Risk Management

Risk Management is a security feature that allows you to effectively mitigate fraud when processing e-commerce transactions. The gateway currently supports risk assessment of transactions via risk service providers. For example, NuDetect.The risk service provider integrates with the gateway, and transactions submitted to the gateway are pre-screened using transaction filtering before being sent to the risk service provider for risk scoring. The configuration for a risk service provider is set up by your payment service provider.

Risk Initiation

You can choose when to send the transaction to the risk service provider for risk scoring. This is configured in your risk profile on the gateway by your payment service provider. The available options are:

  • Before transaction processing: The risk assessment request includes relevant data elements from the transaction request, a unique transaction identifier, and a risk assessment identifier generated by the payment gateway. No AVS, CSC or other acquirer response data is available.
  • After transaction processing: The risk assessment request includes relevant data elements from the transaction request, a unique transaction identifier, a risk assessment identifier generated by the payment gateway together with relevant transaction response data from the acquirer. AVS and CSC results are available for risk assessment.

Risk Processing

Only Authorization, Pay, Verify, and Standalone Capture transactions are assessed for risk. Risk assessment on other transactions such as Refunds, Standalone Refunds, or Voids is not performed.

If risk assessment on Verify is not performed (due to the Bypass Risk flag or communications failure from the risk service provider), then the gateway will allow you to risk assess the first financial transaction received on the order following Verify unless you also opt to bypass risk on that transaction.

The transactions are pre-screened using Transaction Filtering, and if rejected will not be sent to the risk service provider for risk scoring.

Even if you have not configured any transaction filtering rules or risk rules, your Payment Service Provider may have configured transaction filtering rules and these will always be applied to your transactions.

Risk Details

When you are configured to use a risk service provider, transactions processed through the gateway will be assessed for risk, and the risk assessment result (risk.response.gatewayCode) will be returned in the transaction response. Orders that are flagged for review as a result of risk assessment may be reviewed to be accepted or rejected on the risk service provider. The review decision will be returned in the risk.response.review.decision field.

Risk Assessment Result API Reference [REST][NVP]

You can choose to bypass risk assessment by providing risk.bypassMerchantRiskRules field in the transaction request. The rules configured by your payment service provider will still be applied.

Bypass Risk API Reference [REST][NVP]

You can search for the order or transaction in Merchant Administration using the risk assessment result or the review decision status. The risk assessment details are displayed on the order and transaction details page.

Copyright © 2021 MasterCard