary | Countrycode of country where the acquirer is registered. Only ISO 3166-1 numeric country codes are accepted. |
authresult | String | Supplementary | Supplementary | Supplementary | Indicates if the transaction successfully passed all authentication and authorization checks. Accepted values are: - fail : failed authentication and authorization.- success : successful authentication and authorization.- none : Unknown. |
bookingdate | Double | Supplementary | Supplementary | Supplementary | The date and time when a reservation or booking was made, applicable to services like hotels, flights, events, and car rentals. Only Unix Timestamps (UTC) are accepted. |
bookingprocessingdate | Double | Supplementary | Supplementary | Supplementary | The date and time when a booking was processed or confirmed, which may differ from the booking date, applicable across various service sectors. Only Unix Timestamps (UTC) are accepted. |
bookingreference | String | Supplementary | Supplementary | Supplementary | A unique code or number for identifying and tracking a booking in various service industries, from travel to event management. This code is generally a customer-facing identifier provided as a confirmation of a booking, used by the customer to reference, manage, or modify their reservation. |
cardaccess | String | Supplementary | Supplementary | Supplementary | Information on how the card was accessed. Accepted values are: - pinaccess : Card is accessed by using a pincode.- signatureaccess : Card is accessed by using a signature.- hybrid : Card is accessed by using a pincode and a signature.- none : Unknown. |
cardholder | String | Supplementary | Supplementary | Supplementary | The name or unique identifier of the cardholder. This is not the same as the cardtoken, as a cardholder can have multiple credit cards (cardtokens). Any name or unique identifier is accepted. |
cardholderemail | String | Supplementary | Supplementary | Supplementary | The email address of the card holder. |
cardholderphonenumber | String | Supplementary | Supplementary | Supplementary | The phone number of the card holder. |
checkindate | Double | Supplementary | Supplementary | Supplementary | The date when a customer or guest is scheduled to start their service, like arriving at a hotel, boarding a flight, or picking up a rental car. Only Unix Timestamps (UTC) are accepted. |
checkoutdate | Double | Supplementary | Supplementary | Supplementary | The date when the service concludes, such as the end of a hotel stay, return of a rental car, or completion of an event. Only Unix Timestamps (UTC) are accepted. |
ddresult | String | Supplementary | Supplementary | Supplementary | The dynamic descriptor result returned by the processor is the text that represents businesses on bank account statements. Can be up to 22 characters long. |
deviceid | String | Supplementary | Supplementary | Supplementary | The mobile device id or any other device id. Any id is accepted. |
deviceos | String | Supplementary | Supplementary | Supplementary | The operating system (os) of the mobile device. Any os is accepted. |
devicephonenumber | String | Supplementary | Supplementary | Supplementary | The phone number of the mobile device. Any phone number is accepted. |
initialrecurring | String | Supplementary | Supplementary | Supplementary | Indicates if the transaction is the first of a series of recurring transactions. Accepted values are: - true : The transaction is the first of a series of recurring transactions.- false : The transaction is not the first of a series of recurring transactions.- none : Unknown. |
merchantadvicecode | String | Supplementary | Supplementary | Supplementary | The merchant advice code is a code provided by the merchant's payment processor that indicates the reason for a declined transaction, and how it can be retried. |
merchantname | String | Supplementary | Supplementary | Supplementary | The name of the merchant. Any name is accepted. |
merchantcity | String | Supplementary | Supplementary | Supplementary | City where the merchant is registered. Without merchantip this field becomes important. Any city is accepted. |
merchantpostalcode | String | Supplementary | Supplementary | Supplementary | Postal code where the merchant is registered. Without merchantip this field becomes important. Any postal code is accepted. |
merchantstatecode | String | Supplementary | Supplementary | Supplementary | State where the merchant is registered. Without merchantip this field becomes important. Any state code is accepted. |
merchantstreetaddress | String | Supplementary | Supplementary | Supplementary | Street address where the merchant is registered. Without merchantip this field becomes important. Any street address is accepted. |
operationdate | Double | Supplementary | Supplementary | Supplementary | The scheduled date and time for a specific operation, such as a hotel stay, flight, event attendance, or car rental period. Only Unix Timestamps (UTC) are accepted. |
operationid | String | Supplementary | Supplementary | Supplementary | The unique identifier used internally by service providers to manage and track a variety of operational activities, including hotel reservations, flights, events, and car rentals, across different service-oriented industries. |
processor | String | Supplementary | Supplementary | Supplementary | A payment processor is a company (often a third party) appointed by a merchant to handle transactions from various channels such as credit cards and debit cards for merchant acquiring banks. |
proxyused | String | Supplementary | Supplementary | Supplementary | Indicates whether a proxy server was used. |
recurringparentid | String | Supplementary | Supplementary | Supplementary | The identifier that links back to the initial recurring transaction (the first of a series of recurring transactions). |
submerchant | String | Supplementary | Supplementary | Supplementary | The name or unique identifier of the submerchant, which is a merchant that processes under a payment service provider or payment facilitator. These services use one merchant account to process the transactions of many sub-merchants, thereby eliminating the need for each sub-merchant to open and maintain a fully-fledged merchant account. Any name or unique identifier is accepted. |
terminaltype | String | Supplementary | Supplementary | Supplementary | The type of unattended POS terminal, also known as Cardholder-Activated Terminal (CAT) types. Accepted values are: - cat1 : Automated Dispensing Machine- cat2 : Self Service Terminal- cat3 : Limited Amount Terminal- cat4 : InFlight Terminal- cat6 : Electronic Commerce- cat7 : Transponder- cat9 : MPOS (mobile POS)- none : Unknown. |
transactioncity | String | Supplementary | Supplementary | Supplementary | City of the shopper's device with which the card-not-present transaction is made |
transactionpostalcode | String | Supplementary | Supplementary | Supplementary | Postal code of the shopper's device with which the card-not-present transaction is made. |
transactionstatecode | String | Supplementary | Supplementary | Supplementary | State of the shopper's device with which the card-not-present transaction is made. |
transactionstreetaddress | String | Supplementary | Supplementary | Supplementary | Street address of the shopper's device with which the card-not-present transaction is made. |
ucafindicator | String | Supplementary | Supplementary | Supplementary | The Universal Cardholder Authentication (UCAF) indicator indicates to what extend the UCAF data collection is supported for MasterCard 3DS transactions. Accepted values are: - 0 : UCAF data collection is not supported by the merchant.- 1 : UCAF data collection is supported by the merchant, and UCAF data may be present and contain an attempted AAV.- 2 : UCAF data collection is supported by the merchant and UCAF data must be present and contain a fully authenticated AAV.- none : Unknown. |
kyclevel | String | n.a. | Supplementary | Important | The Know-Your-Customer level of the merchant. Any indication level is accepted. |
limitprofile | String | n.a. | Supplementary | Important | The limit profile of a merchant is a set of limits imposed on the daily/weekly/monthly transaction amounts. A low limit profile number denotes low limits on all transactions. |
merchantemail | String | n.a. | Supplementary | Important | The email address of the merchant. |
merchantturnover | String | n.a. | Supplementary | Important | Expected monthly turnover (auths and authcaptures) to be processed through the merchant’s account in euros. |
merchanturl | String | n.a. | Supplementary | Important | URL of merchant web site or page where transaction took place. Any URL is accepted. |
registrationdate | Double | n.a. | Supplementary | Important | The time UTC at which the merchant got registered. Only Unix Timestamps are accepted. |
ubo | String | n.a. | Supplementary | Important | The full name of the Ultimate Beneficial Owner (UBO). The UBO is the individual that is registered as the owner of the merchant account. |
ubocountry | String | n.a. | Supplementary | Important | Countrycode of country where the ubo is registered. Only ISO 3166-1 numeric country codes are accepted. |
gateway | String | n.a. | Supplementary | Supplementary | A payment gateway is a merchant service that facilitates a payment transaction by the transfer of information between a payment portal (such as a website, mobile phone or interactive voice response service) and the front end processor or acquiring bank. |
iso | String | n.a. | Supplementary | Supplementary | The full name of the Independent Sales Organisation (ISO) that accepts credit card payments for the merchant account that is in its portfolio. |
isocountry | String | n.a. | Supplementary | Supplementary | The country of the ISO. |
kyclevelnorm | Double | n.a. | Supplementary | Supplementary | A normalized know-your-customer level of the merchant between 0 and 1, where 0 is a totally unknown and untrusted merchant and 1 is a fully known and absolutely trusted merchant. |
ocptenabled | String | n.a. | Supplementary | Supplementary | Indicates if ocpt is enabled for this merchant. When ocpt is enabled, payout back to the cardholder is supported. |
payfac | String | n.a. | Supplementary | Supplementary | The full name of the Payment Facilitator that has the merchant account in its portfolio. |
payfaccountry | String | n.a. | Supplementary | Supplementary | The country of the Payment Facilitator. |
uboemail | String | n.a. | Supplementary | Supplementary | The email address of the ubo. |
ubophonenumber | String | n.a. | Supplementary | Supplementary | The phone number of the ubo. |
ubostreetaddress | String | n.a. | Supplementary | Supplementary | Street address where the ubo is registered. Without merchantip this field becomes important. Any street address is accepted. |
bankaccountnumber | String | n.a. | n.a. | Supplementary | Bank Account Number. This refers to the International Bank Account Number (IBAN) or any equivalent national bank account number or ID. |
digitalwalletoperator | String | n.a. | n.a. | Supplementary | Indicates the Digital Wallet Operator (DWO). A digital wallet refers to an electronic system that allows customers to pay for purchases without presenting a physical credit or debit card. Accepted values are: - staged : A staged digital wallet transaction is done with a wallet that uses multiple “stages” to complete the transaction (a “funding” stage and a “payment” stage) and doesn’t necessarily pass along card information to the card brand or issuer.- pass_through : A pass-through digital wallet transaction is done with a wallet where card payment information is used directly in the transaction, and passed along to the issuer and card network.- none : Unknown. |
Response Parameters
Status Code | Status Message | Description | Schema |
---|---|---|---|
200 | OK | Standard response for successful HTTP requests. | 200 OK - Fraud score response |
4xx , 500 , 501 , 502 , 503 , 504 | error | Various error messages for unsuccessful HTTP requests. | Problem response |
Code Samples
- Shell
- Python
- Java
- Perl
- PHP
curl -X POST 'https://api.fraudio.com/v1/transactions/payment-fraud-score' \
-H 'Content-Type: application/json' \
-H "authorization: Bearer $ACCESS_TOKEN" \
--data-raw '{
"transactionid":"49fp3l68395gs24g",
"transactiontype":"auth_capture",
"amount":251.41,
"currency":"012",
"currencyunit":"major",
"timestamp":1646063615,
"cardbin":"442742",
"merchant":"Fred&FreddySportsStore",
"parenttransactionid":"4583409307",
"cardtoken":"49fp3l68395gs24g",
"acceptorip":"542.6.8.838",
"cardexpirydate":"03/21",
"channel":"moto",
"channelsubtype":"paymentlink",
"lastfourdigits":"4932",
"mcccode":"5969",
"merchantip":"128.0.0.1",
"posentrymode":"012",
"recurring":"true",
"recurringparentid":"09a70bd7-2993-4df6-a693-99c26ee4bedb",
"registrationdate":100041643253.143105,
"threedsused":"true",
"transactionip":"152.0.6.152",
"acceptorid":"6ad3b45e-0f14-4522-885b-dd8049fc773c",
"acceptorcity":"London",
"acceptorcountry":"056",
"acceptorpostalcode":"38010",
"acceptorstatecode":"38010",
"acceptorstreetaddress":"29Ravenscroft,Covingham",
"acquirer":"Acquirer X",
"acquirercountry":"056",
"avsused":"true",
"bankaccountnumber":"NL15INGB4014343434343",
"bookingdate":1702851883,
"bookingprocessingdate":1705443883,
"bookingreference":"6UTAKBKI",
"cardaccess":"pinaccess",
"cardholder":"JohnSpencer",
"cardholderemail":"support@fraudio.com",
"cardholderphonenumber":"+31 71 000 0000",
"cavvused":"true",
"checkindate":1703715883,
"checkoutdate":1704147883,
"cvvused":"true",
"digitalwalletoperator":"staged",
"gateway":"staged",
"initialrecurring":"true",
"issuingplan":"merchant plan 1",
"kyclevel":"5",
"kyclevelnorm":0.5,
"limitprofile":"5",
"merchantcity":"London",
"merchantcountry":"528",
"merchantemail":"support@fraudio.com",
"merchantpostalcode":"w1b3hh",
"merchantstatecode":"GA",
"merchanturl":"www.foreverliving.com",
"mid":"1532512",
"ocptenabled":"true",
"operationdate":1703543083,
"operationid":"FKPAIPRXNV",
"processor":"ProcessorY",
"shopperemail":"support@fraudio.com",
"shoppername":"John Spencer",
"shopperphonenumber":"+31 71 000 0000",
"submerchant":"ShoestoreX",
"terminaltype":"cat1",
"transactioncountry":"056",
"transactionpostalcode":"w1b3hh",
"transactionstatecode":"GA",
"transactionstreetaddress":"29Ravenscroft,Covingham",
"avsresult":"A",
"cvvresult":"S",
"eci":"02",
"responsecode":"05",
"success":"true",
"authresult":"success",
"cavvresult":"5",
"ddresult":"ZXC*SiteAccess4343-432-333",
"gatewaydeclinereason":"CardDisabled",
"ucafindicator":"2"
}'
import json
import os
import requests
payment_fraud_score_endpoint = "https://api.fraudio.com/v1/transactions/payment-fraud-score"
access_token = os.environ["ACCESS_TOKEN"]
transaction = {
"transactionid": "49fp3l68395gs24g",
"transactiontype": "auth_capture",
"amount": 251.41,
"currency": "012",
"currencyunit": "major",
"timestamp": 1646063615,
"cardbin": "442742",
"merchant": "Fred&FreddySportsStore",
"parenttransactionid": "4583409307",
"cardtoken": "49fp3l68395gs24g",
"acceptorip": "542.6.8.838",
"cardexpirydate": "03/21",
"channel": "moto",
"channelsubtype": "paymentlink",
"lastfourdigits": "4932",
"mcccode": "5969",
"merchantip": "128.0.0.1",
"posentrymode": "012",
"recurring": "true",
"recurringparentid": "09a70bd7-2993-4df6-a693-99c26ee4bedb",
"registrationdate": 100041643253.143105,
"threedsused": "true",
"transactionip": "152.0.6.152",
"acceptorid": "6ad3b45e-0f14-4522-885b-dd8049fc773c",
"acceptorcity": "London",
"acceptorcountry": "056",
"acceptorpostalcode": "38010",
"acceptorstatecode": "38010",
"acceptorstreetaddress": "29Ravenscroft,Covingham",
"acceptordeviceid": "832362hsd7-04hs-44gjs-885b-25hsdfsg3k3",
"acceptordevicegeocoordinates": "+40.7128-074.0060/",
"acquirer": "Acquirer X",
"acquirercountry": "056",
"avsused": "true",
"bankaccountnumber": "NL15INGB4014343434343",
"bookingdate": 1702851883,
"bookingprocessingdate": 1705443883,
"bookingreference": "6UTAKBKI",
"cardaccess": "pinaccess",
"cardholder": "JohnSpencer",
"cardholderemail": "support@fraudio.com",
"cardholderphonenumber": "+31 71 000 0000",
"cavvused": "true",
"checkindate": 1703715883,
"checkoutdate": 1704147883,
"cvvused": "true",
"digitalwalletoperator": "staged",
"gateway": "staged",
"initialrecurring": "true",
"issuingplan": "merchant plan 1",
"kyclevel": "5",
"kyclevelnorm": 0.5,
"limitprofile": "5",
"merchantcity": "London",
"merchantcountry": "528",
"merchantemail": "support@fraudio.com",
"merchantpostalcode": "w1b3hh",
"merchantstatecode": "GA",
"merchanturl": "www.foreverliving.com",
"mid": "1532512",
"ocptenabled": "true",
"operationdate": 1703543083,
"operationid": "FKPAIPRXNV",
"processor": "ProcessorY",
"shopperemail": "support@fraudio.com",
"shoppername": "John Spencer",
"shopperphonenumber": "+31 71 000 0000",
"submerchant": "ShoestoreX",
"terminaltype": "cat1",
"transactioncountry": "056",
"transactionpostalcode": "w1b3hh",
"transactionstatecode": "GA",
"transactionstreetaddress": "29Ravenscroft,Covingham",
"avsresult": "A",
"cvvresult": "S",
"eci": "02",
"responsecode": "05",
"success": "true",
"authresult": "success",
"cavvresult": "5",
"ddresult": "ZXC*SiteAccess4343-432-333",
"gatewaydeclinereason": "CardDisabled",
"ucafindicator": "2",
}
headers = {
"authorization": f"Bearer {access_token}",
"Content-Type": "application/json",
}
r = requests.post(payment_fraud_score_endpoint, headers=headers, data=json.dumps(transaction))
print(r.json())
package com.fraudio;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
public class PaymentFraudScore {
public static void main(String[] args) throws IOException, URISyntaxException, InterruptedException {
String paymentFraudScoreEndpoint = "https://api.fraudio.com/v1/transactions/payment-fraud-score";
String accessToken = System.getenv("ACCESS_TOKEN");
String transaction = "{\"transactionid\":\"49fp3l68395gs24g\",\"transactiontype\":\"auth_capture\",\"amount\":251.41,\"currency\":\"012\",\"currencyunit\":\"major\",\"timestamp\":1646063615,\"cardbin\":\"442742\",\"merchant\":\"Fred&FreddySportsStore\",\"parenttransactionid\":\"4583409307\",\"cardtoken\":\"49fp3l68395gs24g\",\"acceptorip\":\"542.6.8.838\",\"cardexpirydate\":\"03/21\",\"channel\":\"moto\",\"channelsubtype\":\"paymentlink\",\"lastfourdigits\":\"4932\",\"mcccode\":\"5969\",\"merchantip\":\"128.0.0.1\",\"posentrymode\":\"012\",\"recurring\":\"true\",\"recurringparentid\":\"09a70bd7-2993-4df6-a693-99c26ee4bedb\",\"registrationdate\":100041643253.143105,\"threedsused\":\"true\",\"transactionip\":\"152.0.6.152\",\"acceptorid\":\"6ad3b45e-0f14-4522-885b-dd8049fc773c\",\"acceptorcity\":\"London\",\"acceptorcountry\":\"056\",\"acceptorpostalcode\":\"38010\",\"acceptorstatecode\":\"38010\",\"acceptorstreetaddress\":\"29Ravenscroft,Covingham\",\"acquirer\":\"Acquirer X\",\"acquirercountry\":\"056\",\"avsused\":\"true\",\"bankaccountnumber\":\"NL15INGB4014343434343\",\"bookingdate\":1702851883,\"bookingprocessingdate\":1705443883,\"bookingreference\":\"6UTAKBKI\",\"cardaccess\":\"pinaccess\",\"cardholder\":\"JohnSpencer\",\"cardholderemail\":\"support@fraudio.com\",\"cardholderphonenumber\":\"+31 71 000 0000\",\"cavvused\":\"true\",\"checkindate\":1703715883,\"checkoutdate\":1704147883,\"cvvused\":\"true\",\"digitalwalletoperator\":\"staged\",\"gateway\":\"staged\",\"initialrecurring\":\"true\",\"issuingplan\":\"merchant plan 1\",\"kyclevel\":\"5\",\"kyclevelnorm\":0.5,\"limitprofile\":\"5\",\"merchantcity\":\"London\",\"merchantcountry\":\"528\",\"merchantemail\":\"support@fraudio.com\",\"merchantpostalcode\":\"w1b3hh\",\"merchantstatecode\":\"GA\",\"merchanturl\":\"www.foreverliving.com\",\"mid\":\"1532512\",\"ocptenabled\":\"true\",\"operationdate\":1703543083,\"operationid\":\"FKPAIPRXNV\",\"processor\":\"ProcessorY\",\"shopperemail\":\"support@fraudio.com\",\"shoppername\":\"John Spencer\",\"shopperphonenumber\":\"+31 71 000 0000\",\"submerchant\":\"ShoestoreX\",\"terminaltype\":\"cat1\",\"transactioncountry\":\"056\",\"transactionpostalcode\":\"w1b3hh\",\"transactionstatecode\":\"GA\",\"transactionstreetaddress\":\"29Ravenscroft,Covingham\",\"avsresult\":\"A\",\"cvvresult\":\"S\",\"eci\":\"02\",\"responsecode\":\"05\",\"success\":\"true\",\"authresult\":\"success\",\"cavvresult\":\"5\",\"ddresult\":\"ZXC*SiteAccess4343-432-333\",\"gatewaydeclinereason\":\"CardDisabled\",\"ucafindicator\":\"2\"}";
HttpRequest request = HttpRequest.newBuilder()
.uri(new URI(paymentFraudScoreEndpoint))
.header("authorization", String.format("Bearer %s", accessToken))
.header("Content-Type", "application/json")
.POST(HttpRequest.BodyPublishers.ofString(transaction))
.build();
HttpClient client = HttpClient.newHttpClient();
HttpResponse < String > response = client.send(request, HttpResponse.BodyHandlers.ofString());
String responseBody = response.body();
System.out.println("Response Code: " + response.statusCode() + "\nResponse Body: " + responseBody);
}
}
use LWP::UserAgent;
use HTTP::Request::Common;
my $payment_fraud_score_endpoint = 'https://api.fraudio.com/v1/transactions/payment-fraud-score';
my $access_token = $ENV{"ACCESS_TOKEN"};
my $transaction = '{"transactionid":"49fp3l68395gs24g","transactiontype":"auth_capture","amount":251.41,"currency":"012","currencyunit":"major","timestamp":1646063615,"cardbin":"442742","merchant":"Fred&FreddySportsStore","parenttransactionid":"4583409307","cardtoken":"49fp3l68395gs24g","acceptorip":"542.6.8.838","cardexpirydate":"03/21","channel":"moto","channelsubtype":"paymentlink","lastfourdigits":"4932","mcccode":"5969","merchantip":"128.0.0.1","posentrymode":"012","recurring":"true","recurringparentid":"09a70bd7-2993-4df6-a693-99c26ee4bedb","registrationdate":100041643253.143105,"threedsused":"true","transactionip":"152.0.6.152","acceptorid":"6ad3b45e-0f14-4522-885b-dd8049fc773c","acceptorcity":"London","acceptorcountry":"056","acceptorpostalcode":"38010","acceptorstatecode":"38010","acceptorstreetaddress":"29Ravenscroft,Covingham","acquirer":"Acquirer X","acquirercountry":"056","avsused":"true","bankaccountnumber":"NL15INGB4014343434343","bookingdate":1702851883,"bookingprocessingdate":1705443883,"bookingreference":"6UTAKBKI","cardaccess":"pinaccess","cardholder":"JohnSpencer","cardholderemail":"support@fraudio.com","cardholderphonenumber":"+31 71 000 0000","cavvused":"true","checkindate":1703715883,"checkoutdate":1704147883,"cvvused":"true","digitalwalletoperator":"staged","gateway":"staged","initialrecurring":"true","issuingplan":"merchant plan 1","kyclevel":"5","kyclevelnorm":0.5,"limitprofile":"5","merchantcity":"London","merchantcountry":"528","merchantemail":"support@fraudio.com","merchantpostalcode":"w1b3hh","merchantstatecode":"GA","merchanturl":"www.foreverliving.com","mid":"1532512","ocptenabled":"true","operationdate":1703543083,"operationid":"FKPAIPRXNV","processor":"ProcessorY","shopperemail":"support@fraudio.com","shoppername":"John Spencer","shopperphonenumber":"+31 71 000 0000","submerchant":"ShoestoreX","terminaltype":"cat1","transactioncountry":"056","transactionpostalcode":"w1b3hh","transactionstatecode":"GA","transactionstreetaddress":"29Ravenscroft,Covingham","avsresult":"A","cvvresult":"S","eci":"02","responsecode":"05","success":"true","authresult":"success","cavvresult":"5","ddresult":"ZXC*SiteAccess4343-432-333","gatewaydeclinereason":"CardDisabled","ucafindicator":"2"}';
my $req = HTTP::Request -> new(POST => $payment_fraud_score_endpoint);
$req -> header('authorization' => "Bearer $access_token", "Content-Type" => "application/json");
$req -> content($transaction);
my $ua = LWP::UserAgent -> new;
my $resp = $ua -> request($req);
my $message = $resp -> decoded_content;
print "Received reply: $message";
<?php
$payment_fraud_score_endpoint = "https://api.fraudio.com/v1/transactions/payment-fraud-score";
$access_token = $_SERVER["ACCESS_TOKEN"];
$transaction =
"{\"transactionid\":\"49fp3l68395gs24g\",\"transactiontype\":\"auth_capture\",\"amount\":251.41,\"currency\":\"012\",\"currencyunit\":\"major\",\"timestamp\":1646063615,\"cardbin\":\"442742\",\"merchant\":\"Fred&FreddySportsStore\",\"parenttransactionid\":\"4583409307\",\"cardtoken\":\"49fp3l68395gs24g\",\"acceptorip\":\"542.6.8.838\",\"cardexpirydate\":\"03/21\",\"channel\":\"moto\",\"channelsubtype\":\"paymentlink\",\"lastfourdigits\":\"4932\",\"mcccode\":\"5969\",\"merchantip\":\"128.0.0.1\",\"posentrymode\":\"012\",\"recurring\":\"true\",\"recurringparentid\":\"09a70bd7-2993-4df6-a693-99c26ee4bedb\",\"registrationdate\":100041643253.143105,\"threedsused\":\"true\",\"transactionip\":\"152.0.6.152\",\"acceptorid\":\"6ad3b45e-0f14-4522-885b-dd8049fc773c\",\"acceptorcity\":\"London\",\"acceptorcountry\":\"056\",\"acceptorpostalcode\":\"38010\",\"acceptorstatecode\":\"38010\",\"acceptorstreetaddress\":\"29Ravenscroft,Covingham\",\"acquirer\":\"Acquirer X\",\"acquirercountry\":\"056\",\"avsused\":\"true\",\"bankaccountnumber\":\"NL15INGB4014343434343\",\"bookingdate\":1702851883,\"bookingprocessingdate\":1705443883,\"bookingreference\":\"6UTAKBKI\",\"cardaccess\":\"pinaccess\",\"cardholder\":\"JohnSpencer\",\"cardholderemail\":\"support@fraudio.com\",\"cardholderphonenumber\":\"+31 71 000 0000\",\"cavvused\":\"true\",\"checkindate\":1703715883,\"checkoutdate\":1704147883,\"cvvused\":\"true\",\"digitalwalletoperator\":\"staged\",\"gateway\":\"staged\",\"initialrecurring\":\"true\",\"issuingplan\":\"merchant plan 1\",\"kyclevel\":\"5\",\"kyclevelnorm\":0.5,\"limitprofile\":\"5\",\"merchantcity\":\"London\",\"merchantcountry\":\"528\",\"merchantemail\":\"support@fraudio.com\",\"merchantpostalcode\":\"w1b3hh\",\"merchantstatecode\":\"GA\",\"merchanturl\":\"www.foreverliving.com\",\"mid\":\"1532512\",\"ocptenabled\":\"true\",\"operationdate\":1703543083,\"operationid\":\"FKPAIPRXNV\",\"processor\":\"ProcessorY\",\"shopperemail\":\"support@fraudio.com\",\"shoppername\":\"John Spencer\",\"shopperphonenumber\":\"+31 71 000 0000\",\"submerchant\":\"ShoestoreX\",\"terminaltype\":\"cat1\",\"transactioncountry\":\"056\",\"transactionpostalcode\":\"w1b3hh\",\"transactionstatecode\":\"GA\",\"transactionstreetaddress\":\"29Ravenscroft,Covingham\",\"avsresult\":\"A\",\"cvvresult\":\"S\",\"eci\":\"02\",\"responsecode\":\"05\",\"success\":\"true\",\"authresult\":\"success\",\"cavvresult\":\"5\",\"ddresult\":\"ZXC*SiteAccess4343-432-333\",\"gatewaydeclinereason\":\"CardDisabled\",\"ucafindicator\":\"2\"}";
$options = [
"http" => [
"header" =>
"authorization: Bearer $access_token" .
"Content-Type: application/json",
"method" => "POST",
"content" => $transaction,
],
];
$context = stream_context_create($options);
$result = file_get_contents($payment_fraud_score_endpoint, false, $context);
print $result;
?>