Fraud Intelligence
Fraud Intelligence is a Saferpay module that protects merchants from fraudulent online transactions. It relies on Fraugster's industry-leading AI technology and allows merchants to dynamically react on suspicious behavior and even prevent transactions with malicious intent, during authentication.
This chapter will cover the technical aspects on how to integrate Fraud Intelligence in your application.
Requirements
- The corresponding Saferpay eCommerce licence and thus the existence of a valid identification with a username and password for the Saferpay system.
- Availability of at least one active Saferpay terminal via which payments can be carried out, and availability of the associated Saferpay TerminalId.
- A contract to use the Fraud Intelligence module in Saferpay. Please contact your contractual sales contact on that matter.
- Saferpay JSON API SpecVersion 1.20+
Supported Payment Methods and Flows
Currently, the following payment methods are supported:
- Visa/VPay
- Mastercard/Maestro
- American Express
- Bancontact
- Diners Club
- JCB
- Bonus Card
- MyOne
- PayPal
Currently, the following flows are supported:
Activation
After the activation of the Fraud Intelligence module on your account, you will have access to the options under Risk & Fraud > Fraud Intelligence settings. There, you can find a list of all supported payment methods, for which you can either fully activate the fraud prevention, or select the payment methods.
Training
The Fraud Intelligence module uses artificial intelligence algorithms and a pre-defined set of rules in order to provide protection against fraud. This means that the detection quality will improve itself over time, as it adapts itself to the merchant's needs.
Data points
In order for the training and the detection to work properly, the system needs to be provided with a set of data points with each transaction. Some are provided automatically by Saferpay, while others need to be submitted by the merchant's system with the initial request, when starting the transaction with either Transaction Initialize or Payment Page Initialize.
All of these datapoints are generally optional. However the detection will work better the more data are provided.
The following data points can be set via the JSON API:
| Fraugster Datapoint | JSON API | Description |
|---|---|---|
| trans_amt | Payment.Amount.Value | The transaction amount. |
| trans_currency | Payment.Amount.CurrencyCode | The transaction currency. |
| cc_num | (see description) | The used PAN. Note that this value usually comes directly from the card holder, rather than the merchant. Also note that, if you should use Secure Card Data, the PAN behind the provided alias will, of course, be used. |
| cust_email | Payer.DeliveryAddress.Email | The customer's E-Mail address. |
| ip | Payer.IpAddress | The customer's IP-address. |
| cust_dob | Payer.BillingAddress.DateOfBirth | The customer's date of birth. |
| cust_signup_ts | RiskFactors.AccountCreationDate | The customer's date of signup to the merchant shop. |
| password_update_ts | RiskFactors.PasswordLastChangeDate | The date when the customer last changed his/her password. |
| items | Order.Items[] | Array of all the shopping cart items. |
| item_id | Order.Items[].Id | Identifier of the product. This ID is created and provided by the merchant. |
| unique_item_id | Order.Items[].VariantId | Identifier of the product-variant. This ID is created and provided by the merchant./td> |
| item_desc | Order.Items[].Name | Name of the product, given by the merchant. |
| additional_description | Order.Items[].Description | Description of the product, given by the merchant. |
| item_amt | Order.Items[].UnitPrice | Price of the product. |
| quantity | Order.Items[].Quantity | Quantity ordered of this specific item. |
| item_category | Order.Items[].CategoryName | Product category, given by the merchant. |
| item_type | Order.Items[].Type | Product type. Has to be one of the following: DIGITAL|PHYSICAL|SERVICE|GIFTCARD |
| includes_preorder | Order.Items[].IsPreOrder | Boolean, whether the item is a pre-ordered item. |
| delivery_method | RiskFactors[].DeliveryType | The used delivery method. Has to be one of the following:
|
| Fraugster Datapoint | JSON API | Description |
|---|---|---|
| bill_ad_city | Payer.BillingAddress.City | Billing address city |
| bill_ad_ctry | Payer.BillingAddress.Country | Billing address country |
| bill_ad_first_name | Payer.BillingAddress.FirstName | Billing address first name |
| bill_ad_last_name | Payer.BillingAddress.LastName | Billing address last name |
| bill_ad_line1 | Payer.BillingAddress.Street | Billing address street |
| bill_ad_line2 | Payer.BillingAddress.Street2 | Additional billing address street information (e.g. PO Box) |
| bill_ad_zip | Payer.BillingAddress.Zip | Billing address zip code |
| phone | Payer.BillingAddress.Phone | Billing address phone number |
| ship_ad_city | Payer.DeliveryAddress.City | Shipping address city |
| ship_ad_ctry | Payer.DeliveryAddress.Country | Shipping address country |
| ship_ad_first_name | Payer.DeliveryAddress.FirstName | Shipping address first name |
| ship_ad_last_name | Payer.DeliveryAddress.LastName | Shipping address last name |
| ship_ad_line1 | Payer.DeliveryAddress.Street | Shipping address street |
| ship_ad_line2 | Payer.DeliveryAddress.Street2 | Additional shipping address street information (e.g. PO Box) |
| ship_ad_zip | Payer.DeliveryAddress.Zip | Delivery address zip code |
| phone | Payer.DeliveryAddress.Phone | Delivery address phone number |
| ship_ad_email | Payer.DeliveryAddress.Email | Delivery address email address |
Example
Here you can see an example Payment Page Initialize request. Note that the containers and parameters are, of course, consistent throughout the whole API:
{
"RequestHeader": {
"SpecVersion": "<insert current spec-version here>",
"CustomerId": "<insert your customer id here>",
"RequestId": "798b38f3176f4eb1bc6ce36e946d10ba",
"RetryIndicator": 0
},
"TerminalId": "<insert your terminal id here>",
"Payment": {
"Amount": {
"Value": "55000",
"CurrencyCode": "EUR"
},
"OrderId": "AB-12345.xyz",
"Description": "Your order #AB-12345.xyz"
},
"Payer": {
"IpAddress": "127.0.0.1",
"DeliveryAddress": {
"FirstName": "John",
"LastName": "Doe",
"Company": "Test Ltd.",
"Gender": "MALE",
"Street": "Notreal road 42",
"Zip": "12346",
"City": "Sometown",
"CountryCode": "US",
"DateOfBirth": "2001-01-01",
"Phone": "555707422666701"
}
},
"ReturnUrls": {
"Success": "https://yourshop/payment-success",
"Fail": "https://yourshop/payment-failed",
"Abort": "https://yourshop/payment-aborted"
},
"Notification": {
"NotifyUrl": "https://yourshop/payment-notify"
},
"Order": {
"Items": [
{
"Type": "PHYSICAL",
"Id": "BAAA-BPTENT",
"VariantId": "BAAA-BPTENT-RED",
"Name": "Awesome Tent",
"Description": "Backpacking Tent with room for 3 people, in red.",
"Quantity": 1,
"UnitPrice": "25000",
"IsPreOrder": false
},
{
"Type": "GIFTCARD",
"Id": "EVCHR-HIKE",
"VariantId": "EVCHR-HIKE-300",
"Name": "Hiking vacation voucher",
"Description": "Enjoy the vacation with your friends!",
"Quantity": 2,
"UnitPrice": "30000",
"IsPreOrder": false
}
]
},
"RiskFactors": {
"DeliveryType": "SHOP",
"AccountCreationDate": "2019-02-21T12:04:43Z",
"PasswordLastChangeDate": "2019-12-23T16:36:43Z"
}
}
Rules
Aside its AI algorithms, Fraugster also offers the option for merchants, to write their own set of rules, which are then incorporated into the evaluation process. For this purpose, Fraugster offers its own portal (the Fraugster Dashboard) where merchants can adapt the rules to fit their needs.
Documentation on how to create and manage custom rules can be found in the Fraugster User Guide (you need to log in to the Fraugster Dashboard with your own credentials you received after signing the contract for Saferpay Fraud Intelligence).
Transaction Risk Analysis
Additionally to applying normal anti-fraud rules, the Fraud Intelligence service is also capable of automatically applying the TRANSACTION_RISK_ANALYSIS SCA exemption in compliance with the PSD2 law. If a transaction is deemed a low fraud risk, this exemption can be applied automatically, in order to avoid the need of Strong Consumer Authentication.
Important: Please read the PSD2 chapter carefully, if you are interested in applying the TRA-exemption!
Responses
Success
In case of a success, the transaction response will also carry additional information inside the FraudPrevention.Result parameter. This can have one of two values: APPROVED and MANUAL_REVIEW.
In both cases, the transaction was indeed successful. However, the latter indicates that there may be issues with this transaction, which need to be reviewed manually, inside the Fraugster Dashboard.
It is then up to you, the merchant, to either accept or decline this transaction.
"ResponseHeader": {
"SpecVersion": "[current Spec-Version]",
"RequestId": "[your request id]"
},
"Transaction": {
"Type": "PAYMENT",
"Status": "AUTHORIZED",
"Id": "MUOGAWA9pKr6rAv5dUKIbAjrCGYA",
"Date": "2015-09-18T09:19:27.078Z",
"Amount": {
"Value": "100",
"CurrencyCode": "CHF"
},
"AcquirerName": "AcquirerName",
"AcquirerReference": "Reference",
"SixTransactionReference": "0:0:3:MUOGAWA9pKr6rAv5dUKIbAjrCGYA",
"ApprovalCode": "012345"
},
"PaymentMeans": {
"Brand": {
"PaymentMethod": "VISA",
"Name": "VISA Saferpay Test"
}
},
"DisplayText": "9123 45xx xxxx 1234",
"Card": {
"MaskedNumber": "912345xxxxxx1234",
"ExpYear": 2015,
"ExpMonth": 9,
"HolderName": "Max Mustermann",
"CountryCode": "CH"
},
"Payer": {
"IpAddress": "1.2.3.4",
"IpLocation": "DE"
},
"Liability": {
"LiabilityShift": true,
"LiableEntity": "ThreeDs",
"ThreeDs": {
"Authenticated": true,
"LiabilityShift": true,
"Xid": "ARkvCgk5Y1t/BDFFXkUPGX9DUgs=",
"VerificationValue": "AAABBIIFmAAAAAAAAAAAAAAAAAA="
}
},
"FraudPrevention": {
"Result": "MANUAL_REVIEW"
}
}
Failure
In case of a decline, Saferpay will throw a appropriate error, also caontaining the reason.
{
"ResponseHeader": {
"SpecVersion": "<current spec-version>",
"RequestId": "1"
},
"Risk": {
"BlockReason": "BLACKLIST_IP",
"IpLocation": "CH"
},
"Behavior": "ABORT",
"ErrorName": "BLOCKED_BY_RISK_MANAGEMENT",
"ErrorMessage": "Blocked by fraud detection"
}