Obtains a fraud score and/or a fraud filter response from a payment gateway based on your criteria specified in your payment gateway. Example: when an account holder tries to make a purchase, you can take your chosen action on the account if:
To use this API, you must have fraud functionality enabled and configured in your payment gateway. Contact your payment gateway representative for setup information and additional documentation.
Notes:
For information about error messages generated by this API, see validate_acct_fraud_scoring_m_error messages.
| Req | Field Name | Field Type | Max Length | Description |
|---|---|---|---|---|
 |
client_no | long | 22 | Aria-assigned unique identifier indicating the Aria client providing service to this account. |
|
auth_key | string | 32 | Aria-assigned unique key to be passed with each method call for authenticating the validity of the requestor. |
|
acct_no | long | 22 | Aria-assigned account identifier. This value is unique across all Aria-managed accounts. |
| OR | ||||
| client_acct_id | string | 22 |
Client-defined identifier for the account. This value is unique across all Aria-managed accounts. |
|
|
amount | double |
The monetary amount of the electronic payment.
Notes:
|
|
| Start of plan_instance_list array | ||||
|
plan_instance_list | array | 22 | Pass in either the plan_instance_no or client_plan_instance_id to identify which master plan instance to use for fraud scoring. At this time, only the first value entered will be honored. Multiple values may be accepted in the future. To use fraud scoring, you must have it enabled and configured in your payment gateway's portal. Contact your payment gateway representative for setup information and additional documentation. The field names and allowable values for the array are highlighted in blue below. |
| Field Name | Field Type | Max Length | Description | |
 plan_instance_no |
long |
22 |
The Aria-assigned identifier for the master plan instance. |
|
| OR | ||||
| client_plan_instance_id |
string | 100 | The client-defined identifier for the master plan instance. | |
| End of plan_instance_list array | ||||
|
alt_pay_method | long | 1 |
If you want to use the account's current form of payment, leave this field empty. If you want to use an alternate payment method, enter "1" in this field. To authorize a tokenized credit card, pass 13 into the <alt_pay_method> field and follow the instructions in the <amount> field. |
| OR | ||||
| billing_group_no | long | 22 | The unique identifier for the billing group. | |
| OR | ||||
| client_billing_group_id | string | 100 | The client-defined identifier for the billing group. | |
| OR | ||||
| payment_method_no | long | 22 | Aria-assigned payment method ID. Either payment method or MPI (master plan instance) information must be provided. If both are provided, the identified payment method will be used to collect the amount due for the specified MPI. | |
| OR | ||||
| client_payment_method_id | string | 100 | Client-defined payment method ID. | |
| cc_num | string | 24 | Credit card number. | |
| cc_expire_mm | long | 2 | Expiration month of the credit card. | |
| cc_expire_yyyy | long | 4 | Expiration year of the credit card. | |
| cvv | long | 6 | Card verification value used to help confirm that a transaction is being requested by the card holder since this value is physically printed on the credit card. | |
| payment_source | long | 22 | Records the source of the payment information. | |
| alt_acct_group_no | long | 100 | Aria-assigned collection group to be used only for this specific call. This does not change the default collection group to which the account belongs. | |
| alt_client_acct_group_id | string | 100 | Client-defined collection group to be used only for this specific call. This does not change the default collection group to which the account belongs. | |
| track_data1 | string | 300 | Raw "track 1" data from a swiped credit card used in a card-present transaction. | |
| track_data2 | string | 300 | Raw "track 2" data from a swiped credit card used in a card-present transaction. | |
| bill_company_name | string | 100 | Company name of the billing contact. | |
| bill_first_name | string | 32 | First name of the billing contact. | |
| bill_middle_initial | string | 1 | Middle initial of the billing contact. | |
| bill_last_name | string | 100 | Last name of the billing contact. | |
| bill_address1 | string | 100 | First address line of the billing contact. | |
| bill_address2 | string | 100 | Second address line of the billing contact. If you want to delete existing data in this field, you must enter "~" in this field. | |
| bill_address3 | string | 100 | Third address line of the billing contact. | |
| bill_city | string | 32 | City of the billing contact. | |
| bill_state_prov | string | 10 |
State or province of the billing contact. The official postal-service code for any state, province, or territory in the United States, Australia, or Canada. This field does not support states, provinces, or territories in other countries. This field is ignored for all addresses outside the United States, Australia, and Canada. Use the <bill_locality> field for addresses in those countries. |
|
| bill_locality | string | 33 |
Locality of the billing contact. Use this field instead of the <bill_state_prov> field to identify the state, province or other local designation as appropriate for addresses in all countries other than the United States, Australia, and Canada. This field is ignored for all addresses in the United States, Australia, and Canada. |
|
| bill_country | string | 2 | Country of the billing contact. The International Organization for Standardization (ISO)-compliant 2-character country code abbreviation in uppercase. | |
| bill_zip | string | 16 | Zip code of the billing contact. | |
| bill_email | string | 320 | Email of the billing contact. | |
| bill_phone | string | 12 | Phone number of the billing contact. | |
| bill_phone_ext | string | 20 | Phone extension of the billing contact. | |
| bill_birthdate | string | 10 | Billing contact's date of birth. | |
| bill_drivers_license_no | string | 32 | Billing contact's driver's license number. | |
| ship_company_name | string | 100 | Company name of the shipping address contact. | |
| ship_first_name | string | 32 | First name of the shipping address contact. | |
| ship_last_name | string | 100 | Last name of the shipping address contact. | |
| ship_address1 | string | 100 | First address line of the shipping address contact. | |
| ship_address2 | string | 100 | Second address line of the shipping address contact. If you want to delete existing data in this field, you must enter "~" in this field. | |
| ship_address3 | string | 100 | Third address line of the shipping address contact. | |
| ship_city | string | 32 | City of the shipping address contact. | |
| ship_state_prov | string | 10 | State or province of the shipping address contact.
The official postal-service code for any state, province, or territory in the United States, Australia, or Canada. This field does not support states, provinces, or territories in other countries. This field is ignored for all addresses outside the United States, Australia, and Canada. Use the <ship_locality> field for addresses in those countries. |
|
| ship_locality | string | 30 |
Locality of the shipping address contact. Use this field instead of the <ship_state_prov> field to identify the state, province, or other local designation as appropriate for addresses in all countries other than the United States, Australia, and Canada. This field is ignored for all addresses in the United States, Australia, and Canada. |
|
| ship_country | string | 2 | Country of the shipping address contact. The ISO-compliant 2-character country code abbreviation in uppercase. | |
| ship_zip | string | 16 | Zip code of the shipping address contact. | |
| ship_phone | string | 30 | Phone number of the shipping address contact. | |
| ship_phone_extension | string | 30 | Phone extension of the shipping address contact. | |
| end_user_ip_address | string | 15 | IP address that was used to place an online order. | |
| end_user_browser_accept_header | string | 32 | Browser accept header that was used to place an online order. Example: “'text/html,application/xhtml+xml,application/xml ;q=0.9,*/*;q=0.8'”. | |
| end_user_browser_agent | string | 32 | Browser that was used to place an online order. Example: "Mozilla/5.0 (X11; Linux i586; rv:31.0) Gecko/20100101 Firefox/31.0". | |
| end_user_session_id | string | 32 | The client-generated session ID that is often used with captcha fraud prevention measures as part of an online order. | |
| Start of fraud_field array | ||||
| fraud_field | array | The processor-specific fraud scoring parameters passed as an array of fraud_field_name/fraud_field_value key-value pairs. To use fraud scoring, you must have it enabled and configured in your payment gateway's portal. Contact your payment gateway representative for setup information and additional documentation. The allowable fields and values for the key-value pairs are highlighted in blue below. | ||
| Field Name | Field Type | Max Length | Description | |
| customer_ani |
string | 32 | ANI (Automatic Number Identification) is a service that provides the receiver of a telephone call with the number of the calling phone. The method for providing this information is determined by the service provider (examples: AT&T, Sprint). |
|
| website_short_name |
string | 8 | Short name of the client's website. | |
| fencible_item_cash_value |
double | 12 | The cash value of any fencible items in the order. | |
| fraud_merchant_id |
string | 32 | A client-generated ID for a specific customer. | |
| customer_id_timestamp |
Time when the customer merchant ID was created in yyyy-mm-dd hh24:mi:ss format. | |||
| customer_gender |
long | 1 | Gender of the customer. Allowable Values | |
| customer_udf |
string | 100 | User-defined information in an online order. Example: “UPROMOCODE=X6Y3Z1&|UCUSTOMERREFERAL=SocialMedia&|UDISCOUNTGIVEN=10.00&|”. | |
| order_shipping_method |
long | 1 | Method of shipment for an item. The allowable values for American Express transactions are identified with " * ". If an invalid value is sent for American Express transactions, the transaction is rejected with response reason code 225 (invalid field data). The order_shipping_method field is required only if you are requesting a fraud score from Chase Paymentech. Allowable Values | |
| personal_information_payer_id |
string | 100 | Payer identification provided when using fraud scoring with a processor. Example: PayPal account number captured as part of an online order paid for using PayPal Express Checkout. |
|
| End of fraud_field array | ||||
| Start of fraud_control_fields array | ||||
| fraud_control_fields | array | Your chosen fraud protection options passed as an array of fraud_control_field_name/fraud_control_field_value key-value pairs. This array allows you to specify your fraud scoring and fraud filtering options. To use fraud protection, you must have fraud functionality enabled and configured in your payment gateway's portal. Contact your payment gateway representative for setup information and additional documentation. The allowable fields and values for the key-value pairs are highlighted in blue below. | ||
| Field Name | Field Type | Max Length | Description | |
| fraud_filtering_enabled |
string | 100 | Indicates whether to send a request to the processor for fraud filtering information. If you set it to 0 (disable), then Aria will ignore all other fraud filtering fields. Allowable Values | |
| change_status_on_fraud_filtering_failure |
string | 100 | Indicates whether to change the status of the account or master plan instance(s) if:
|
|
| status_on_fraud_filtering_failure |
string | 100 | If change_status _on_fraud_filtering_failure is set to true and the fraud filtering request returns a failure response, use this field to indicate the desired status of the master plan instance. | |
| change_status_on_fraud_filtering_review |
string | 100 | Indicates whether to change the status of the account or master plan instance(s) if fraud_filtering_enabled is set to 1 (enable). Set it to 1 (true) if you want to change the status. Set it to 0 (false) if you do not want to change the status. Allowable Values | |
| status_on_fraud_filtering_review |
string | 100 | If change_status _on_fraud_filtering_review is set to 1 (true), use this field to indicate the desired status of the master plan instance. | |
change_mp_status_on_fraud_filtering_cc_prefix_failure |
string | 100 | Indicates whether to change the status of the master plan instance(s) if the purchase transaction failed the fraud filtering check for the credit card prefix. Set it to 1 (true) if you want to change the status. Set it to 0 (false) if you do not want to change the status. (applies to Direct Post) Allowable Values | |
mp_status_on_fraud_filtering_cc_prefix_failure |
string | 100 | If change_mp_status_on_fraud_filtering_cc_prefix_failure is set to 1 (true), use this field to indicate the desired status of the master plan instance. (applies to Direct Post) | |
| change_mp_status_on_fraud_filtering_cc_number_failure |
string | 100 | Indicates whether to change the status of the master plan instance(s) if the purchase transaction failed the the fraud filtering check for the credit card number. Set it to 1 (true) if you want to change the status. Set it to 0 (false) if you do not want to change the status. (applies to Direct Post) Allowable Values | |
| mp_status_on_fraud_filtering_cc_number_failure |
string | 100 | If change_mp_status_on_fraud_filtering_cc_number_failure is set to 1 (true), use this field to indicate the desired status of the master plan instance. (applies to Direct Post) | |
change_mp_status_on_fraud_filtering_cc_issuing_country_failure |
string | 100 | Indicates whether to change the status of the master plan instance(s) if the purchase transaction failed the fraud filtering check for the credit card issuing country. Set it to 1 (true) if you want to change the status. Set it to 0 (false) if you do not want to change the status. (applies to Direct Post) Allowable Values | |
mp_status_on_fraud_filtering_cc_issuing_country_failure |
string | 100 | If change_mp_status_on_fraud_filtering_cc_issuing_country_failure is set to 1 (true), use this field to indicate the desired status of the master plan instance. (applies to Direct Post) | |
change_mp_status_on_fraud_filtering_cc_issuing_country_suspect |
string | 100 | Indicates whether to change the status of the master plan instance(s) if the fraud filtering check for the credit card issuing country returned a "suspect" value. Set it to 1 (true) if you want to change the status. Set it to 0 (false) if you do not want to change the status. (applies to Direct Post) Allowable Values | |
mp_status_on_fraud_filtering_cc_issuing_country_suspect |
string | 100 | If change_mp_status_on_fraud_filtering_cc_issuing_country_suspect is set to 1 (true), use this field to indicate the desired status of the master plan instance. (applies to Direct Post) | |
| fraud_scoring_enabled |
string | 100 | Indicates whether to send a request to the processor for a fraud score. If you set it to 0 (disable), then Aria will ignore all other fraud scoring fields. Allowable Values | |
| fraud_scoring_threshold |
string | 100 |
Allows you to set a threshold that your payment processor will use to determine a fraud score as a numeric value. If the payment processor returns a non-numeric fraud score response, Aria will ignore the threshold that you entered. To use fraud scoring, you must have it enabled and configured in your payment gateway's portal. Contact your payment gateway representative for setup information and additional documentation. As of now, it is not supported for Vantiv (Litle) processor. |
|
| change_status_on_fraud_scoring_failure |
string | 100 | Indicates whether to change the status of the account or master plan instance(s) if the fraud scoring request returns a failure response. Set it to 1 (true) if you want to change the status. Set it to 0 (false) if you do not want to change the status. Allowable Values | |
| status_on_fraud_scoring_failure |
string | 100 | If change_status_on_fraud_scoring_failure is set to 1 (true), use this field to indicate the desired status of the master plan instance. | |
| change_mp_status_on_fraud_scoring_failure |
string | 100 | Indicates whether to change the status of the master plan instance(s) if the fraud scoring request returns a failure response. Set it to 1 (true) if you want to change the status. Set it to 0 (false) if you do not want to change the status. (applies to Direct Post) Allowable Values | |
| mp_status_on_fraud_scoring_failure |
string | 100 | If change_mp_status_on_fraud_scoring_failure is set to 1 (true), use this field to indicate the desired status of the master plan instance. (applies to Direct Post) | |
| change_status_on_fraud_scoring_review |
This is a flag that indicates that the master plan instance status should be changed if a fraud scoring enabled was performed and "review" was returned as part of the fraud score result. Set it to 1 (True) if changing the master plan instance status is desired. Allowable Values | |||
| status_on_fraud_scoring_review |
This should only be set if change_status_on_fraud_scoring_review is set to 1 (True). This must be a valid Aria master plan instance status code. Allowable Values | |||
| End of fraud_control_fields array | ||||
| session_id | string | 100 | Value used with ThreatMetrix to identify Fraud Scoring Session | |
| cust_field_1 | string | 100 | Configurable value 1 to be used with ThreatMetrix. | |
| cust_field_2 | string | 100 | Configurable value 2 to be used with ThreatMetrix. | |
| cust_field_3 | string | 100 | Configurable value 3 to be used with ThreatMetrix. | |
| cust_field_4 | string | 100 | Configurable value 4 to be used with ThreatMetrix. | |
| cust_field_5 | string | 100 | Configurable value 5 to be used with ThreatMetrix. | |
| recurring_processing_model_ind | long | 1 |
Defines a recurring payment type for Credit Card and Tokenized Credit Cards. This feature is available to you if your payment gateway supports Cardholder Initiated Transactions (CIT) and Merchant Initiated Transactions (MIT). Note: Currently, for only the Vantiv payment gateway, the value in this field will automatically be set to 2 if your payment gateway or collection group configuration has the Send orderSource as recurring for all transactions option enabled. Refer to your payment gateway documentation to see if this applies. Please contact your payment gateway representative for more information. |
|
| attempt_3d_secure | string |
This will manually trigger a 3DSecure check if the payment gateway/processor supports this feature. To perform 3DS authentication, follow the instructions provided in the authorize_3dsecure_m API documentation. |
||
| bill_taxpayer_id | string | 32 | Taxpayer ID of the billing contact | |
| Start of proc_field_override array | ||||
| proc_field_override | array |
Your chosen data to send to your payment gateway passed as an array of proc_field_name/proc_field_value key-value pairs. The allowable field(s) and values for the key-value pairs are listed below. |
||
| Field Name | Field Type | Max Length | Description | |
 transaction_type |
string | 2 |
If you use Chase Paymentech, this field allows you to tell that payment gateway which transaction type is involved (examples: single or recurring transaction) when you process a customer's payment information. This field applies to credit cards and tokenized credit cards. If you don't pass a value into this field, it will default to -1 (use client configuration settings).
Notes:
Aria will use this order of precedence to determine the transaction type:
|
|
| Note: 3DS-related fields are listed below. Not all payment gateways support 3DS. The payment gateways documentation identifies payment gateways that support 3DS. Please contact your payment gateway representative for more information about which version of 3DS is supported and other details. | ||||
| end_user_browser_color_depth |
string | 2000 | Browser color depth in bits per pixel. You can obtain this by using the browser's screen.colorDepth property. Accepted values: 1, 4, 8, 15, 16, 24, 32 or 48 bit color depth. | |
| end_user_browser_java_enabled_ind |
string | 2000 | Boolean value indicating whether the customer's browser is able to execute Java. | |
| end_user_browser_language |
string | 2000 | Browser supported language (as defined in IETF BCP-Internet Engineering Task Force Best Current Practice 47). You can obtain this by using the browser's navigator.language property. | |
| end_user_browser_screen_height |
string | 2000 | Total height of the browser that was used for placing an online order. | |
| end_user_browser_screen_width |
string | 2000 |
Total width of the browser that was used for placing an online order. |
|
| end_user_browser_timezone_offset_mins |
string | 2000 | Difference between UTC (Universal Time Coordinated) time and the customer's browser local time, in minutes. | |
| End of proc_field_override array | ||||
| Req | Field Name | Field Type | Max Length | Description |
| bill_agreement_id | string | 32 |
Unique identifier of the bill agreement (also referred to as a token). To authorize a tokenized credit card, follow the instructions in the <amount> field. |
|
| cc_id | long | 2 |
A numeric code indicating the type of card. Allowable Values |
|
| disable_pmt_method_on_auth_failure | string | 5 |
Specifies whether to disable or enable a payment method after a failed card authorization. A card authorization will automatically be performed after successful completion of fraud scoring/filtering (if your payment gateway supports fraud scoring/filtering). If you pass in true and the authorization fails, the card is added to the account with a disabled status. |
|
| Field Name | Field Type | Description |
|---|---|---|
| error_code | long | Aria-assigned error identifier. 0 indicates no error. |
| error_msg | string | Description of any error that occurred. "OK" indicates no error. |
| proc_cvv_response | string | The processor return code from CVV (Card Verification Value) validation. |
| proc_avs_response | string | Processor return code from address validation |
| proc_cavv_response | string | The processor return code for security validation. |
| proc_status_code | string | The processor status code. |
| proc_status_text | string | The processor status description. |
| proc_payment_id | string | The processor payment ID. |
| proc_auth_code | string | Authorization code provided by the issuing bank. |
| proc_merch_comments | string | Additional information passed to payment processor. |
| proc_payer_auth_request | string | The unique number for an authorization. |
| proc_redirect_issuer_url | string | The URL to which you must post the 3DS (3D Secure) data. This will redirect the customer. |
| proc_fraud_scoring_info | array | The fraud scoring information provided by the payment processor as described below. |
| proc_fraud_score |
string | Fraud score provided by the payment processor. |
| proc_fraud_score_result |
string | Fraud score result provided by the payment processor, if available. |
| proc_fraud_filtering_info | array | The fraud filtering information provided by the payment processor as described below. |
| proc_fraud_country_status |
string | Fraud country status provided by the payment processor. |
| proc_fraud_country_code |
string | Fraud country code provided by the payment processor. |
| proc_fraud_score_result | string | Fraud score response provided by the payment processor. Used when automatically configured at payment processor to return pass, fail, or verify/suspect/unknown. |
| proc_initial_auth_txn_id | string | Transaction ID from payment processor. If received as part of an auth request, it must be retained for future settlement and match the value from the auth response. It should also be used for future recurring transaction auths/settlement. |
| Start of proc_3dsecure_data array | ||
|
proc_3dsecure_data |
array |
Array of 3D Secure processor-specific fields required for client-side integration. returned as proc_field_name/proc_field_value key-value pairs. The allowable fields and values for the key-value pairs are listed below. Note: Not all values for this field apply to all payment gateways. In addition, not all payment gateways support 3DS. The payment gateways documentation identifies payment gateways that support 3DS. Please contact your payment gateway representative for more information about which version of 3DS is supported and other details. |
| proc_field_name | Field Type | proc_field_value |
| attempt_3ds_auth_challenge |
string | Returns true or false to indicate whether or not the 3DS authorization challenge is enabled for the card. |
|
|
string | The unique number for a given authorization. |
| redirect_issuer_url |
string | The URL where you must post the 3DS data to. This will redirect the customer. |
| md |
string | The payment session identifier returned by the card issuer. |
| client_auth_token |
string | The client authorization token required to map the merchant account with the client JS SDK (JavaScript Software Development Kit). |
| cc_single_use_token |
string |
The single use token for the credit card. |
| cc_prefix |
string | The first six digits of the customer's card number. |
| pa_3ds_js_lib_url |
string | Your JavaScript Library URL path used for 3DS 2.0. |
| payer_auth_transaction_id |
string | The unique number for a given transaction. |
| payer_auth_reference_id |
string | The unique number for a given authorization. |
| pa_3ds_form_action |
string | This form action is used for a Direct Post call to decide whether to attempt device data collection or credit card authorization. |
| pa_3ds_df_method_url |
string | Method URL used for Device Fingerprint for 3DS 2.0 transactions. |
| pa_3ds_message_version |
string | Message/3DS version of the ongoing 3DS authorization. |
| pa_3ds_form_content |
string | If the issuer's Access Control Server (ACS) supports this feature, this field will receive content to populate the client’s form page to enable 3DS authentication. If the issuer’s ACS does not support this feature, no information for authentication will be returned to this field. |
| pa_3ds_df_post_url |
string | URL used for posting Device Fingerprint details for 3DS 2.0 transactions. |
| pa_3ds_cs_post_url |
string | URL returned by your payment gateway, which is used for the 3DS authorization challenge for 3DS 2.0 transactions. |
| End of proc_3dsecure_data_array | ||
| Field Name | Field Type | Description |
| processor_id | long | Payment Processor Id. |