External Risk Providers
Forter Risk Assessment
Important Prerequisite
To use Forter’s risk service, you must have an existing account with Forter.Merchants can easily utilize Forter’s risk assessment within PayU Enterprise Authorization and Charge requests, and decide how to process their transactions based on Forter’s risk evaluation. Our decision engine allows you to process your payments (authorize or block) according to the Risk Result Status you receive from Forter. More on this topic here
The service provides the following benefits:
- An embedded risk assessment call within the Authorization and Charge requests.
- Chargeback guarantee policy – If a Forter-approved transaction is later disputed, Forter commits to cover the transaction amount.
- Can be used for transactions in every geographical location.
Configuring Forter
Start using Forter’s service by following these steps:
- Add Forter as a Provider to your account.
- Configure Business rules to determine how to proceed with transactions based on the risk assessment result. Note that you will need to devise your own blocking rules via the decision engine to prevent transactions from moving on to Authorization. Forter’s recommendations are not enacted automatically and thus require another step from your end to devise blocking rules. Our blocking recommendations are outlined below.
- Activate Forter’s risk assessment in the header of your Authorization or Charge request.
- Ensure PaymentsOS' API requests include all fields required by Forter to perform the risk assessment. Mandatory fields divided by request-type are listed here.
Flow Result and Chargebacks
After the main synchronous flow is complete, we inform Forter about the authorization result to enrich their algorithm and decision-making. The same applies to chargebacks as well.Step 1: Add Forter as a Provider
Go to Account -> Providers and choose ‘Forter Risk’. Insert the Forter SiteID and SecretKey to finalize the configuration (grab the SiteID and SecretKey from the Forter Portal).
Provider Condiguration ID
By configuring Forter, you will automatically generate a Configuration ID for the integration. You will need to pass this ID in the header of the request. see Activating Forter Risk Check in Requests.Step 2: Configure Blocking Rules
Forter’s risk assessment is a recommendation, and you will need to decide whether to implement their recommendation or not. All transactions are sent to authorization by default, unless otherwise specified. We recommend to block all transactions with a Failed risk status. Use the decision engine to configure blocking rules according to Risk Result Status (see Image 1).
Configure Blocking Rules: Add Blocking Condition
Blocking rules can be set to various Risk Result Statuses — Failed, Succeed, Unreviewed, Pending. We strongly advise to block rules with a Failed status, as shown in Image 2 below.
Configure Blocking Rules: Block Rules According to Risk Result Status
Step 3: Activate Forter Within Requests
To ensure transactions are reviewed by Forter, you must pass the x-risk-provider-config-id,x-client-ip-address, and x-client-user-agent fields in the request header of your Authorization or Charge call, like so:
x-payments-os-env: test
api-version: 1.3.0
x-client-ip-address: 10.0.0.127
x-risk-provider-config-id: 4efe54ff-5956-4df3-a295-b23c17836d21
x-client-user-agent: Chrome/47.0.2526.73
private-key: bede7ee5-eaaq-4c9a-bc1f-617ba28256ae
app-id: com.zooz.docapp
idempotency-key: AGJ8FJLkGHIpHUTK
Step 4: Pass all Required Fields for Forter’s Assessment
To ensure Forter evaluates your transactions, you must pass some Forter-specific fields according to the request type you will be sending.
Unless all required fields are passed, Forter may not review the transaction and it will receive an Unreviewed status. Learn more about various Risk statuses in the next section.
Risk Analysis Results
PaymentsOS maps Forter’s decision to one of the following statuses: Succeed, Failed, or Unreviewed.
Succeed means that the transaction is approved and covered by Forter. PayU can then proceed with the transaction to the authorization/charge request.
Failed indicates that Forter does not approve the transaction, so you are advised not to proceed with the authorization or charge request.
Unreviewed indicates that Forter did not review the transaction according to its policy. This may happen if some Forter-specific parameters were missing from the request.
Viewing Forter's Analysis Result
In case you wish to see the analysis result for your own analytics or internal use, you can grab it from the Authorization or Charge responses:
...
{
"risk_analysis":{
"id":"f6b8938f-2f90-4c10-832b-027a8597f1e6",
"result":{
"status":"Succeed",
"score":0
}
}
}
...
Fields for External Risk Assessment with Forter
When using Forter’s risk assessment service through PayU, you have to include specific fields in your requests to enable transaction risk evaluation. These fields can be included in different request types — Create Token, Create Payment, Create Authorization, or Create Charge.
Important Note about Mandatory Fields
If you are not saving tokens through PayU Enterprise platform, you will need to include the Create Token Required Fields withing your Create Payment, Authorization or Charge request.Header Fields
The following header-fields are mandatory and crucial to receive Forter’s risk assessment.
| Field | Description | Required/Optional |
|---|---|---|
| x-risk-provider-config-id
string |
The identifier of the risk provider configuration. For more information, see the API Reference. |
Required |
| x-client-ip-address
string |
The IP address of the client-userAgent (the client software that sent the request to the merchant). For more information, see the API Reference. |
Required |
| x-client-user-agent
string |
Identifies the client software that sent the request to you. For more information, see the API Reference. |
Required |
Create Token Fields
The following fields are mandatory and crucial to receive Forter’s risk assessment. Unless all fields are passed, Forter will return an Unreviewed status.
| Field | Description | Required/Optional |
|---|---|---|
| billing_address
object |
For a general description of this field, see the API Reference. |
Required |
| expiration_date
string |
For a general description of this field, see the API Reference. |
Required |
| holder_name
string |
For a general description of this field, see the API Reference. |
Required |
| ⇒ city
string |
For a general description of this field, see the API Reference. |
Required |
| ⇒ country
string |
For a general description of this field, see the API Reference. |
Required |
| ⇒ email
string |
For a general description of this field, see the API Reference. |
Required |
| ⇒ first_name
string |
For a general description of this field, see the API Reference. |
Required |
| ⇒ last_name
string |
For a general description of this field, see the API Reference. |
Required |
| ⇒ line1
string |
For a general description of this field, see the API Reference. |
Required |
| ⇒ state
string |
For a general description of this field, see the API Reference. |
Required |
| ⇒ zip_code
string |
For a general description of this field, see the API Reference. |
Required |
Create Payment Fields
The following fields help determine Forter’s risk assessment. Unless all required fields are passed, Forter will return an Unreviewed status.
| Field | Description | Required/Optional |
|---|---|---|
| order
object |
For a general description of this field, see the API Reference. | Required |
| ⇒ delivery_method
string |
For a general description of this field, see the API Reference. | Required |
| ⇒ delivery_type
string |
For a general description of this field, see the API Reference. | Required |
| ⇒ id
string |
For a general description of this field, see the API Reference. | Required |
| ⇒ gift_card
object |
Gift card information used for the payment. | Optional |
| ⇒⇒ amount
integer |
The amount applied from the gift card. | Required (if gift_card present) |
| ⇒⇒ code
string |
Gift card code. Maximum 150 characters. | Required (if gift_card present) |
| ⇒ discount
object |
Discount information applied to the payment. | Optional |
| ⇒⇒ amount
integer |
The discount amount applied. | Required (if discount present) |
| ⇒⇒ type
string |
Type of discount (e.g., COUPON). Maximum 250 characters. | Required (if discount present) |
| ⇒⇒ code
string |
Discount code. Maximum 150 characters. | Required (if discount present) |
| ⇒ line_items
array |
For a general description of this field, see the API Reference. | Required |
| ⇒⇒ id
string |
For a general description of this field, see the API Reference. | Required |
| ⇒⇒ item_type
string |
For a general description of this field, see the API Reference. | Required |
| ⇒⇒ name
string |
For a general description of this field, see the API Reference. | Required |
| ⇒⇒ quantity
integer |
For a general description of this field, see the API Reference. | Required |
| ⇒⇒ unit_price | For a general description of this field, see the API Reference. | Required |
| shipping_address
object |
For a general description of this field, see the API Reference. | Required |
| ⇒ city
string |
For a general description of this field, see the API Reference. | Required |
| ⇒ country
string |
For a general description of this field, see the API Reference. | Required |
| ⇒ first_name
string |
For a general description of this field, see the API Reference. | Required |
| ⇒ last_name
string |
For a general description of this field, see the API Reference. | Required |
| ⇒ line1
string |
For a general description of this field, see the API Reference. | Required |
| ⇒ state
string |
For a general description of this field, see the API Reference. | Required |
| ⇒ zip_code
string |
For a general description of this field, see the API Reference. | Required |
Create Authorization or Create Charge Fields
The following fields are mandatory and are specific to Forter. Passing these fields is crucial to receive Forter’s risk assessment. Unless all fields are passed, Forter will return an Unreviewed status.
| Field | Description | Required/Optional |
|---|---|---|
| channel_type
string |
The channel through which the order was placed. Can be one of the following values: telephone_order,mail_order,virtual_terminal,web_order,mobile_order.
|
Required |
| ⇒ forter
object |
Object holding parameters that must be passed when using Forter as risk provider. |
Required |
| provider_specific_data
object |
Object holding parameters that must be passed when using Forter as risk provider. |
Required |
| ⇒⇒ additional_details
object |
Object holding parameters that must be passed when using Forter as risk provider. |
Required |
| ⇒⇒⇒ mobile_uid
string |
The device identifier such as IMEI in Android or the vendor identifier in iOS, returned to you by the Forter mobile app SDK. Relevant to mobile transactions only. |
Required |
| ⇒⇒⇒ token_cookie
string |
The token cookie returned to you in the checkout page by the Forter checkout Javascript snippet. |
Required |
Testing
You can simulate different risk-result statuses by using the following emails in the billing_address.email field in your Create a Payment request:
- To simulate a
Succeedstatus, use: approve@forter.com - To simulate a
Failedstatus, use: decline@forter.com - To simulate a
Unreviewedstatus, use: notreviewed@forter.com