Anti-Fraud Tool
General questions.
What is the anti fraud tool?
It is the tool that Openpay provides for the prevention of fraud in card charges and it’s provided to all businesses registered on Openpay through the implementation of the openpay-data.js library with no extra charges.
How it works?
Once the openpay-data.js library or the android / iOS library is implemented on your website, each card transaction will be run some rules to determine if the transaction is fraudulent or legitimate. The entire process is performed within milliseconds, making it almost invisible to your customers.
The advanced set of rules that filters the transactions verify several factors including the credit / debit number, card address, email and device information used on the transaction.
How do I start using it?
If the transactions are made from a web page, the anti-fraud tool must be implemented using a JavaScript library. If the transactions are from a mobile device you can use our SDKs to implement it.
What does the API responds when a transaction is marked as fraudulent?
In this case the API will respond an error object with the following data:
Response:
See the error page for more information on the format of the error object.
What can I do if I want that a transaction marked as fraudulent to be approved? There’s no other choice but to tell the client to retry the payment with another card.
Javascript implementation.
1.- Load and setup
The library is loaded and the value for device_session_id
is initialized with the following code:
Nota: openpay-data.js depends on the openpay.js library. Watch to run the setSandboxMode() method from the openpay.js library first and the method setup after.
The formId
parameter receives the id from the form that contains the charge information that will be send to your server. It indicates to the library that this form is where you will add a hidden field with the device_session_id
.
ThedeviceIdHiddenFieldName
parameter, gets the hidden field name where device_session_id
be will be stored. This is important if you plan to get the value of the hidden field and send it through a submit.
Another way to handle the device_session_id
value is to store it in a variable and then attach it to an ajax request. This is a manual process:
2.- Server side handling
Every time someone comes to your page or website, the data will be collected directly from the device accessing it and the device_session_id
will be generated. Once your customer makes the charge to the card, be sure of sending the device_session_id
to your server as part of the transaction data.
Once the data has been received by your server, send the device_session_id
to the openpay servers as part of the request, see example below:
$chargeData = array( 'method' => 'card', 'source_id' => $POST["source_id"], 'amount' => (float)$POST["amount"], 'description' => $POST["description"], 'order_id' => 'ORDEN-00071', 'device_session_id' => $POST["deviceIdHiddenFieldName"] );
$charge = $openpay->charges->create($chargeData); ?>
To see a complete example on how to make a charge, please check the Charges Tutorial.
Android Implementation
Download and install the library: https://github.com/open-pay/openpay-android
The openpay-android library allows to use the anti-fraud tool in two different ways. First, using the implementation given by default, and the second one, is creating a custom implementation. Let’s see how to do it.
Before using the anti-fraud tool on your android project, you need to enable the following permissions on the AndroidManifest.xml file:
1.- Load and setup
To make the StatusListener default implementation use the following code to load the library and initialize the device_session_id
value:
Note The setup method requires to have the Activity object being used. In case this object is being called from a fragment, you can get the Activity object by using the
fragment.getActivity()
method.
2.- Server side handling
At the moment of processing the payment from the android device be sure of sending the device_session_id
to the servers, and also send it as part of the api request.
Additional parameters
a) Timeout configuration
b) Error Catching
iOS Implementation
Download and install the library: https://github.com/open-pay/openpay-ios
1.- Load and setup
Create a Openpay class instance and call the createDeviceSessionId
method.
NSString *sessionId= [openpayAPI createDeviceSessionId];
Note: Create the Openpay variable at class level not method level.