FraudSight (Hosted)

Unparalleled data insights, industry leading technology, and fraud expertise combine to predict and prevent fraud.

Here you will find everything you need to get started with FraudSight - Hosted Payment Pages.

Before you start

Talk to your Worldpay Relationship Manager or our Customer Support Team to confirm your requirements
Confirm that your account has been enabled for FraudSight by Worldpay

Integration overview

There is no integration required for FraudSight with HPP. The Hosted Payment Pages collect the generic data used by FraudSight.

You have the option to supply additional shopper data in your payment request. This data contributes to the decision of authorising or refusing a payment in real time.

If you already use our Risk Management Module (RMM) you receive the <riskScore> element in your order notifications. The content of this element changes specifically to FraudSight. This is an optional <FraudSight> response element that returns the model reason codes. SeePayment responsesfor details.

FraudSight risk checks

FraudSight risk checks can be completed either before authentication/authorisation, or after authorisation.

FraudSight <beforeAuthorisation> risk check, without any other Worldpay Protect products:

FraudSight <beforeAuthorisation> risk check, with other Worldpay Protect products:

You submit your payment request, including anyadditional data.
The shopper lands on the Hosted Payment Page and theWorldpay Device JavaScript Collector (JSC)collects shopper device data. If you're using Worldpay's 3DS Flex, Device Data Collection (DDC) for 3DS authentication is also performed.
The payment request is submitted to the WPG.
This example includes Worldpay's Exemption Engine, and an exemption decision is made.
Where exemption does not apply, 3DS authentication is performed.
The FraudSight Risk Check is performed.
If the risk is low, payment is sent for authorisation. See theFraudSight response tablefor a list of responses and what they mean.
The shopper receives a response and you receive anorder notification.

FraudSight <afterAuthorisation> risk check, without other Worldpay Protect products:

FraudSight <afterAuthorisation> risk check, with other Worldpay Protect products:

You submit your payment request, including anyadditional data.
The shopper lands on the Hosted Payment Page and theWorldpay Device JavaScript Collector (JSC)collects shopper device data. If you're using Worldpay's 3DS Flex, Device Data Collection (DDC) for 3DS authentication is also performed.
The payment request is submitted to the WPG.
This example includes Worldpay's Exemption Engine, and an exemption decision is made.
Where exemption does not apply, 3DS authentication is performed.
Payment is sent for authorisation.
If payment is authorised, the FraudSight Risk Check is performed. See theFraudSight response tablefor a list of responses and what they mean.
The shopper receives a response and you receive anorder notification.

FraudSight <beforeAuthentication> risk check, with 3DS Flex:

FraudSight <beforeAuthentication> risk check, with 3DS Flex and Exemption Engine:

You submit your payment request, including anyadditional data.
The shopper lands on the Hosted Payment Page and theWorldpay Device JavaScript Collector (JSC)collects shopper device data. If you're using Worldpay's 3DS Flex, Device Data Collection (DDC) for 3DS authentication is also performed.
The payment request is submitted to the WPG.
FraudSight Risk check is performed. See theFraudSight response tablefor a list of responses and what they mean.
This example includes Worldpay's Exemption Engine, and an exemption decision is made.
Where exemption does not apply, 3DS authentication is performed.
Payment is sent for authorisation.
The shopper receives a response and you receive anorder notification.

Worldpay Device JavaScript Collector (JSC)

Worldpay provide the Device JavaScript Collector within HPP. There's no requirement for integration.

The JSC collects shopper device data for device fingerprinting and IP geo-location insights. Use this data to create a more accurate internal review process and logic that contributes to the decision of authorising or refusing a payment in real time.

Note: Worldpay Device JSC is supported on beforeAuthorisation and afterAuthorisation risk checks. Support on beforeAuthentication risk check is coming soon.

Payment requests

The following examples cover both a standard payment request and payment requests with additional data.

Standard payment request

When you submit thestandard HPP payment requestour Hosted Payment Pages collect the generic data required by FraudSight.

Payment request with additional data

Within the element <FraudSightData> you can provide additional data. Use this data to create a more accurate internal review process and logic. This will contribute to the decision of authorising or refusing a payment in real time.

Copied!

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://dtd.worldpay.com/paymentService_v1.dtd">
<paymentService version="1.4" merchantCode="YOUR_MERCHANT_CODE">
  <submit>
    <order orderCode="YOUR_ORDER_CODE" installationId="1015284">
      <description>test order</description>
      <amount value="100" currencyCode="GBP" exponent="2"/>
      <orderContent>
        <![CDATA[]]>
      </orderContent>
      <paymentMethodMask>
        <include code="ALL"/>
      </paymentMethodMask>
      <shopper>
        <shopperEmailAddress>a.shopper@worldpay.com(opens in new tab)</shopperEmailAddress(opens in new tab)>
      </shopper>
      <shippingAddress>
        <address>
          <firstName>A</firstName>
          <lastName>Shopper</lastName>
          <street>The Science Park</street>
          <houseNumber>270</houseNumber>
          <postalCode>CB4 0WE</postalCode>
          <city>Cambridge</city>
          <countryCode>GB</countryCode>
        </address>
      </shippingAddress>
      <FraudSightData>
        <customStringFields>
          <customStringField1>nextDayShipping1</customStringField1>
          <customStringField2>nextDayShipping2</customStringField2>
          <customStringField3>nextDayShipping3</customStringField3>
          <customStringField4>nextDayShipping4</customStringField4>
          <customStringField5>nextDayShipping5</customStringField5>
          <customStringField6>nextDayShipping6</customStringField6>
          <customStringField7>nextDayShipping7</customStringField7>
          <customStringField8>nextDayShipping8</customStringField8>
          <customStringField9>nextDayShipping9</customStringField9>
          <customStringField10>nextDayShipping10</customStringField10>
        </customStringFields>
        <customNumericFields>
          <customNumericField1>111</customNumericField1>
          <customNumericField2>111</customNumericField2>
          <customNumericField3>111</customNumericField3>
          <customNumericField4>111</customNumericField4>
          <customNumericField5>111</customNumericField5>
          <customNumericField6>111</customNumericField6>
          <customNumericField7>111</customNumericField7>
          <customNumericField8>111</customNumericField8>
          <customNumericField9>111</customNumericField9>
          <customNumericField10>111</customNumericField10>
        </customNumericFields>
        <shopperFields>
          <shopperName>shopperName</shopperName>
          <shopperId>shopperId</shopperId>
          <birthDate>
            <date dayOfMonth="01" month="06" year="2000"/>
          </birthDate>
          <shopperAddress>
            <address>
              <firstName>John</firstName>
              <lastName>Smith</lastName>
              <address1>Worldpay</address1>
              <address2>270-289 The Science Park</address2>
              <address3>Milton Road</address3>
              <postalCode>CB4 0WE</postalCode>
              <city>Cambridge</city>
              <countryCode>GB</countryCode>
              <telephoneNumber>1564645646465465</telephoneNumber>
            </address>
          </shopperAddress>
        </shopperFields>
      </FraudSightData>
    </order>
  </submit>
</paymentService>

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://dtd.worldpay.com/paymentService_v1.dtd"> <paymentService version="1.4" merchantCode="YOUR_MERCHANT_CODE"> <submit> <order orderCode="YOUR_ORDER_CODE" installationId="1015284"> <description>test order</description> <amount value="100" currencyCode="GBP" exponent="2"/> <orderContent> <![CDATA[]]> </orderContent> <paymentMethodMask> <include code="ALL"/> </paymentMethodMask> <shopper> <shopperEmailAddress>a.shopper@worldpay.com(opens in new tab)</shopperEmailAddress(opens in new tab)> </shopper> <shippingAddress> <address> <firstName>A</firstName> <lastName>Shopper</lastName> <street>The Science Park</street> <houseNumber>270</houseNumber> <postalCode>CB4 0WE</postalCode> <city>Cambridge</city> <countryCode>GB</countryCode> </address> </shippingAddress> <FraudSightData> <customStringFields> <customStringField1>nextDayShipping1</customStringField1> <customStringField2>nextDayShipping2</customStringField2> <customStringField3>nextDayShipping3</customStringField3> <customStringField4>nextDayShipping4</customStringField4> <customStringField5>nextDayShipping5</customStringField5> <customStringField6>nextDayShipping6</customStringField6> <customStringField7>nextDayShipping7</customStringField7> <customStringField8>nextDayShipping8</customStringField8> <customStringField9>nextDayShipping9</customStringField9> <customStringField10>nextDayShipping10</customStringField10> </customStringFields> <customNumericFields> <customNumericField1>111</customNumericField1> <customNumericField2>111</customNumericField2> <customNumericField3>111</customNumericField3> <customNumericField4>111</customNumericField4> <customNumericField5>111</customNumericField5> <customNumericField6>111</customNumericField6> <customNumericField7>111</customNumericField7> <customNumericField8>111</customNumericField8> <customNumericField9>111</customNumericField9> <customNumericField10>111</customNumericField10> </customNumericFields> <shopperFields> <shopperName>shopperName</shopperName> <shopperId>shopperId</shopperId> <birthDate> <date dayOfMonth="01" month="06" year="2000"/> </birthDate> <shopperAddress> <address> <firstName>John</firstName> <lastName>Smith</lastName> <address1>Worldpay</address1> <address2>270-289 The Science Park</address2> <address3>Milton Road</address3> <postalCode>CB4 0WE</postalCode> <city>Cambridge</city> <countryCode>GB</countryCode> <telephoneNumber>1564645646465465</telephoneNumber> </address> </shopperAddress> </shopperFields> </FraudSightData> </order> </submit> </paymentService>

Additional data

Additional data elements and attributes you can add to your request within <FraudSightData>.

Best practice: Be consistent when you assign values to your custom fields to avoid a mismatch of data for your payments.

Element	Child element	Attribute	Description
`<customStringFields>`
	`<customStringField1>`		Add one to ten lines of customStringFields and provide additional data to support your request. Format: alpha numeric and special characters. Max length: 255 characters
`<customNumericField>`
	`<customNumericField1>`		Add one to ten lines of customNumericFields and provide additional data to support your request Format: numeric characters only. Max length: 255 characters
`<shopperFields>`
	`<shopperName>`		The shopper's name
	`<shopperId>`		Your ID for your shopper
	`<birthDate>`		The shopper's birthdate
		`<date dayOfMonth="xx" month="xx" year="xxxx"/>`	The shopper's date of birth
	`<shopperAddress>`		The address of the shopper on your system. When you use this element the following child elements must be used: `<address1>` `<city>`
	`<firstName>`		The first name of the shopper on your system. Format: alpha numeric and special characters
	`<lastName>`		The last name of the shopper on your system. Format: alpha numeric and special characters
	`<houseNumber>`		The shopper's house number for their given address Format: numeric characters
	`<houseNumberExtension>`		For example: Flat A. Format: alpha numeric and special characters
	`<address1>`		The first line of the shopper's address. Format: alpha numeric and special characters
	`<address2>`		The second line of the shopper's address. Format: alpha numeric and special characters
	`<address3>`		The third line of the shopper's address. Format: alpha numeric and special characters
	`<postalCode>`		The shopper's post code. Format: alpha numeric and special characters
	`<city>`		The shopper's city. Format: alpha numeric and special characters
	`<countryCode>`		The shopper's country. Format: ISO-3166 country code
	`<telephoneNumber>`		The shopper's telephone number. Format: alpha numeric and special characters

Order notifications

Order notifications with FraudSight

If you use order notifications, we can notify you of the FraudSight response.
The notification includes both a <riskScore> and <FraudSight> element. These are optional but you need <riskScore> enabled to receive the <FraudSight> data.
Where a FraudSight response is not available, we still return the <riskScore> from our Risk Management Module (RMM). Ask your Worldpay Relationship Manager or Support Team member to enable them on your account.

Response table for FraudSight

Element	Child element	Attribute	Description
`<FraudSight>`		`score`	The score returned by the FraudSight model
		`id`	The unique identifier generated for the payment event
		`message`	FraudSight risk decision. Values: low-risk review high-risk authenticate review, authenticate
	`<reasonCodes>`		Risk reasons triggered by the FraudSight model. Values: Recent unexpected card activity Card unfamiliarity Card type often linked to fraud Unusual transaction for merchant Irregularities in cardholder-entered information High risk email Unusual behaviour for card FRAUD SUSPICION (returned by Risk Management Module only if used as a secondary risk management tool)
`<riskScore>`		`provider`	Describes the fraud product that assessed the payment. Values: FraudSight Risk Management Module
		`finalScore`	The score returned by the Risk Management Module
		`id`	The unique identifier generated for the payment event
		`message`	FraudSight risk decision. Values: low-risk review high-risk authenticate review, authenticate

FraudSight decisions and payment flows

beforeAuthentication risk check

Message	Risk check decision
`message` = 'authenticate' or 'review, authenticate' in the `<riskScore>` or `<FraudSight>` element of the xml response.	The payment is sent for authentication* based on a set threshold.
`message` = 'low-risk' or 'review' in the `<riskScore>` or `<FraudSight>` element of the xml response.	Authentication is skipped when the risk is perceived as low.
`message` = 'high-risk'	The payment is refused when the risk score is perceived as high.

*For eCom payments with 3DS

beforeAuthentication risk check with Exemption Engine

Message	Risk check decision
EE response is result = REJECTED reason=`HIGH_RISK` and `message` = 'high-risk' in the `<riskScore>` or `<FraudSight>` element of the XML response.	The payment is refused before an exemption is applied.
EE response is result=`REJECTED` reason=`FRAUDSIGHT_OVERRIDE` and `message` = 'authenticate' or 'review, authenticate' in the `<riskScore>` or `<FraudSight>` element of the XML response.	The exemption decision is overridden and authentication enforced*.
`message` = low-risk or `message` = review in the `<riskScore>` or `<FraudSight>` element of the XML response.	FraudSight determines the risk is low and the exemption decision is followed.

*Participation in 3DS is required

beforeAuthentication risk check with dynamic 3DS override

Risk check decisions:

When the FraudSight decision is authenticate or review, authenticate and you have dynamic 3DS override set to no3DS, authentication is skipped
When the FraudSight decision is low-risk or review and you have dynamic 3DS override set to do3DS, authentication is enforced

beforeAuthorisation risk check

Message	Risk check decision
`message` = 'high-risk' in the `<riskScore>` or `<FraudSight>` element of the XML response.	The payment is refused when the risk is high.
`message` = 'low-risk' or `message` = 'review' in the `<riskScore>` or `<FraudSight>` element of the XML response.	The payment is sent for authorisation when the risk is perceived as low, or requires a review.

afterAuthorisation risk check

Message	Risk check decision
`message` = 'high-risk' in the `<riskScore>` or `<FraudSight>` element of the XML response.	High-risk: authorisation is cancelled.
`message` = 'low-risk' or `message` = 'review' in the `<riskScore>` or `<FraudSight>` element of the XML response.	When the risk is perceived as low the authorised payment is complete.
None.	Card issuer and scheme refused payments are skipped from the afterAuthorisation risk check.

FraudSight response examples

Copied!

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://dtd.wp.fte08.test.worldpay.com/dtd/paymentService_v1.dtd"&gt;
<paymentService version="1.4" merchantCode="YOUR_MERCHANT_CODE">
  <reply>
    <orderStatus orderCode="YOUR_ORDER_CODE">
      <payment>
        <paymentMethod>VISA-SSL</paymentMethod>
        <amount value="100" currencyCode="EUR" exponent="2" debitCreditIndicator="credit"/>
        <lastEvent>AUTHORISED</lastEvent>
        <CVCResultCode description="NO RESPONSE FROM ACQUIRER"/>
        <AVSResultCode description="NO RESPONSE FROM ACQUIRER"/>
        <balance accountType="IN_PROCESS_AUTHORISED">
          <amount value="100" currencyCode="EUR" exponent="2" debitCreditIndicator="credit"/>
        </balance>
        <cardNumber>4444**1111</cardNumber>
        <riskScore Provider="FraudSight" finalScore="0" id="188a9ae6-21c4-4fd9-87cd-8df4c719aaf1" message="low-risk"/>
        <FraudSight score="0.00267" id="188a9ae6-21c4-4fd9-87cd-8df4c719aaf1" message="low-risk">
          <reasonCodes>
            <reasonCode>Card Unfamiliarity</reasonCode>
            <reasonCode>High Risk Email</reasonCode>
          </reasonCodes>
        </FraudSight>
      </payment>
    </orderStatus>
  </reply>
</paymentService>

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://dtd.wp.fte08.test.worldpay.com/dtd/paymentService_v1.dtd"&gt; <paymentService version="1.4" merchantCode="YOUR_MERCHANT_CODE"> <reply> <orderStatus orderCode="YOUR_ORDER_CODE"> <payment> <paymentMethod>VISA-SSL</paymentMethod> <amount value="100" currencyCode="EUR" exponent="2" debitCreditIndicator="credit"/> <lastEvent>AUTHORISED</lastEvent> <CVCResultCode description="NO RESPONSE FROM ACQUIRER"/> <AVSResultCode description="NO RESPONSE FROM ACQUIRER"/> <balance accountType="IN_PROCESS_AUTHORISED"> <amount value="100" currencyCode="EUR" exponent="2" debitCreditIndicator="credit"/> </balance> <cardNumber>4444**1111</cardNumber> <riskScore Provider="FraudSight" finalScore="0" id="188a9ae6-21c4-4fd9-87cd-8df4c719aaf1" message="low-risk"/> <FraudSight score="0.00267" id="188a9ae6-21c4-4fd9-87cd-8df4c719aaf1" message="low-risk"> <reasonCodes> <reasonCode>Card Unfamiliarity</reasonCode> <reasonCode>High Risk Email</reasonCode> </reasonCodes> </FraudSight> </payment> </orderStatus> </reply> </paymentService>

Copied!

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://dtd.wp.fte08.test.worldpay.com/dtd/paymentService_v1.dtd"&gt;
<paymentService version="1.4" merchantCode="YOUR_MERCHANT_CODE">
  <reply>
    <orderStatus orderCode="YOUR_ORDER_CODE">
      <payment>
        <paymentMethod>VISA-SSL</paymentMethod>
        <amount value="4000" currencyCode="EUR" exponent="2" debitCreditIndicator="credit"/>
        <lastEvent>REFUSED</lastEvent>
        <ISO8583ReturnCode code="34" description="FRAUD SUSPICION"/>
        <CVCResultCode description="NOT SENT TO ACQUIRER"/>
        <AVSResultCode description="NOT SENT TO ACQUIRER"/>
        <riskScore Provider="FraudSight" finalScore="100" id="ae69cd9f-8031-419d-ae6b-fce0a98a33ef" message="high-risk"/>
        <FraudSight score="0.00666" id="ae69cd9f-8031-419d-ae6b-fce0a98a33ef" message="high-risk">
          <reasonCodes>
            <reasonCode>Card Unfamiliarity</reasonCode>
            <reasonCode>High Risk Email</reasonCode>
          </reasonCodes>
        </FraudSight>
      </payment>
    </orderStatus>
  </reply>
</paymentService>

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://dtd.wp.fte08.test.worldpay.com/dtd/paymentService_v1.dtd"&gt; <paymentService version="1.4" merchantCode="YOUR_MERCHANT_CODE"> <reply> <orderStatus orderCode="YOUR_ORDER_CODE"> <payment> <paymentMethod>VISA-SSL</paymentMethod> <amount value="4000" currencyCode="EUR" exponent="2" debitCreditIndicator="credit"/> <lastEvent>REFUSED</lastEvent> <ISO8583ReturnCode code="34" description="FRAUD SUSPICION"/> <CVCResultCode description="NOT SENT TO ACQUIRER"/> <AVSResultCode description="NOT SENT TO ACQUIRER"/> <riskScore Provider="FraudSight" finalScore="100" id="ae69cd9f-8031-419d-ae6b-fce0a98a33ef" message="high-risk"/> <FraudSight score="0.00666" id="ae69cd9f-8031-419d-ae6b-fce0a98a33ef" message="high-risk"> <reasonCodes> <reasonCode>Card Unfamiliarity</reasonCode> <reasonCode>High Risk Email</reasonCode> </reasonCodes> </FraudSight> </payment> </orderStatus> </reply> </paymentService>

Order notifications with RMM

When FraudSight is unavailable we fallback to our Risk Management Module (RMM).

RMM is included with FraudSight. RMM returns a <riskScore>.

When FraudSight is unavailable at the point of the beforeAuthentication or beforeAuthorisation risk check, the payment falls back to RMM pre and post authorisation risk checks.

When FraudSight is unavailable at the point of the afterAuthorisation risk check, the payment falls back to RMM post-authorisation checks only.

Note: Returning the <riskScore> is optional.
Ask your Worldpay Relationship Manager or Support Team member to enable this on your account.

Response table for RMM

Element	Attribute	Mandatory/Optional	Description
`<riskScore>`		Optional	Enabled by default for RMM. `<riskScore>` is optional for both your RMM and FraudSight response
	provider		The risk management tool providing the response
	finalScore		The final score assigned to this transaction by RMM

RMM response examples

Copied!

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN"
"http://dtd.wp.fte08.test.worldpay.com/dtd/paymentService_v1.dtd"&gt;
<paymentService version="1.4" merchantCode="YOUR MERCHANT CODE">
  <reply>
    <orderStatus orderCode="YOUR ORDER CODE">
      <payment>
        <paymentMethod>VISA-SSL</paymentMethod>
        <amount value="100" currencyCode="GBP" exponent="2" debitCreditIndicator="credit"/>
        <lastEvent>AUTHORISED</lastEvent>
        <CVCResultCode description="NO RESPONSE FROM ACQUIRER"/>
        <AVSResultCode description="NO RESPONSE FROM ACQUIRER"/>
        <balance accountType="IN_PROCESS_AUTHORISED">
          <amount value="100" currencyCode="GBP" exponent="2" debitCreditIndicator="credit"/>
        </balance>
        <cardNumber>4444**1111</cardNumber>
        <riskScore Provider="RiskManagement" finalScore="21"/>
      </payment>
    </orderStatus>
  </reply>
</paymentService>

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://dtd.wp.fte08.test.worldpay.com/dtd/paymentService_v1.dtd"&gt; <paymentService version="1.4" merchantCode="YOUR MERCHANT CODE"> <reply> <orderStatus orderCode="YOUR ORDER CODE"> <payment> <paymentMethod>VISA-SSL</paymentMethod> <amount value="100" currencyCode="GBP" exponent="2" debitCreditIndicator="credit"/> <lastEvent>AUTHORISED</lastEvent> <CVCResultCode description="NO RESPONSE FROM ACQUIRER"/> <AVSResultCode description="NO RESPONSE FROM ACQUIRER"/> <balance accountType="IN_PROCESS_AUTHORISED"> <amount value="100" currencyCode="GBP" exponent="2" debitCreditIndicator="credit"/> </balance> <cardNumber>4444**1111</cardNumber> <riskScore Provider="RiskManagement" finalScore="21"/> </payment> </orderStatus> </reply> </paymentService>

Copied!

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN"
"http://dtd.wp.fte08.test.worldpay.com/dtd/paymentService_v1.dtd"&gt;
<paymentService version="1.4" merchantCode="YOUR MERCHANT CODE">
  <reply>
    <orderStatus orderCode="YOUR ORDER CODE">
      <payment>
        <paymentMethod>VISA-SSL</paymentMethod>
        <amount value="345" currencyCode="GBP" exponent="2" debitCreditIndicator="credit"/>
        <lastEvent>REFUSED</lastEvent>
        <ISO8583ReturnCode code="34" description="FRAUD SUSPICION"/>
        <CVCResultCode description="NOT SENT TO ACQUIRER"/>
        <AVSResultCode description="NOT SENT TO ACQUIRER"/>
        <riskScore Provider="RiskManagement" finalScore="100"/>
      </payment>
    </orderStatus>
  </reply>
</paymentService>

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://dtd.wp.fte08.test.worldpay.com/dtd/paymentService_v1.dtd"&gt; <paymentService version="1.4" merchantCode="YOUR MERCHANT CODE"> <reply> <orderStatus orderCode="YOUR ORDER CODE"> <payment> <paymentMethod>VISA-SSL</paymentMethod> <amount value="345" currencyCode="GBP" exponent="2" debitCreditIndicator="credit"/> <lastEvent>REFUSED</lastEvent> <ISO8583ReturnCode code="34" description="FRAUD SUSPICION"/> <CVCResultCode description="NOT SENT TO ACQUIRER"/> <AVSResultCode description="NOT SENT TO ACQUIRER"/> <riskScore Provider="RiskManagement" finalScore="100"/> </payment> </orderStatus> </reply> </paymentService>

Copied!

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN"
"http://dtd.wp.fte08.test.worldpay.com/dtd/paymentService_v1.dtd"&gt;
<paymentService version="1.4" merchantCode="YOUR MERCHANT CODE">
  <reply>
    <orderStatus orderCode="YOUR ORDER CODE">
      <payment>
        <paymentMethod>VISA-SSL</paymentMethod>
        <amount value="100" currencyCode="GBP" exponent="2" debitCreditIndicator="credit"/>
        <lastEvent>REFUSED</lastEvent>
        <ISO8583ReturnCode code="34" description="FRAUD SUSPICION"/>
        <CVCResultCode description="NOT SENT TO ACQUIRER"/>
        <AVSResultCode description="NOT SENT TO ACQUIRER"/>
        <riskScore Provider="RiskManagement" finalScore="171"/>
      </payment>
    </orderStatus>
  </reply>
</paymentService>

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://dtd.wp.fte08.test.worldpay.com/dtd/paymentService_v1.dtd"&gt; <paymentService version="1.4" merchantCode="YOUR MERCHANT CODE"> <reply> <orderStatus orderCode="YOUR ORDER CODE"> <payment> <paymentMethod>VISA-SSL</paymentMethod> <amount value="100" currencyCode="GBP" exponent="2" debitCreditIndicator="credit"/> <lastEvent>REFUSED</lastEvent> <ISO8583ReturnCode code="34" description="FRAUD SUSPICION"/> <CVCResultCode description="NOT SENT TO ACQUIRER"/> <AVSResultCode description="NOT SENT TO ACQUIRER"/> <riskScore Provider="RiskManagement" finalScore="171"/> </payment> </orderStatus> </reply> </paymentService>

Testing

To test your setup, use ourtest environmentas a reference. FraudSight has its ownmagic values. If you're using additional data, use the reference table below.

Payment request reference table

If you make an error in formatting your request you'll receive one of the following responses.

Custom field/Shopper field	Field	Characters supported	Could be empty?	XML response error codes
Custom field	`<customStringField1>`	alpha-numeric and special characters	No	`<error code="5"><![CDATA[The tag 'customStringField1' cannot be empty]]></error>`
Custom field	`<customNumericField2>`	Numeric characters	No	`<error code="5"><![CDATA[The tag 'customNumericField2' isn't a valid number]]></error>` `<error code="5"><![CDATA[The tag 'customNumericField2' cannot be empty]]></error>`
Shopper field	`<shopperName>`	alpha-numeric and special characters	No	`<error code="5"><![CDATA[The tag 'shopperName' cannot be empty]]></error>`
Shopper field	`<shopperId>`	alpha-numeric and special characters	No	`<error code="5"><![CDATA[The tag 'shopperId' cannot be empty]]></error>`
Shopper field	`<birthDate>`	should follow the format: `<date dayOfMonth="02" month="06" year="2000">`	No	`<error code="2"><![CDATA[Invalid day : 32]]></error>` `<error code="2"><![CDATA[Invalid month : 13]]></error>` `<error code="2"><![CDATA[Numeric value expected for year. Actually received: abc2]]></error>`
Shopper field - `<shopperAddress>`	`<firstName>`	alpha-numeric and special characters	Yes
Shopper field - `<shopperAddress>`	`<lastName>`	alpha-numeric and special characters	Yes
Shopper field – `<shopperAddress>` (address 1 format)	`<address1>`	alpha-numeric and special characters	No	`<error code="5"><![CDATA[Invalid address: Address 1/Street is required.]]></error>` `<error code="5"><![CDATA[Invalid address: Address 1/Street is required.]]></error>`
Shopper field – `<shopperAddress>` (address 1 format)	`<address2>`	alpha-numeric and special characters	Yes
Shopper field – `<shopperAddress>` (address 1 format)	`<address3>`	alpha-numeric and special characters	Yes
Shopper field – `<shopperAddress>`	`<postalCode>`	alpha-numeric and special characters	Yes
Shopper field – `<shopperAddress>`	`<city>`	alpha-numeric and special characters	No	`<error code="5"><![CDATA[Invalid address: City is required]]></error>`
Shopper field – `<shopperAddress>`	`<state>`	alpha-numeric and special characters	Yes
Shopper field – `<shopperAddress>`	`<telephoneNumber>`	alpha-numeric and special characters	Yes
Shopper field – `<shopperAddress>`	`<countryCode>`	Should be a valid ISO-3166 country code	No	`<error code="5"><![CDATA[Invalid address: Country code "GBA" is not a valid ISO-3166 country code. ]]></error>` `<error code="5"><![CDATA[Invalid address: Country code is null or blank. ]]></error>`
Shopper field – `<shopperAddress>` (address 2 format)	`<street>`	alpha-numeric and special characters	No	`<error code="5"><![CDATA[Invalid address: Address 1/Street is required.]]></error>`
Shopper field – `<shopperAddress>` (address 2 format)	`<houseName>`	alpha-numeric and special characters	Yes
Shopper field – `<shopperAddress>` (address 2 format)	`<houseNumber>`	numeric characters	No	`<error code="5"><![CDATA[Expecting a numeric value for: houseNumber]]></error>` `<error code="5"><![CDATA[Expecting a numeric value for: houseNumber]]></error>`
Shopper field – `<shopperAddress>` (address 2 format)	`<houseNumberExtension>`	alpha-numeric and special characters	Yes

Payment response magic values

Use the magic values listed below and ourtest card numbersto test the FraudSight response in order notifications.

Magic values

Insert the below values in <address1> of <billingAddress> to simulate the FraudSight risk decision described in the message field:

Magic Value	Message	FraudSight score	Payment status
LOW-RISK	low-risk	0.0	AUTHORISED
REVIEW	review	0.0	AUTHORISED
HIGH-RISK	high-risk	1.0	REFUSED
Any other value	low-risk	0.0	AUTHORISED

Add the below values in <address3> of <billingAddress> to simulate the reason codes. Enter magic values separated by a comma to simulate a list of reason codes returned by FraudSight:

Magic value	Reason
RC1	Unusual behaviour for card
RC2	Unusual transaction for merchant
RC3	Recent unexpected card activity
RC4	Card unfamiliarity
RC5	Card type often linked to fraud
RC6	Irregularities in cardholder-entered information
RC7	High risk email
Any other value	SUSPECTED FRAUD

Going Live

Before you go live with FraudSight, check the following:

You’re aware when the FraudSight Risk Check will trigger and what happens if FraudSight is unavailable
You’re sending through the recommended data points
You’ve requested the response format from Worldpay that you require
You’ve configured your fallback to RMM (if required)

Searching accross the entire site

Filter by product

Filter by product Searching across the entire site

FraudSight (Hosted)

Before you start

Integration overview

FraudSight risk checks

Worldpay Device JavaScript Collector (JSC)

Payment requests

Standard payment request

Payment request with additional data

Additional data

Order notifications

Order notifications with FraudSight

Response table for FraudSight

FraudSight decisions and payment flows

beforeAuthentication risk check

beforeAuthentication risk check with Exemption Engine

beforeAuthentication risk check with dynamic 3DS override

beforeAuthorisation risk check

afterAuthorisation risk check

FraudSight response examples

Order notifications with RMM

Response table for RMM

RMM response examples

Testing

Payment request reference table

Payment response magic values

Magic values

Going Live

Searching accross the entire site

Filter by product

Filter by product Searching across the entire site

​