Risk Management is a security feature that allows merchants to effectively mitigate fraud when processing e-commerce transactions. The gateway currently supports risk assessment of transactions via external risk providers. The external risk provider integrates with the gateway, and transactions submitted to the gateway are pre-screened using transaction filtering before being sent to the external risk provider for risk assessment.
You can enable and configure an external risk provider using the Update Merchant Payment Details or Create or Update request.
The Create or Update Merchant operation is only supported from version 63 onwards.
Risk Service Provider Profile
If you want to enable risk assessment with a risk service provider, provide the following fields:
merchant.risk.providerId: A unique identifier issued by the gateway for the risk service provider for which you want to create or assign a profile for the merchant.
merchant.risk.profile.id: A unique identifier for the risk service provider profile that you want to assign to the merchant.
merchant.risk.profile.supportRiskScoringFor: Allows you to specify whether the risk profile can be shared across different merchant profiles.
merchant.risk.profile.defaultActionWhenUnableToPerformRiskAssessment: Indicates what action should be taken when the gateway does not get a risk assessment response from the Risk Service Provider.
These fields are only required if the service provider profile is not yet set up. If a profile exists already, please provide the profile reference in merchant.risk.profile.id.
If you want to disable the risk provider after enabling it, exclude the provider ID from the request.
Risk Scoring
You can provide a risk scoring status using the field merchant.risk.enableRiskAssessment. You can set it to:
TEST_AND_PRODUCTION: The risk service provider will assess both test and live transactions.
TEST_ONLY: The risk service provider will assess only test transactions.
The risk scoring option is not applicable to the NuDetect risk provider.
Risk Assessment Initiation
You can choose when you want to send the transaction to the external risk provider for risk assessment. The risk service provider assesses the transaction based on the information provided and the risk rules defined for the merchant. Provide your choice in the merchant.risk.assessmentInitiation field:
BEFORE_TRANSACTION_PROCESSING
AFTER_TRANSACTION_PROCESSING
BEFORE_AND_AFTER_TRANSACTION_PROCESSING
For the NuDetect risk provider, by default, the gateway sets merchant.risk.assessmentInitiation=BEFORE_TRANSACTION_PROCESSING as NuDetect only supports pre-authorization transactions for risk assessment.
Enabling Interceptas
To enable Interceptas, you must provide the following fields in the Update Merchant Payment Details or Create or Update request.
merchant.risk.providerId=INTERCEPTAS
merchant.risk.externalRisk.profileId: The unique identifier of the Interceptas risk profile, also known as Interceptas tenant profile.
This section describes a few scenarios on how to create and assign Interceptas tenant profiles to the merchant using the Update Merchant Payment Details request.
Scenario 1: Assigning a new Interceptas tenant profile where the merchant does not have Interceptas tenant profile assigned
When you provide an Interceptas tenant profile ID in the field merchant.risk.externalRisk.profileId, and if this ID does not exist on the Mastercard Gateway, the Merchant Boarding API attempts to create a new Interceptas tenant profile with this ID. If you have provided all the mandatory fields as listed below the API successfully creates the Interceptas tenant profile and assigns it to the merchant, who is automatically set as the lead merchant for this Interceptas tenant profile.
merchant.risk.interceptas.billingContact
merchant.risk.interceptas.businessContact
merchant.risk.interceptas.businessType
merchant.risk.interceptas.currency
merchant.risk.interceptas.locale
merchant.risk.interceptas.productionCredentials
merchant.risk.interceptas.serviceLevel
merchant.risk.interceptas.technicalContact
merchant.risk.interceptas.testCredentials
merchant.risk.interceptas.timezone
If you do not provide all the mandatory fields, the request fails and the merchant configuration is not updated.
Scenario 2: Assigning a new Interceptas tenant profile where the merchant has an Interceptas tenant profile assigned
If the merchant is already enabled for Accertify Interceptas and has an Interceptas profile currently assigned, you can create and assign a new Interceptas tenant profile for the merchant if this merchant is not the lead merchant for the currently assigned profile. The requirements for creating a new Interceptas profile are the same as listed above.
Scenario 3: Assigning an existing Interceptas tenant profile where merchant does not have an Interceptas tenant profile assigned
When you provide an Interceptas tenant profile ID in the field merchant.risk.externalRisk.profileId, and if this ID already exists on the Mastercard Gateway, then the Interceptas tenant profile is assigned to the merchant if:
the tenant profile has been configured to support multiple merchant profiles (merchant.risk.interceptas.supportRiskScoringFor = MULTIPLE_MERCHANT_PROFILES).
If you provide both the ID of an existing Interceptas profile and also the mandatory fields, then the existing Interceptas profile is assigned to the merchant if the aforementioned condition is met. The newly assigned Interceptas profile is not updated with the configuration details as sent in the request; this data is ignored.
Scenario 4: Assigning an existing Interceptas tenant profile where merchant has an Interceptas tenant profile assigned
If the merchant is already enabled for Accertify Interceptas and has an Interceptas profile currently assigned, you can assign an existing Interceptas profile to the merchant if:
the existing tenant profile has been configured to support multiple merchant profiles (merchant.risk.interceptas.profile.supportRiskScoringFor = MULTIPLE_MERCHANT_PROFILES), and
the merchant is not the lead merchant for the currently assigned profile.
If you provide both the ID of an existing Interceptas tenant profile and also the mandatory fields, then the existing Interceptas tenant profile is assigned to the merchant if the aforementioned conditions are met. The newly assigned Interceptas profile is not updated with the configuration details as sent in the request; this data is ignored.
Updating an Existing Interceptas Tenant Profile
You cannot update configuration details for an existing Interceptas Tenant Profile via the Merchant Boarding API.
The table below summarizes these scenarios:
InterceptasProfile ID
Mandatory fields
Is the merchant enabled for Accertify Interceptas?
Does the Interceptas profile identified in the request exist?
Is the merchant the lead merchant for the currently assigned profile?
Does the Interceptas Profile identified in the request support multiple merchant profiles?
Result
Result Description
provided
all provided
No
No
N/A
N/A
SUCCESS
Accertify Interceptas is enabled for the merchant
The Interceptas tenant profile is created using the provided configuration details.
The newly created Interceptas profile is assigned to the merchant.
The merchant is set as the lead merchant for this Interceptas profile.
provided
all not provided
No
No
N/A
N/A
ERROR
The new Interceptas profile cannot be created because one or more of the Interceptas profile configuration settings are not provided.
provided
all provided
Yes
No
No
N/A
SUCCESS
The Interceptas tenant profile is created using the provided configuration details.
The newly created Interceptas profile is assigned to the merchant.
provided
all provided
Yes
No
Yes
N/A
ERROR
The Interceptas profile currently assigned to the merchant cannot be changed because the merchant is the lead merchant for the Interceptas Profile currently assigned to them.
provided
ignored
No
Yes
N/A
Yes
SUCCESS
Enable merchant for Interceptas Risk.
Assign the Interceptas profile to the merchant.
Ignore any of the Interceptas profile configuration settings provided.
provided
ignored
Yes
Yes
No
Yes
SUCCESS
Assign the Interceptas profile to the merchant.
Ignore any of the Interceptas profile configuration settings provided.
not provided
all provided
Yes
N/A
Yes
N/A
ERROR
Interceptas Risk cannot be disabled for the merchant because the merchant is the lead merchant for the Interceptas Profile currently assigned to them.
provided
ignored
No
Yes
N/A
No
ERROR
The existing Interceptas profile cannot be assigned to the merchant because it does not allow multiple merchant profiles.
Interceptas Tenant Profile API Reference[REST][NVP]
Enabling NuDetect
To enable NuDetect, you must provide the following fields in the Update Merchant Payment Details request.
merchant.risk.providerId=NUDETECT
merchant.risk.externalRisk.profileId: The unique identifier of the NuDetect risk profile as defined in NuDetect. This field is case-sensitive.
The following table shows the NuDetect risk profiles that are available for configuration on the gateway. If you have multiple merchants onboarded, you can choose to assign different NuDetect risk profiles to your merchants or assign the same profile to all merchants.
NuDetect Risk Profile
Function
Description
Card Testing
Card testing/cycling
Transaction is risk assessed using the card payment data provided by the payer.
Trusted Checkout
Device identification and behavioral intelligence at checkout
Transaction is risk assessed using the payer interactions, device id and device location of the payer. The gateway collects the behavioral data using
Hosted Checkout or risk.js JavaScript SDK embedded in the merchant's web page.
Card Testing + Trusted Checkout
Card testing, device identification and behavioral intelligence at checkout
Transaction is risk assessed using both card payment data and behavioral data.
If a merchant requests a change of profile, provide the new profile in merchant.risk.externalRisk.profileId and re-submit the Update Merchant Payment Details request.