Contents

TruFraudCheck

 

TruFraudCheck is a market leading counter-fraud solution that uses intelligent monitoring techniques to minimise risk and increase sales.

 


 

Process overview

How to enable

If you use acquiring.com as your acquiring bank, TruFraudCheck is already enabled and active on your site references.

Info
TruFraudCheck is currently only supported for merchants using acquiring.com.

To learn more about our acquiring partner, click here.

 

When does TruFraudCheck run?

TruFraudCheck automatically processes checks before any ACCOUNTCHECK, AUTH or THREEDQUERY request, and takes action depending on the outcome.

 

What checks are performed?

Our system will assist you in deciding on whether to process a customer’s transaction based on the perceived level of risk.

Warning
TruFraudCheck does not guarantee against fraud
You should consider all data regarding a transaction before accepting the payment.

 

What happens after the checks are performed?

Standard tier

TruFraudCheck will analyse transaction details and issue one of the following Shield status code values:

“DENY” Risk is deemed high

We will prevent authorisation from taking place. Instead, the payment will be cancelled with error code 60107 (“Invalid process – Fraud risk”).

The customer will be displayed an “Invalid process” error and have the opportunity to try again using a different payment method.

“ACCEPT” Risk is deemed low

Authorisation for payment will be sought from the issuing bank as with a standard transaction.

 

Enhanced tier


TruFraudCheck will analyse transaction details and issue one of the following Shield status code values:

“DENY” Risk is deemed high

We will prevent authorisation from taking place. Instead, the payment will be cancelled with error code 60107 (“Invalid process – Fraud risk”).

The customer will be displayed an “Invalid process” error and have the opportunity to try again using a different payment method.

“ACCEPT” Risk is deemed low

Authorisation for payment will be sought from the issuing bank as with a standard transaction.

“CHALLENGE” Risk is deemed moderate

Authorisation for payment will be sought from the issuing bank as with a standard transaction, but then automatically suspended by Trust Payments for up to 7 days, to allow you to investigate manually.

Note: This is only returned for merchants on the Enhanced tier.

 


 

Handling Challenges

Note: The “CHALLENGE” response is only returned for merchants on the Enhanced tier.

Providing the transactions were authorised by the issuing bank, payments flagged with “CHALLENGE” will be left in a suspended state (assigned settlestatus value 2). This allows you to follow your own procedures to investigate and ultimately approve or reject the affected transactions.

Warning
Transactions that are left in a suspended state for 7 days are automatically cancelled.
URL
During checkout, the customer’s browser will have displayed a success message as usual. It is your responsibility to contact the customer to communicate any delays, changes or cancelations to their order.

How to action:

To update the settlestatus of suspended transactions, you can either use MyST (our web portal), or submit a TRANSACTIONUPDATE request using our Webservices API.

 


 

How to view the result of checks

There are two ways to view the results of checks performed as part of the TruFraudCheck service:

Read on to learn more.

 

Using MyST

Sign in to MyST with a role that is permitted to view transactions.

If the transaction is shown in red as a “Failed transaction” (with error code 60107 “Invalid process – Fraud risk”), this indicates a “DENY” response was returned by TruFraudCheck and the transaction was cancelled due to a perceived high risk of fraud.

Then click the “Related” tab at the top of the page. From here you can select the TruFraudCheck request (as shown in the screenshot below).

Info
The “0 – Ok” next to the TruFraudCheck request indicates the request was processed successfully, NOT the outcome of the check. For example, in the screenshot below, “0 – Ok” is displayed despite a “DENY” response being returned.

 

This will open the details of the request in a new tab. Scroll to the bottom of the page, and click “Risk decision” to view the results of checks performed.

 

URL notifications

You can configure a URL notification to automatically send TruFraudCheck data to your server whenever a transaction is processed. To do so, you will need to sign into MyST with a user that has the required role to configure notifications in the Rule manager:

  1. Sign in to MyST.
  2. Search for your sitereference using the search box found at the top of the page.
  3. When viewing your site details, click “Rule manager“.

 

  1. Select the action type “URL notification” from the drop-down and your browser will be redirected.

 

  1. Create a new URL notification rule:
    • (A) Click “Add new condition” and create a condition that filters on Requests “RISKDEC2” and Error codes 0.
    • (B) Click “Add new action” and specify the endpoint for the URL notification. We recommend that you include the following Fields that are specific to TruFraudCheck:
      fraudcontrolreference, fraudcontrolshieldstatuscode, rulecategoryflag
    • (C) Using the drop-down boxes, assign the condition to the action and click “Create rule“.

 

  1. Ensure the rule is active (this is shown with a tick under the Active column). Once enabled, the rule will be applied to all transactions processed using the selected sitereference, and the URL notification will be triggered whenever the RISKDEC2 request (for TruFraudCheck) is performed.
Warning
All new rules should be created on your test sitereference and tested to ensure they work as expected before being added to your live sitereference.

 

  1. You must configure your system to respond to all URL notifications received from Trust Payments with an HTTP 200 OK response. For example: “HTTP/1.0 200 OK”.
    Your system must reply within 8 seconds of receiving a notification.

Click here for full documentation.

 


 

TruFraudCheck field specification

Field name Returned on Standard tier Returned on Enhanced tier Description
Shield status code
fraudcontrolshieldstatuscode
There are three possible values:

  • “ACCEPT” – Transaction is deemed low-risk,
  • “CHALLENGE” – Transaction is deemed moderate-risk and requires action from merchant.
    Note: This is only returned for merchants on the Enhanced tier.
  • “DENY” – Transaction is deemed high-risk and has been automatically cancelled.
Trufraudcheck order ID The TruFraudCheck order ID associated with the transaction.
Trufraudcheck request ID
fraudcontrolreference
Identifier of the event within the TruFraudCheck system.
Fraud category details
rulecategoryflag
The ID of the applied rules.
Neural score Risk index calculated only on the rules-based operations.

Integer between 0 and 1000:

  • 0 is minimum risk
  • 1000 is maximum risk
Trufraudcheck comments Indication of the reason for the decision.
Trufraudcheck tags Cloud of tags that were established linked to the event as a result of the processing of the score.