How do I follow a payment with a Risk Decision?


Specifying for the RISKDEC to be performed after the AUTH allows Trust Payments to take into account the results of AVS, Security Code Checks and 3-D Secure checks performed when analysing the submitted details for fraud.



Process overview

  1. When the customer clicks “Pay” on your checkout, the JavaScript library submits a request to Trust Payments.
  2. The customer is authenticated with 3-D Secure.
  3. Trust Payments contacts the acquiring bank to process the payment.
  4. Trust Payments checks the payment details and generates a shield status code.
  5. Trust Payments returns the response JWT to your system. You will need to interpret the response.
If the shield status code is “CHALLENGE” or “DENY”, Trust Payments recommends that you update the AUTH to a suspended state (settle status “2”).  This allows you to review the transaction and either opt to proceed by updating the settle status of the AUTH to “1” or to cancel by updating the settle status to “3”.



Update the JWT payload

You will need to update the JWT payload to instruct our JavaScript Library to process a RISKDEC following a standard transaction. This is done by submitting requesttypedescriptions following the specification outlined below:


Field specification

  Field Format Description
requesttypedescriptions List This must be set to [“THREEDQUERY”,”AUTH”,”RISKDEC”]


Payload example


Replace <DOMAIN> with a supported domain. Click here for a full list.



Handling the response

The contents of the response is dependent on whether the customer was subject to more stringent authentication (referred to as “Step-up” authentication):


Field Format Description
acquirerrecommendedaction Char (1) Either:

  • “C” – Continue with the transaction.
  • “S” – Stop transaction.

Note that this ONLY a recommendation. Protect Plus does not guarantee against fraud.

fraudcontrolreference Alphanumeric (255) Unique reference to identify the Risk Decision check performed.
fraudcontrolresponsecode Numeric (4) A numeric code that is mapped to further information on the results of the Risk Decision checks performed.
fraudcontrolshieldstatuscode Alpha (10) One of the following values:

  • “ACCEPT” – The details are not deemed suspicious.
  • “CHALLENGE” – Further investigation is recommended.
  • “DENY” – The details are suspicious and a transaction should not be performed.
  • “NOSCORE” – Returned when a parent AUTH Request has been declined.
rulecategoryflag Alphanumeric (255) Reference used to identify a condition that was met to return the DENY or CHALLENGE fraudcontrolshieldstatuscode.
rulecategorymessage Not defined Condition that was met to return the DENY or CHALLENGE fraudcontrolshieldstatuscode.




We recommend that you thoroughly test your solution before enabling on your live Site Reference.
Click here for details that you can submit to simulate different RISKDEC responses on our test system.