How do I precede a payment with a Risk Decision?


Process overview

  1. When the customer clicks “Pay” on your checkout, the Drop-In View Controller submits a request to Trust Payments.
  2. Trust Payments checks the payment details and generates a shield status code.
  3. Trust Payments contacts the acquiring bank to process the payment.
  4. Trust Payments returns the response JWT to your system. You will need to interpret the response.
By default, if the shield status code is “CHALLENGE” or “DENY”, Trust Payments will then suspend the transaction (updated to settle status “2”).  This allows you to review the transaction and either opt to proceed by updating the settle status of the AUTH to “1” or to cancel by updating the settle status to “3”.



Update the Drop-In View Controller

You will need to update the Drop-In View Controller process a RISKDEC prior to performing a standard transaction. This is done by specifying typeDescriptions, as shown in the example below:

let dropInVC = ViewControllerFactory.shared.dropInViewController(
	jwt: jwt,
	typeDescriptions: [.riskDec, .auth],
	payButtonTappedClosureBeforeTransaction: { (controller: DropInController) in},
	successfulPaymentCompletion: {
			jwt: String,
			responses: [JWTResponseObject],
			successMessage: String,
			cardReference: TPCardReference?
	transactionFailure: {
			jwt: String?,
			responses: [JWTResponseObject]?,
			errorMessage: String,
			error: NSError?



Response example

As with a standard payment, you will need to decode the JWT returned and check the response, in particular, the fraudcontrolshieldstatuscode and settlestatus fields.


The response is divided into two parts:


For the RISKDEC response field specification, scroll down to the “Interpreting the response” section.


  'requestreference': 'A0dcb11e6',
    'version': '1.00',
    'response': [{
      'acquirerrecommendedaction': 'C',
        'fraudcontrolresponsecode': '0100',
        'paymenttypedescription': 'VISA',
        'orderreference': 'My_Order_123',
        'transactionstartedtimestamp': '2016-12-07 16:19:28',
        'errormessage': 'Ok',
        'operatorname': '[email protected]',
        'fraudcontrolreference': 'TEST',
        'accounttypedescription': 'FRAUDCONTROL',
        'errorcode': '0',
        'transactionreference': '1-2-345678',
        'maskedpan': '411111######1111',
        'requesttypedescription': 'RISKDEC',
        'fraudcontrolshieldstatuscode': 'ACCEPT',
        'livestatus': '0'
    }, {
      'transactionstartedtimestamp': '2016-12-07 16:19:28',
        'parenttransactionreference': '1-2-345678',
        'livestatus': '0',
        'issuer': 'SecureTrading Test Issuer1',
        'splitfinalnumber': '1',
        'dccenabled': '0',
        'settleduedate': '2016-12-07',
        'errorcode': '0',
        'orderreference': 'My_Order_123',
        'tid': '27882788',
        'merchantnumber': '00000000',
        'merchantcountryiso2a': 'GB',
        'transactionreference': '1-2-345679',
        'merchantname': 'Test Merchant',
        'paymenttypedescription': 'VISA',
        'baseamount': '1011',
        'accounttypedescription': 'ECOM',
        'acquirerresponsecode': '00',
        'requesttypedescription': 'AUTH',
        'securityresponsesecuritycode': '2',
        'currencyiso3a': 'GBP',
        'authcode': 'TEST19',
        'errormessage': 'Ok',
        'operatorname': '[email protected]',
        'securityresponsepostcode': '0',
        'maskedpan': '411111######1111',
        'securityresponseaddress': '0',
        'issuercountryiso2a': 'US',
        'settlestatus': '0'


Interpreting the response

The AUTH part of the response follows the same structure as a standard AUTH response. The RISKDEC part of the response contains new fields that are described below:



Field name Type Length Response Description
fraudcontrolshieldstatuscode Alpha 10 One of the following values:

  • “ACCEPT” – The details are not deemed suspicious.
  • “CHALLENGE” – Further investigation is recommended.
  • “DENY” – The details are suspicious and a transaction should not be performed.
  • “NOSCORE” – Returned when a parent AUTH Request has been declined.
fraudcontrolreference Alphanumeric 255 Unique reference to identify the Risk Decision check performed.
fraudcontrolresponsecode Numeric 4 A numeric code that is mapped to further information on the results of the Risk Decision checks performed.
acquirerrecommendedaction Char 1 Either:

  • “C” – Continue with the transaction.
  • “S” – Stop transaction.

Note that this ONLY a recommendation. Protect Plus does not guarantee against fraud.

rulecategoryflag Alphanumeric 255 Reference used to identify a condition that was met to return the DENY or CHALLENGE fraudcontrolshieldstatuscode.
rulecategorymessage Alphanumeric Not defined Condition that was met to return the DENY or CHALLENGE fraudcontrolshieldstatuscode.




We recommend that you thoroughly test your solution before enabling on your live Site Reference.
Click here for details that you can submit to simulate different RISKDEC responses on our test system.