Fraud Prevention · the Advanced Analysis module, our staff will contact you to effect the...

Fraud Prevention Solutions

estamos todos ligados

Risk and fraud services 4

Overview of the service 5

Antifraud module of Rede 5

Operating modes/ Service instructions 5

Formulate a request 7

Risk element 7

Action element 8

XML example 8

Data elements 9

Fraud analysis 10

Example of XML request 25

XML response 29

Fraud analysis response 29

Example of “pre auth” XML response 30

Acceptance of a transaction marked for review 31

HTTPS responses 32

XML Response 33

Key-value pair response 33

Considerations 34

01

02

COn

TEn

TS

Click on the hyperlinks to navigate in thematerial of the Fraud Prevention Solutions

1.1

2.1

2.2

2.2.1

2.2.2

2.2.2.1

2.2.3

2.2.3.1

2.2.3.2

2.3

2.3.1

2.3.2

2.3.3

2.4

2.4.1

2.4.2

2.4.3

3.1

3.2

3.3

3.4

3.5

3.6

Codes for services involving risk 34

Status code of theAntifraud Module 34

Fraud analysis response 35

Update of the bank result 35

Configuration errors of the Antifraud Module 36

Error codes of the Antifraud Module 37

Codes for the payment methods of the Antifraud Module 38

03

COn

TEn

TS

Click on the hyperlinks to navigate in thematerial of the Fraud Prevention Solutions

4

Contents


Among the services that e-Rede offers is the Antifraud Module. A modern system that analyzes various fraud rules to bring security and convenience to merchants.

More and more merchants are realizing that they will not be able to grow sustainably without investing in security.

The Antifraud Module is a service that the merchant contracts together with e-Rede and it may choose between one of the two available modules:

1) Essential analysis module which includes automatic analysis.

2) Advanced analysis module which includes automatic analysis

and manual review

The first module is recommended for smaller merchants with a moderate number of tickets and low revenues. The second oneis recommended for merchants that need more specific rules because of their business.

Note: do not send special characters in XML; for example:

1. & - & 2. < - < 3. > - > 4. “ - " 5. ‘ - '

01 Risk and fraud services

5

Contents


Antifraud Module of Rede02

e-Rede supports the verification of fraud performed before the data is sent to the issuer.

Fraud verification mode

In fraud verification mode, e-Rede takes an active role in managing potentially risky transactions.Details of the transaction, including additional data fields, will be sent to the Antifraud Module before the transaction is sent for authorization.

e-Rede analyzes the response of the Antifraud Module and takes one of three steps:

2.1 Operating modes/ Service Instructions

The risk analysis services can be used in all forms of integration.

The fraud analysis service via e-Rede has the following characteristics:

a. Supports card transactions. b. Supports HPS, HCC, direct API, and Website Services. note: the HPS integration method does not support the manual review service. c. Supports fraud analysis performed before the data is sent to the issuer. d. Supports exclusive use of the risk and fraud services.

1.1 Overview of the service

6

Contents


• If the response of the Antifraud Module indicates that thetransaction is relatively low risk, e-Rede lets the transaction follow its normal course, sending the transaction to the issuer for authorization. The response of the Antifraud Module will be present in e-Rede’s XML Response, and you can store it as a record.

• If the advanced analysis module is chosen, and the response of the Antifraud Module indicates that the transaction is medium risk, e-Rede will mark the transaction for manual review. It will not be sent for approval at this time and response code 1127 will be returned in the XML Response from e-Rede. Transactions that have been marked for manual review will be inspected by an analyst and, if considered legitimate, may continue with an accompanying “accept_review” transaction. When contracting the Advanced Analysis module, our staff will contact you to effect the parameterization of the business rules. At this point, enter the “URL Back”; that is, the return URL of the store, in order to receive the response of the transaction analysis submitted for manual review.

• If the response of the Antifraud Module indicates that the transaction is high risk, e-Rede will directly reject the transaction and it will not be sent for authorization. You will receive response code 1126 in the XML Response. Note that transactions that have been rejected with this response must not proceed.

7

Contents


• CPF Validation Service: One of the optional services of e-Rede’s anti-fraud module is the validation of CPF (Individual Taxpayer Registry) numbers. This service performs the verification of the final digits of the CPF of the cardholder to ensure that the CPF entered is valid. If the CPF entered is invalid, the transaction will be denied. To use the CPF Validation Service, you only need to make two inclusions in the Risk block of the XML of the transaction:

1) Populate the element <id_number></id_number> of the sub-block <Personal Details> with the CPF of the purchaser;

2) Populate the element <id_type></id_type> of the sub-block <Personal Details> with the value 21. Attention: if the value of the element <id_number> is correctly populated, but the value of the element <id_type> is not 21, the transaction will be denied.

The following sections explain the additional XML elementsthat must be sent in the request to use the Antifraud Module.

2.2 Formulating a Request

All the additional information that must be passed to the Antifraud Module must be in this element, and this element must be present in the “TxnDetails” element of the transaction.

2.2.1 Risk element

8

Contents


The action to be taken is indicated in this element, or in other words, an analysis performed before sending the data to the issuer.

name of the element Action

Position Request.Transaction.TxnDetails.Risk

2.2.2

2.2.2.1

Action element

XML example

Attributes of Action

Name of the attribute Description Values/Limitations

Service

This indicates the action(s) to be performed, based on a set of predefined services. The value must be: • “1” to request fraud analysis, which will occur before sending data to the issuer

Must be“1”

XML example of a Request for an initial ecomm transaction <Risk>

<Action service=”1”>...</Action></Risk>

Note that the risk element can only be provided if the sub-element service has a value equal to 1. No other method is supported; for example, “Recurring Payment”.

name of the element Risk

Position Request.Transaction.TxnDetails

9

Contents


Each type of message has different data requirements which are necessary to process the requested message.

These message structures depend on the type of business for which the merchant has been configured; for example, generic, retail, or airline.

The data for type ‘1’ analysis requests must be provided under the following headings:

•MerchantConfiguredDetails •CustomerDetails •RiskDetails* •PersonalDetails* •AddressDetails* •PaymentDetails* •OrderDetails* •LineItemDetails** •JourneyDetails*** •LegItems*** •PassengerItems***

*Note: the sections of data displayed are the basic data structures that must be used for all the type 1 analysis requests, regardless of the merchant’s business, unless otherwise indicated in the field descriptions, which may state that a field is only required for airlines or retail, for example.

**Note: these data sections must only be included for merchants configured as retail merchants. When shopping for multiple items,

it is possible to detail them in this section.

***Note: these sections are for messages specifically for the business of airlines.

name(s) of the element(s): MerchantConfigurationCustomerDetails

Position Request.Transaction.TxnDetails.Risk.Action

2.2.3 Elements of data

10

Contents


2.2.3.1 Fraud analysis

ConfigurationsType of business

General Retail Airline

Merchant configuration • • •

Field Type

Field name: channel

Definition: this reflects the way in which the client’s transaction was captured. This will be used to determine the online purchaser associated with the transactions

Possible value: W = Web

Char (1) º •

Field name: merchant_location

Definition: this represents the location of stores or retail outlets for a reseller or an airline company

Varchar (30) º •

The following table describes all the data fields that can be used in all sections and it applies to the messages received. The table also indicates the data fields required for each message received.

Furthermore, there is an indication of requirements in each field, in which the following criteria are applied:

Key Description

• The field is mandatory and must be filled in with a value.

º The field or value is not mandatory.

11

Contents




Merchant Configuration • • •

Callback Configuration º

Field Type

Field name: callback_format

Possible values: HTTP; XML; SOAPVarchar (4) º

Field name: callback_url

Definition: the callback URL used for this transaction, if necessary

Varchar (200) º

Field name: callback_options

Definition: useone or both the responses and the callback registered for the client/aggregator

Possible values:00 = Immediate real-time callback or 01 = Client02 = This callback (default) 03 = Both04 = Monitored when unavailable or combination of the two; that is,02 would be a real time callback

Char (2) º

Customer Details • • •

Risk Details • • •

Field Type

Field name: account_number

Definition: a unique account number (reference number) for the merchant that is associated with the person who is transacting with the merchant

Varchar (30) • º •

12

Contents




Field name: email_address

Definition: client’s e-mail address.This is generally associated with the person who is transacting with the merchant

Varchar (64) º º º

Field name: alt_email_address

Definition: alternative e-mail address. This is generally associated with the person who is transacting with the merchant

Varchar (64) º

Field name: session_id

Definition: a session ID generated by a web server

Varchar (255) º º

Field name: ip_address

Definition: client’s IP address

Varchar (15)Formato255.255.255.2

º º º

Field name: user_id

Definition: a data field that can be configured by the merchant and which is typically used to specifically identify a client in the system, independent of the account numbers that the client has

Varchar (36) º º

Field name: usermachine_id

Definition: an ID used to specifically identify the computer (the effective hardware) in the system, independent of the client or account numbers that are using the computer. Examples: User Machine ID, Motherboard ID, Hard drive ID, ID of the CPU, etc.

Varchar (255) º º

13

Contents




Field name: user_profile

Definition: a customizable field that can be used by merchants to supplement fraud analysis processes according to a risk rating set by the merchant (e.g., VIP marker, indication if the transaction is part of a promotion, a level of trust involving the identity of the client, etc.)

Varchar (20) º º

Field name: user_profile_2

Definition: a customizable field that can be used by merchants to supplement fraud analysis processes according to a risk rating set by the merchant (see examples above)

Varchar (20) º º

Field name:user_profile_3

Definition: a customizable field that can be used by merchants to supplement fraud analysis processes according to a risk rating set by the merchant (see examples above)

Varchar (20) º º

Field name: register_consumer_watch

Definition: registers the bearer associated with this transaction, for the consumer product

Possible values: Y=Yes; N= No

Char (1) º

Field name: browser_language

Definition: the language setting of the browser

Varchar (30) º

14

Contents




Customer Details • • •Personal Details • • •note: these are generally associated with the people that are transacting with the merchant

Field TypeField name: first_name

Definition: client’s nameVarchar (32) • • •

Field name: surname

Definition: client’s surnameVarchar (32) • • •

Field name: telephone

Definition: client’s telephone numberVarchar (20) • º •

Field name: telephone_2

Definition: alternative telephone numberVarchar (20) º º º

Field name: date_of_birth

Definition: client’s date of birth

Date and time, format yyyy-mm-dd

º º º

Field name: nationality

Definition: client’s nationality, Represented by a 2-character code. See Appendix 11 for more details. This is generally used with reference to certain electronic ID verification services of third parties

Char (2) º º º

Field name: id_numberDefinition: CPF (Individual TaxpayerRegistry), passport ID, or anotheridentification document number. This isgenerally used with reference to certainelectronic ID verification services of thirdparties. This is one of the fields used in theCPF Validation Service. For furtherinformation about the CPF ValidationService, see section 999 of this IntegrationGuide.


15

Contents




Field name: id_type

Definition: a code that defines the type of verification document providedPossible value:21 = CPF (Individual Taxpayer Registry)

This is generally used with reference to certain electronic identification verification services of third parties. When using the CPF Validation Service, make sure to fill in this field with the value of 21. If not, the transactions will be denied.

Int º º º


Address Details • • •

note: these are generally associated with the person who is transacting with the merchant

Field TypeField name: address_line1

Definition: line 1 of the client’s addressVarchar (60) • • •

Field name: address_line2

Definition: line 2 of the client’s addressVarchar (60) º º º

Field name: city

Definition: client’s cityVarchar (25) • • •

Field name: state_province

Definition: stateVarchar (25) º º º

16

Contents




Field name: country

Definition: client’s countryThis is a 2-character code that must be supplied

Char (2) • º º

Field name: zip_code

Definition: ZIP code/client’s postcodeVarchar (10) º º º

Customer Details • • •note: these are generally associated with the shipping of goods/services to customers

Field TypeField name: title

Definition: recipient’s titleVarchar (10) º

Field name: first_name

Definition: client’s first nameVarchar (50) º

Field name: surname

Definition: recipient’s surnameVarchar (50) º


Definition: line 1 of the client’s delivery address

Varchar (60) º


Definition: line 2 of the client’s delivery address

Varchar (60) º

Field name: city

Definition: delivery city for the clientVarchar (25) º


Definition: stateVarchar (25) º

Field name: country

Definition: country of delivery for the client.This is a 2-character code that must be provided

Char (2) º

17

Contents





Definition: Zip code of client’s delivery address

Varchar (10) º

Field name: delivery_date

Definition: delivery date

Date and time, format yyyy-mm-dd

º

Field name: delivery_method

Definition: delivery methodVarchar (30) º

Field name: installation_requested

Definition: indicates if physical installation of the product is required Possible values: Y=Yes; N=No

Char (1) º


Payment Details • • •

Field TypeField name: transaction_type

Definition: the type of payment transaction associated with the transaction. Possible values: Auth; Blank; Instant; Other

Varchar(20) º

Field name: payment_method

Definition:this is the mechanism with which the client chooses to make payment. Possible values: see 3.6 - Codes for payment methods

Varchar (2) • • •

18

Contents





Order Details • • •

Field Type

Field name: discount_value

Definition: the amount of the discount related to the transaction, in the smallest unit of the currency; for example: cents

Int º

Field name: time_zone

Definition: local time zone; for example: +01:00

Time format(+/-hh:mm) º

Field name: proposition_date

Definition: similar to a collection date, it can be used to prioritize the routing queue in a way that the delivery deadline is met

Date and time format yyyy-mm-dd

º



Billing Details • • •

note: these are associated with the card owner for financing the corresponding purchase

Field TypeField name: name

Definition: the name of the cardholder as it appears on the card



Definition: line 1 of the cardholder’s billing address



Definition: line 2 of the cardholder’s billing address


19

Contents




Field name: city

Definition: the city of the cardholder’s billing address



Definition: the state of the cardholder’s billing address


Field name: country

Definition: the country of the cardholder’s billing addressThis is a 2-character code that must be provided

Char (2) • º •


Definition: the ZIP code of the cardholder’s billing address




Line Items º

note: these are associated with the shopping cart details; that is, each item of the cardholder’s purchase will be considered individually

Item •

Field TypeField name: product_code

Definition: the product code of the item purchased.If any one of the fields of an item purchased is submitted, all the fields for this purchased item become mandatory

Varchar (50) º

Field name: product_description

Definition: description of the itemVarchar (50) º

20

Contents




Field name: product_category

Definition: type of item, as classified by the merchant

Varchar (80) º

Field name: product_risk

Definition: an indication of how susceptible the product is to fraud Possible values: High; Medium; Low

Varchar (50) º

Field name: order_quantity

Definition: number of items ordered. If any one of the fields of the item submitted is filled in, all the fields of the item become mandatory.

Int º

Field name: unit_price

Definition: the value of the transaction in the smallest unit of the currency.Example: The value of R$5.32 must be represented as follows:<unit_price>532</unit_price>

Int º


Airline Details •

Journey •

Field TypeField name: ticket_number

Definition: the ticket number assigned to the journey

Varchar (30) º

Field name: payer_travelling

Definition: indicates if the person paying is also travelling with the ticket Possible values:Y=Yes; N=No

Char (1) º

Field name: pnr

Definition: record of the passengers’ namesVarchar(10) º

21

Contents




Customer Details • • •Airline Details •Journey •note: the stopovers for each leg are listed here. The legs must be shown according

to the sequence of the journey, starting with the first legLegs •Field TypeField name: depart_airport

Definition: departure airport for the flight. This is a 3-character IATA code for the airport that must be provided. http://www.iata.org

Char (3) •

Field name: depart_country

Definition: country of departure for the flight.This is a 2-character code that must be provided

Char (2) º

Field name: depart_datetime

Definition: local date and time of departure programmed for the flight

Date and time format yyyy-mm-dd hh:mm:ss

•

Field name: depart_airport_timezone

Definition: local time zone; for example:+01:00

Time format(+/-hh:mm) •

Field name: arrival_airport

Definition: destination airport for the flight. This is a 3-character IATA code for the airport that must be provided.For more information about these codes, visit http://www.iata.org

Char (3) •

22

Contents




Field name: carrier

Definition: flight operator (airline company) for the journey. This is a 2-character IATA code for the carrier that must be provided.For more information about these codes, visit http://www.iata.org

Char (2) •

Field name: flight_number

Definition: flight number for the journeyChar (4) •

Field name: fare_basiscode

Definition: the fare base code provides information on the specific tariff, as well as the class of service required for the booking; for example: HL7LNR

Char (10) •

Field name: fare_class

Definition: example of flight class:F (=First class unrestricted)FR (=First class restricted)B (=Business class unrestricted)CR (=Business class restricted)Y (=Economy class unrestricted)YD (=Economy class restricted)

Char (3) •

Field name: base_fare

Definition: the transaction amount, excluding taxes and fees, in the smallest unit of the currency; for example: cents

Int º

23

Contents




Field name: currency_code

Definition: this is the ISO numeric code for the currency in which the transaction must be processed. This is mandatory ifa base_fare is provided (Capture date-Not fed into the rules engine. For reporting/review)

Char (3) º


Airline Details •

Journey •

Passengers •

Passenger •

Field Type

Field name: first_name

Definition: passenger’s first nameThe ”first_name” field and the “surname” field combined must not exceed32 characters. If any passenger detailis submitted, the “first name” field becomes mandatory

Varchar (32) º

Field name: surname

Definition: passenger’s surnameThe ”first_name” field and the “surname” field combined must not exceed 32 characters. If any passenger detail is submitted, the “surname” field becomes mandatory

Varchar (32) º

Field name: passenger_type

Definition: the type of passenger that is travelling; for example: adult, child, baby Possible values: A=Adult; C=Child; I=Baby

Char (1) •

24

Contents




Field name: nationality

Definition: nationality of the customer, represented by a 2-character code

Char (2) º

Field name: id_number

Definition: passport, ID, or other identification document number.The blocked lists for fraud analysis may include composite nationalities andid_number values

Varchar (40) º

Field name: loyalty_number

Definition: passenger loyalty program number

Varchar (20) º

Field name: loyalty_type

Definition: passenger loyalty program Varchar (20) º

Field name: loyalty_tier

Definition: status or level of the passenger loyalty program

Possible values:1=highest level; for example: platinum2=second highest level; for example: gold3=third highest level; for example: silver, etc.

Int •

25

Contents


The XML below serves as an example of the sending of all possible information fields to be screened with regards to risk.

2.2.3.2 Example of XML request

<Risk> <Action service=”1”> <MerchantConfiguration> <merchant_location>Sydney</merchant_location> <channel>W</channel> </MerchantConfiguration> <CustomerDetails> <RiskDetails> <account_number>24972343</account_number> <email_address>[email protected]</email_address> <session_id>FJW35798FHI</session_id> <ip_address>127.0.0.1</ip_address> <user_id>333</user_id> <usermachine_id>38744</usermachine_id> <user_profile>profile</user_profile> <user_profile_2>profile1</user_profile_2> <user_profile_3>profile2</user_profile_3> </RiskDetails> <PersonalDetails> <first_name>Joe</first_name> <surname>Citizen</surname> <telephone>9555-3937</telephone> <telephone_2>0392774738</telephone_2> <date_of_birth>1978-03-10</date_of_birth> <nationality>Australian</nationality> <id_number>43579</id_number> <id_type>Passport</id_type> <ssn>000-00-0000</ssn> </PersonalDetails> <AddressDetails> <address_line1>123 Main Street</address_line1> <address_line2> </address_line2> <city>Mytown</city>

26

Contents


<state_province>NSW</state_province> <country>Australia</country> <zip_code>2999</zip_code> </AddressDetails> <PaymentDetails> <payment_method>CC</payment_method> <WalletDetails> <acquirer_number>458</acquirer_number> </WalletDetails> </PaymentDetails> <OrderDetails><BillingDetails> <name>Mr Joe Citizen</name> <address_line1>34 Low Street</address_line1> <address_line2>District 7</address_line2> <city>Mycity</city> <state_province>Vic</state_province> <country>AU</country> <zip_code>3999</zip_code> </BillingDetails> <LineItems> <Item> <product_code>PRN383</product_code> <product_description>Pair of socks</product_description> <product_category>Clothing</product_category> <order_quantity>11</order_quantity> <unit_price>4.11</unit_price> </Item> <Item> <product_code>FHEUF</product_code> <product_description>Model dog</product_description> <product_category>Keepsake</product_category> <order_quantity>2</order_quantity> <unit_price>5.32</unit_price> </Item> </LineItems> </OrderDetails> <AirlineDetails> <Journey>

27

Contents


<ticket_number>478935793</ticket_number> <Legs> <Leg><depart_airport>SYD</depart_airport> <depart_country>AU</depart_country> <depart_datetime>2012-10-01 13:23:11</depart_datetime> <depart_airport_timezone>+00:00</depart_airport_timezone> <arrival_airport>MEL</arrival_airport> <carrier>CNB</carrier> <flight_number>508</flight_number> <fare_basiscode>LWC</fare_basiscode> <fare_class>ECONOMY</fare_class> <base_fare>30.00</base_fare> <currency_code>AUD</currency_code> </Leg> <Leg> <depart_airport>MEL</depart_airport> <depart_country>AU</depart_country> <depart_datetime>2012-08-01 13:23:11</depart_datetime> <depart_airport_timezone>+01:00</depart_airport_timezone> <arrival_airport>SYD</arrival_airport> <carrier>SuperJet</carrier> <flight_number>404</flight_number> <fare_basiscode>FR</fare_basiscode> <fare_class>Business</fare_class> <base_fare>7844.00</base_fare> <currency_code>AUD</currency_code> </Leg> </Legs> <Passengers> <Passenger><first_name>Johnl</first_name> <surname>Citizen</surname> <passenger_type>Business</passenger_type> <nationality>Australian</nationality> <id_number>626</id_number> <loyalty_number>32974</loyalty_number> <loyalty_type>Gold</loyalty_type> <loyalty_tier>Tier 3</loyalty_tier>

28

Contents


</Passenger> <Passenger> <first_name>James</first_name> <surname>Citizen</surname> <passenger_type>Type</passenger_type> <nationality>Canadian</nationality> <id_number>574</id_number> <loyalty_number>433</loyalty_number> <loyalty_type>Silver</loyalty_type> <loyalty_tier>Tier 1</loyalty_tier> </Passenger> </Passengers> </Journey> </AirlineDetails> </CustomerDetails> </Action> </Risk>

29

Contents


Field name Description

Response after screening

transaction_idThis is e-Rede’s reference for the original transaction that was sent for risk analysis

response_code

This is a status/return code. It indicates if the transaction has been received and/or the result of the analysis process.00 – the transaction was accepted by the Antifraud Module 01 – the transaction was rejected by the Antifraud Module02 – the transaction was marked for review by the Antifraud Module.For the complete set of response codes, see section 5.1

response_message

This is a text field used to supply a short text description of the status/return code.Transaction Approved Transaction not Approved Transaction Marked for ReviewFor the complete set of response codes, see section 5.1

cpi_valueThis is a risk evaluation score for a client, available in selected lines of business. The value is from 1 to 5 and will be based on the definition discussed between the merchant and e-Rede

Additional Messages

MessageThis field will display any relevant response information. There may be more than one message tag for this purpose

Upon receiving a message requesting a “pre auth” fraud analysis,e-Rede will send a return response message to the merchant. The following table shows the return values of the response message:

2.3.1 Fraud analysis response

The following sections detail the response returned from e-Rede.

2.3 XML response

30

Contents


Example of XML Response <Response version=’2’> <CardTxn> <authcode>640519</authcode> <card_scheme>Mastercard</card_scheme> </CardTxn> <Risk> <action_response> <bankresult_response> <cpi_value>-1</cpi_value> <response_code>00</response_code> <response_message>Successful</response_message> <transaction_id>5200900010000275</transaction_id> </bankresult_response> <screening_response> <cpi_value>0</cpi_value> <response_code>00</response_code> <response_message>Transaction Approved </response_message> <transaction_id>3200900010000275</transaction_id> </screening_response> </action_response> </Risk> <gateway_reference>5200900010000275</gateway_reference> <merchantreference>1aa5c31170306f1504</merchantreference> <mode>LIVE</mode> <reason>ACCEPTED</reason> <status>1</status> <time>1288683112</time> </Response>

2.3.2 Example of “pre auth” XML response

31

Contents


Example of an XML Response for a transaction that has been marked for review <Response version=’2’>

<CardTxn><card_scheme>Mastercard</card_scheme>

</CardTxn><Risk>

<action_response><screening_response>

<cpi_value>0</cpi_value> <response_code>02</response_code> <response_message>Transaction marked for Review</response_message><transaction_id>5200900010000124</transaction_id>

</screening_response></action_response>

</Risk><gateway_reference>5200900010000124</gateway_reference>

<information>Transaction marked for review by the RSG</information> <merchantreference>3cb4b5ca105c388ea6</merchantreference> <mode>LIVE</mode> <reason>Transaction marked for review</reason> <status>1127</status> <time>1288167601</time>

</Response>

If you have sent a “pre auth” transaction and receive response code 1127, you can accept/continue with this transaction by sending an accompanying “accept_ review” transaction. When e-Rede receives an “accept_review” transaction, it automatically sends a message to update the transaction status in the Antifraud Module.

A typical response indicating that a transaction has been markedfor review is shown here:

2.3.3 Acceptance of a transaction marked for review

32

Contents


A typical “accept_review” request is shown below:

Example of an XML Response for a transaction that has been marked for review <Request version=’2’> <Authentication> <password>*****</password> <AcquirerCode> <rdcd_pv>123456789</rdcd_pv> </AcquirerCode> </Authentication> <Transaction> <HistoricTxn> <method>accept_review</method> <reference>123412345</reference> </HistoricTxn> </Transaction></Request>

Responses for each transaction are posted back on your server. This process is known as “callback”.This will be done as a HTTP POST, which contains the following fields in the XML or in the Name=Value fields separated by ‘&’.

The callback response will appear as follows:

2.4 HTTPS responses

name Description Format

aggregator_identifier Unique identifier for an aggregator (e.g., a PSP).Maximum of 15 digits

merchant_order_refReference number that the merchant attributed to the order

Maximum of 250 digits

t3m_idInternal identifier for the fraud services used for subsequent calls like the string request rules.

33

Contents


aggregator_identifier=&merchant_identifier=30000&merchant_order_ref=12345&t3m_id=333333333&score=0&recommendation=1&message_digest=

<?xml version=”2.0” ?> <RealTimeResponse xmlns=”T3MCallback”> <aggregator_identifier/> <merchant_identifier>5567</merchant_identifier> <merchant_order_ref>12345</merchant_order_ref> <t3m_id>333333333</t3m_id> <score>0</score> <recommendation>1</recommendation> <message_digest></message_digest> </RealTimeResponse>

2.4.2

2.4.1

Key-value pair response

XML Response

name Description Format

Score Score assigned to the transaction during fraud scanning -999 to +999

Recommendation

The recommended action based on the results of the fraud scanning.0= Release: transaction liberated by the fraud and risk systems, because it was considered to be non-fraudulent during the scanning.1= Hold: transaction sent for manual review.2 = Reject: transaction rejected because it was considered to be fraudulent during scanning.9 = Under Investigation: transaction under manual review (normally this value will only be seen during a query request).

0 = Release

1 = Hold

2 = Reject

9 = UnderInvestigation

34

Contents


The client’s systems should recognize the callback response within 1 second. This will allow the Antifraud Module to register a successful posting. A means of recognition may be just the transmission of the word “OK” or “Concluded”

If the initial post fails, the system will retry 10 times with an interval of 2 minutes between attempts.

If you want to use HTTP, you need to have a signed certificate that accepts SSL authentication.

2.4.3 Considerations

35

Contents


Codes for services involving risk033.1 Status code of the Antifraud Module

Type of message Status code Status description

Status codes of theAntifraud Module

1126 RSG: rejected

1127RSG: review (you can proceed with the “accept_review” transaction)

1128The referenced transaction cannot be accepted (the dc_response of the referenced transaction must be 1127)

1130 Specified RSG service invalid

1131 The transaction has expired and cannot be completed

1133The RSG service can only be used in the “ecomm” or “cont_auth” environments

1134 Not registered in the RSG service

1135 The referenced transaction was not found

1136Scheduled Recurring Payment is not supported with the RSG service

1137The Historical Recurring Payment transactions are not supported with the RSG service

1138Other fraud screening services cannot be usedtogether with the RSG service

1139 The method is not supported for the RSG service

1140Technical error with the RSG (you can proceed with the “accept_review” transaction at the risk of the merchant)

36

Contents


3.2 Fraud analysis response

Message code Message Description of the message

00 Transaction Approved The risk services approved the transaction

01 Transaction not Approved The risk services rejected the transaction

02 Transaction Marked for Review The risk services marked the transaction for review

03 Technical ErrorThere was a technical problem related to the processing of the request

The following table describes the error responses/codes for fraud analysis requests:

3.3 Update of the bank result


00 SuccessfulThe processing of a received bank result was successful

01 UnsuccessfulThe processing of a received bank result was unsuccessful

The following table describes the error responses/codes for the bank result:

37

Contents


3.4 Configuration errors of the Antifraud Module


999The Risk Services Gateway encountered a problem while processing your request. Please try again later

Exception error in the RSG

998 Invalid XML MessageInvalid XML structure is being submitted to the RSG

997 Validation of XML message failedInvalid XML data are being submittedto the RSG

996Merchant Credentials could not be authenticated / Merchant credentials have expired

Merchant’s RSG authentication failed -incorrect details were submitted

995 Merchant Profile not foundNocompatible RSG detail can be found for themerchant

994Merchant not authorized for all requested services

The merchant is trying to use a service for which it is not registered

38

Contents


3.5 Error codes of the Antifraud Module

Message code Error category Description of the message

04Rules Handler connection not available

Connectivity to the Rules Handler is unstable or there is a connection problem. Contact the e-Rede support team if the error persists

05Rules Handler connection not available

Connectivity to the Rules Handler is unstable or there is a connection problem. Contact the e-Rede support team if the error persists

06 Credit Card not SupportedThe credit card that was provided is not supported by the Antifraud Module

07Merchant and/or Store Not Supported

The details provided for the merchant do not match the data recorded in the Antifraud Module

08 Invalid Transaction MessageSome aspect of the XML transaction is incorrect: the format, missing fields, required information is missing

09Could not Authenticate with Rules Engine

Authentication failed in the Rules Engine. Contact the e-Rede support team if the error persists

10Could not Authenticate with Rules Engine

Authentication failed in the Rules Engine. Contact the e-Rede support team if the error persists

11 SSL Certificate ErrorProblems with certificates. Contact the e-Rede support team if the error persists

12 SSL Certificate Not FoundProblems with certificates. Contact the e-Rede support team if the error persists

13 Store does not existProblem with merchant configuration or incorrect details are being transmitted. Contact the e-Rede support team

16 Server ErrorServer error. Contact the e-Rede support team if the error persists

39

Contents


Message code Error category Description of the message

28Duplicate GatewayTransaction ID/Error logging txn to Database

A duplicate key was found, it is not possible to login

29 Not an XML document An incorrect XML format is being sent

32 Query Parameter ErrorAn error occurred in the fraud analysis system.Contact the e-Rede support team if the error persists

35Field(s) exceeded length declared in DB

One of the fields supplied was longer than that specified in the API, and the field must be altered to shorten values that are longer than the specification, otherwise the error will persist

36Database connection not available

e-Rede error

3.6 Codes for the payment methods of the Antifraud Module

Code Description

CC Credit card

DB Debit card

Rede Call Center:4001 4433(capitals and metropolitan areas)

0800 728 4433(other localities)

Rede Web Portal:userede.com.br

Resolve everythingin one call.

Fraud Prevention · the Advanced Analysis module, our staff will contact you to effect the...

Documents

Transcript of Fraud Prevention · the Advanced Analysis module, our staff will contact you to effect the...