External Risk Providers

PayU supports external risk-service providers and enables merchants to get an estimated transaction risk status within their Authorization or Charge requests (pre-authorization).

Forter Risk Assessment

Merchants can easily utilize Forter’s risk assessment within the PayU HUB Authorization and Charge requests, and decide how to process their transactions based on Forter’s risk evaluation. Our decision engine allows you to process your payments (authorize or block) according to the Risk Result Status you receive from Forter. More on this topic here

The service provides the following benefits:

  • An embedded risk assessment call within the Authorization and Charge requests.
  • Chargeback guarantee policy – If a Forter-approved transaction is later disputed, Forter commits to cover the transaction amount.
  • Can be used for transactions in every geographical location.

Configuring Forter

Start using Forter’s service by following these steps:

  1. Add Forter as a Provider to your account.
  2. Configure Business rules to determine how to proceed with transactions based on the risk assessment result. Note that you will need to devise your own blocking rules via the decision engine to prevent transactions from moving on to Authorization. Forter’s recommendations are not enacted automatically and thus require another step from your end to devise blocking rules. Our blocking recommendations are outlined below.
  3. Activate Forter’s risk assessment in the header of your Authorization or Charge request.
  4. Ensure PaymentsOS' API requests include all fields required by Forter to perform the risk assessment. Mandatory fields divided by request-type are listed here.

Step 1: Add Forter as a Provider

Go to Account -> Providers and choose ‘Forter Risk’. Insert the Forter SiteID and SecretKey to finalize the configuration (grab the SiteID and SecretKey from the Forter Portal).

Step 2: Configure Blocking Rules

Forter’s risk assessment is a recommendation, and you will need to decide whether to implement their recommendation or not. All transactions are sent to authorization by default, unless otherwise specified. We recommend to block all transactions with a Failed risk status. Use the decision engine to configure blocking rules according to Risk Result Status (see Image 1).

Configure Blocking Rules: Add Blocking Condition

Configure Blocking Rules: Add Blocking Condition

Blocking rules can be set to various Risk Result Statuses — Failed, Succeed, Unreviewed, Pending. We strongly advise to block rules with a Failed status, as shown in Image 2 below.

Configure Blocking Rules: Block Rules According to Risk Result Status

Configure Blocking Rules: Block Rules According to Risk Result Status

Step 3: Activate Forter Within Requests

To ensure transactions are reviewed by Forter, you must pass the x-risk-provider-config-id,x-client-ip-address, and x-client-user-agent fields in the request header of your Authorization or Charge call, like so:

x-payments-os-env: test 
api-version: 1.3.0 
x-client-ip-address: 10.0.0.127 
x-risk-provider-config-id: 4efe54ff-5956-4df3-a295-b23c17836d21 
x-client-user-agent: Chrome/47.0.2526.73
private-key: bede7ee5-eaaq-4c9a-bc1f-617ba28256ae 
app-id: com.zooz.docapp 
idempotency-key: AGJ8FJLkGHIpHUTK 

Step 4: Pass all Required Fields for Forter’s Assessment

To ensure Forter evaluates your transactions, you must pass some Forter-specific fields according to the request type you will be sending. Unless all required fields are passed, Forter may not review the transaction and it will receive an Unreviewed status. Learn more about various Risk statuses in the next section.

Risk Analysis Results

PaymentsOS maps Forter’s decision to one of the following statuses: Succeed, Failed, or Unreviewed.

Succeed means that the transaction is approved and covered by Forter. PayU can then proceed with the transaction to the authorization/charge request.

Failed indicates that Forter does not approve the transaction, so you are advised not to proceed with the authorization or charge request.

Unreviewed indicates that Forter did not review the transaction according to its policy. This may happen if some Forter-specific parameters were missing from the request.

Mandatory Fields Required by Forter

To ensure transactions are reviewed by Forter, you must pass some Forter-specific fields, depending on the request(s) you wish to be sending — Create Token, Create Payment, Create Authorization, or Create Charge.

Header Required Fields

The following header-fields are mandatory and crucial to receive Forter’s risk assessment.

Field Description
x-risk-provider-config-id

string


The identifier of the risk provider configuration. For more information, see the API Reference.

x-client-ip-address

string


The IP address of the client-userAgent (the client software that sent the request to the merchant). For more information, see the API Reference.

x-client-user-agent

string


Identifies the client software that sent the request to you. For more information, see the API Reference.

Create Token Required Fields

The following fields are mandatory and crucial to receive Forter’s risk assessment. Unless all fields are passed, Forter will return an Unreviewed status.

Field Description
billing_address

object


For a general description of this field, see the API Reference.

expiration_date

string


For a general description of this field, see the API Reference.

holder_name

string


For a general description of this field, see the API Reference.

⇒ city

string


For a general description of this field, see the API Reference.

⇒ country

string


For a general description of this field, see the API Reference.

⇒ email

string


For a general description of this field, see the API Reference.

⇒ first_name

string


For a general description of this field, see the API Reference.

⇒ last_name

string


For a general description of this field, see the API Reference.

⇒ line1

string


For a general description of this field, see the API Reference.

⇒ state

string


For a general description of this field, see the API Reference.

⇒ zip_code

string


For a general description of this field, see the API Reference.

Create Payment Required Fields

The following fields are mandatory and crucial to receive Forter’s risk assessment. Unless all fields are passed, Forter will return an Unreviewed status.

Field Description
order

object


For a general description of this field, see the API Reference.

⇒ delivery_method

string


For a general description of this field, see the API Reference.

⇒ delivery_type

string


For a general description of this field, see the API Reference.

⇒ id

string


For a general description of this field, see the API Reference.

⇒ line_items

array


For a general description of this field, see the API Reference.

⇒⇒ id

string


For a general description of this field, see the API Reference.

⇒⇒ item_type

string


For a general description of this field, see the API Reference.

⇒⇒ name

string


For a general description of this field, see the API Reference.

⇒⇒ quantity

integer


For a general description of this field, see the API Reference.

⇒⇒ unit_price
For a general description of this field, see the API Reference.

shipping_address

object


For a general description of this field, see the API Reference.

⇒ city

string


For a general description of this field, see the API Reference.

⇒ country

string


For a general description of this field, see the API Reference.

⇒ first_name

string


For a general description of this field, see the API Reference.

⇒ last_name

string


For a general description of this field, see the API Reference.

⇒ line1

string


For a general description of this field, see the API Reference.

⇒ state

string


For a general description of this field, see the API Reference.

⇒ zip_code

string


For a general description of this field, see the API Reference.

Create Authorization or Create Charge Required Fields

The following fields are mandatory and are specific to Forter. Passing these fields is crucial to receive Forter’s risk assessment. Unless all fields are passed, Forter will return an Unreviewed status.

Field Description
channel_type

string


The channel through which the order was placed. Can be one of the following values: telephone_order,mail_order,virtual_terminal,web_order,mobile_order.

⇒ forter

object


Object holding parameters that must be passed when using Forter as risk provider.

provider_specific_data

object


Object holding parameters that must be passed when using Forter as risk provider.

⇒⇒ additional_details

object


Object holding parameters that must be passed when using Forter as risk provider.

⇒⇒⇒ mobile_uid

string


The device identifier such as IMEI in Android or the vendor identifier in iOS, returned to you by the Forter mobile app SDK. Relevant to mobile transactions only.

⇒⇒⇒ token_cookie

string


The token cookie returned to you in the checkout page by the Forter checkout Javascript snippet.

Testing

You can simulate different risk-result statuses by using the following emails in the billing_address.email field in your Create a Payment request:

Last modified March 16, 2023