My Profile_


ThreatMetrix Overview

ThreatMetrix transactions are available to Canadian integrations only.

Introduction to Queries

There are 2 types of transactions associated with the Transaction Risk Management Tool (TRMT):

  • Session Query
  • Attribute Query
  • Assertion Query

The Session Query and Attribute Query are used at the time of the transaction to obtain the risk assessment.

The Assertion Query is used later to provide information back into the system about suspected/ confirmed fraudulent transactions. This Assertion Query allows the system to increase its knowledge resulting in better risk assessments in the future. Moneris recommends that you use the Session Query as much as possible for obtaining your risk assessment because it uses the device fingerprint as well as other transaction information when providing the risk scores.

To use the Session Query, you must implement two components:

  • Tags on your website to collect the device fingerprinting information
  • Session Query transaction.

If you are not able to collect the necessary information for the Session Query (such as the device fingerprint), then use the Attribute Query. Because the Assertion Query affects future transaction results, it must only be used when you have valid suspicions or have confirmed that the transaction is fraudulent.

Attribute Query

The Attribute Query is used to obtain a risk assessment of transaction related identifiers such as email_address, card number, etc. Unlike the Session Query, the Attribute Query does not require the device fingerprinting information to be provided. This code can be found from the TestRiskCheckAttribute sample included below.

Canada Code Sample

package Canada;
                                                                           
import java.util.*;

import JavaAPI.*;

public class TestCanadaRiskCheckAttribute
{
	public static void main(String[] args)
	{
		String store_id = "moneris";
		String api_token = "hurgle";
		java.util.Date createDate = new java.util.Date(); 
		String order_id = "Test"+createDate.getTime();
		String service_type = "session";
		String processing_country_code = "CA";
		boolean status_check = false;

		AttributeQuery aq = new AttributeQuery();
		aq.setOrderId(order_id);
		aq.setServiceType(service_type);
		aq.setDeviceId("");
		aq.setAccountLogin("13195417-8CA0-46cd-960D-14C158E4DBB2");
		aq.setPasswordHash("489c830f10f7c601d30599a0deaf66e64d2aa50a");
		aq.setAccountNumber("3E17A905-AC8A-4c8d-A417-3DADA2A55220");
		aq.setAccountName("4590FCC0-DF4A-44d9-A57B-AF9DE98B84DD");
		aq.setAccountEmail("3CAE72EF-6B69-4a25-93FE-2674735E78E8@test.threatmetrix.com");
		//aq.setCCNumberHash("4242424242424242");
		//aq.setIPAddress("192.168.0.1");
		//aq.setIPForwarded("192.168.1.0");
		aq.setAccountAddressStreet1("3300 Bloor St W");
		aq.setAccountAddressStreet2("4th Flr West Tower");
		aq.setAccountAddressCity("Toronto");
		aq.setAccountAddressState("Ontario");
		aq.setAccountAddressCountry("Canada");
		aq.setAccountAddressZip("M8X2X2");
		aq.setShippingAddressStreet1("3300 Bloor St W");
		aq.setShippingAddressStreet2("4th Flr West Tower");
		aq.setShippingAddressCity("Toronto");
		aq.setShippingAddressState("Ontario");
		aq.setShippingAddressCountry("Canada");
		aq.setShippingAddressZip("M8X2X2");

		HttpsPostRequest mpgReq = new HttpsPostRequest();
		mpgReq.setProcCountryCode(processing_country_code);
		mpgReq.setTestMode(true); //false or comment out this line for production transactions
		mpgReq.setStoreId(store_id);
		mpgReq.setApiToken(api_token);
		mpgReq.setTransaction(aq);
		mpgReq.setStatusCheck(status_check);
		mpgReq.send();

		try
		{
			String[] rules;
			Hashtable<String, String> results = new Hashtable<String, String>();
			Receipt receipt = mpgReq.getReceipt();

			System.out.println("ResponseCode = " + receipt.getResponseCode());
			System.out.println("Message = " + receipt.getMessage());
			System.out.println("TxnNumber = " + receipt.getTxnNumber());

			results = receipt.getRiskResult();

			Iterator<Map.Entry<String, String>> response = results.entrySet().iterator();
			while (response.hasNext())
			{
				Map.Entry<String, String> entry = response.next();
				System.out.println(entry.getKey().toString() + " = " + entry.getValue().toString());
			}

			rules = receipt.getRiskRules();

			for (int i = 0; i < rules.length; i++)
			{
				System.out.println("RuleName = " + rules[i]);
				System.out.println("RuleCode = " + receipt.getRuleCode(rules[i]));
				System.out.println("RuleMessageEn = " + receipt.getRuleMessageEn(rules[i]));
				System.out.println("RuleMessageFr = " + receipt.getRuleMessageFr(rules[i]));
			}
		}
		catch (Exception e)
		{
			e.printStackTrace();
		}
	}

}
                

Attribute Query – Transaction Values

AttributeQuery aq = new AttributeQuery();

HttpsPostRequest mpgReq = new HttpsPostRequest();

mpgReq.setTransaction(aq);

AttributeQuery object mandatory values

Value Type Limits Set Methods Description
service_type String 36 - alphanumeric aq.setServiceType(service_type); Defines which output fields are returned.
session -- returns IP and device related attributes but no policy information.
DeviceId String 36 - alphanumeric aq.setDeviceId(""); The unique device identifier generated by a prior call to the ThreatMetrix session-query API.
OrderId String alphanumeric aq.setOrderId(order_id); Unique Id
Pan String 20 - alphanumeric aq.setPan("4242424242424242"); Credit Card Number - no spaces or dashes. Most credit card numbers today are 16 digits in length but some 13 digits are still accepted by some issuers. This field has been intentionally expanded to 20 digits in consideration for future expansion and/or potential support of private label card ranges.
IPAddress String 64 - alphanumeric aai.setIPAddress("192.168.0.1"); The true IP address, results will be returned as true_ip_geo, true_ip_score etc
IPForwarded String 64 - alphanumeric aai.setIPForwarded("192.168.1.0"); The IP address of the proxy, if the IPAddress is supplied, results will be returned as
proxy_ip_geo, proxy_ip_score otherwise if IPAddress is not supplied this IP address will be treated as the true IP address and results will be returned as true_ip_geo, true_ip_score etc.
AccountAddressStreet1 String 32 - alphanumeric aq.setAccount­AddressStreet1("3300 Bloor St W"); The first portion of the street address component of the billing address.
AccountAddressStreet2 String 32 - alphanumeric aq.setAccount­AddressStreet2("4th Flr West Tower"); The second portion of the street address component of the billing address.
AccountAddressCity String 50 - alphanumeric aq.setAccount­AddressCity("Toronto"); The city component of the billing address.
AccountAddressState String 64 - alphanumeric aq.setAccount­AddressState("Ontario"); The state component of the billing address.
AccountAddressCountry String 2 - alphanumeric aq.setAccount­AddressCountry("Canada"); The 2 character ISO2 country code of the billing addresses country.
AccountAddressZip String 8 - alphanumeric aq.setAccount­AddressZip("M8X2X2"); The zip/postal code of the billing address.
ShippingAddressStreet1 String 32 - alphanumeric aq.setShipping­AddressStreet1("3300 Bloor St W"); The first portion of the street address component of the shipping address.
ShippingAddressStreet2 String 32 - alphanumeric aq.setShipping­AddressStreet2("4th Flr West Tower"); The second portion of the street address component of the shipping address.
ShippingAddressCity String 50 - alphanumeric aq.setShipping­AddressCity("Toronto"); The city component of the shipping address.
ShippingAddressState String 64 - alphanumeric aq.setShipping­AddressState("Ontario"); The state component of the shipping address.
ShippingAddressCountry String 2 - alphanumeric aq.setShipping­AddressCountry("Canada"); The 2 character ISO2 country code of the account addresses country.
ShippingAddressZip String 8 - alphanumeric aq.setShippingAddressZip("M8X2X2"); The zip/postal code component of the shipping address.


  1. Cardholder logs onto merchant website and submits a transaction.
  2. The merchant’s web application makes an Attribute Query transaction to Moneris Gateway, including the session id.
  3. Moneris Gateway submits an Attribute Query data to ThreatMetrix
  4. ThreatMetrix uses the Attribute Query data to assess the transaction against the rules. A score is generated based on the rules.
  5. The merchant will use the returned device information in its risk analysis to make a business decision. The merchant may wish to continue or cancel with the cardholder's payment transaction.

Session Query

Once a device profiling session has been initiated upon a client device, the Session Query API is used at the time of the transaction or even to obtain a device identifier or ‘fingerprint’, attribute list and risk assessment for the client device. This code can be found from the TestRiskCheckSession sample included in the sample below.

Canada Code Sample

package Canada;

import java.util.Hashtable;
import java.util.Iterator;
import java.util.Map;

import JavaAPI.*;

public class TestCanadaRiskCheckSession
{
	public static void main(String[] args)
	{
		String store_id = "moneris";
		String api_token = "hurgle";
		java.util.Date createDate = new java.util.Date();
		String order_id = "Test"+createDate.getTime();
		String session_id = "abc123";
		String service_type = "session";
		//String event_type = "LOGIN";
		String processing_country_code = "CA";
		boolean status_check = false;

		SessionQuery sq = new SessionQuery();
		sq.setOrderId(order_id);
		sq.setSessionId(session_id);
		sq.setServiceType(service_type);
		sq.setEventType(service_type);
		//sq.setPolicy("");
		//sq.setDeviceId("4EC40DE5-0770-4fa0-BE53-981C067C598D");
		sq.setAccountLogin("13195417-8CA0-46cd-960D-14C158E4DBB2");
		sq.setPasswordHash("489c830f10f7c601d30599a0deaf66e64d2aa50a");
		sq.setAccountNumber("3E17A905-AC8A-4c8d-A417-3DADA2A55220");
		sq.setAccountName("4590FCC0-DF4A-44d9-A57B-AF9DE98B84DD");
		sq.setAccountEmail("3CAE72EF-6B69-4a25-93FE-2674735E78E8@test.threatmetrix.com");
		
		//sq.setAccountTelephone("5556667777");
		sq.setPan("4242424242424242");
		//sq.setAccountAddressStreet1("3300 Bloor St W");
		//sq.setAccountAddressStreet2("4th Flr West Tower");
		//sq.setAccountAddressCity("Toronto");
		//sq.setAccountAddressState("Ontario");
		//sq.setAccountAddressCountry("Canada");
		//sq.setAccountAddressZip("M8X2X2");
		//sq.setShippingAddressStreet1("3300 Bloor St W");
		//sq.setShippingAddressStreet2("4th Flr West Tower");
		//sq.setShippingAddressCity("Toronto");
		//sq.setShippingAddressState("Ontario");
		//sq.setShippingAddressCountry("Canada");
		//sq.setShippingAddressZip("M8X2X2");
		//sq.setLocalAttrib1("a");
		//sq.setLocalAttrib2("b");
		//sq.setLocalAttrib3("c");
		//sq.setLocalAttrib4("d");
		//sq.setLocalAttrib5("e");
		//sq.setTransactionAmount("1.00");
		//sq.setTransactionCurrency("840");
		//set SessionAccountInfo
		sq.setTransactionCurrency("CAN");

		HttpsPostRequest mpgReq = new HttpsPostRequest();
		mpgReq.setProcCountryCode(processing_country_code);
		mpgReq.setTestMode(true); //false or comment out this line for production transactions
		mpgReq.setStoreId(store_id);
		mpgReq.setApiToken(api_token);
		mpgReq.setTransaction(sq);
		mpgReq.setStatusCheck(status_check);
		mpgReq.send();

		try
		{
			String[] rules;
			Hashtable<String, String> results = new Hashtable<String, String>();
			Receipt receipt = mpgReq.getReceipt();

			System.out.println("ResponseCode = " + receipt.getResponseCode());
			System.out.println("Message = " + receipt.getMessage());
			System.out.println("TxnNumber = " + receipt.getTxnNumber());

			results = receipt.getRiskResult();

			Iterator<Map.Entry<String, String>> response = results.entrySet().iterator();
			while (response.hasNext())
			{
				Map.Entry<String, String> entry = response.next();
				System.out.println(entry.getKey().toString() + " = " + entry.getValue().toString());
			}


			rules = receipt.getRiskRules();

			for (int i = 0; i < rules.length; i++)
			{
				System.out.println("RuleName = " + rules[i]);
				System.out.println("RuleCode = " + receipt.getRuleCode(rules[i]));
				System.out.println("RuleMessageEn = " + receipt.getRuleMessageEn(rules[i]));
				System.out.println("RuleMessageFr = " + receipt.getRuleMessageFr(rules[i]));
			}
		}
		catch (Exception e)
		{
			e.printStackTrace();
		}
	}

}
                

Session Query – Transaction Values

SessionQuery sq = new SessionQuery();

HttpsPostRequest mpgReq = new HttpsPostRequest();

mpgReq.setTransaction(sq);

SessionQuery object mandatory values

Value Type Limits Set Methods Description
session_id String 9 - decimal sq.setSessionId(session_id); The web server session identifier generated when device profiling was initiated.Allowed characters are [a-z], [A-Z], 0-9, _, -
service_type String session sq.setServiceType(service_type); Defines which output fields are returned.
session -- returns IP and device related attributes.
event_type String payment sq.setEventType(service_type); Defines the type of transaction or event for reporting purposes.
payment -­ Purchasing of goods/services.
Pan String 20 - alphanumeric sq.setPan("4242424242424242"); Credit Card Number - no spaces or dashes. Most credit card numbers today are 16 digits in length but some 13 digits are still accepted by some issuers. This field has been intentionally expanded to 20 digits in consideration for future expansion and/or potential support of private label card ranges.
AccountAddressStreet1 String 32 - alphanumeric sq.setAccount­AddressStreet1("3300 Bloor St W"); The first portion of the street address component of the billing address.
AccountAddressStreet2 String 32 - alphanumeric sq.setAccount­AddressStreet2("4th Flr West Tower"); The second portion of the street address component of the billing address.
AccountAddressCity String 50 - alphanumeric sq.setAccount­AddressCity("Toronto"); The city component of the billing address.
AccountAddressState String 64 - alphanumeric sq.setAccount­AddressState("Ontario"); The state component of the billing address.
AccountAddressCountry String 2 - alphanumeric sq.setAccount­AddressCountry("Canada"); The 2 character ISO2 country code of the billing addresses country.
AccountAddressZip String 8 - alphanumeric aq.setAccount­AddressZip("M8X2X2"); The zip/postal code of the billing address.
ShippingAddressStreet1 String 32 - alphanumeric aq.setShipping­AddressStreet1("3300 Bloor St W"); The first portion of the street address component of the shipping address.
ShippingAddressStreet2 String 32 - alphanumeric aq.setShipping­AddressStreet2("4th Flr West Tower"); The second portion of the street address component of the shipping address.
ShippingAddressCity String 50 - alphanumeric aq.setShipping­AddressCity("Toronto"); The city component of the shipping address.
ShippingAddressState String 64 - alphanumeric aq.setShipping­AddressState("Ontario"); The state component of the shipping address.
ShippingAddressCountry String 2 - alphanumeric aq.setShipping­AddressCountry("Canada"); The 2 character ISO2 country code of the account addresses country.
ShippingAddressZip String 8 - alphanumeric aq.setShippingAddressZip("M8X2X2"); The zip/postal code component of the shipping address.
LocalAttrib1 String 255 - alphanumeric sq.setLocalAttrib1("a"); These five attributes can be used to pass custom attribute data. These are used if you wish to correlate some data with the returned device information.
LocalAttrib2 sq.setLocalAttrib2("b");
LocalAttrib3 sq.setLocalAttrib2("c");
LocalAttrib4 sq.setLocalAttrib2("d");
LocalAttrib5 sq.setLocalAttrib2("e");
TransactionAmount String 255 - alphanumeric sq.setTransactionAmount("1.00"); The numeric currency amount.
Must contain 2 decimals.
TransactionCurrency String 10 - character numeric sq.setTransactionCurrency("840"); The currency type that the transaction was denominated in. If TransactionAmount is passed, the TransactionCurrency is required.
Values to be used are:
CAD – 124
USD – 840


  1. Cardholder logs onto merchant website.
  2. When page is loaded in cardholder's browser, special tags within the site allow information from the device to be gathered and are sent to ThreatMetrix as the device fingerprint. The HTML tags should be placed where the cardholder is resident on the page for a couple of seconds to get the broadest data possible.
  3. Customer submits a transaction.
  4. Merchant’s web application makes a Session Query transaction to Moneris Gateway, including the same session id that was included in the device fingerprint. This call must be made within 30 minutes of the profiling step (#2).
  5. Moneris Gateway submits the Session Query data to ThreatMetrix.
  6. ThreatMetrix uses the Session Query data and the device fingerprint information to assess the transaction against the rules. A score is generated based on the rules.
  7. The merchant will use the returned device information in its risk analysis to make a business decision. The merchant may wish to continue or cancel with the cardholder’s payment transaction.

Profile Tags

Inserting the Profiling Tags Into Your Website

Place the profiling tags on an HTML page served by your web application such that ThreatMetrix can collect device information from the customer’s web browser. The tags must be placed on a page that a visitor would display in a browser window for 3-5 seconds (such as a page that requires a user to input data). After the device is profiled, a Session Query may be used to obtain the detail device information for risk assessment before submitting a financial payment transaction.

There are two profiling tags that require two variables. Those tags are org_id and session_id. session_ id must match the session ID value that is to be passed in the Session Query transaction. The valid org_id values are:

QA testing environment Production environment
11kue096 lbhqgx47

Note
Your site must replace in the sample code with a unique alphanumeric value each time you fingerprint a new customer.

Canada Code Sample

<p style="background:url(https://h.online-metrix.net/fp/clear.png?org_id=11kue096&session_id=<my_
session_id>&m=1)">
</p>
<img src="https://h.onlinemetrix.net/fp/clear.png?org_id=11kue096&session_id=<my_session_id>&m=2" alt=""
>
<script src="https://h.onlinemetrix.net/fp/check.js?org_id=11kue096&session_id=<my_session_id>"
type="text/javascript">
</script>
<object type="application/x-shockwave-flash"
data="https://h.onlinemetrix.net/fp/fp.swf?org_id=11kue096&session_id=<my_session_id>"
width="1" height="1" id="obj_id">
<param name="movie"
value="https://h.onlinemetrix.net/fp/fp.swf?org_id=11kue096&session_id=<my_session_id>" />
<div></div>
</object>

                

Response

Handling Response Information

When reviewing the response information and determining how to handle the transaction, it is recommended that you (either manually or through automated logic on your site) use the following pieces of information:

  • Risk score
  • Rules triggered (such as Rule Codes, Rule Names, Rule Messages)
  • Results obtained from Verified by Visa, MasterCard Secure Code, AVS, CVD and the financial transaction authorization
  • Response codes for the Transaction Risk Management Transaction that are included by automated processes.

TRMT Response Fields

Value

Type

Limits

Get method

Definition

Response

Code

String

3-character alphanumeric

receipt.getResponseCode()

001 – Success
981 – Data error
982 – Duplicate Order ID

983 – Invalid Transaction

984 – Previously asserted
985 – Invalid activity description
986- Invalid impact description

987 – Invalid Confidence description

988 - Cannot find Previous

Session ID

String

TBD

CODE HERE

Temporary identifier unique to the visitor will be returned in the return request.

Summary

risk score

String

TBD

CODE HERE

Based on all of the returned values in the range [-100 … 100]

Transaction

ID

String

TBD

CODE HERE

This is the transaction identifier and will always be returned in the response when supplied

as input.

Unknown

session

String

TBD

CODE HERE

If present, the value is "yes". It indicates the session ID that was passed was not found.

ITD

Enhanced

AVS

Response

Code

String

1-character alphabetic

CODE HERE

The ITD (Internet Transaction Data) reviews several methods for performing a credit card

transaction online. The ITDReponse indicates the AmEx ITD validation results. Applicable

for AmEx and JCB only.

Y = data matches

N = data does not match

U = data not checked

R = retry

S = Service not allowed [space] = data not sent


Request result values and descriptions

Value

Definitions

fail_incomplete

ThreatMetrix was unable to process the request due to incomplete or

incorrect input data

fail_invalid_telephone_

number

Format of the supplied telephone number was invalid

fail_access

ThreatMetrix was unable to process the request because of API verification

failing

fail_internal_error

ThreatMetrix encountered an error while processing the request

fail_invalid_device_id

Format of the supplied device_id was invalid

fail_invalid_email_address

Format of the supplied email address was invalid

fail_invalid_ip_address_

parameter

Format of a supplied ip_address parameter was invalid

fail_temporarily_unavailable

Request failed because the service is temporarily unavailable

fail_verification

API query limit reached

success

ThreatMetrix was able to process the request successfully


Risk Score

For each Session Query or Attribute Query, a score with a value between -100 and +100 is returned based on the rules that were triggered for the transaction.

Risk score

Definition

-100 to -1

A lower score indicates a higher probability that the transaction is fraudulent.

0

Neutral transaction

1 to 100

A higher score indicates a lower probability that the transaction is fraudulent.


Note
: All e-commerce transactions have some level of risk associated with them. Therefore, it is rare to see risk score in the high positive values.


When evaluating the risk of a transaction, the risk score gives an initial indicator of the potential risk that the transaction is fraudulent. Because some of the rules that are evaluated on each transaction may not be relevant to your business scenario, review the rules that were triggered for the transaction before determining how to handle the transaction.

Rule Codes, Rule Names and Rule Messages

The rule codes, rule names and rule messages provide details about what rules were triggered during the assessment of the information provided in the Session or Attribute Query. Each rule code has a rule name and rule message. The rule name and rule message are typically similar. Table 115 provides additional information on each rule. When evaluating the risk of a transaction, it is recommended that you review the rules that were triggered for the transaction and assess the relevance to your business. (That is, how does it relate to the typical buying habits of your customer base?)
If you are automating some or all of the decision-making processes related to handling the responses, you may want to use the rule codes. If you are documenting manual processes, you may want to refer to the more user-friendly rule name or rule message.

Rule names, numbers and messages

Rule Name

Rule Number

Rule Message

Rule Explanation

White lists

DeviceWhitelisted

WL001

Device White Listed

Device is on the white list. This indicates that the device has been flagged as always "ok". NOTE: This rule is currently not in use.

IPWhitelisted

WL002

IP White Listed

IP Address is on the white list. This indicates the device has been flagged as always "ok".

NOTE: This rule is currently not in use.

EmailWhitelisted

WL003

Email White Listed

Email address is on the white list. This indicates that the device has been flagged as always "ok".

NOTE: This rule is currently not in use.

Event Velocity

2DevicePayment

EV003

2 Device Payment Velocity

Multiple payments were detected from this device in the past 24 hours.

2IPPaymentVelocity

EV006

2 IP Payment Velocity

Multiple payments were detected from this IP within the past 24 hours.

2ProxyPaymentVelocity

EV008

2 Proxy Payment Velocity

The device has used 3 or more different proxies during a 24 hour period. This could be a risk or it could be someone using a legitimate corporate proxy.

Email

3EmailPerDeviceDay

EM001

3 Emails for the Device ID in 1 Day

This device has presented 3 different email ids within the past 24 hours.

3EmailPerDeviceWeek

EM002

3 emails for the Device ID in 1 week

This device has presented 3 different email ids within the past week.

3DevciePerEmailDay

EM003

3 Device Ids for email address in 1 day

This email has been presented from three different devices in the past 24 hours.

3DevciePerEmailWeek

EM004

3 Device Ids for email address in 1 week

This email has been presented from three different devices in the past week.

EmailDistanceTravelled

EM005

Email Distance Travelled

This email address has been associated with different physical locations in a short period of time.

3EmailPerSmartIDHour

EM006

3 Emails for SmartID in 1 Hour

The SmartID for this device has been associated with 3 different email addresses in 1 hour.

GlobalEMailOverOneMonth

EM007

Global Email over 1 month

The e-mail address involved in the transaction over 30 days ago. This generally indicates that the transaction is less risky. Note: This rule is currently set currently set so it does not impact the policy score or risk rating.

ComputerGeneratedEmailAddress

EM008

Computer Generated Email Address

This transaction used a computer generated email address.

Account Number

3AccountNumberPerDeviceDay

AN001

3 Account Numbers for device in 1 day

This device has presented 3 different user accounts   within the past 24 hours.

3AccountNumberPerDeviceWeek

AN002

3 Account Numbers for device in 1 week

This device has presented 3 different user accounts within the past week.

3DevciePerAccountNumberDay

AN003

3 Device IDs for account number in 1 day

This user account been used from three different devices in the past 24 hours.

3DevciePerAccountNumberWeek

AN004

3 Device IDs for account number in 1 week

This card number has been used from three different devices in the past week.

AccountNumberDistanceTravelled

AN005

Account Number distance travelled

This card number has been used from a number of physically different locations in a short period of time.

Credit Card / Payments

3CreditCardPerDeviceDay

CP001

3 credit cards for device in 1 day

This device has used three credit cards within 24 hours.

3CreditCardPerDeviceWeek

CP002

3 credit cards for device in 1 week

This device has used three credit cards within 1 week.

3DevicePerCreditCardDay

CP003

3 device ids for credit card in 1 day

This credit card has been used on three different devices in 24 hours.

3DevciePerCreditCardWeek

CP004

3 device ids for credit card in 1 week

This credit card has been used on three different devices in 1 week.

CredtCardDistanceTravelled

CP005

Credit Card has travelled

The credit card has been used at a number of physically different locations in a short period of time.

CreditCardShipAddressGeoMismatch

CP006

Credit Card and Ship Address do not match

 

The credit card was issued in a region different from the Ship To Address information provided.

CreditCardBillAddressGeoMismatch

CP007

Credit Card and Billing Address do not match

The credit card was issued in a region different from the Billing Address information provided.

CreditCardDeviceGeoMismatch

CP008

Credit Card and device location do not match

The device is located in a region different from where the card was issued.

CreditCardBINShipAddressGeoMismatch

CP009

Credit Card issuing location and Shipping address do not match

The credit card was issued in a region different from the Ship To Address information provided.

CreditCardBINBillAddressGeoMismatch

CP010

Credit Card issuing location and Billing address do not match

The credit card was issued in a region different from the Billing Address information provided.

CreditCardBINDeviceGeoMismatch

CP011

Credit Card issuing location and location of the device do not match

The device is located in a region different from where the card was issued.

TransactionValueDay

CP012

Daily Transaction Value Threshold

The transaction value exceeds the daily threshold.

TransactionValueWeek

CP013

Weekly Transaction Value Threshold

The transaction value exceeds the weekly threshold.

Proxy Rules

3ProxyPerDeviceDay

PX001

3 Proxy Ips in 1 day

This device has used three different proxy servers in the past 24 hours.

AnonymousProxy

PX002

Anonymous Proxy IP

This device is using an anonymous proxy

UnusualProxyAttributes

PX003

Unusual Proxy Attributes

This transaction is coming from a source with unusual proxy attributes.

AnonymousProxy

PX004

Anonymous Proxy

This device is connecting through an anonymous proxy connection.

HiddenProxy

PX005

Hidden Proxy

This device is connecting via a hidden proxy server.

OpenProxy

PX006

Open Proxy

This transaction is coming from a source that is using an open proxy.

TransparentProxy

PX007

Transparent Proxy

This transaction is coming from a source that is using a transparent proxy.

DeviceProxyGeoMismatch

PX008

Proxy and True GEO Match

This device is connecting through a proxy server that didn’t match the devices geolocation.

ProxyTrueISPMismatch

PX009

Proxy and True ISP Match

This device is connecting through a proxy server that doesn’t match the true IP address of the device.

ProxyTrueOrganizationMismatch

PX010

Proxy and True Org Match

The Proxy information and True ISP information for this source do not match.

DeviceProxyRegionMismatch

PX011

Proxy and True Region Match

The proxy and device region location information do not match.

ProxyNegativeReputation

PX012

Proxy IP Flagged Risky in Reputation Network

This device is connecting from a proxy server with a known negative reputation.

SatelliteProxyISP

PX013

Satellite Proxy

This transaction is coming from a source that is using a satellite proxy.

GEO

DeviceCountriesNotAllowed

GE001

True GEO in Countries Not Allowed blacklist

This device is connecting from a high-risk geographic location.

DeviceCountriesNotAllowed

GE002

True GEO in Countries Not Allowed (negative whitelist)

The device is from a region that is not on the whitelist of regions that are accepted.

DeviceProxyGeoMismatch

GE003

True GEO different from Proxy GEO

The true geographical location of this device is different from the proxy geographical location.

DeviceAccountGeoMismatch

GE004

Account Address different from True GEO

This device has presented an account billing address that doesn't match the devices geolocation.

DeviceShipGeoMismatch

GE005

Device and Ship Geo mismatch

The location of the device and the shipping address do not match.

DeviceShipGeoMismatch

GE006

Device and Ship Geo mismatch

The location of the device and the shipping address do not match.

Device

SatelliteISP

DV001

Satellite ISP

This transaction is from a source that is using a satellite ISP.

MidsessionChange

DV002

Session Changed Mid-session

This device changed session details and identifiers in the middle of a session.

LanguageMismatch

DV003

Language Mismatch

The language of the user does not match the primary language spoken in the location where the True IP is registered.

NoDeviceID

DV004

No Device ID

No device ID was available for this transaction.

Dial-upConnection

DV005

Dial-up connection

This device uses a less identifiable dial-up connection.

DeviceNegativeReputation

DV006

Device Blacklisted in Reputational Network

This device has a known negative reputation as reported to the fraud network.

DeviceGlobalBlacklist

DV007

Device on the Global Black List

This device has been flagged on the global blacklist of known problem devices.

DeviceCompromisedDay

DV008

Device compromised in last day

This device has been reported as compromised in the last 24 hours.

DeviceCompromisedHour

DV009

Device compromised in last hour

This device has been reported as compromised in the last hour.

FlashImagesCookiesDisabled

DV010

Flash Images Cookies Disabled

Key browser functions/identifiers have been disabled on this device.

FlashCookiesDisabled

DV011

Flash Cookies Disabled

Key browser functions/identifiers have been disabled on this device.

FlashDisabled

DV012

Flash Disabled

Key browser functions/identifiers have been disabled on this device.

ImagesDisabled

DV013

Images Disabled

Key browser functions/identifiers have been disabled on this device.

CookiesDisabled

DV014

Cookies Disabled

Key browser functions/identifiers have been disabled on this device.

DeviceDistanceTravelled

DV015

Device Distance Travelled

The device has been used from multiple physical locations in a short period of time.

PossibleCookieWiping

DV016

Cookie Wiping

This device appears to be deleting cookies after each session.

PossibleCookieCopying

DV017

Possible Cookie Copying

This device appears to be copying cookies.

PossibleVPNConnection

DV018

Possibly using a VPN Connection

This device may be using a VPN connection


Examples of Risk Response

Canada Code Sample

//Session Query

<?xml version=”1.0”?>
<response>
<receipt>
<ResponseCode>001</ResponseCode>
<Message>Success</Message>
<Result>
<session_id>abc123</session_id>
<unknown_session>yes</unknown_session>
<event_type>payment</event_type>
<service_type>session</service_type>
<policy_score>-25</policy_score>
<transaction_id>riskcheck42</transaction_id>
<org_id>11kue096</org_id>
<request_id>91C1879B-33D4-4D72-8FCB-B60A172B3CAC</request_id>
<risk_rating>medium</risk_rating>
<request_result>success</request_result>
<summary_risk_score>-25</summary_risk_score>
<Policy>default</policy>
<review_status>review</review_status>
</Result>
<Rule>
<RuleName>ComputerGeneratedEMail</RuleName>
<RuleCode>UN001</RuleCode>
<RuleMessageEn>Unknown Rule</RuleMessageEn>
<RuleMessageFr>Regle Inconnus</RuleMessageFr>
</Rule>
<Rule>
<RuleName>NoDeviceID</RuleName>
<RuleCode>DV004</RuleCode>
<RuleMessageEn>No Device ID</RuleMessageEn>
<RuleMessageFr>null</RuleMessageFr>
</Rule>
</receipt>
</response>

//Assertion Query

<?xml version=”1.0”?>
<response>
<receipt>
<ResponseCode>001</ResponseCode>
<Message>Successful Assertion</Message>
<Result>
<request_id>967F1AB1-4F19-4A13-9945-B5B19D784305</request_id>
<request_result>success<request_result>
<request_duration>51</request_duration>
</Result>
</receipt>
</response>