Fraud Filter enables merchants to automatically Pass, Hold, or Block transactions based on the result of one or more rules. This functionality is configured via the Fraud Management section in Ecommerce Portal and must be set up before being used via the Hosted Payment Page (HPP).
This guide describes how you can set the Fraud Filter Mode in the HPP request, set a different Fraud Filter Mode for an individual rule, and how to access the returned results in the HPP response.
Fraud Filter and data submission
With Fraud Filter, you can supply additional information in the request that you can set rules against. This includes the customer's IP address, billing and shipping details, and specific product codes.
For HPP requests, it’s also possible to change the Fraud Filter Mode in the request. This will change the mode used for the current transaction only.
Individual rule setting
You can change the Fraud Filter Mode for an individual rule, based on the rule ID. This will change the mode used for this individual rule, for the current transaction only. All other rules will use the Fraud Filter Mode set in Ecommerce Portal or at the request level.
The Fraud Filter Mode works in a hierarchical manner. The value configured in Ecommerce Portal sets the highest level of activity that can be applied. For example, if the mode in Ecommerce Portal is set to Active, at a request or rule level it can be set to Active, Passive, or Off. However, if the mode in Ecommerce Portal is set to Passive, at a request or rule level it can only be set to Passive or Off.
The table below shows each level that the mode can be set and the corresponding outcome when Ecommerce Portal is set to Active.
| Ecommerce Portal Setting: ACTIVE | ||
|---|---|---|
| Request | Individual Rule | Individual Rule Outcome |
| ACTIVE | ACTIVE | ACTIVE |
| - | PASSIVE | PASSIVE |
| - | OFF | OFF |
| PASSIVE | ACTIVE | PASSIVE |
| - | PASSIVE | PASSIVE |
| - | OFF | OFF |
| OFF | ACTIVE | OFF |
| - | PASSIVE | OFF |
| - | OFF | OFF |
The table below shows each level that the mode can be set and the corresponding outcome when Ecommerce Portal is set to Passive.
| Ecommerce Portal Setting: PASSIVE | ||
|---|---|---|
| Mode set in Request | Mode set for Individual Rule | Outcome for Individual Rule |
| ACTIVE | ACTIVE | PASSIVE |
| - | PASSIVE | PASSIVE |
| - | OFF | OFF |
| PASSIVE | ACTIVE | PASSIVE |
| - | PASSIVE | PASSIVE |
| - | OFF | OFF |
| OFF | ACTIVE | OFF |
| - | PASSIVE | OFF |
| - | OFF | OFF |
The table below shows each level that the mode can be set and the corresponding outcome when Ecommerce Portal is set to Off.
| Ecommerce Portal Setting: OFF | ||
|---|---|---|
| Mode set in Request | Mode set for Individual Rule | Outcome for Individual Rule |
| ACTIVE | ACTIVE | OFF |
| - | PASSIVE | OFF |
| - | OFF | OFF |
| PASSIVE | ACTIVE | OFF |
| - | PASSIVE | OFF |
| - | OFF | OFF |
| OFF | ACTIVE | OFF |
| - | PASSIVE | OFF |
| - | OFF | OFF |
Sample request
In the HPP request, you can change the Fraud Filter Mode via the optional request element Fraud Filter Mode. Additionally, you can set a Fraud Filter Mode on any individual fraud rule you choose by using the Rule ID value displayed in Ecommerce Portal. Provided the mode is set to Active in the Fraud Management section of Ecommerce Portal, it can be changed to Passive or Off in the request.
You can also supply additional information in the request that you can set rules against, such as customer billing and shipping details or specific product codes. The HPP automatically detects the customer's IP address, which can also be included.
<form action="https://pay.sandbox.realexpayments.com/pay" method="POST" target="iframe">
<input type="hidden" name="TIMESTAMP" value="20180613110737">
<input type="hidden" name="MERCHANT_ID" value="MerchantId">
<input type="hidden" name="ACCOUNT" value="internet">
<input type="hidden" name="ORDER_ID" value="N6qsk4kYRZihmPrTXWYS6g">
<input type="hidden" name="AMOUNT" value="1999">
<input type="hidden" name="CURRENCY" value="EUR">
<input type="hidden" name="AUTO_SETTLE_FLAG" value="1">
<input type="hidden" name="HPP_VERSION" value="2">
<!-- Begin Fraud Management and Reconciliation Fields -->
<input type="hidden" name="HPP_FRAUDFILTER_MODE" value="PASSIVE">
<input type="hidden" name="HPP_FRAUDFILTER_MODE_e5964ac0-ace0-477a-98ef-f467772d6a76" value="OFF">
<input type="hidden" name="CUST_NUM" value="6e027928-c477-4689-a45f-4e138a1f208a">
<input type="hidden" name="VAR_REF" value="Acme Corporation">
<input type="hidden" name="PROD_ID" value="SKU1000054">
<input type="hidden" name="BILLING_CODE" value="59|123">
<input type="hidden" name="BILLING_CO" value="GB">
<input type="hidden" name="SHIPPING_CODE" value="50001|Apartment 852">
<input type="hidden" name="SHIPPING_CO" value="US">
<!-- End Fraud Management and Reconciliation Fields -->
<input type="hidden" name="MERCHANT_RESPONSE_URL" value="https://www.example.com/responseUrl">
<input type="hidden" name="SHA1HASH" value="308bb8dfbbfcc67c28d602d988ab104c3b08d012">
<input type="submit" value="Click To Pay">
</form>
Sample response
The following extra fields will be returned in the response POST.
<!-- Additional Response Fields -->
[HPP_FRAUDFILTER_MODE=PASSIVE,
HPP_FRAUDFILTER_RESULT=BLOCK,
HPP_FRAUDFILTER_RULE_478a55db-5430-4c2a-afca-7dde181eb9f4=BLOCK,
HPP_FRAUDFILTER_RULE_NAME=Customer IP List]
HPP_FRAUDFILTER_RULE_MODE_e5964ac0-ace0-477a-98ef-f467772d6a76=OFF]
Address Verification Service
The Address Verification Service (AVS) verifies the cardholder's address by checking the information at the time of sale against the Issuer's records.
This functionality is not supported by all Issuers and is only available for cardholders in the United States, Canada, and the United Kingdom.
Global Payments supports this functionality; however, not all Acquirers do. Please contact our Support Team for more information.
If a transaction fails an AVS check, it will not automatically be declined. It's an advisory service and requires that the details of non-matched transactions be checked by your application. AVS data is passed in the Billing Code field and and must be formatted correctly depending on the billing country of the cardholder. We've outlined the different formats below.
| Country | Format | Sample Address | Sample Billing Code |
|---|---|---|---|
| US or CA | Concatenate the postcode and first line of the customer's billing address with a '|' in the middle. | Flat 123 House 456 Chicago 50001 United States |
"50001|Flat 123" |
| UK | Concatenate just the digits from the postcode and first line of the customer's billing address with a '|' in the middle. | Flat 456 House 123 Halifax WB3 A21 United Kingdom |
"321|456" |
Sample request
To submit AVS data, add the following field to the request POST. In our example, the billing country is the United States.
<form action="https://pay.sandbox.realexpayments.com/pay" method="POST" target="iframe">
<input type="hidden" name="TIMESTAMP" value="20180613110737">
<input type="hidden" name="MERCHANT_ID" value="MerchantId">
<input type="hidden" name="ACCOUNT" value="internet">
<input type="hidden" name="ORDER_ID" value="N6qsk4kYRZihmPrTXWYS6g">
<input type="hidden" name="AMOUNT" value="1999">
<input type="hidden" name="CURRENCY" value="EUR">
<input type="hidden" name="AUTO_SETTLE_FLAG" value="1">
<input type="hidden" name="HPP_VERSION" value="2">
<input type="hidden" name="MERCHANT_RESPONSE_URL" value="https://www.example.com/responseUrl">
<!-- Begin AVS Field -->
<input type="hidden" name="BILLING_CODE" value="50001|Flat 123">
<!-- End AVS Field -->
<input type="hidden" name="SHA1HASH" value="308bb8dfbbfcc67c28d602d988ab104c3b08d012">
<input type="submit" value="Click To Pay">
</form>
Sample response
The following additional fields will be returned in the HPP response. They indicate the outcome of the AVS check.
<!-- Additional Response Fields -->
[AVSPOSTCODERESULT=M,
AVSADDRESSRESULT=M]
Decision Manager
To enrich the functionality of the Fraud Filter, we've partnered with Cybersource to use their Decision Manager product. Our guide should be used along with Cybersource's Decision Manager developer guide: Using the Simple Order API. You can find it on their website.
Before you set up the additional fields, you'll need to configure your Decision Manager credentials in the Client Settings section of Ecommerce Portal. The fields defined in this guide are in addition to those outlined in our Fraud Filter guide. The data is structured into these parent groupings:
- Billing Address
- Shipping Address
- Customer
- Product
- Decision Manager Specific Fields
- Custom Fields
Sample request
<form action="https://pay.realexpayments.com/pay" method="POST" target="iframe">
<input type="hidden" name="TIMESTAMP" value="20181018091531">
<input type="hidden" name="MERCHANT_ID" value="Merchant ID">
<input type="hidden" name="ACCOUNT" value="internet">
<input type="hidden" name="ORDER_ID" value="N6qsk4kYRZihmPrTXWYS6g">
<input type="hidden" name="AMOUNT" value="16400">
<input type="hidden" name="CURRENCY" value="EUR">
<input type="hidden" name="SHA1HASH" value="3ee9c9e0e35b8cd95f7dc9bca43e024e1074c3dc">
<input type="hidden" name="AUTO_SETTLE_FLAG" value="1">
<input type="hidden" name="CHANNEL" value="ECOM">
<input type="hidden" name="COMMENT1" value="Mobile Channel">
<input type="hidden" name="COMMENT2" value="Down Payment">
<input type="hidden" name="SHIPPING_CODE" value="E77|4QJ">
<input type="hidden" name="BILLING_CODE" value="R90|ZQ7">
<input type="hidden" name="CUST_NUM" value="332a85b">
<input type="hidden" name="VAR_REF" value="Invoice 7564a">
<input type="hidden" name="PROD_ID" value="SKU1000054">
<input type="hidden" name="HPP_LANG" value="GB">
<input type="hidden" name="HPP_VERSION" value="2">
<input type="hidden" name="MERCHANT_RESPONSE_URL" value="https://www.example.com/responseUrl">
<input type="hidden" name="CARD_PAYMENT_BUTTON" value="Pay Now">
<!-- Begin Decision Manager Fields -->
<!-- Billing Address -->
<input type="hidden" name="HPP_BILLING_STREET1" value="Flat 123">
<input type="hidden" name="HPP_BILLING_STREET2" value="House 456">
<input type="hidden" name="HPP_BILLING_CITY" value="Halifax">
<input type="hidden" name="HPP_BILLING_POSTALCODE" value="W6 9HR">
<input type="hidden" name="HPP_BILLING_STATE" value="West Yorkshire">
<input type="hidden" name="BILLING_CO" value="GB">
<!-- Shipping Address -->
<input type="hidden" name="HPP_SHIPPING_FIRSTNAME" value="Philip">
<input type="hidden" name="HPP_SHIPPING_LASTNAME" value="Marlowe">
<input type="hidden" name="HPP_SHIPPING_PHONE" value="+3538547854">
<input type="hidden" name="HPP_SHIPPING_SHIPPINGMETHOD" value="Courier">
<input type="hidden" name="HPP_SHIPPING_STREET1" value="Flat 456">
<input type="hidden" name="HPP_SHIPPING_STREET2" value="House 321">
<input type="hidden" name="HPP_SHIPPING_CITY" value="Dublin">
<input type="hidden" name="HPP_SHIPPING_POSTALCODE" value="6">
<input type="hidden" name="HPP_SHIPPING_STATE" value="Leinster">
<input type="hidden" name="SHIPPING_CO" value="IE">
<!-- Customer -->
<input type="hidden" name="HPP_CUSTOMER_ID" value="0f357b45-9aa4-4453-a685-c69232e9024f">
<input type="hidden" name="HPP_CUSTOMER_PASSWORD" value="VerySecurePassword">
<input type="hidden" name="HPP_CUSTOMER_DATEOFBIRTH" value="01011980">
<input type="hidden" name="HPP_CUSTOMER_DOMAINNAME" value="example.com">
<input type="hidden" name="HPP_CUSTOMER_EMAIL" value="james.mason@example.com">
<input type="hidden" name="HPP_CUSTOMER_FIRSTNAME" value="James">
<input type="hidden" name="HPP_CUSTOMER_LASTNAME" value="Mason">
<input type="hidden" name="HPP_CUSTOMER_PHONENUMBER" value="+3535611177">
<input type="hidden" name="HPP_CUSTOMER_DEVICEFINGERPRINT" value="sessionId">
<!-- Product -->
<input type="hidden" name="HPP_PRODUCTS_PRODUCTID_1" value="SKU251584">
<input type="hidden" name="HPP_PRODUCTS_PRODUCTNAME_1" value="Magazine Subscription">
<input type="hidden" name="HPP_PRODUCTS_RISK_1" value="low">
<input type="hidden" name="HPP_PRODUCTS_QUANTITY_1" value="12">
<input type="hidden" name="HPP_PRODUCTS_UNITPRICE_1" value="1200">
<input type="hidden" name="HPP_PRODUCTS_GIFT_1" value="true">
<input type="hidden" name="HPP_PRODUCTS_TYPE_1" value="subscription">
<input type="hidden" name="HPP_PRODUCTS_PRODUCTID_2" value="SKU8884784">
<input type="hidden" name="HPP_PRODUCTS_PRODUCTNAME_2" value="Charger">
<input type="hidden" name="HPP_PRODUCTS_RISK_2" value="high">
<input type="hidden" name="HPP_PRODUCTS_QUANTITY_2" value="1">
<input type="hidden" name="HPP_PRODUCTS_UNITPRICE_2" value="2000">
<input type="hidden" name="HPP_PRODUCTS_GIFT_2" value="false">
<input type="hidden" name="HPP_PRODUCTS_TYPE_2" value="electronic_good">
<!-- Decision Manager Specific Fields -->
<input type="hidden" name="HPP_FRAUD_DM_BILLHOSTNAME" value="example.com">
<input type="hidden" name="HPP_FRAUD_DM_BILLHTTPBROWSERCOOKIESACCEPTED" value="true">
<input type="hidden" name="HPP_FRAUD_DM_BILLTOHTTPBROWSEREMAIL" value="jamesmason@example.com">
<input type="hidden" name="HPP_FRAUD_DM_BILLTOHTTPBROWSERTYPE" value="Mozilla">
<input type="hidden" name="HPP_FRAUD_DM_BILLTOIPNETWORKADDRESS" value="123.123.123.123">
<input type="hidden" name="HPP_FRAUD_DM_BILLTOPERSONALID" value="741258963">
<input type="hidden" name="HPP_FRAUD_DM_DECISIONMANAGERPROFILE" value="DemoProfile">
<input type="hidden" name="HPP_FRAUD_DM_INVOICEHEADERRETURNSACCEPTED" value="true">
<input type="hidden" name="HPP_FRAUD_DM_INVOICEHEADERTENDERTYPE" value="consumer">
<input type="hidden" name="HPP_FRAUD_DM_INVOICEHEADERISGIFT" value="true">
<input type="hidden" name="HPP_FRAUD_DM_ITEMHOSTHEDGE" value="High">
<input type="hidden" name="HPP_FRAUD_DM_ITEMNONSENSICALHEDGE" value="High">
<input type="hidden" name="HPP_FRAUD_DM_ITEMOBSCENITIESHEDGE" value="High">
<input type="hidden" name="HPP_FRAUD_DM_ITEMPHONEHEDGE" value="High">
<input type="hidden" name="HPP_FRAUD_DM_ITEMTIMEHEDGE" value="High">
<input type="hidden" name="HPP_FRAUD_DM_ITEMVELOCITYHEDGE" value="High">
<input type="hidden" name="HPP_FRAUD_DM_BUSINESSRULESSCORETHRESHOLD" value="40">
<!-- Custom Field -->
<input type="hidden" name="HPP_MY_CUSTOM_FIELD" value="My Custom Field Value">
<!-- End Decision Manager Fields -->
<input type="submit" value="Click To Pay">
</form>
Decision Manager request fields
| Element/Field | Category | Format | Type | Length | Description |
|---|---|---|---|---|---|
| Street 1 | string | alphanumeric | M | 1-60 | First line of the billing address of the customer. |
| Street 2 | string | alphanumeric | M | 0-60 | Second line of the billing address of the customer. |
| City | string | alphanumeric | M | 1-50 | City of the billing address. |
| Billing or Shipping Code Postalcode | string | alphanumeric | C | 0-10 | Postal code of the billing address. Mandatory field if the Country field is US or CA. |
| State | string | alphanumeric | C | 0-2 | State or province of the customer Mandatory field if the billTo_country field is US or CA. |
| Billing or Shipping Country | string | alphanumeric | O | 0-50 | The country of the billing or shipping address. Allowed characters: [a-zA-Z0-9.-] |
| First Name | string | alphanumeric | O | 0-60 | First name of the person receiving the shipment. |
| Last Name | string | alphanumeric | O | 0-60 | Last name of the person receiving the shipment. |
| Phone Number | string | alphanumeric | O | 0-15 | Phone number for the shipping address. |
| Shipping Method | string | enum | O | Shipping method for the product. Please refer to the Decision Manager documentation for example values. | |
| Customer Id | string | alphanumeric | O | 0-100 | Optional customer’s account ID, tracking number, reward number, or other unique number that you assign to the customer. |
| Customer Password | string | alphanumeric | O | 0-255 | Customer’s account password. This value is for merchant velocity use only. It is not stored, displayed, or returned. |
| Date Of Birth | string | YYYY-MM-DD YYYYMMDD | O | 0-10 | Date of birth of the customer. |
| Domain Name | string | alphanumeric | O | 0-100 | Email domain of the customer. The domain of the email address comprises all characters that follow the @ symbol, such as mail.example.com |
| string | alphanumeric | O | 0-100 | Customer’s email address, including the full domain name. The field must be submitted in the form name@host.domain (for example, james.mason@example.com). | |
| First Name | string | alphanumeric | M | 1-60 | Customer’s first name.The value should be the same as the value that appears on the card. |
| Last Name | string | alphanumeric | M | 1-60 | Customer’s last name. The value should be the same as the value that appears on the card. |
| Phone Number | string | alphanumeric | O | 0-15 | Phone number of the customer. |
| Device Fingerprint | string | alphanumeric | O | 0-255 | This field should contain the session ID which forms part of the device fingerprinting scripts. |
| Product Id | string | alphanumeric | O | 0-255 | Merchant’s product identifier code. |
| Product Name | string | alphanumeric | O | 0-255 | Name of the product. |
| Risk | string | enum | O | 0-6 | Indicates the level of risk for the product. Allowed values: low normal high |
| Quantity | integer | O | 0-10 | Quantity of the product being purchased. | |
| Unit Price | string | alphanumeric | M | 1-15 | Per-item price of the product. |
| Gift | string | alphanumeric | O | 0-5 | Determines whether to assign risk to the order if the billing and shipping addresses specify different cities, states, or countries. |
| Type | string | alphanumeric | O | 0-255 | Type of product, such as electronic, handling, physical, service, or shipping. The default value is default. |
| billtohostname | string | alphanumeric | O | 0-60 | Host name reported by the customer’s browser to your Web server identified via the http header. |
| billtohttpbrowsercookiesaccepted | string | alphanumeric | O | 0-5 | Indicates whether the customer’s browser accepts cookies. Can take one of the following values: true false |
| billtohttpbrowseremail | string | alphanumeric | O | 0-5 | Email address set in the customer’s browser (may differ from billTo_email). |
| billtohttpbrowsertype | string | alphanumeric | O | 0-40 | Customer’s browser identified from the HTTP header data. For example, Mozilla identifies the Firefox browser. |
| billtoipnetworkaddress | string | alphanumeric | O | 0-11 | Network IP address of the customer (for example 10.1.27) A network IP address includes up to 256 IP addresses |
| billtopersonalid | string | alphanumeric | C | 0-26 | This element is supported only for Latin American Processing. |
| decisionmanagerprofile | string | alphanumeric | O | 0-30 | Use this field only if you want to specify the name of a different profile to use to evaluate orders. |
| invoiceheaderreturnsaccepted | string | alphanumeric | O | 0-5 | Indicates whether returns are accepted for this order. Can take the following values: true false |
| invoiceheadertendertype | string | alphanumeric | O | 0-10 | Method of payment used for the order. For example: debit, consumer, corporate. |
| itemgiftcategory | string | alphanumeric | O | 0-15 | Indicates whether the customer requested gift wrapping for this purchase. Can take one of the following values: true false |
| itemnonsensicalhedge | string | enum | O | 0-6 | When scoring risk importance of the weight of the tests performed on the text content of customers’ orders. Allowed values: low normal high off Off |
| itemobscenitieshedge | string | enum | O | 0-6 | When scoring risk importance of the weight of the tests performed on the text content of customers’ orders. Allowed values: low normal high off |
| itemphonehedge | string | enum | O | 0-6 | Importance in scoring risk of the weight of the multiple tests performed on phone numbers. Allowed values: low normal high off |
| itemtimehedge | string | enum | O | 0-6 | Importance of time of day of the customer order in scoring risk. Allowed values: low normal high off |
| itemvelocityhedge | string | enum | O | 0-10 | Importance of the number of orders (purchase frequency) from a customer in a certain time period (the preceding 15 minutes) in scoring risk. Allowed values: low normal high off |
| businessrulesscorethreshold | integer | O | 0-2 | Acceptable level of risk for ordering each product. | |
| customField | string | alphanumeric | O | 0-255 | Up to 30 merchant-defined data fields that you can use to store information. |
Standard request fields
A number of existing HPP fields are mapped to Decision Manager. Some data is sent in the request POST, and some is entered by the cardholder on the HPP. Once your account is configured to communicate with Decision Manager, Global Payments will map the data to the correct Decision Manager fields.
| HPP Field | Syntax | Description |
|---|---|---|
| Card Number | string | The full Primary Account Number (PAN) of the card. |
| Card Type | string | Please see the list of supported Card Type Strings. |
| Expiry Date | string | The expiry date of the card. |
| Customer IP Address | string | The IP address of the customer's device. Allowed characters: [0-9:] |
| Order Id | string | A merchant supplied reference to identify this transaction. Must be unique for each attempt. Allowed characters: [a-zA-Z0-9_-] |
| Currency | string | The processing currency of the transaction. Please see the list of Currency Codes. |
| Amount | integer | The amount should be in the smallest unit of the required currency. For example: 2000 = €20.00 |
| Comment | string | You can submit up to two comments about this request. This information will be displayed under the transaction in Ecommerce Portal. |
Sample response
In addition to the Fraud Filter result, the data returned will include the full response from Decision Manager. Global Payments does not store any of this information. When you configure a third-party rule in Ecommerce Portal, the action will be based on the value of the decision element in the response from Decision Manager (that is, Accept, Review, Reject, Error).
[RESULT=00,
AUTHCODE=12345,
MESSAGE=[ test system ] Authorised,
PASREF=14631546336115597,
AVSPOSTCODERESULT=M,
AVSADDRESSRESULT=M,
CVNRESULT=M,
ACCOUNT=internet,
MERCHANT_ID=MerchantId,
ORDER_ID=N6qsk4kYRZihmPrTXWYS6g,
TIMESTAMP=20180613113227,
AMOUNT=1001,
CARD_PAYMENT_BUTTON=Pay Now,
MERCHANT_RESPONSE_URL=https://www.example.com/responseUrl,
HPP_LANG=GB,
SHIPPING_CODE=R90|ZQ7,
SHIPPING_CO=GB,
BILLING_CODE=E77|4QJ,
BILLING_CO=GB,
COMMENT1=Mobile Channel,
COMMENT2=Down Payment,
ECI=5
AUTHENTICATION_VALUE=ODQzNjgwNjU0ZjM3N2JmYTg0NTM=,
DS_TRANS_ID=c272b04f-6e7b-43a2-bb78-90f4fb94aa25,
MESSAGE_VERSION=2.1.0,
SRD=MMC0F00YE4000000715,
SHA1HASH=8ab81d4437e24a88a08cffb51c15151846bd7b61
HPP_FRAUDFILTER_MODE=PASSIVE,
HPP_FRAUDFILTER_RESULT=PASS,
HPP_FRAUDFILTER_RULE_478a55db-5430-4c2a-afca-7dde181eb9f4=PASS,
HPP_FRAUDFILTER_RULE_NAME=Decision Manager Rule,
HPP_DM_RAW_RESPONSE=<!-- Full Response Here, See Sample Below -->]
Decision Manager full response
For more information on the full response returned from Decision Manager, refer to Cybersource’s Decision Manager developer guide: Using the Simple Order API. You can find it on their website.
The example below shows what values will be returned to your application.
<c:replyMessage xmlns:c="urn:schemas-cybersource-com:transaction-data-1.118">
<c:merchantReferenceCode>N6qsk4kYRZihmPrTXWYS6g</c:merchantReferenceCode>
<c:requestID>4921661527746095104010</c:requestID>
<c:decision>ACCEPT</c:decision>
<c:reasonCode>100</c:reasonCode>
<c:requestToken>Ahjz7wSTCs3GO2ecVEAKEQFLlcJIrX9IjhqBvAhk0ky3SA7TWIDCTCs3GO2ecVEAKAAA8g0Y</c:requestToken>
<c:afsReply>
<c:reasonCode>100</c:reasonCode>
<c:afsResult>99</c:afsResult>
<c:hostSeverity>1</c:hostSeverity>
<c:consumerLocalTime>11:35:52</c:consumerLocalTime>
<c:afsFactorCode>F^H^V^Y</c:afsFactorCode>
<c:addressInfoCode>MM-A^MM-C^MM-CO^MM-ST^MM-Z^UNV-ADDR</c:addressInfoCode>
<c:hotlistInfoCode>NEG-ASUSP^NEG-BIN^NEG-CC^NEG-EM^NEG-SA^NEG-SUSP</c:hotlistInfoCode>
<c:suspiciousInfoCode>MUL-EM^RISK-TS</c:suspiciousInfoCode>
<c:velocityInfoCode>VEL-NAME^VELI-CC^VELI-EM^VELI-SA^VELL-CC^VELL-EM^VELL-SA^VELS-CC^VELS-EM^VELS-SA^VELV-CC^VELV-EM</c:velocityInfoCode>
<c:scoreModelUsed>default_eu</c:scoreModelUsed>
<c:cardBin>426397</c:cardBin>
</c:afsReply>
<c:decisionReply>
<c:casePriority>3</c:casePriority>
<c:activeProfileReply/>
<c:velocityInfoCode>MVEL-R5007</c:velocityInfoCode>
</c:decisionReply>
</c:replyMessage>
Decision Manager - Device Fingerprinting
The Device Fingerprinting service of Decision Manager gathers information about the customer devices that use your mobile app or place orders on your website. Use this unique identifier to consistently identify the location of a customer’s device, despite whatever identity masking techniques they may use (for example, a VPN or proxy).
The examples below show the One-Pixel Image and JavaScript Code for websites. This functionality is also available for Android and iOS apps.
Sample embedded scripts
<!-- One-Pixel Image -->
<p></p>
<img src="https://www.fingerprintingserver.com/fp/clear.png?org_id=<ORG ID>&session_id=<MERCHANT ID><SESSION ID>&m=2" alt="">
<!-- JavaScript -->
<script src="https://www.fingerprintingserver.com/fp/check.js?org_id=<ORG ID>&session_id=<MERCHANT ID><SESSION ID>"></script>
The scripts should be embedded—for example, on the checkout page that initiates the transaction. The value you pass in the POST request will be the Session ID included in the scripts (it's supplied as part of the Customer fields). In our example below, we're using a random 32-character string.
The Device Fingerprint service provides the following information in Decision Manager: Date Device First Seen, Application Type, Time on Page, and True IP Address. For apps, Device Longitude and Latitude are available, as well as whether the device is Jailbroken.
Sample request
<form action="https://pay.realexpayments.com/pay" method="POST" target="iframe">
<input type="hidden" name="TIMESTAMP" value="20180913154639">
<input type="hidden" name="MERCHANT_ID" value="Merchant ID">
<input type="hidden" name="ACCOUNT" value="internet">
<input type="hidden" name="ORDER_ID" value="N6qsk4kYRZihmPrTXWYS6g">
<input type="hidden" name="AMOUNT" value="16400">
<input type="hidden" name="CURRENCY" value="EUR">
<input type="hidden" name="SHA1HASH" value="3ee9c9e0e35b8cd95f7dc9bca43e024e1074c3dc">
<input type="hidden" name="AUTO_SETTLE_FLAG" value="1">
<input type="hidden" name="HPP_VERSION" value="2">
<input type="hidden" name="MERCHANT_RESPONSE_URL" value="https://www.example.com/responseUrl">
<!-- Device Fingerprint Session Id -->
<input type="hidden" name="HPP_CUSTOMER_DEVICEFINGERPRINT" value="kyhb-hc1sa5jdf-tjbqec-uz19a-5n5b">
<input type="submit" value="Click To Pay">
</form>
Generate hash
Follow the steps in this section to build the request security hash, concatenate the specified fields and hash them using the SHA-1 algorithm, concatenate the hashed string with your Shared Secret, hash it again, and add the resulting string to the request.
In addition to SHA-1, you can also generate your hash using SHA-256. The resulting hash should be placed in the <sha256hash> tag instead of the <sha1hash> tag. For more information, contact our support team at ecomsupport@globalpay.com.
Build the Request hash
Use the drop-down arrow below to select a request type: Fraud Filter and data submission. After you make a selection, the steps on how to build the request hash for that type are provided.
Check hash
Follow the steps in this section to build the response security hash, concatenate the specified fields and hash them using the SHA-1 algorithm, concatenate the hashed string with your Shared Secret, hash it again, and add the resulting string to the request.
Check the Response hash
Use the drop-down arrow below to select a request type: Fraud Filter and data submission. After you make a selection, the steps on how to check the response hash for that type are provided.