- Home
- All APIs
- WPG guide
- FraudSight Global
- FraudSight (Hosted)
FraudSight (Hosted)
Unparalleled data insights, industry leading technology, and fraud expertise combine to predict and prevent fraud.
Here you will find everything you need to get started with FraudSight - Hosted Payment Pages.
Before you start
- Talk to your Worldpay Relationship Manager or our Customer Support Team to confirm your requirements
- Confirm that your account has been enabled for FraudSight by Worldpay
Integration overview
There is no integration required for FraudSight with HPP. The Hosted Payment Pages collect the generic data used by FraudSight.
You have the option to supply additional shopper data in your payment request. This data contributes to the decision of authorising or refusing a payment in real time.
If you already use our Risk Management Module (RMM) you receive the <riskScore>
element in your order notifications. The content of this element changes specifically to FraudSight. This is an optional <FraudSight>
response element that returns the model reason codes. See
FraudSight risk checks
FraudSight risk checks can be completed either before authentication/authorisation, or after authorisation.
- FraudSight
<beforeAuthorisation>
risk check, without any other Worldpay Protect products:
- FraudSight
<beforeAuthorisation>
risk check, with other Worldpay Protect products:
- You submit your payment request, including any
additional data . - The shopper lands on the Hosted Payment Page and the
Worldpay Device JavaScript Collector (JSC) collects shopper device data. If you're using Worldpay's 3DS Flex, Device Data Collection (DDC) for 3DS authentication is also performed. - The payment request is submitted to the WPG.
- This example includes Worldpay's Exemption Engine, and an exemption decision is made.
- Where exemption does not apply, 3DS authentication is performed.
- The FraudSight Risk Check is performed.
- If the risk is low, payment is sent for authorisation. See the
FraudSight response table for a list of responses and what they mean. - The shopper receives a response and you receive an
order notification .
- FraudSight
<afterAuthorisation>
risk check, without other Worldpay Protect products:
- FraudSight
<afterAuthorisation>
risk check, with other Worldpay Protect products:
- You submit your payment request, including any
additional data . - The shopper lands on the Hosted Payment Page and the
Worldpay Device JavaScript Collector (JSC) collects shopper device data. If you're using Worldpay's 3DS Flex, Device Data Collection (DDC) for 3DS authentication is also performed. - The payment request is submitted to the WPG.
- This example includes Worldpay's Exemption Engine, and an exemption decision is made.
- Where exemption does not apply, 3DS authentication is performed.
- Payment is sent for authorisation.
- If payment is authorised, the FraudSight Risk Check is performed. See the
FraudSight response table for a list of responses and what they mean. - The shopper receives a response and you receive an
order notification .
- FraudSight
<beforeAuthentication>
risk check, with 3DS Flex:
- FraudSight
<beforeAuthentication>
risk check, with 3DS Flex and Exemption Engine:
- You submit your payment request, including any
additional data . - The shopper lands on the Hosted Payment Page and the
Worldpay Device JavaScript Collector (JSC) collects shopper device data. If you're using Worldpay's 3DS Flex, Device Data Collection (DDC) for 3DS authentication is also performed. - The payment request is submitted to the WPG.
- FraudSight Risk check is performed. See the
FraudSight response table for a list of responses and what they mean. - This example includes Worldpay's Exemption Engine, and an exemption decision is made.
- Where exemption does not apply, 3DS authentication is performed.
- Payment is sent for authorisation.
- The shopper receives a response and you receive an
order notification .
Worldpay Device JavaScript Collector (JSC)
Worldpay provide the Device JavaScript Collector within HPP. There's no requirement for integration.
The JSC collects shopper device data for device fingerprinting and IP geo-location insights. Use this data to create a more accurate internal review process and logic that contributes to the decision of authorising or refusing a payment in real time.
Note: Worldpay Device JSC is supported on beforeAuthorisation
and afterAuthorisation
risk checks. Support on beforeAuthentication
risk check is coming soon.
Payment requests
The following examples cover both a standard payment request and payment requests with additional data.
Standard payment request
When you submit the
Payment request with additional data
Within the element <FraudSightData>
you can provide additional data. Use this data to create a more accurate internal review process and logic. This will contribute to the decision of authorising or refusing a payment in real time.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://dtd.worldpay.com/paymentService_v1.dtd">
<paymentService version="1.4" merchantCode="YOUR_MERCHANT_CODE">
<submit>
<order orderCode="YOUR_ORDER_CODE" installationId="1015284">
<description>test order</description>
<amount value="100" currencyCode="GBP" exponent="2"/>
<orderContent>
<![CDATA[]]>
</orderContent>
<paymentMethodMask>
<include code="ALL"/>
</paymentMethodMask>
<shopper>
<shopperEmailAddress>a.shopper@worldpay.com(opens in new tab)</shopperEmailAddress(opens in new tab)>
</shopper>
<shippingAddress>
<address>
<firstName>A</firstName>
<lastName>Shopper</lastName>
<street>The Science Park</street>
<houseNumber>270</houseNumber>
<postalCode>CB4 0WE</postalCode>
<city>Cambridge</city>
<countryCode>GB</countryCode>
</address>
</shippingAddress>
<FraudSightData>
<customStringFields>
<customStringField1>nextDayShipping1</customStringField1>
<customStringField2>nextDayShipping2</customStringField2>
<customStringField3>nextDayShipping3</customStringField3>
<customStringField4>nextDayShipping4</customStringField4>
<customStringField5>nextDayShipping5</customStringField5>
<customStringField6>nextDayShipping6</customStringField6>
<customStringField7>nextDayShipping7</customStringField7>
<customStringField8>nextDayShipping8</customStringField8>
<customStringField9>nextDayShipping9</customStringField9>
<customStringField10>nextDayShipping10</customStringField10>
</customStringFields>
<customNumericFields>
<customNumericField1>111</customNumericField1>
<customNumericField2>111</customNumericField2>
<customNumericField3>111</customNumericField3>
<customNumericField4>111</customNumericField4>
<customNumericField5>111</customNumericField5>
<customNumericField6>111</customNumericField6>
<customNumericField7>111</customNumericField7>
<customNumericField8>111</customNumericField8>
<customNumericField9>111</customNumericField9>
<customNumericField10>111</customNumericField10>
</customNumericFields>
<shopperFields>
<shopperName>shopperName</shopperName>
<shopperId>shopperId</shopperId>
<birthDate>
<date dayOfMonth="01" month="06" year="2000"/>
</birthDate>
<shopperAddress>
<address>
<firstName>John</firstName>
<lastName>Smith</lastName>
<address1>Worldpay</address1>
<address2>270-289 The Science Park</address2>
<address3>Milton Road</address3>
<postalCode>CB4 0WE</postalCode>
<city>Cambridge</city>
<countryCode>GB</countryCode>
<telephoneNumber>1564645646465465</telephoneNumber>
</address>
</shopperAddress>
</shopperFields>
</FraudSightData>
</order>
</submit>
</paymentService>
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://dtd.worldpay.com/paymentService_v1.dtd"> <paymentService version="1.4" merchantCode="YOUR_MERCHANT_CODE"> <submit> <order orderCode="YOUR_ORDER_CODE" installationId="1015284"> <description>test order</description> <amount value="100" currencyCode="GBP" exponent="2"/> <orderContent> <![CDATA[]]> </orderContent> <paymentMethodMask> <include code="ALL"/> </paymentMethodMask> <shopper> <shopperEmailAddress>a.shopper@worldpay.com(opens in new tab)</shopperEmailAddress(opens in new tab)> </shopper> <shippingAddress> <address> <firstName>A</firstName> <lastName>Shopper</lastName> <street>The Science Park</street> <houseNumber>270</houseNumber> <postalCode>CB4 0WE</postalCode> <city>Cambridge</city> <countryCode>GB</countryCode> </address> </shippingAddress> <FraudSightData> <customStringFields> <customStringField1>nextDayShipping1</customStringField1> <customStringField2>nextDayShipping2</customStringField2> <customStringField3>nextDayShipping3</customStringField3> <customStringField4>nextDayShipping4</customStringField4> <customStringField5>nextDayShipping5</customStringField5> <customStringField6>nextDayShipping6</customStringField6> <customStringField7>nextDayShipping7</customStringField7> <customStringField8>nextDayShipping8</customStringField8> <customStringField9>nextDayShipping9</customStringField9> <customStringField10>nextDayShipping10</customStringField10> </customStringFields> <customNumericFields> <customNumericField1>111</customNumericField1> <customNumericField2>111</customNumericField2> <customNumericField3>111</customNumericField3> <customNumericField4>111</customNumericField4> <customNumericField5>111</customNumericField5> <customNumericField6>111</customNumericField6> <customNumericField7>111</customNumericField7> <customNumericField8>111</customNumericField8> <customNumericField9>111</customNumericField9> <customNumericField10>111</customNumericField10> </customNumericFields> <shopperFields> <shopperName>shopperName</shopperName> <shopperId>shopperId</shopperId> <birthDate> <date dayOfMonth="01" month="06" year="2000"/> </birthDate> <shopperAddress> <address> <firstName>John</firstName> <lastName>Smith</lastName> <address1>Worldpay</address1> <address2>270-289 The Science Park</address2> <address3>Milton Road</address3> <postalCode>CB4 0WE</postalCode> <city>Cambridge</city> <countryCode>GB</countryCode> <telephoneNumber>1564645646465465</telephoneNumber> </address> </shopperAddress> </shopperFields> </FraudSightData> </order> </submit> </paymentService>
Additional data
Additional data elements and attributes you can add to your request within <FraudSightData>
.
Best practice: Be consistent when you assign values to your custom fields to avoid a mismatch of data for your payments.
Element | Child element | Attribute | Description |
---|---|---|---|
<customStringFields> | |||
<customStringField1> | Add one to ten lines of customStringFields and provide additional data to support your request. Format: alpha numeric and special characters. Max length: 255 characters | ||
<customNumericField> | |||
<customNumericField1> | Add one to ten lines of customNumericFields and provide additional data to support your request Format: numeric characters only. Max length: 255 characters | ||
<shopperFields> | |||
<shopperName> | The shopper's name | ||
<shopperId> | Your ID for your shopper | ||
<birthDate> | The shopper's birthdate | ||
<date dayOfMonth="xx" month="xx" year="xxxx"/> | The shopper's date of birth | ||
<shopperAddress> | The address of the shopper on your system. When you use this element the following child elements must be used:
| ||
<firstName> | The first name of the shopper on your system. Format: alpha numeric and special characters | ||
<lastName> | The last name of the shopper on your system. Format: alpha numeric and special characters | ||
<houseNumber> | The shopper's house number for their given address Format: numeric characters | ||
<houseNumberExtension> | For example: Flat A. Format: alpha numeric and special characters | ||
<address1> | The first line of the shopper's address. Format: alpha numeric and special characters | ||
<address2> | The second line of the shopper's address. Format: alpha numeric and special characters | ||
<address3> | The third line of the shopper's address. Format: alpha numeric and special characters | ||
<postalCode> | The shopper's post code. Format: alpha numeric and special characters | ||
<city> | The shopper's city. Format: alpha numeric and special characters | ||
<countryCode> | The shopper's country. Format: ISO-3166 country code | ||
<telephoneNumber> | The shopper's telephone number. Format: alpha numeric and special characters |
Order notifications
Order notifications with FraudSight
If you use order notifications, we can notify you of the FraudSight response.
The notification includes both a <riskScore>
and <FraudSight>
element. These are optional but you need <riskScore>
enabled to receive the <FraudSight>
data.
Where a FraudSight response is not available, we still return the <riskScore>
from our Risk Management Module (RMM). Ask your Worldpay Relationship Manager or Support Team member to enable them on your account.
Response table for FraudSight
Element | Child element | Attribute | Description |
---|---|---|---|
<FraudSight> | score | The score returned by the FraudSight model | |
id | The unique identifier generated for the payment event | ||
message | FraudSight risk decision. Values:
| ||
<reasonCodes> | Risk reasons triggered by the FraudSight model. Values:
| ||
<riskScore> | provider | Describes the fraud product that assessed the payment. Values:
| |
finalScore | The score returned by the Risk Management Module | ||
id | The unique identifier generated for the payment event | ||
message | FraudSight risk decision. Values:
|
FraudSight decisions and payment flows
beforeAuthentication risk check
Message | Risk check decision |
---|---|
message = 'authenticate' or 'review, authenticate' in the <riskScore> or <FraudSight> element of the xml response. | The payment is sent for authentication* based on a set threshold. |
message = 'low-risk' or 'review' in the <riskScore> or <FraudSight> element of the xml response. | Authentication is skipped when the risk is perceived as low. |
message = 'high-risk' | The payment is refused when the risk score is perceived as high. |
*For eCom payments with 3DS
beforeAuthentication risk check with Exemption Engine
Message | Risk check decision |
---|---|
EE response is result = REJECTED reason=HIGH_RISK and message = 'high-risk' in the <riskScore> or <FraudSight> element of the XML response. | The payment is refused before an exemption is applied. |
EE response is result=REJECTED reason=FRAUDSIGHT_OVERRIDE and message = 'authenticate' or 'review, authenticate' in the <riskScore> or <FraudSight> element of the XML response. | The exemption decision is overridden and authentication enforced*. |
message = low-risk or message = review in the <riskScore> or <FraudSight> element of the XML response. | FraudSight determines the risk is low and the exemption decision is followed. |
*Participation in 3DS is required
beforeAuthentication risk check with dynamic 3DS override
Risk check decisions:
- When the FraudSight decision is
authenticate
orreview, authenticate
and you have dynamic 3DS override set tono3DS
, authentication is skipped - When the FraudSight decision is
low-risk
orreview
and you have dynamic 3DS override set todo3DS
, authentication is enforced
beforeAuthorisation risk check
Message | Risk check decision |
---|---|
message = 'high-risk' in the <riskScore> or <FraudSight> element of the XML response. | The payment is refused when the risk is high. |
message = 'low-risk' or message = 'review' in the <riskScore> or <FraudSight> element of the XML response. | The payment is sent for authorisation when the risk is perceived as low, or requires a review. |
afterAuthorisation risk check
Message | Risk check decision |
---|---|
message = 'high-risk' in the <riskScore> or <FraudSight> element of the XML response. | High-risk: authorisation is cancelled. |
message = 'low-risk' or message = 'review' in the <riskScore> or <FraudSight> element of the XML response. | When the risk is perceived as low the authorised payment is complete. |
None. | Card issuer and scheme refused payments are skipped from the afterAuthorisation risk check. |
FraudSight response examples
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://dtd.wp.fte08.test.worldpay.com/dtd/paymentService_v1.dtd">
<paymentService version="1.4" merchantCode="YOUR_MERCHANT_CODE">
<reply>
<orderStatus orderCode="YOUR_ORDER_CODE">
<payment>
<paymentMethod>VISA-SSL</paymentMethod>
<amount value="100" currencyCode="EUR" exponent="2" debitCreditIndicator="credit"/>
<lastEvent>AUTHORISED</lastEvent>
<CVCResultCode description="NO RESPONSE FROM ACQUIRER"/>
<AVSResultCode description="NO RESPONSE FROM ACQUIRER"/>
<balance accountType="IN_PROCESS_AUTHORISED">
<amount value="100" currencyCode="EUR" exponent="2" debitCreditIndicator="credit"/>
</balance>
<cardNumber>4444**1111</cardNumber>
<riskScore Provider="FraudSight" finalScore="0" id="188a9ae6-21c4-4fd9-87cd-8df4c719aaf1" message="low-risk"/>
<FraudSight score="0.00267" id="188a9ae6-21c4-4fd9-87cd-8df4c719aaf1" message="low-risk">
<reasonCodes>
<reasonCode>Card Unfamiliarity</reasonCode>
<reasonCode>High Risk Email</reasonCode>
</reasonCodes>
</FraudSight>
</payment>
</orderStatus>
</reply>
</paymentService>
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://dtd.wp.fte08.test.worldpay.com/dtd/paymentService_v1.dtd"> <paymentService version="1.4" merchantCode="YOUR_MERCHANT_CODE"> <reply> <orderStatus orderCode="YOUR_ORDER_CODE"> <payment> <paymentMethod>VISA-SSL</paymentMethod> <amount value="100" currencyCode="EUR" exponent="2" debitCreditIndicator="credit"/> <lastEvent>AUTHORISED</lastEvent> <CVCResultCode description="NO RESPONSE FROM ACQUIRER"/> <AVSResultCode description="NO RESPONSE FROM ACQUIRER"/> <balance accountType="IN_PROCESS_AUTHORISED"> <amount value="100" currencyCode="EUR" exponent="2" debitCreditIndicator="credit"/> </balance> <cardNumber>4444**1111</cardNumber> <riskScore Provider="FraudSight" finalScore="0" id="188a9ae6-21c4-4fd9-87cd-8df4c719aaf1" message="low-risk"/> <FraudSight score="0.00267" id="188a9ae6-21c4-4fd9-87cd-8df4c719aaf1" message="low-risk"> <reasonCodes> <reasonCode>Card Unfamiliarity</reasonCode> <reasonCode>High Risk Email</reasonCode> </reasonCodes> </FraudSight> </payment> </orderStatus> </reply> </paymentService>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://dtd.wp.fte08.test.worldpay.com/dtd/paymentService_v1.dtd">
<paymentService version="1.4" merchantCode="YOUR_MERCHANT_CODE">
<reply>
<orderStatus orderCode="YOUR_ORDER_CODE">
<payment>
<paymentMethod>VISA-SSL</paymentMethod>
<amount value="4000" currencyCode="EUR" exponent="2" debitCreditIndicator="credit"/>
<lastEvent>REFUSED</lastEvent>
<ISO8583ReturnCode code="34" description="FRAUD SUSPICION"/>
<CVCResultCode description="NOT SENT TO ACQUIRER"/>
<AVSResultCode description="NOT SENT TO ACQUIRER"/>
<riskScore Provider="FraudSight" finalScore="100" id="ae69cd9f-8031-419d-ae6b-fce0a98a33ef" message="high-risk"/>
<FraudSight score="0.00666" id="ae69cd9f-8031-419d-ae6b-fce0a98a33ef" message="high-risk">
<reasonCodes>
<reasonCode>Card Unfamiliarity</reasonCode>
<reasonCode>High Risk Email</reasonCode>
</reasonCodes>
</FraudSight>
</payment>
</orderStatus>
</reply>
</paymentService>
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://dtd.wp.fte08.test.worldpay.com/dtd/paymentService_v1.dtd"> <paymentService version="1.4" merchantCode="YOUR_MERCHANT_CODE"> <reply> <orderStatus orderCode="YOUR_ORDER_CODE"> <payment> <paymentMethod>VISA-SSL</paymentMethod> <amount value="4000" currencyCode="EUR" exponent="2" debitCreditIndicator="credit"/> <lastEvent>REFUSED</lastEvent> <ISO8583ReturnCode code="34" description="FRAUD SUSPICION"/> <CVCResultCode description="NOT SENT TO ACQUIRER"/> <AVSResultCode description="NOT SENT TO ACQUIRER"/> <riskScore Provider="FraudSight" finalScore="100" id="ae69cd9f-8031-419d-ae6b-fce0a98a33ef" message="high-risk"/> <FraudSight score="0.00666" id="ae69cd9f-8031-419d-ae6b-fce0a98a33ef" message="high-risk"> <reasonCodes> <reasonCode>Card Unfamiliarity</reasonCode> <reasonCode>High Risk Email</reasonCode> </reasonCodes> </FraudSight> </payment> </orderStatus> </reply> </paymentService>
Order notifications with RMM
When FraudSight is unavailable we fallback to our Risk Management Module (RMM).
RMM is included with FraudSight. RMM returns a <riskScore>
.
When FraudSight is unavailable at the point of the beforeAuthentication
or beforeAuthorisation
risk check, the payment falls back to RMM pre and post authorisation risk checks.
When FraudSight is unavailable at the point of the afterAuthorisation risk check, the payment falls back to RMM post-authorisation checks only.
Note: Returning the <riskScore>
is optional.
Ask your Worldpay Relationship Manager or Support Team member to enable this on your account.
Response table for RMM
Element | Attribute | Mandatory/Optional | Description |
---|---|---|---|
<riskScore> | Optional | Enabled by default for RMM. <riskScore> is optional for both your RMM and FraudSight response | |
provider | The risk management tool providing the response | ||
finalScore | The final score assigned to this transaction by RMM |
RMM response examples
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN"
"http://dtd.wp.fte08.test.worldpay.com/dtd/paymentService_v1.dtd">
<paymentService version="1.4" merchantCode="YOUR MERCHANT CODE">
<reply>
<orderStatus orderCode="YOUR ORDER CODE">
<payment>
<paymentMethod>VISA-SSL</paymentMethod>
<amount value="100" currencyCode="GBP" exponent="2" debitCreditIndicator="credit"/>
<lastEvent>AUTHORISED</lastEvent>
<CVCResultCode description="NO RESPONSE FROM ACQUIRER"/>
<AVSResultCode description="NO RESPONSE FROM ACQUIRER"/>
<balance accountType="IN_PROCESS_AUTHORISED">
<amount value="100" currencyCode="GBP" exponent="2" debitCreditIndicator="credit"/>
</balance>
<cardNumber>4444**1111</cardNumber>
<riskScore Provider="RiskManagement" finalScore="21"/>
</payment>
</orderStatus>
</reply>
</paymentService>
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://dtd.wp.fte08.test.worldpay.com/dtd/paymentService_v1.dtd"> <paymentService version="1.4" merchantCode="YOUR MERCHANT CODE"> <reply> <orderStatus orderCode="YOUR ORDER CODE"> <payment> <paymentMethod>VISA-SSL</paymentMethod> <amount value="100" currencyCode="GBP" exponent="2" debitCreditIndicator="credit"/> <lastEvent>AUTHORISED</lastEvent> <CVCResultCode description="NO RESPONSE FROM ACQUIRER"/> <AVSResultCode description="NO RESPONSE FROM ACQUIRER"/> <balance accountType="IN_PROCESS_AUTHORISED"> <amount value="100" currencyCode="GBP" exponent="2" debitCreditIndicator="credit"/> </balance> <cardNumber>4444**1111</cardNumber> <riskScore Provider="RiskManagement" finalScore="21"/> </payment> </orderStatus> </reply> </paymentService>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN"
"http://dtd.wp.fte08.test.worldpay.com/dtd/paymentService_v1.dtd">
<paymentService version="1.4" merchantCode="YOUR MERCHANT CODE">
<reply>
<orderStatus orderCode="YOUR ORDER CODE">
<payment>
<paymentMethod>VISA-SSL</paymentMethod>
<amount value="345" currencyCode="GBP" exponent="2" debitCreditIndicator="credit"/>
<lastEvent>REFUSED</lastEvent>
<ISO8583ReturnCode code="34" description="FRAUD SUSPICION"/>
<CVCResultCode description="NOT SENT TO ACQUIRER"/>
<AVSResultCode description="NOT SENT TO ACQUIRER"/>
<riskScore Provider="RiskManagement" finalScore="100"/>
</payment>
</orderStatus>
</reply>
</paymentService>
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://dtd.wp.fte08.test.worldpay.com/dtd/paymentService_v1.dtd"> <paymentService version="1.4" merchantCode="YOUR MERCHANT CODE"> <reply> <orderStatus orderCode="YOUR ORDER CODE"> <payment> <paymentMethod>VISA-SSL</paymentMethod> <amount value="345" currencyCode="GBP" exponent="2" debitCreditIndicator="credit"/> <lastEvent>REFUSED</lastEvent> <ISO8583ReturnCode code="34" description="FRAUD SUSPICION"/> <CVCResultCode description="NOT SENT TO ACQUIRER"/> <AVSResultCode description="NOT SENT TO ACQUIRER"/> <riskScore Provider="RiskManagement" finalScore="100"/> </payment> </orderStatus> </reply> </paymentService>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN"
"http://dtd.wp.fte08.test.worldpay.com/dtd/paymentService_v1.dtd">
<paymentService version="1.4" merchantCode="YOUR MERCHANT CODE">
<reply>
<orderStatus orderCode="YOUR ORDER CODE">
<payment>
<paymentMethod>VISA-SSL</paymentMethod>
<amount value="100" currencyCode="GBP" exponent="2" debitCreditIndicator="credit"/>
<lastEvent>REFUSED</lastEvent>
<ISO8583ReturnCode code="34" description="FRAUD SUSPICION"/>
<CVCResultCode description="NOT SENT TO ACQUIRER"/>
<AVSResultCode description="NOT SENT TO ACQUIRER"/>
<riskScore Provider="RiskManagement" finalScore="171"/>
</payment>
</orderStatus>
</reply>
</paymentService>
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://dtd.wp.fte08.test.worldpay.com/dtd/paymentService_v1.dtd"> <paymentService version="1.4" merchantCode="YOUR MERCHANT CODE"> <reply> <orderStatus orderCode="YOUR ORDER CODE"> <payment> <paymentMethod>VISA-SSL</paymentMethod> <amount value="100" currencyCode="GBP" exponent="2" debitCreditIndicator="credit"/> <lastEvent>REFUSED</lastEvent> <ISO8583ReturnCode code="34" description="FRAUD SUSPICION"/> <CVCResultCode description="NOT SENT TO ACQUIRER"/> <AVSResultCode description="NOT SENT TO ACQUIRER"/> <riskScore Provider="RiskManagement" finalScore="171"/> </payment> </orderStatus> </reply> </paymentService>
Testing
To test your setup, use our
Payment request reference table
If you make an error in formatting your request you'll receive one of the following responses.
Custom field/Shopper field | Field | Characters supported | Could be empty? | XML response error codes |
---|---|---|---|---|
Custom field | <customStringField1> | alpha-numeric and special characters | No | <error code="5"><![CDATA[The tag 'customStringField1' cannot be empty]]></error> |
Custom field | <customNumericField2> | Numeric characters | No | <error code="5"><![CDATA[The tag 'customNumericField2' isn't a valid number]]></error> <error code="5"><![CDATA[The tag 'customNumericField2' cannot be empty]]></error> |
Shopper field | <shopperName> | alpha-numeric and special characters | No | <error code="5"><![CDATA[The tag 'shopperName' cannot be empty]]></error> |
Shopper field | <shopperId> | alpha-numeric and special characters | No | <error code="5"><![CDATA[The tag 'shopperId' cannot be empty]]></error> |
Shopper field | <birthDate> | should follow the format:<date dayOfMonth="02" month="06" year="2000"> | No | <error code="2"><![CDATA[Invalid day : 32]]></error> <error code="2"><![CDATA[Invalid month : 13]]></error> <error code="2"><![CDATA[Numeric value expected for year. Actually received: abc2]]></error> |
Shopper field - <shopperAddress> | <firstName> | alpha-numeric and special characters | Yes | |
Shopper field - <shopperAddress> | <lastName> | alpha-numeric and special characters | Yes | |
Shopper field – <shopperAddress> (address 1 format) | <address1> | alpha-numeric and special characters | No | <error code="5"><![CDATA[Invalid address: Address 1/Street is required.]]></error> <error code="5"><![CDATA[Invalid address: Address 1/Street is required.]]></error> |
Shopper field – <shopperAddress> (address 1 format) | <address2> | alpha-numeric and special characters | Yes | |
Shopper field – <shopperAddress> (address 1 format) | <address3> | alpha-numeric and special characters | Yes | |
Shopper field – <shopperAddress> | <postalCode> | alpha-numeric and special characters | Yes | |
Shopper field – <shopperAddress> | <city> | alpha-numeric and special characters | No | <error code="5"><![CDATA[Invalid address: City is required]]></error> |
Shopper field – <shopperAddress> | <state> | alpha-numeric and special characters | Yes | |
Shopper field – <shopperAddress> | <telephoneNumber> | alpha-numeric and special characters | Yes | |
Shopper field – <shopperAddress> | <countryCode> | Should be a valid ISO-3166 country code | No | <error code="5"><![CDATA[Invalid address: Country code "GBA" is not a valid ISO-3166 country code. ]]></error> <error code="5"><![CDATA[Invalid address: Country code is null or blank. ]]></error> |
Shopper field – <shopperAddress> (address 2 format) | <street> | alpha-numeric and special characters | No | <error code="5"><![CDATA[Invalid address: Address 1/Street is required.]]></error> |
Shopper field – <shopperAddress> (address 2 format) | <houseName> | alpha-numeric and special characters | Yes | |
Shopper field – <shopperAddress> (address 2 format) | <houseNumber> | numeric characters | No | <error code="5"><![CDATA[Expecting a numeric value for: houseNumber]]></error> <error code="5"><![CDATA[Expecting a numeric value for: houseNumber]]></error> |
Shopper field – <shopperAddress> (address 2 format) | <houseNumberExtension> | alpha-numeric and special characters | Yes |
Payment response magic values
Use the magic values listed below and our
Magic values
Insert the below values in <address1>
 of <billingAddress>
to simulate the FraudSight risk decision described in the message field:
Magic Value | Message | FraudSight score | Payment status |
---|---|---|---|
LOW-RISK | low-risk | 0.0 | AUTHORISED |
REVIEW | review | 0.0 | AUTHORISED |
HIGH-RISK | high-risk | 1.0 | REFUSED |
Any other value | low-risk | 0.0 | AUTHORISED |
Add the below values in <address3>
of <billingAddress>
to simulate the reason codes. Enter magic values separated by a comma to simulate a list of reason codes returned by FraudSight:
Magic value | Reason |
---|---|
RC1 | Unusual behaviour for card |
RC2 | Unusual transaction for merchant |
RC3 | Recent unexpected card activity |
RC4 | Card unfamiliarity |
RC5 | Card type often linked to fraud |
RC6 | Irregularities in cardholder-entered information |
RC7 | High risk email |
Any other value | SUSPECTED FRAUD |
Going Live
Before you go live with FraudSight, check the following:
- You’re aware when the FraudSight Risk Check will trigger and what happens if FraudSight is unavailable
- You’re sending through the recommended data points
- You’ve requested the response format from Worldpay that you require
- You’ve configured your fallback to RMM (if required)