How do I follow a payment with a Risk Decision?


Specifying for the RISKDEC to be performed after the AUTH allows Trust Payments to take into account the results of AVS, Security Code Checks and 3-D Secure checks performed when analysing the submitted details for fraud.



Process overview

  1. When the customer clicks “Pay” on your checkout, the Drop-In View Controller submits a request to Trust Payments.
  2. Trust Payments contacts the acquiring bank to process the payment.
  3. Trust Payments checks the payment details and generates a shield status code.
  4. Trust Payments returns the response JWT to your system. You will need to interpret the response.
If the shield status code is “CHALLENGE” or “DENY”, Trust Payments recommends that you update the AUTH to a suspended state (settle status “2”).  This allows you to review the transaction and either opt to proceed by updating the settle status of the AUTH to “1” or to cancel by updating the settle status to “3”.



Update the Drop-In View Controller

You will need to update the Drop-In View Controller process a RISKDEC after performing a standard transaction. This is done by specifying typeDescriptions, as shown in the example below:

let dropInVC = ViewControllerFactory.shared.dropInViewController(
	jwt: jwt,
	typeDescriptions: [.auth, .riskDec],
	payButtonTappedClosureBeforeTransaction: { (controller: DropInController) in},
	successfulPaymentCompletion: {
			jwt: String,
			responses: [JWTResponseObject],
			successMessage: String,
			cardReference: TPCardReference?
	transactionFailure: {
			jwt: String?,
			responses: [JWTResponseObject]?,
			errorMessage: String,
			error: NSError?



Response example

As with a standard payment, you will need to decode the JWT returned and check the response, in particular, the fraudcontrolshieldstatuscode and settlestatus fields.


The response is divided into two parts:


For the RISKDEC response field specification, scroll down to the “Interpreting the response” section.


  'requestreference': 'Ad4ft45gp',
    'version': '1.00',
    'response': [{
      'transactionstartedtimestamp': '2016-12-07 16:25:19',
        'livestatus': '0',
        'issuer': 'SecureTrading Test Issuer1',
        'splitfinalnumber': '1',
        'dccenabled': '0',
        'settleduedate': '2016-12-07',
        'errorcode': '0',
        'orderreference': 'My_Order_123',
        'tid': '27882788',
        'merchantnumber': '00000000',
        'merchantcountryiso2a': 'GB',
        'transactionreference': '1-2-345678',
        'merchantname': 'Test Merchant',
        'paymenttypedescription': 'VISA',
        'baseamount': '1011',
        'accounttypedescription': 'ECOM',
        'acquirerresponsecode': '00',
        'requesttypedescription': 'AUTH',
        'securityresponsesecuritycode': '2',
        'currencyiso3a': 'GBP',
        'authcode': 'TEST57',
        'errormessage': 'Ok',
        'operatorname': '[email protected]',
        'securityresponsepostcode': '0',
        'maskedpan': '411111######1111',
        'securityresponseaddress': '0',
        'issuercountryiso2a': 'US',
        'settlestatus': '0'
    }, {
      'acquirerrecommendedaction': 'C',
        'fraudcontrolresponsecode': '0100',
        'paymenttypedescription': 'VISA',
        'orderreference': 'My_Order_123',
        'transactionstartedtimestamp': '2016-12-07 16:25:19',
        'errormessage': 'Ok',
        'operatorname': '[email protected]',
        'parenttransactionreference': '1-2-345678',
        'fraudcontrolreference': 'TEST',
        'accounttypedescription': 'FRAUDCONTROL',
        'errorcode': '0',
        'transactionreference': '1-2-345679',
        'maskedpan': '411111######1111',
        'requesttypedescription': 'RISKDEC',
        'fraudcontrolshieldstatuscode': 'ACCEPT',
        'livestatus': '0'


Interpreting the response

The AUTH part of the response follows the same structure as a standard AUTH response. The RISKDEC part of the response contains new fields that are described below:



Field name Type Length Response Description
fraudcontrolshieldstatuscode Alpha 10 One of the following values:

  • “ACCEPT” – The details are not deemed suspicious.
  • “CHALLENGE” – Further investigation is recommended.
  • “DENY” – The details are suspicious and a transaction should not be performed.
  • “NOSCORE” – Returned when a parent AUTH Request has been declined.
fraudcontrolreference Alphanumeric 255 Unique reference to identify the Risk Decision check performed.
fraudcontrolresponsecode Numeric 4 A numeric code that is mapped to further information on the results of the Risk Decision checks performed.
acquirerrecommendedaction Char 1 Either:

  • “C” – Continue with the transaction.
  • “S” – Stop transaction.

Note that this ONLY a recommendation. Protect Plus does not guarantee against fraud.

rulecategoryflag Alphanumeric 255 Reference used to identify a condition that was met to return the DENY or CHALLENGE fraudcontrolshieldstatuscode.
rulecategorymessage Alphanumeric Not defined Condition that was met to return the DENY or CHALLENGE fraudcontrolshieldstatuscode.




We recommend that you thoroughly test your solution before enabling on your live Site Reference.
Click here for details that you can submit to simulate different RISKDEC responses on our test system.