Anti-Fraud

General questions.

What is the anti fraud tool?

It is the tool that Openpay provides for the prevention of fraud in card charges and it’s provided to all businesses registered on Openpay through the implementation of the openpay-data.js library with no extra charges.

How it works?

Once the openpay-data.js library or the android / iOS library is implemented on your website, each card transaction will be run some rules to determine if the transaction is fraudulent or legitimate. The entire process is performed within milliseconds, making it almost invisible to your customers.

The advanced set of rules that filters the transactions verify several factors including the credit / debit number, card address, email and device information used on the transaction.

How do I start using it?

If the transactions are made from a web page, the anti-fraud tool must be implemented using a JavaScript library. If the transactions are from a mobile device you can use our SDKs to implement it.

What does the API responds when a transaction is marked as fraudulent?

In this case the API will respond an error object with the following data:

Response:

{
    "category": "gateway",
    "description": "The card was declined by fraud system",
    "http_code": 402,
    "error_code": 3005,
    "request_id": "4fc452d8-5ddc-4464-ae70-e03569622850"
}

See the error page for more information on the format of the error object.

What can I do if I want that a transaction marked as fraudulent to be approved?

There’s no other choice but to tell the client to retry the payment with another card.

Javascript implementation.

1.- Load and setup

The library is loaded and the value for device_session_id is initialized with the following code:

<script type='text/javascript' src="https://js.openpay.mx/openpay-data.v1.min.js"></script>
<script type="text/javascript">
  var deviceSessionId = OpenPay.deviceData.setup("formId", "deviceIdHiddenFieldName");
</script>

Note: openpay-data.js depends on the openpay.js library. Watch to run the setSandboxMode() method from the openpay.js library first and the method setup after.

Parameter formId, must store the form id which contains charge information to send. Say to he library this form contains the hidden field with the device_session_id.

Parameter deviceIdHiddenFieldName, needs the hidden field name than will store device_session_id. This field is important if you will need to recover the fiel value then send it with submit action.

Another way to handle the device_session_id value is to store it in a variable and then attach it to an ajax request. This is a manual process:

<script type='text/javascript' src="https://js.openpay.mx/openpay-data.v1.min.js"></script>
<script type="text/javascript">
  var deviceSessionId = OpenPay.deviceData.setup();
</script>

2.- Server side handling

Every time someone comes to your page or website, the data will be collected directly from the device accessing it and the device_session_idwill be generated. Once your customer makes the charge to the card, be sure of sending the device_session_id.

Once the data has been received by your server, send the device_session_id to the openpay servers as part of the request, see example below:

 'method' => 'card',
 'source_id' => $POST["source_id"],
 'amount' => (float)$POST["amount"],
 'description' => $POST["description"],
 'order_id' => 'ORDEN-00071',
 'device_session_id' => $POST["deviceIdHiddenFieldName"]
 );

$charge = $openpay->charges->create($chargeData);
?>

To see a complete example on how to make a charge, please check the Charges Tutorial.

Android Implementation

Download and install the library: https://github.com/open-pay/openpay-android

The openpay-android library allows to use the anti-fraud tool in two different ways. First, using the implementation given by default, and the second one, is creating a custom implementation. Let’s see how to do it.

Before using the anti-fraud tool on your android project, you need to enable the following permissions on the AndroidManifest.xml file:

<uses-permission android:name="android.permission.INTERNET"></uses-permission>
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" ></uses-permission>

​1.- Load and setup

To make the StatusListener default implementation use the following code to load the library and initialize the device_session_id:

Openpay openpay = new Openpay("MERCHANT_ID", "PUBLIC_API_KEY", productionMode);
String deviceSessionId = openpay.getDeviceCollectorDefaultImpl()
    .setup(this.getActivity());

Note: The setup method requires to have the Activity object being used. In case this object is being called from a fragment, you can get the Activity object by using the fragment.getActivity().

2.- Server side handling

At the moment of processing the payment from the android device be sure of sending the device_session_id to the servers, and also send it as part of the api request.

 CreateCardChargeParams charge = new CreateCardChargeParams()
                .cardId(this.registeredCard.getId())
                .amount(amount)
                .description(desc)
                .orderId(orderId)
                .capture(false)
                .deviceSessionId(deviceSessionId);
        Charge transaction = this.api.charges().create(charge);

Additional parameters

a) Timeout configuration

long millis=300000; //5 min
openpay.getDeviceCollectorDefaultImpl().setCancelSetupTime(millis);

b) Error Catching

String errors = openpay.getDeviceCollectorDefaultImpl().getErrorMessage();
Log.d(this.getClass().getName(), errors);

iOS Implementation

Download and install the library: https://github.com/open-pay/openpay-ios

1.- Load and setup

Create a Openpay class instance and call the method createDeviceSessionId

Openpay *openpayAPI = [[Openpay alloc] initWithMerchantId:MERCHANT_ID
                                                   apyKey:API_KEY
                                         isProductionMode:NO];

Note: Create the Openpay variable at class level not method level.