Anti-fraud integration

The anti-fraud integration described on this page is available only with full balance integrations. For zero balance integration, see Zero balance anti-fraud and validations integration.

The Pismo platform can integrate with third-party fraud prevention systems to enable additional security checks whenever customers carry out new transactions. An issuer can implement anti-fraud integration to enforce additional risk constraints. When the anti-fraud integration is enabled during setup, the Pismo platform sends all transactions that are subject to authorization to the anti-fraud system to confirm the approval or, in the case of fraud detection, to decline the transaction and to block the card.

The anti-fraud call to full balance and zero balance customers' webhook occurs during step 5 in the Full and zero balance workflows.

📘

Optional integration

Note that this integration is totally optional for full balance issuers. If not present, Pismo responds to the network with its own results.

Workflow

The Pismo authorization process performs all stateless and stateful validations, assembles a request with the transaction data, and makes an HTTPS call to the webhook URL you specified during setup.

📘

Webhook request URL

To change the URL at any time, open a Service Desk request.

The response you need to send to the Pismo platform is defined in the Full balance anti-fraud integration webhook request specification, so that the platform can interpret and use the anti-fraud system's decision. This functionality enables you to integrate with any risk analysis provider at authorization time, making it possible to deny a purchase the platform approved.

🚧

Anti-fraud timeout - 2 seconds

If the Pismo platform does not receive a valid response from your anti-fraud system within two seconds, the request times out. In this case, the authorization proceeds with Pismo's validation, which is then considered final.

Per-program settings

The following settings can be defined on a program level. The settings below impact transactions that use a card related to a program. To activate these settings, open a Service Desk ticket with Pismo.

Overwrite the card network response code

When the anti-fraud system denies a purchase as indicated in the response_code field, the platform uses the provided response_code without any additional processing. When the Pismo platform denies the authorization, the following occurs:

  • If the overwrite response code setting is active and your anti-fraud system does not send a response_code, the platform uses the response_code that it calculated during authorization to respond to the card network.
  • If the overwrite response code setting is active and the anti-fraud system sends a response_code, the platform uses the anti-fraud system's response_code to respond to the card network.
  • If the overwrite response code setting is not active, the platform uses the response_code that it calculated during authorization to respond to the card network.

Overwrite the Pismo platform decision

If the overwrite Pismo platform decision setting is active, your anti-fraud system's decision is final. In this case, the only restriction is that the card used must be managed by the Pismo platform. If the card is not found in the Pismo database, there is no way to approve this transaction.

To enable this setting, you must open a service request with the authorization team. After enabling this setting, the final decision about approving or declining the purchase will always be the anti-fraud response.

❗️

This overwrite platform decision setting must be analyzed thoroughly before being enabled since it allows the anti-fraud system to reverse an authorization denied by any of the validations performed by the Pismo platform.

If the overwrite platform decision setting is active, the authorization process performed by the Pismo platform denies the transaction, but the anti-fraud system approves the transaction, then the Pismo platform responds that the transaction is approved.

Overwrite the Pismo platform decision only for the current request

Your anti-fraud system can also overwrite a Pismo platform decision to force an approval for a specific transaction. This feature allows the anti-fraud system to approve an operation that was previously declined by the Pismo platform in a more granular manner, since it only applies to the current transaction. This feature doesn't require any parameter to be enabled in the platform and doesn't impact all requests, giving the anti-fraud system the option to decide when to overwrite a decision at the request level.

When forcing an approval, the authorization system responds to the request as approved even if the Pismo platform declines it. Forcing an approval impacts the account limit and makes it negative if the available funds are not sufficient to cover the requested amount.

To force an approval, your anti-fraud system must set approve and force_approve to true in the response. Setting approve to true does not override a Pismo-declined transaction, so both fields are necessary.

📘

Note about forced approval

If the platform declines an operation because a card is not found, this operation can't be force approved since the platform can't connect this request with any account. In this case, the operation will remain declined even with the force_approve flag in the response.

Anti-fraud webhook

If you choose to implement anti-fraud integration, you need to register an anti-fraud webhook for this purpose during setup. The webhook enables you to send a response to an authorization that adheres to the standards detailed in the Full balance anti-fraud request webhook specification.

Example payload request

Below is an example payload that the Pismo platform sends to an issuer's anti-fraud webhook:

Example payload
{
    "id": "00000000-0000-0000-0000-000000000000",
    "entity": "transaction",
    "fields": {
        "mti": "0100",
        "card_id": "0000001",
        "account_id": "0000001",
        "amount_transaction": "25.87",
        "amount_local": "25.87",
        "amount_settlement": "4.75",
        "transaction_timestamp":"2021-04-28T14:34:07",
        "payment_card_brand": "Mastercard",
        "currency": "986",
        "merchant_id_code": "123",
        "merchant_name": "merchant test",
        "merchant_city": "Sao Paulo     ",
        "merchant_state_or_country_code": "BRA",
        "merchant_terminal_id": "abcde123",
        "security_cnp_transaction": "123",
        "atc_chip": "",
        "atc_database": [131,132,135],
        "entry_mode": "810",
        "mcc": "4121",
        "card_type": "PLASTIC",
        "country_code": "",
        "postal_code": "12345678",
        "chip_cryptogram_information_data": "80",
        "chip_transaction_date": "221118",
        "chip_transaction_type": "00",
        "chip_amount_authorized": "000000002587",
        "chip_transaction_currency_code": "0986",
        "chip_application_interchange_profile": "3900",
        "chip_terminal_country_code": "0076",
        "chip_cardholder_verification_method": "020300",
        "chip_terminal_capabilities": "E0F8E8",
        "chip_amount_other": "000000002587",
        "chip_application_transaction_counter": "003C",
        "cardholder_postal_code": "12345678",
        "transaction_type": "00",
        "terminal_capability": "7",
        "tvr": "0000058000",
        "cvr": "0030B02001210000000000000000000000FF",
        "number_of_installments": "1",
        "available_limit": "1.0",
        "network_score": "000",
        "pos_postal_code": "12345678",
        "acquirer_code": "001234",
        "cpf": "00000000000",
        "total_limit": "1.00",
        "denial_code": "",
        "response_code": "00",
        "last_referral_reason": "",
        "id_last_transaction_referral": "",
        "last_referral_unlock_date": "",
        "cvv_data": "false",
        "cvv_response": "true",
        "unlock_date":"2021-03-23T17:3635Z",
        "original_network_data": "...",
        "last_four_digits": "5606", 
        "bin": "40928000", 
        "program_id": "59", 
        "pin_validated_offline": "false", 
        "validation_results": [
            {
                "name": "arqc",
                "status": "SKIPPED",
                "reason": "NO_CRYPTOGRAM",
                "description": "No cryptogram present"
            },
            {
                "name": "chip_signature",
                "status": "SKIPPED",
                "reason": "NO_CHIP_SIGNATURE",
                "description": "No chip signature present"
            },
            {
                "name": "chip_values",
                "status": "SKIPPED",
                "reason": "NO_CHIP",
                "description": "Transaction has no chip"
            },
            {
                "name": "magnetic_stripe",
                "status": "SKIPPED",
                "reason": "NO_MAGNETIC_STRIPE",
                "description": "No magnetic stripe"
            },
            {
                "name": "currency",
                "status": "APPROVED",
                "reason": "CURRENCY_ALLOWED",
                "description": "Currency allowed"
            },
            {
                "name": "entry_mode",
                "status": "APPROVED",
                "reason": "ENTRY_MODE_VALID",
                "description": "Entry mode valid"
            },
            {
                "name": "cvm",
                "status": "APPROVED",
                "reason": "PIN_AND_CVV_VALID",
                "description": "Pin and CVV are valid"
            },
            {
                "name": "terminal_capability",
                "status": "APPROVED",
                "reason": "TERMINAL_CAPABILITY_VALID",
                "description": "Terminal capability valid"
            }
        ],
        "transaction_mode": "CREDIT",  
    }
}

Example of the original_network_data field

The original_network_data field contains all fields present in the ISO message coming from the network, except the PCI-sensitive information. The content varies according to the request being processed, where some fields may or may not be present. Refer to the network specification to find all possible fields.

Mastercard example
{
  "de2_primary_account_number": "[card-hash]",
  "de3_processing_code": {
    "sf1_cardholder_transaction_type_code": "00",
    "sf2_cardholder_from_account_type_code": "30",
    "sf3_cardholder_to_account_type_code": "00"
  },
  "de4_amount_transaction": "000000001000",
  "de5_amount_settlement": "000000000251",
  "de6_amount_cardholder_billing": "000000001000",
  "de7_tranmission_date_and_time": {
    "sf1_date": "1110",
    "sf2_time": "175808"
  },
  "de9_conversion_rate_settlement": {
    "sf1_decimal_indicator": "7",
    "sf2_conversion_rate": "1859259"
  },
  "de10_conversion_rate_cardholder_billing": {
    "sf1_decimal_indicator": "6",
    "sf2_cardholderbilling_conversion_rate": "1000000"
  },
  "de11_stan": "637470",
  "de12_time_local_transaction": "145808",
  "de13_date_local_transaction": "0727",
  "de14_date_expiration": "2704",
  "de15_date_settlement": "0727",
  "de16_date_conversion": "0726",
  "de18_merchant_type": "7994",
  "de22_pos_entry_mode": {
    "sf1_pos_terminal_pan_entry_mode": "81",
    "sf2_pos_terminal_pin_entry_mode": "0"
  },
  "de28_amount_transaction_fee": {},
  "de29_amount_settlement_fee": {},
  "de30_amount_transaction_processing_fee": {},
  "de31_amount_settlement_processing_fee": {},
  "de32_acquiring_institution_id_code": "016800",
  "de33_forwarding_institution_id_code": "016800",
  "de37_retrieval_reference_number": {
    "sf1_transaction_date_and_initiator_discretionary_data": "0727499",
    "sf2_terminal_transaction_number": "51999"
  },
  "de41_card_acceptor_terminal_id": "WA000001",
  "de42_card_acceptor_id_code": "00027427823    ",
  "de43_card_acceptor_name_location_for_all_transactions": {
    "sf1_card_acceptor_name": "MerchantName           ",
    "sf3_card_acceptor_city": "SAO PAULO     ",
    "sf5_card_acceptor_state_or_country_code": "BRA"
  },
  "de48_additional_data_private_user": {
    "de48_tcc": "T",
    "de48_start": "224",
    "de48_size": "123",
    "de48SubElements": [
      "37",
      "42",
      "92",
      "56",
      "75",
      "71"
    ],
    "se11_key_exchange_block_data": {},
    "se13_mastercard_hosted_mobile_phone_top_up_request_data": {},
    "se15_authorization_system_advice_date_and_time": {},
    "se18_service_parameters": {},
    "se23_payment_initiation_channel": {},
    "se25_mastercard_cash_program_data": {},
    "se26_wallet_program_data": {},
    "se33_pan_mapping_file_information": {},
    "se34_atc_information": {},
    "se36_visa_mmv": {},
    "se37_additional_merchant_data": {
      "sf1_payment_facilitador_id": "00000231811",
      "sf3_sub_merchant_id": "00027427823    "
    },
    "se40_eletronic_commerce_merchant_cardholder_certificate_serial_number": {},
    "se41_eletronic_commercer_certificate_qualifying_information": {},
    "se42_eletronic_commerce_indicator": {
      "sf1_eletronic_commerce_security_level_indicator_ucaf_collection_indicator": "910"
    },
    "se43_ucaf": {},
    "se48_mobile_program_indicator": {},
    "se49_time_validation_information": {},
    "se51_merchant_on_behalf_services": {},
    "se55_merchant_fraud_scoring_data": {},
    "se56_security_services_additional_data_for_issuers": [
      {
        "sf1_security_services_indicator": "AQV",
        "sf2_security_services_data": "600"
      },
      {
        "sf1_security_services_indicator": "AQS",
        "sf2_security_services_data": "408"
      },
      {
        "sf1_security_services_indicator": "AQF",
        "sf2_security_services_data": "500"
      }
    ],
    "se57_security_services_additional_data_for_acquirers": {},
    "se58_atm_additional_data": {},
    "se61_pos_data_extended_condition_codes": {},
    "se64_transit_program": {},
    "se65_terminal_compliant_indicator": {},
    "se66_authentication_data": {},
    "se67_money_send_information": {},
    "se71_onbehalf_services": [
      {
        "sf1_ob_service": "18",
        "sf2_onbehalf_result1": "C",
        "sf3_onbehalf_result2": " "
      }
    ],
    "se74_additional_processing_information": {},
    "se75_fraud_scoring_data": {
      "sf1_fraud_score": "036",
      "sf2_score_reason_code": "91",
      "sf3_rules_score": "036",
      "sf4_rules_reason_code1": "91",
      "sf5_rules_reason_code2": "00"
    },
    "se78_payment_service_indicator": {},
    "se79_chip_cvr_or_tvr_bit_error_results": {},
    "se87_card_validation_code_result_or_cvv2": "U",
    "se93_fleet_card_id_request_data": {}
  },
  "de49_currency_code_transaction": "986",
  "de50_currency_code_settlement": "840",
  "de51_currency_code_cardholder_billing": "986",
  "de55_integrated_circuit_card": {
    "sf2_cryptogram_information_data": "80",
    "sf3_issuer_application_data": "0120B04009990000000000000000000000FF",
    "sf5_terminal_verification_result": "0000048000",
    "sf6_transaction_date": "221205",
    "sf7_transaction_type": "00",
    "sf8_amount_authorized": "000000009910",
    "sf9_transaction_currency_code": "0986",
    "sf10_application_interchange_profile": "3900",
    "sf11_terminal_country_code": "0076",
    "sf12_cardholder_verification_method": "420300",
    "sf13_terminal_capabilities": "E0F0C8",
    "sf23_application_transaction_counter": "0050"
  },
  "de60_advice_reason_code": {},
  "de61_pos_data": {
    "sf1_pos_terminal_attendance": "1",
    "sf2_reserved_for_future_use": "0",
    "sf3_pos_terminal_location": "2",
    "sf4_pos_cardholder_presence": "5",
    "sf5_pos_card_presence": "1",
    "sf6_pos_card_capture_capabilities": "0",
    "sf7_pos_transaction_status": "4",
    "sf8_pos_transaction_security": "0",
    "sf9_reserved_for_future_use": "0",
    "sf10_cardholder_activated_terminal_level": "6",
    "sf11_pos_card_data_terminal_input_capability_indicator": "0",
    "sf12_pos_authorization_life_cycle": "05",
    "sf13_pos_country_code_or_submerchant": "076",
    "sf14_postal_code_or_submerchant": "01452002  "
  },
  "de63_network_data": {
    "sf1_financial_network_code": "MPL",
    "sf2_banknet_reference_number": "JMPDOT"
  },
  "de90_original_data_elements": {},
  "de94_service_indicator": {},
  "de95_replacement_amounts": {},
  "de97_amount_net_settlement": {},
  "de112_additional_data_national_use": {},
  "de120_record_data": {},
  "de124_member_defined_data": {},
}
Visa example
{
    "f2_primary_account_number": "[card-hash]",
    "f3_processing_code": "000000",
    "f4_amount_transaction": "000000001000",
    "f6_amount_cardholder_billing": "000000000793",
    "f7_transmission_date_and_time": "0516210120",
    "f10_conversion_rate_cardholder_billing": "71982500",
    "f11_stan": "009836",
    "f12_time_local_transaction": "140120",
    "f13_date_local_transaction": "0516",
    "f14_date_expiration": "2609",
    "f15_date_liquidation": "0517",
    "f18_merchant_type": "5999",
    "f19_acquiring_institution_country_code": "0076",
    "f22_pos_entry_mode": "0100",
    "f25_pos_condition_code": "59",
    "f32_acquiring_institution_id_code": "476113",
    "f34_electronic_ecommerce_data": {
      "sf01_authentication_data": {}
    },
    "f37_retrieval_reference_number": "213621009836",
    "f41_card_acceptor_terminal_id": "TERMID01",
    "f42_card_acceptor_id_code": "CARD ACCEPTOR  ",
    "f43_card_acceptor_location": "ACQUIRER NAME            CITY NAME    BR",
    "f48_additional_data_private": {},
    "f49_currency_code_transaction": "0986",
    "f51_currency_code_cardholder_billing": "0840",
    "f55_integrated_circuit_card": {
        "sf2_cryptogram_information_data": "80",
        "sf3_issuer_application_data": "09010A09B02003",
        "sf5_terminal_verification_result": "0080099000",
        "sf6_transaction_date": "221205",
        "sf7_transaction_type": "00",
        "sf8_amount_authorized": "000000099900",
        "sf9_transaction_currency_code": "0986",
        "sf10_application_interchange_profile": "3B00",
        "sf11_terminal_country_code": "0076",
        "sf12_cardholder_verification_method": "020300",
        "sf13_terminal_capabilities": "E0F0C7",
        "sf15_amount_other": "000000000000",
        "sf23_application_transaction_counter": "002A"
    },
    "f56_payment_account_reference_data": {},
    "f60_additional_pos_data": "0000000005",
    "f62_custom_payment_services": {
      "sf2_transaction_identifier": "0302136641547109",
      "sf21_online_risk_assessment_risk_score_reason_codes": "095A",
      "sf22_online_risk_assessment_condition_codes": "02C200"
    },
    "f63_private_use": {
      "sf1_network_id": "0002"
    },
    "f104_transaction_description_transaction_specific_data": {
      "sf5d_installments_data": {},
      "sf69_payment_format": {},
      "sf67_national_payment_format": {}
    },
    "f117_national_use": {
      "usage_6_argentina_agro": {}
    },
    "f123_verification_data": {
      "token_data": {},
      "address_verification_data": {},
      "activation_verification_data": {}
    },
    "f125_supporting_information_data": {
      "token_device": {},
      "wallet_provider": {}
    },
    "f126_visa_private_use_fields": {
      "sf20_dsecure_indicator": "1"
    }
  }

Example response

Below is an example of a response that Pismo receives from an anti-fraud system:

{
    "approve": true,
    "force_approve": false,
    "referral": true,
    "response_code": "00",
    "metadata": {
        "custom_field_1": null,
        "custom_field_2": true,
        "custom_field_3": "Test",
        "custom_field_4": "2021-05-14 23:10:59",
        "custom_field_5": 10,
        "custom_field_6": {
          "custom_field_6_sf1": 10,
          "custom_field_6_sf2": false,
          "custom_field_6_sf3": null,
          "custom_field_6_sfN": "custom_field_6_sfN"
        },
        "custom_field_7": [
          "VALUE_1",
          "VALUE_2",
          "VALUE_N"
        ],
        "custom_field_N": ""
     },
}