Anti-fraud integration

Learn about anti-fraud integration options for authorizing transactions in the Pismo platform.

The anti-fraud integration described on this page is available only with full balance integrations.

The Pismo platform can integrate with third-party fraud prevention systems to enable additional security checks whenever new transactions are carried out by customers. The anti-fraud integration can be implemented by the issuer to enforce additional risk constraints. When the anti-fraud integration is enabled during setup, the Pismo platform sends all transactions that are subject to authorization to the anti-fraud system to confirm the approval or, in the case of fraud detection, to decline the transaction and to block the card.

Workflow

The Pismo authorization process performs all stateless and stateful validations, assembles a request with the transaction data, and makes an HTTP call to the predefined URL that was specified during setup.

πŸ“˜

You can change the URL at any time by opening a service request.

The platform expects the response to be in the specified pattern, as defined in the API reference, so that the Pismo platform can interpret and use the anti-fraud system's decision. This functionality enables you to integrate with any risk analysis provider at authorization time, making it possible to deny a purchase that was approved by the platform.

🚧

Anti-fraud timeout

If the Pismo platform does not receive a valid response from the anti-fraud system within two seconds, the request times out. In this case, the authorization proceeds only with the validations that exist in the Pismo services and the response from the Pismo platform is considered as final.

Per-program settings

The following settings can be defined on a program level. Transactions that use a card related to a program are impacted by the settings below. If you would like to activate these settings, you need to open the Service Desk ticket with Pismo.

Overwrite the response code for the card network

When the anti-fraud system denies a purchase and sends a filled-in response_code, the platform uses the provided response_code without any additional processing. When the Pismo platform denies the authorization, the following occurs:

  • If the overwrite response code setting is active and the anti-fraud system does not send any response_code, the platform uses the response_code that it calculated during authorization to respond to the card network.
  • If the overwrite response code setting is active and the anti-fraud system sends a response_code, the platform uses the anti-fraud system's response_code to respond to the card network.
  • If the overwrite response code setting is not active, the platform uses the response_code that it calculated during authorization to respond to the card network.

Overwrite the Pismo platform decision

If the overwrite Pismo platform decision setting is active, the final accepted decision is that of the anti-fraud system. In this case, the only restriction is that the card used must not be managed by the Pismo platform.

❗️

This overwrite platform decision setting must be analyzed thoroughly before being enabled since it allows the anti-fraud system to reverse an authorization denied by any of the validations performed by the Pismo platform.

  • If the overwrite platform decision setting is active, the authorization process performed by the Pismo platform denies the transaction, but the anti-fraud system approves the transaction, then the Pismo platform responds that the transaction is approved.
  • If the overwrite platform decision setting is active, the authorization process performed by the Pismo platform approves the transaction, and the anti-fraud system approves the transaction, then the Pismo platform responds that the transaction is approved.

API reference

When utilizing anti-fraud integration, you need to register your own anti-fraud endpoint during setup. This endpoint enables you to then send an authorization request that adheres to the standards in the provided API reference. This reference describes the network authorization payload that the Pismo platform sends to the anti-fraud system. Note that this is not an actual Pismo endpoint.

Example payload request

Below is an example of a payload the Pismo platform sends to an anti-fraud system:

{
    "id": "00000000-0000-0000-0000-000000000000",
    "entity": "transaction",
    "fields": {
        "mti": "0100",
        "card_id": "0000001",
        "account_id": "0000001",
        "amount_transaction": "25.87",
        "amount_local": "25.87",
        "amount_settlement": "4.75",
        "transaction_timestamp":"2021-04-28T14:34:07",
        "payment_card_brand": "Mastercard",
        "currency": "986",
        "merchant_id_code": "123",
        "merchant_name": "merchant test",
        "merchant_city": "Sao Paulo     ",
        "merchant_state_or_country_code": "BRA",
        "merchant_terminal_id": "abcde123",
        "security_cnp_transaction": "123",
        "atc_chip": "",
        "atc_database": [131,132,135],
        "entry_mode": "810",
        "mcc": "4121",
        "card_type": "PLASTIC",
        "country_code": "",
        "postal_code": "12345678",
        "chip_cryptogram_information_data": "",
        "chip_transaction_date": "",
        "chip_transaction_type": "",
        "chip_amount_authorized": "",
        "chip_transaction_currency_code": "",
        "chip_application_interchange_profile": "",
        "chip_terminal_country_code": "",
        "chip_cardholder_verification_method": "",
        "chip_terminal_capabilities": "",
        "chip_amount_other": "",
        "chip_application_transaction_counter": "",
        "cardholder_postal_code": "12345678",
        "transaction_type": "00",
        "terminal_capability": "7",
        "tvr": "",
        "cvr": "",
        "number_of_installments": "1",
        "available_limit": "1.0",
        "network_score": "000",
        "pos_postal_code": "12345678",
        "acquirer_code": "001234",
        "cpf": "00000000000",
        "total_limit": "1.00",
        "denial_code": "",
        "response_code": "00",
        "last_referral_reason": "",
        "id_last_transaction_referral": "",
        "last_referral_unlock_date": "",
        "cvv_data": "false",
        "cvv_response": "true",
        "unlock_date":"2021-03-23T17:3635Z",
        "original_network_data": "...",
        "last_four_digits": "5606", 
        "bin": "40928000", 
        "program_id": "59", 
        "pin_validated_offline": "false", 
        "validation_results": [
            {
                "name": "arqc",
                "status": "SKIPPED",
                "reason": "NO_CRYPTOGRAM",
                "description": "No cryptogram present"
            },
            {
                "name": "chip_signature",
                "status": "SKIPPED",
                "reason": "NO_CHIP_SIGNATURE",
                "description": "No chip signature present"
            },
            {
                "name": "chip_values",
                "status": "SKIPPED",
                "reason": "NO_CHIP",
                "description": "Transaction has no chip"
            },
            {
                "name": "magnetic_stripe",
                "status": "SKIPPED",
                "reason": "NO_MAGNETIC_STRIPE",
                "description": "No magnetic stripe"
            },
            {
                "name": "currency",
                "status": "APPROVED",
                "reason": "CURRENCY_ALLOWED",
                "description": "Currency allowed"
            },
            {
                "name": "entry_mode",
                "status": "APPROVED",
                "reason": "ENTRY_MODE_VALID",
                "description": "Entry mode valid"
            },
            {
                "name": "cvm",
                "status": "APPROVED",
                "reason": "PIN_AND_CVV_VALID",
                "description": "Pin and CVV are valid"
            },
            {
                "name": "terminal_capability",
                "status": "APPROVED",
                "reason": "TERMINAL_CAPABILITY_VALID",
                "description": "Terminal capability valid"
            }
        ],
        "transaction_mode": "CREDIT",  
    }
}

Example response

Below is an example of a response that Pismo receives from an anti-fraud system:

{
    "id": "28ec70ed-4b6a-46d2-85cd-da8420806b27",
    "entity": "transaction",
    "score": 0,
    "approve": true,
    "action_codes": [],
    "referral": true,
    "denial_reasons": [],
    "response_code": "00",
    "metadata": {
        "custom_field_1": null,
        "custom_field_2": true,
        "custom_field_3": "Test",
        "custom_field_4": "2021-05-14 23:10:59",
        "custom_field_5": 10,
        "custom_field_6": {
          "custom_field_6_sf1": 10,
          "custom_field_6_sf2": false,
          "custom_field_6_sf3": null,
          "custom_field_6_sfN": "custom_field_6_sfN"
        },
        "custom_field_7": [
          "VALUE_1",
          "VALUE_2",
          "VALUE_N"
        ],
        "custom_field_N": ""
     },
    "timestamp":"2021-05-14T08:38:12"
}

Related pages

API reference / Send information for transactions evaluation
Guides / Full balance integration


Did this page help you?