Fraud Prevention · the Advanced Analysis module, our staff will contact you to effect the...
Transcript of Fraud Prevention · the Advanced Analysis module, our staff will contact you to effect the...
Fraud Prevention Solutions
estamos todos ligados
Risk and fraud services 4
Overview of the service 5
Antifraud module of Rede 5
Operating modes/ Service instructions 5
Formulate a request 7
Risk element 7
Action element 8
XML example 8
Data elements 9
Fraud analysis 10
Example of XML request 25
XML response 29
Fraud analysis response 29
Example of “pre auth” XML response 30
Acceptance of a transaction marked for review 31
HTTPS responses 32
XML Response 33
Key-value pair response 33
Considerations 34
01
02
COn
TEn
TS
Click on the hyperlinks to navigate in thematerial of the Fraud Prevention Solutions
1.1
2.1
2.2
2.2.1
2.2.2
2.2.2.1
2.2.3
2.2.3.1
2.2.3.2
2.3
2.3.1
2.3.2
2.3.3
2.4
2.4.1
2.4.2
2.4.3
3.1
3.2
3.3
3.4
3.5
3.6
Codes for services involving risk 34
Status code of theAntifraud Module 34
Fraud analysis response 35
Update of the bank result 35
Configuration errors of the Antifraud Module 36
Error codes of the Antifraud Module 37
Codes for the payment methods of the Antifraud Module 38
03
COn
TEn
TS
Click on the hyperlinks to navigate in thematerial of the Fraud Prevention Solutions
4
Contents
Fraud Prevention Solutions
Among the services that e-Rede offers is the Antifraud Module. A modern system that analyzes various fraud rules to bring security and convenience to merchants.
More and more merchants are realizing that they will not be able to grow sustainably without investing in security.
The Antifraud Module is a service that the merchant contracts together with e-Rede and it may choose between one of the two available modules:
1) Essential analysis module which includes automatic analysis.
2) Advanced analysis module which includes automatic analysis
and manual review
The first module is recommended for smaller merchants with a moderate number of tickets and low revenues. The second oneis recommended for merchants that need more specific rules because of their business.
Note: do not send special characters in XML; for example:
1. & - & 2. < - < 3. > - > 4. “ - " 5. ‘ - '
01 Risk and fraud services
5
Contents
Fraud Prevention Solutions
Antifraud Module of Rede02
e-Rede supports the verification of fraud performed before the data is sent to the issuer.
Fraud verification mode
In fraud verification mode, e-Rede takes an active role in managing potentially risky transactions.Details of the transaction, including additional data fields, will be sent to the Antifraud Module before the transaction is sent for authorization.
e-Rede analyzes the response of the Antifraud Module and takes one of three steps:
2.1 Operating modes/ Service Instructions
The risk analysis services can be used in all forms of integration.
The fraud analysis service via e-Rede has the following characteristics:
a. Supports card transactions. b. Supports HPS, HCC, direct API, and Website Services. note: the HPS integration method does not support the manual review service. c. Supports fraud analysis performed before the data is sent to the issuer. d. Supports exclusive use of the risk and fraud services.
1.1 Overview of the service
6
Contents
Fraud Prevention Solutions
• If the response of the Antifraud Module indicates that thetransaction is relatively low risk, e-Rede lets the transaction follow its normal course, sending the transaction to the issuer for authorization. The response of the Antifraud Module will be present in e-Rede’s XML Response, and you can store it as a record.
• If the advanced analysis module is chosen, and the response of the Antifraud Module indicates that the transaction is medium risk, e-Rede will mark the transaction for manual review. It will not be sent for approval at this time and response code 1127 will be returned in the XML Response from e-Rede. Transactions that have been marked for manual review will be inspected by an analyst and, if considered legitimate, may continue with an accompanying “accept_review” transaction. When contracting the Advanced Analysis module, our staff will contact you to effect the parameterization of the business rules. At this point, enter the “URL Back”; that is, the return URL of the store, in order to receive the response of the transaction analysis submitted for manual review.
• If the response of the Antifraud Module indicates that the transaction is high risk, e-Rede will directly reject the transaction and it will not be sent for authorization. You will receive response code 1126 in the XML Response. Note that transactions that have been rejected with this response must not proceed.
7
Contents
Fraud Prevention Solutions
• CPF Validation Service: One of the optional services of e-Rede’s anti-fraud module is the validation of CPF (Individual Taxpayer Registry) numbers. This service performs the verification of the final digits of the CPF of the cardholder to ensure that the CPF entered is valid. If the CPF entered is invalid, the transaction will be denied. To use the CPF Validation Service, you only need to make two inclusions in the Risk block of the XML of the transaction:
1) Populate the element <id_number></id_number> of the sub-block <Personal Details> with the CPF of the purchaser;
2) Populate the element <id_type></id_type> of the sub-block <Personal Details> with the value 21. Attention: if the value of the element <id_number> is correctly populated, but the value of the element <id_type> is not 21, the transaction will be denied.
The following sections explain the additional XML elementsthat must be sent in the request to use the Antifraud Module.
2.2 Formulating a Request
All the additional information that must be passed to the Antifraud Module must be in this element, and this element must be present in the “TxnDetails” element of the transaction.
2.2.1 Risk element
8
Contents
Fraud Prevention Solutions
The action to be taken is indicated in this element, or in other words, an analysis performed before sending the data to the issuer.
name of the element Action
Position Request.Transaction.TxnDetails.Risk
2.2.2
2.2.2.1
Action element
XML example
Attributes of Action
Name of the attribute Description Values/Limitations
Service
This indicates the action(s) to be performed, based on a set of predefined services. The value must be: • “1” to request fraud analysis, which will occur before sending data to the issuer
Must be“1”
XML example of a Request for an initial ecomm transaction <Risk>
<Action service=”1”>...</Action></Risk>
Note that the risk element can only be provided if the sub-element service has a value equal to 1. No other method is supported; for example, “Recurring Payment”.
name of the element Risk
Position Request.Transaction.TxnDetails
9
Contents
Fraud Prevention Solutions
Each type of message has different data requirements which are necessary to process the requested message.
These message structures depend on the type of business for which the merchant has been configured; for example, generic, retail, or airline.
The data for type ‘1’ analysis requests must be provided under the following headings:
•MerchantConfiguredDetails •CustomerDetails •RiskDetails* •PersonalDetails* •AddressDetails* •PaymentDetails* •OrderDetails* •LineItemDetails** •JourneyDetails*** •LegItems*** •PassengerItems***
*Note: the sections of data displayed are the basic data structures that must be used for all the type 1 analysis requests, regardless of the merchant’s business, unless otherwise indicated in the field descriptions, which may state that a field is only required for airlines or retail, for example.
**Note: these data sections must only be included for merchants configured as retail merchants. When shopping for multiple items,
it is possible to detail them in this section.
***Note: these sections are for messages specifically for the business of airlines.
name(s) of the element(s): MerchantConfigurationCustomerDetails
Position Request.Transaction.TxnDetails.Risk.Action
2.2.3 Elements of data
10
Contents
Fraud Prevention Solutions
2.2.3.1 Fraud analysis
ConfigurationsType of business
General Retail Airline
Merchant configuration • • •
Field Type
Field name: channel
Definition: this reflects the way in which the client’s transaction was captured. This will be used to determine the online purchaser associated with the transactions
Possible value: W = Web
Char (1) º •
Field name: merchant_location
Definition: this represents the location of stores or retail outlets for a reseller or an airline company
Varchar (30) º •
The following table describes all the data fields that can be used in all sections and it applies to the messages received. The table also indicates the data fields required for each message received.
Furthermore, there is an indication of requirements in each field, in which the following criteria are applied:
Key Description
• The field is mandatory and must be filled in with a value.
º The field or value is not mandatory.
11
Contents
Fraud Prevention Solutions
ConfigurationsType of business
General Retail Airline
Merchant Configuration • • •
Callback Configuration º
Field Type
Field name: callback_format
Possible values: HTTP; XML; SOAPVarchar (4) º
Field name: callback_url
Definition: the callback URL used for this transaction, if necessary
Varchar (200) º
Field name: callback_options
Definition: useone or both the responses and the callback registered for the client/aggregator
Possible values:00 = Immediate real-time callback or 01 = Client02 = This callback (default) 03 = Both04 = Monitored when unavailable or combination of the two; that is,02 would be a real time callback
Char (2) º
Customer Details • • •
Risk Details • • •
Field Type
Field name: account_number
Definition: a unique account number (reference number) for the merchant that is associated with the person who is transacting with the merchant
Varchar (30) • º •
12
Contents
Fraud Prevention Solutions
ConfigurationsType of business
General Retail Airline
Field name: email_address
Definition: client’s e-mail address.This is generally associated with the person who is transacting with the merchant
Varchar (64) º º º
Field name: alt_email_address
Definition: alternative e-mail address. This is generally associated with the person who is transacting with the merchant
Varchar (64) º
Field name: session_id
Definition: a session ID generated by a web server
Varchar (255) º º
Field name: ip_address
Definition: client’s IP address
Varchar (15)Formato255.255.255.2
º º º
Field name: user_id
Definition: a data field that can be configured by the merchant and which is typically used to specifically identify a client in the system, independent of the account numbers that the client has
Varchar (36) º º
Field name: usermachine_id
Definition: an ID used to specifically identify the computer (the effective hardware) in the system, independent of the client or account numbers that are using the computer. Examples: User Machine ID, Motherboard ID, Hard drive ID, ID of the CPU, etc.
Varchar (255) º º
13
Contents
Fraud Prevention Solutions
ConfigurationsType of business
General Retail Airline
Field name: user_profile
Definition: a customizable field that can be used by merchants to supplement fraud analysis processes according to a risk rating set by the merchant (e.g., VIP marker, indication if the transaction is part of a promotion, a level of trust involving the identity of the client, etc.)
Varchar (20) º º
Field name: user_profile_2
Definition: a customizable field that can be used by merchants to supplement fraud analysis processes according to a risk rating set by the merchant (see examples above)
Varchar (20) º º
Field name:user_profile_3
Definition: a customizable field that can be used by merchants to supplement fraud analysis processes according to a risk rating set by the merchant (see examples above)
Varchar (20) º º
Field name: register_consumer_watch
Definition: registers the bearer associated with this transaction, for the consumer product
Possible values: Y=Yes; N= No
Char (1) º
Field name: browser_language
Definition: the language setting of the browser
Varchar (30) º
14
Contents
Fraud Prevention Solutions
ConfigurationsType of business
General Retail Airline
Customer Details • • •Personal Details • • •note: these are generally associated with the people that are transacting with the merchant
Field TypeField name: first_name
Definition: client’s nameVarchar (32) • • •
Field name: surname
Definition: client’s surnameVarchar (32) • • •
Field name: telephone
Definition: client’s telephone numberVarchar (20) • º •
Field name: telephone_2
Definition: alternative telephone numberVarchar (20) º º º
Field name: date_of_birth
Definition: client’s date of birth
Date and time, format yyyy-mm-dd
º º º
Field name: nationality
Definition: client’s nationality, Represented by a 2-character code. See Appendix 11 for more details. This is generally used with reference to certain electronic ID verification services of third parties
Char (2) º º º
Field name: id_numberDefinition: CPF (Individual TaxpayerRegistry), passport ID, or anotheridentification document number. This isgenerally used with reference to certainelectronic ID verification services of thirdparties. This is one of the fields used in theCPF Validation Service. For furtherinformation about the CPF ValidationService, see section 999 of this IntegrationGuide.
Varchar (40) º º º
15
Contents
Fraud Prevention Solutions
ConfigurationsType of business
General Retail Airline
Field name: id_type
Definition: a code that defines the type of verification document providedPossible value:21 = CPF (Individual Taxpayer Registry)
This is generally used with reference to certain electronic identification verification services of third parties. When using the CPF Validation Service, make sure to fill in this field with the value of 21. If not, the transactions will be denied.
Int º º º
Customer Details • • •
Address Details • • •
note: these are generally associated with the person who is transacting with the merchant
Field TypeField name: address_line1
Definition: line 1 of the client’s addressVarchar (60) • • •
Field name: address_line2
Definition: line 2 of the client’s addressVarchar (60) º º º
Field name: city
Definition: client’s cityVarchar (25) • • •
Field name: state_province
Definition: stateVarchar (25) º º º
16
Contents
Fraud Prevention Solutions
ConfigurationsType of business
General Retail Airline
Field name: country
Definition: client’s countryThis is a 2-character code that must be supplied
Char (2) • º º
Field name: zip_code
Definition: ZIP code/client’s postcodeVarchar (10) º º º
Customer Details • • •note: these are generally associated with the shipping of goods/services to customers
Field TypeField name: title
Definition: recipient’s titleVarchar (10) º
Field name: first_name
Definition: client’s first nameVarchar (50) º
Field name: surname
Definition: recipient’s surnameVarchar (50) º
Field name: address_line1
Definition: line 1 of the client’s delivery address
Varchar (60) º
Field name: address_line2
Definition: line 2 of the client’s delivery address
Varchar (60) º
Field name: city
Definition: delivery city for the clientVarchar (25) º
Field name: state_province
Definition: stateVarchar (25) º
Field name: country
Definition: country of delivery for the client.This is a 2-character code that must be provided
Char (2) º
17
Contents
Fraud Prevention Solutions
ConfigurationsType of business
General Retail Airline
Field name: zip_code
Definition: Zip code of client’s delivery address
Varchar (10) º
Field name: delivery_date
Definition: delivery date
Date and time, format yyyy-mm-dd
º
Field name: delivery_method
Definition: delivery methodVarchar (30) º
Field name: installation_requested
Definition: indicates if physical installation of the product is required Possible values: Y=Yes; N=No
Char (1) º
Customer Details • • •
Payment Details • • •
Field TypeField name: transaction_type
Definition: the type of payment transaction associated with the transaction. Possible values: Auth; Blank; Instant; Other
Varchar(20) º
Field name: payment_method
Definition:this is the mechanism with which the client chooses to make payment. Possible values: see 3.6 - Codes for payment methods
Varchar (2) • • •
18
Contents
Fraud Prevention Solutions
ConfigurationsType of business
General Retail Airline
Customer Details • • •
Order Details • • •
Field Type
Field name: discount_value
Definition: the amount of the discount related to the transaction, in the smallest unit of the currency; for example: cents
Int º
Field name: time_zone
Definition: local time zone; for example: +01:00
Time format(+/-hh:mm) º
Field name: proposition_date
Definition: similar to a collection date, it can be used to prioritize the routing queue in a way that the delivery deadline is met
Date and time format yyyy-mm-dd
º
Customer Details • • •
Order Details • • •
Billing Details • • •
note: these are associated with the card owner for financing the corresponding purchase
Field TypeField name: name
Definition: the name of the cardholder as it appears on the card
Varchar (50) º º º
Field name: address_line1
Definition: line 1 of the cardholder’s billing address
Varchar (60) º º º
Field name: address_line2
Definition: line 2 of the cardholder’s billing address
Varchar (60) º º º
19
Contents
Fraud Prevention Solutions
ConfigurationsType of business
General Retail Airline
Field name: city
Definition: the city of the cardholder’s billing address
Varchar (25) º º º
Field name: state_province
Definition: the state of the cardholder’s billing address
Varchar (25) º º º
Field name: country
Definition: the country of the cardholder’s billing addressThis is a 2-character code that must be provided
Char (2) • º •
Field name: zip_code
Definition: the ZIP code of the cardholder’s billing address
Varchar (10) º º º
Customer Details • • •
Order Details • • •
Line Items º
note: these are associated with the shopping cart details; that is, each item of the cardholder’s purchase will be considered individually
Item •
Field TypeField name: product_code
Definition: the product code of the item purchased.If any one of the fields of an item purchased is submitted, all the fields for this purchased item become mandatory
Varchar (50) º
Field name: product_description
Definition: description of the itemVarchar (50) º
20
Contents
Fraud Prevention Solutions
ConfigurationsType of business
General Retail Airline
Field name: product_category
Definition: type of item, as classified by the merchant
Varchar (80) º
Field name: product_risk
Definition: an indication of how susceptible the product is to fraud Possible values: High; Medium; Low
Varchar (50) º
Field name: order_quantity
Definition: number of items ordered. If any one of the fields of the item submitted is filled in, all the fields of the item become mandatory.
Int º
Field name: unit_price
Definition: the value of the transaction in the smallest unit of the currency.Example: The value of R$5.32 must be represented as follows:<unit_price>532</unit_price>
Int º
Customer Details • • •
Airline Details •
Journey •
Field TypeField name: ticket_number
Definition: the ticket number assigned to the journey
Varchar (30) º
Field name: payer_travelling
Definition: indicates if the person paying is also travelling with the ticket Possible values:Y=Yes; N=No
Char (1) º
Field name: pnr
Definition: record of the passengers’ namesVarchar(10) º
21
Contents
Fraud Prevention Solutions
ConfigurationsType of business
General Retail Airline
Customer Details • • •Airline Details •Journey •note: the stopovers for each leg are listed here. The legs must be shown according
to the sequence of the journey, starting with the first legLegs •Field TypeField name: depart_airport
Definition: departure airport for the flight. This is a 3-character IATA code for the airport that must be provided. http://www.iata.org
Char (3) •
Field name: depart_country
Definition: country of departure for the flight.This is a 2-character code that must be provided
Char (2) º
Field name: depart_datetime
Definition: local date and time of departure programmed for the flight
Date and time format yyyy-mm-dd hh:mm:ss
•
Field name: depart_airport_timezone
Definition: local time zone; for example:+01:00
Time format(+/-hh:mm) •
Field name: arrival_airport
Definition: destination airport for the flight. This is a 3-character IATA code for the airport that must be provided.For more information about these codes, visit http://www.iata.org
Char (3) •
22
Contents
Fraud Prevention Solutions
ConfigurationsType of business
General Retail Airline
Field name: carrier
Definition: flight operator (airline company) for the journey. This is a 2-character IATA code for the carrier that must be provided.For more information about these codes, visit http://www.iata.org
Char (2) •
Field name: flight_number
Definition: flight number for the journeyChar (4) •
Field name: fare_basiscode
Definition: the fare base code provides information on the specific tariff, as well as the class of service required for the booking; for example: HL7LNR
Char (10) •
Field name: fare_class
Definition: example of flight class:F (=First class unrestricted)FR (=First class restricted)B (=Business class unrestricted)CR (=Business class restricted)Y (=Economy class unrestricted)YD (=Economy class restricted)
Char (3) •
Field name: base_fare
Definition: the transaction amount, excluding taxes and fees, in the smallest unit of the currency; for example: cents
Int º
23
Contents
Fraud Prevention Solutions
ConfigurationsType of business
General Retail Airline
Field name: currency_code
Definition: this is the ISO numeric code for the currency in which the transaction must be processed. This is mandatory ifa base_fare is provided (Capture date-Not fed into the rules engine. For reporting/review)
Char (3) º
Customer Details • • •
Airline Details •
Journey •
Passengers •
Passenger •
Field Type
Field name: first_name
Definition: passenger’s first nameThe ”first_name” field and the “surname” field combined must not exceed32 characters. If any passenger detailis submitted, the “first name” field becomes mandatory
Varchar (32) º
Field name: surname
Definition: passenger’s surnameThe ”first_name” field and the “surname” field combined must not exceed 32 characters. If any passenger detail is submitted, the “surname” field becomes mandatory
Varchar (32) º
Field name: passenger_type
Definition: the type of passenger that is travelling; for example: adult, child, baby Possible values: A=Adult; C=Child; I=Baby
Char (1) •
24
Contents
Fraud Prevention Solutions
ConfigurationsType of business
General Retail Airline
Field name: nationality
Definition: nationality of the customer, represented by a 2-character code
Char (2) º
Field name: id_number
Definition: passport, ID, or other identification document number.The blocked lists for fraud analysis may include composite nationalities andid_number values
Varchar (40) º
Field name: loyalty_number
Definition: passenger loyalty program number
Varchar (20) º
Field name: loyalty_type
Definition: passenger loyalty program Varchar (20) º
Field name: loyalty_tier
Definition: status or level of the passenger loyalty program
Possible values:1=highest level; for example: platinum2=second highest level; for example: gold3=third highest level; for example: silver, etc.
Int •
25
Contents
Fraud Prevention Solutions
The XML below serves as an example of the sending of all possible information fields to be screened with regards to risk.
2.2.3.2 Example of XML request
<Risk> <Action service=”1”> <MerchantConfiguration> <merchant_location>Sydney</merchant_location> <channel>W</channel> </MerchantConfiguration> <CustomerDetails> <RiskDetails> <account_number>24972343</account_number> <email_address>[email protected]</email_address> <session_id>FJW35798FHI</session_id> <ip_address>127.0.0.1</ip_address> <user_id>333</user_id> <usermachine_id>38744</usermachine_id> <user_profile>profile</user_profile> <user_profile_2>profile1</user_profile_2> <user_profile_3>profile2</user_profile_3> </RiskDetails> <PersonalDetails> <first_name>Joe</first_name> <surname>Citizen</surname> <telephone>9555-3937</telephone> <telephone_2>0392774738</telephone_2> <date_of_birth>1978-03-10</date_of_birth> <nationality>Australian</nationality> <id_number>43579</id_number> <id_type>Passport</id_type> <ssn>000-00-0000</ssn> </PersonalDetails> <AddressDetails> <address_line1>123 Main Street</address_line1> <address_line2> </address_line2> <city>Mytown</city>
26
Contents
Fraud Prevention Solutions
<state_province>NSW</state_province> <country>Australia</country> <zip_code>2999</zip_code> </AddressDetails> <PaymentDetails> <payment_method>CC</payment_method> <WalletDetails> <acquirer_number>458</acquirer_number> </WalletDetails> </PaymentDetails> <OrderDetails><BillingDetails> <name>Mr Joe Citizen</name> <address_line1>34 Low Street</address_line1> <address_line2>District 7</address_line2> <city>Mycity</city> <state_province>Vic</state_province> <country>AU</country> <zip_code>3999</zip_code> </BillingDetails> <LineItems> <Item> <product_code>PRN383</product_code> <product_description>Pair of socks</product_description> <product_category>Clothing</product_category> <order_quantity>11</order_quantity> <unit_price>4.11</unit_price> </Item> <Item> <product_code>FHEUF</product_code> <product_description>Model dog</product_description> <product_category>Keepsake</product_category> <order_quantity>2</order_quantity> <unit_price>5.32</unit_price> </Item> </LineItems> </OrderDetails> <AirlineDetails> <Journey>
27
Contents
Fraud Prevention Solutions
<ticket_number>478935793</ticket_number> <Legs> <Leg><depart_airport>SYD</depart_airport> <depart_country>AU</depart_country> <depart_datetime>2012-10-01 13:23:11</depart_datetime> <depart_airport_timezone>+00:00</depart_airport_timezone> <arrival_airport>MEL</arrival_airport> <carrier>CNB</carrier> <flight_number>508</flight_number> <fare_basiscode>LWC</fare_basiscode> <fare_class>ECONOMY</fare_class> <base_fare>30.00</base_fare> <currency_code>AUD</currency_code> </Leg> <Leg> <depart_airport>MEL</depart_airport> <depart_country>AU</depart_country> <depart_datetime>2012-08-01 13:23:11</depart_datetime> <depart_airport_timezone>+01:00</depart_airport_timezone> <arrival_airport>SYD</arrival_airport> <carrier>SuperJet</carrier> <flight_number>404</flight_number> <fare_basiscode>FR</fare_basiscode> <fare_class>Business</fare_class> <base_fare>7844.00</base_fare> <currency_code>AUD</currency_code> </Leg> </Legs> <Passengers> <Passenger><first_name>Johnl</first_name> <surname>Citizen</surname> <passenger_type>Business</passenger_type> <nationality>Australian</nationality> <id_number>626</id_number> <loyalty_number>32974</loyalty_number> <loyalty_type>Gold</loyalty_type> <loyalty_tier>Tier 3</loyalty_tier>
28
Contents
Fraud Prevention Solutions
</Passenger> <Passenger> <first_name>James</first_name> <surname>Citizen</surname> <passenger_type>Type</passenger_type> <nationality>Canadian</nationality> <id_number>574</id_number> <loyalty_number>433</loyalty_number> <loyalty_type>Silver</loyalty_type> <loyalty_tier>Tier 1</loyalty_tier> </Passenger> </Passengers> </Journey> </AirlineDetails> </CustomerDetails> </Action> </Risk>
29
Contents
Fraud Prevention Solutions
Field name Description
Response after screening
transaction_idThis is e-Rede’s reference for the original transaction that was sent for risk analysis
response_code
This is a status/return code. It indicates if the transaction has been received and/or the result of the analysis process.00 – the transaction was accepted by the Antifraud Module 01 – the transaction was rejected by the Antifraud Module02 – the transaction was marked for review by the Antifraud Module.For the complete set of response codes, see section 5.1
response_message
This is a text field used to supply a short text description of the status/return code.Transaction Approved Transaction not Approved Transaction Marked for ReviewFor the complete set of response codes, see section 5.1
cpi_valueThis is a risk evaluation score for a client, available in selected lines of business. The value is from 1 to 5 and will be based on the definition discussed between the merchant and e-Rede
Additional Messages
MessageThis field will display any relevant response information. There may be more than one message tag for this purpose
Upon receiving a message requesting a “pre auth” fraud analysis,e-Rede will send a return response message to the merchant. The following table shows the return values of the response message:
2.3.1 Fraud analysis response
The following sections detail the response returned from e-Rede.
2.3 XML response
30
Contents
Fraud Prevention Solutions
Example of XML Response <Response version=’2’> <CardTxn> <authcode>640519</authcode> <card_scheme>Mastercard</card_scheme> </CardTxn> <Risk> <action_response> <bankresult_response> <cpi_value>-1</cpi_value> <response_code>00</response_code> <response_message>Successful</response_message> <transaction_id>5200900010000275</transaction_id> </bankresult_response> <screening_response> <cpi_value>0</cpi_value> <response_code>00</response_code> <response_message>Transaction Approved </response_message> <transaction_id>3200900010000275</transaction_id> </screening_response> </action_response> </Risk> <gateway_reference>5200900010000275</gateway_reference> <merchantreference>1aa5c31170306f1504</merchantreference> <mode>LIVE</mode> <reason>ACCEPTED</reason> <status>1</status> <time>1288683112</time> </Response>
2.3.2 Example of “pre auth” XML response
31
Contents
Fraud Prevention Solutions
Example of an XML Response for a transaction that has been marked for review <Response version=’2’>
<CardTxn><card_scheme>Mastercard</card_scheme>
</CardTxn><Risk>
<action_response><screening_response>
<cpi_value>0</cpi_value> <response_code>02</response_code> <response_message>Transaction marked for Review</response_message><transaction_id>5200900010000124</transaction_id>
</screening_response></action_response>
</Risk><gateway_reference>5200900010000124</gateway_reference>
<information>Transaction marked for review by the RSG</information> <merchantreference>3cb4b5ca105c388ea6</merchantreference> <mode>LIVE</mode> <reason>Transaction marked for review</reason> <status>1127</status> <time>1288167601</time>
</Response>
If you have sent a “pre auth” transaction and receive response code 1127, you can accept/continue with this transaction by sending an accompanying “accept_ review” transaction. When e-Rede receives an “accept_review” transaction, it automatically sends a message to update the transaction status in the Antifraud Module.
A typical response indicating that a transaction has been markedfor review is shown here:
2.3.3 Acceptance of a transaction marked for review
32
Contents
Fraud Prevention Solutions
A typical “accept_review” request is shown below:
Example of an XML Response for a transaction that has been marked for review <Request version=’2’> <Authentication> <password>*****</password> <AcquirerCode> <rdcd_pv>123456789</rdcd_pv> </AcquirerCode> </Authentication> <Transaction> <HistoricTxn> <method>accept_review</method> <reference>123412345</reference> </HistoricTxn> </Transaction></Request>
Responses for each transaction are posted back on your server. This process is known as “callback”.This will be done as a HTTP POST, which contains the following fields in the XML or in the Name=Value fields separated by ‘&’.
The callback response will appear as follows:
2.4 HTTPS responses
name Description Format
aggregator_identifier Unique identifier for an aggregator (e.g., a PSP).Maximum of 15 digits
merchant_order_refReference number that the merchant attributed to the order
Maximum of 250 digits
t3m_idInternal identifier for the fraud services used for subsequent calls like the string request rules.
33
Contents
Fraud Prevention Solutions
aggregator_identifier=&merchant_identifier=30000&merchant_order_ref=12345&t3m_id=333333333&score=0&recommendation=1&message_digest=
<?xml version=”2.0” ?> <RealTimeResponse xmlns=”T3MCallback”> <aggregator_identifier/> <merchant_identifier>5567</merchant_identifier> <merchant_order_ref>12345</merchant_order_ref> <t3m_id>333333333</t3m_id> <score>0</score> <recommendation>1</recommendation> <message_digest></message_digest> </RealTimeResponse>
2.4.2
2.4.1
Key-value pair response
XML Response
name Description Format
Score Score assigned to the transaction during fraud scanning -999 to +999
Recommendation
The recommended action based on the results of the fraud scanning.0= Release: transaction liberated by the fraud and risk systems, because it was considered to be non-fraudulent during the scanning.1= Hold: transaction sent for manual review.2 = Reject: transaction rejected because it was considered to be fraudulent during scanning.9 = Under Investigation: transaction under manual review (normally this value will only be seen during a query request).
0 = Release
1 = Hold
2 = Reject
9 = UnderInvestigation
34
Contents
Fraud Prevention Solutions
The client’s systems should recognize the callback response within 1 second. This will allow the Antifraud Module to register a successful posting. A means of recognition may be just the transmission of the word “OK” or “Concluded”
If the initial post fails, the system will retry 10 times with an interval of 2 minutes between attempts.
If you want to use HTTP, you need to have a signed certificate that accepts SSL authentication.
2.4.3 Considerations
35
Contents
Fraud Prevention Solutions
Codes for services involving risk033.1 Status code of the Antifraud Module
Type of message Status code Status description
Status codes of theAntifraud Module
1126 RSG: rejected
1127RSG: review (you can proceed with the “accept_review” transaction)
1128The referenced transaction cannot be accepted (the dc_response of the referenced transaction must be 1127)
1130 Specified RSG service invalid
1131 The transaction has expired and cannot be completed
1133The RSG service can only be used in the “ecomm” or “cont_auth” environments
1134 Not registered in the RSG service
1135 The referenced transaction was not found
1136Scheduled Recurring Payment is not supported with the RSG service
1137The Historical Recurring Payment transactions are not supported with the RSG service
1138Other fraud screening services cannot be usedtogether with the RSG service
1139 The method is not supported for the RSG service
1140Technical error with the RSG (you can proceed with the “accept_review” transaction at the risk of the merchant)
36
Contents
Fraud Prevention Solutions
3.2 Fraud analysis response
Message code Message Description of the message
00 Transaction Approved The risk services approved the transaction
01 Transaction not Approved The risk services rejected the transaction
02 Transaction Marked for Review The risk services marked the transaction for review
03 Technical ErrorThere was a technical problem related to the processing of the request
The following table describes the error responses/codes for fraud analysis requests:
3.3 Update of the bank result
Message code Message Description of the message
00 SuccessfulThe processing of a received bank result was successful
01 UnsuccessfulThe processing of a received bank result was unsuccessful
The following table describes the error responses/codes for the bank result:
37
Contents
Fraud Prevention Solutions
3.4 Configuration errors of the Antifraud Module
Message code Message Description of the message
999The Risk Services Gateway encountered a problem while processing your request. Please try again later
Exception error in the RSG
998 Invalid XML MessageInvalid XML structure is being submitted to the RSG
997 Validation of XML message failedInvalid XML data are being submittedto the RSG
996Merchant Credentials could not be authenticated / Merchant credentials have expired
Merchant’s RSG authentication failed -incorrect details were submitted
995 Merchant Profile not foundNocompatible RSG detail can be found for themerchant
994Merchant not authorized for all requested services
The merchant is trying to use a service for which it is not registered
38
Contents
Fraud Prevention Solutions
3.5 Error codes of the Antifraud Module
Message code Error category Description of the message
04Rules Handler connection not available
Connectivity to the Rules Handler is unstable or there is a connection problem. Contact the e-Rede support team if the error persists
05Rules Handler connection not available
Connectivity to the Rules Handler is unstable or there is a connection problem. Contact the e-Rede support team if the error persists
06 Credit Card not SupportedThe credit card that was provided is not supported by the Antifraud Module
07Merchant and/or Store Not Supported
The details provided for the merchant do not match the data recorded in the Antifraud Module
08 Invalid Transaction MessageSome aspect of the XML transaction is incorrect: the format, missing fields, required information is missing
09Could not Authenticate with Rules Engine
Authentication failed in the Rules Engine. Contact the e-Rede support team if the error persists
10Could not Authenticate with Rules Engine
Authentication failed in the Rules Engine. Contact the e-Rede support team if the error persists
11 SSL Certificate ErrorProblems with certificates. Contact the e-Rede support team if the error persists
12 SSL Certificate Not FoundProblems with certificates. Contact the e-Rede support team if the error persists
13 Store does not existProblem with merchant configuration or incorrect details are being transmitted. Contact the e-Rede support team
16 Server ErrorServer error. Contact the e-Rede support team if the error persists
39
Contents
Fraud Prevention Solutions
Message code Error category Description of the message
28Duplicate GatewayTransaction ID/Error logging txn to Database
A duplicate key was found, it is not possible to login
29 Not an XML document An incorrect XML format is being sent
32 Query Parameter ErrorAn error occurred in the fraud analysis system.Contact the e-Rede support team if the error persists
35Field(s) exceeded length declared in DB
One of the fields supplied was longer than that specified in the API, and the field must be altered to shorten values that are longer than the specification, otherwise the error will persist
36Database connection not available
e-Rede error
3.6 Codes for the payment methods of the Antifraud Module
Code Description
CC Credit card
DB Debit card
Rede Call Center:4001 4433(capitals and metropolitan areas)
0800 728 4433(other localities)
Rede Web Portal:userede.com.br
Resolve everythingin one call.