Maintenance Work Notice!

We will carry out maintenance work on this documentation on Tuesday, 15.06.2021 between 3 pm and 4 pm CEST. Thank you for your understanding.

Page tree

Search

Skip to end of metadata
Go to start of metadata


About Fraud prevention with IP tracking

General information about Fraud prevention

Paygate supports different processes for fraud prevention. These include inquiries with credit agencies for the monitoring of the card's country of origin and payment guarantees for credit cards.

A large proportion of fraud attempts come from foreign countries. Paygate can check the country of origin and, in many cases the city of the IP address used. If the country of origin or the IP address of your customer is not one of your supplies countries or is not the same country as the credit card Issuer, Paygate can send an alert via e-mail or automatically refuse the payment.

75% of all fraud attempts are made with foreign credit cards. Paygate can check the card’s origin: If you enter the delivery country as a parameter, Paygate returns the country of origin of Visa and MasterCard issued cards and sends an e-mail if the delivery country differs from the card’s origin. You can then find out from the customer why the card’s origin differs from the delivery country to avoid fraud. Paygate can optionally refuse such payments immediately.


Additional parameters for Fraud prevention

Definitions

Data formats

Format

Description

a

alphabetical

as

alphabetical with special characters

n

numeric

an

alphanumeric

ans

alphanumeric with special characters

ns

numeric with special characters

bool

boolean expression (true or false)

3

fixed length with 3 digits/characters

..3

variable length with maximum 3 digits/characters

enum

enumeration of allowed values

dttm

ISODateTime (YYYY-MM-DDThh:mm:ss)


Abbreviations

Abbreviation

Description

Comment

CND

condition


M

mandatory

If a parameter is mandatory, then it must be present

O

optional

If a parameter is optional, then it can be present, but it is not required

C

conditional

If a parameter is conditional, then there is a conditional rule which specifies whether it is mandatory or optional


Notice: Please note that the names of parameters can be returned in upper or lower case.


Additional parameters for calling Paygate interface for credit cards

Fraud prevention via IP-tracking relates to VISA and MasterCard credit cards via Paygate interfaces payssl.aspx, paynow.aspx and direct.aspx.

For standard integration and other special parameters for making a credit card payment via the payssl.aspx, paynow.aspx and direct.aspx interfaces, please check the credit card handbook.

Notice: By default the fraud prevention functions are not activated. Computop Sales can activate these functions for you if required.

Notice: For security reasons, Paygate rejects all payment requests with formatting errors. Therefore, please use the correct data type for each parameter.

The following table describes the encrypted payment request parameters:

Parameter

Format

CND

Description

IPAddr

ans..15

O

IP address. If you transfer the IP address, Paygate can determine in which country and in which town your customer has connected with the Internet (see also IPZone). Format: 123.456.789.012

IPZone

ans..1100

O

Codes of countries from which you accept orders, 3 digits numeric according to ISO 3166-1.

Separate several countries by commas: 036,040,124. If you transmit countries in IPZone, Paygate checks the country of origin of your customer's IP address, whether it is included in your country list, and whether it corresponds to the country of the credit card (see below). Paygate also transmits the IP-country to your shop (see below). If the IP-country is not in your list or does not match the credit card Paygate can send a warning e-mail or refuse payments.

Zone

ans..1100

O

Codes of countries where you accept credit cards, 3 digits numeric or alphanumeric according to ISO 3166-1.

Separate several countries by commas: 036,040,124. If you transmit countries in Zone, Paygate checks the country of origin of your customer's credit card (MasterCard, Visa) and whether it is included in your approved country list. Paygate also transmits the card’s country to your shop (see below). If the card’s-country is not in your list or does not match your customer's IP address, Paygate can send a warning e-mail or refuse payments. In order to refuse cards from particular countries (negative list) enter an exclamation mark before that country code: !036,!040,!124.

Please note, there is a maximum length of 1100 characters.

Additional parameters for Fraud prevention for credit card payments


The following table gives the parameters with which Paygate responds:

Parameter

Format

CND

Description

Zone

a..7

O

If country codes have been entered in Zone Paygate returns the country code for the credit card or "UNKNOWN"

IPZone

a..7

O

If IP-countries are transmitted in IPZone in the case of the inquiry Paygate returns the country code of the IP address or "UNKNOWN"

IPZoneA2

a..7

O

If IPZone is submitted within the request Paygate returns the two-character country code of the IP address or "UNKNOWN" (DE=Germany, FR=France etc.).

IPState

a..32

O

If IPZone is submitted in the request, Paygate returns the federal state from which the IP address of your customer originates.

IPCity

a..32

O

If IPZone is submitted in the request, Paygate returns the town/city from which the IP address of your customer originates.

IPLongitude

n..20

O

If IPZone is submitted in the request, Paygate returns the geographical longitude (floating point, decimal) of the dial-in node (PoP) of your customer.

IPLatitude

n..20

O

If IPZone is submitted in the request Paygate returns the geographical latitude (floating point, decimal) of the dial-in node (PoP) of your customer

fsStatus

ans..9

OC

only via direct.aspx, only with EVO Payments International: ACCEPT=no suspicion of card fraud, DENY=refusal recommended, CHALLENGE= verification recommended, NOSCORE=No risk analysis, ENETFP=Exceptional error in the network, ERROR=Error in the data processing centre, ETMOUT=Timeout

fsCode

n4

OC

only via direct.aspx, only with EVO Payments International: Recommended action: <0000> no result, <0100> accept, <0150> always accept, <0200> deny, <0250> always deny, <0300> suspicious, <0330> please check, <0400> suspicious ReD blacklist, <0500> questionable, <0600> questionable ReD blacklist, <0700> threshold exceeded, <0800> unusual usage, <901> intern ebitGuard error, <902> format error

Additional response parameters for fraud prevention for credit card payments



Calling the interface for editing a Blacklist

In order to create, read, update or delete a blacklist entry via a Server-to-Server connection, call the following URL:


Notice: For security reasons, Paygate rejects all payment requests with formatting errors. Therefore, please use the correct data type for each parameter.

The following table describes the encrypted payment request parameters:

Parameter

Format

CND

Description

MerchantID

ans..30

M

MerchantID, assigned by Computop. Additionally this parameter has to be passed in plain language too.

MAC

an64

M

Hash Message Authentication Code (HMAC) with SHA-256 algorithm

EventToken

enum

M

Abbreviation of the action to be done: <Create>, <Read>, <Update> or <Delete>

BlackListInfo

ans...1024

M

Information about the blacklist entry as JSON string in the Base64 format. See table BlackListInfo below.

Parameters for calling the blacklist editing


The following table gives the parameters with which Paygate responds:

Parameter

Format

CND

Description

MID

ans..30

M

Merchant ID, assigned by Computop

MAC

an64

M

Hash Message Authentication Code (HMAC) with SHA-256 algorithm

Status

a..30

M

OK or FAILED

Description

ans..1024

C

Further details, if Status=FAILED

BlackListInfo

ans..1024

C

Information about the blacklist entry as JSON string in the Base64 format, if Status=OK. See table BlackListInfo below.

Result parameters for calling the blacklist editing


BlackListInfo

Following table describes the BlackListInfo object for EventToken Insert:

Parameter

Format

CND

Description

Category

enum

M

Category <EDD> for direct debit or <CC> for credit card

Number

ans..64

M

IBAN, if Category=EDD

Credit card number, if Category=CC

BIC

ans..32

C

BIC, if Category=EDD

Parameters for blacklist editing, EventToken Insert

 

Following table describes the BlackListInfo object for EventToken Update:

Parameter

Format

CND

Description

BlockID

an..32

M

Unique BlockID

LockActive

bool

M

Defines, if the entry should by blocked or not.

Blocked: <True>

Unlocked: <False>

Parameters for blacklist editing, EventToken Update

 

Following table describes the BlackListInfo object for EventToken Delete:

Parameter

Format

CND

Description

BlockID

an..32

M

Unique BlockID

Parameters for blacklist editing, EventToken Delete

 

The following table describes the BlackListInfo object with which the Paygate responds:

Parameter

Format

CND

Description

BlockID

an..32

M

Unique BlockID

MID

ans..30

M

Merchant ID, assigned by Computop

Category

enum

M

Category <EDD> for direct debit or <CC> for credit card

Number

ans..64

M

IBAN, if Category=EDD

Credit card number, if Category=CC

BIC

ans..32

C

BIC, if Category=EDD

MAC

an64

M

Hash Message Authentication Code (HMAC) with SHA-256 algorithm

LockActive

bool

M

Defines, if the entry should by blocked or not.

Blocked: <True>

Unlocked: <False>

Created

dttm

M

Time of creation (YYYY-MM-DD hh:mm:ss)

Changed

dttm

M

Time of modification (YYYY-MM-DD hh:mm:ss)

Result parameters for blacklist editing