API GuideDashboard
Home
Payments
Automation
Observability
Reconciliation
Payment Methods
Fraud Providers
SDK Reference
Changelog

Payment card fraud losses worldwide exceeded $32 billion in 2021 and will continue to rise. Protect your bottom line by deploying a fraud service, like Riskified, to stop bad actors from making it through your checkout

See our Fraud Overview for more general information about how we support fraud prevention.

What is supported?

Resulting decisions

  • Pass
  • 3DS (pre-authorization only)
  • Reject
  • Fail

Payment methods

  • Card
  • Apple Pay
  • Google Pay
  • Paypal

Fraud check flows

Riskified performs its main fraud check with an endpoint named Decide. Depending on your use case and fraud profile, Riskified will suggest you to leverage Decide either before or after the authorization. This is defined when Riskified creates your account and configures your fraud prevention model.

When connecting Primer to your Riskified account, make sure to specify when Decide should be called - either before or after the authorization.

🏦

Decide before the authorization

In this flow, the main fraud check happens at pre-authorization.

  • Pre-authorization check
    We ask Riskified to Decide if 3DS should be used or not, and whether we should proceed with the authorization.
  • Post-authorization check
    We do no send anything to Riskified. This check fails immediately.

Riskified expects to receive a notification after the authorization. This can be done in the workflow by

  • calling the action Decision when the payment is successfully authorized
  • calling the action Checkout Denied when the payment is not authorized
💳

Decide after the authorization

In this flow, the main fraud check happens after the payment is sent to the processor.

  • Pre-authorization check
    We ask Riskified to Advise if 3DS should be used or not, and whether we should proceed with the authorization.
  • Post-authorization check
    We ask Riskified to Decide, knowing the 3DS result and the authorization outcome, whether to proceed or cancel the payment.

Riskified expects to receive a notification after the authorization. This can be done in the workflow by

  • calling the action Checkout Denied when the payment is not authorized

Instructions

Set-up Instructions

  • Go to your Primer Dashboard.
  • Navigate to the "Integrations" section, select "Add Integration" at the top of the page and search for Riskified. Follow the dashboard instructions.
    Make sure to match "Fraud check flow" with how your Riskified account is configured.
  • Follow the rest of the steps to set up Primer Workflows for fraud checks.

Notifications

You can use Automation to also notify Riskified for updates that happen after the authorization step:

  • If Riskified is configured so that Decide is called before the authorization, call the action Checkout Denied when the payment is not authorized, and the action Decision when the payment is authorized.
  • If Riskified is configured so that Decide is called before the authorization, call the action Checkout Denied
  • When a dispute is opened for a payment, call the action Chargeback.
    See dispute management for details around processor coverage.

To do so, connect to the Workflow App for Riskified and either update your existing payment flows flows, or just apply the pre-configured Riskified templates.

Testing

Pre-authorization fraud check

  • To trigger a Pass outcome, set customer.emailAddress to start with out_of_scope.
  • To trigger a Reject outcome, set customer.emailAddress to start with fraud.
  • To trigger a 3DS outcome, set customer.emailAddress to start with sca.
  • To trigger a Fail outcome you will need to pass a request that is incorrect. An example of this is to set the currency to something as this field needs to be a recognised currency code.

Post-authorization fraud check

  • To trigger a Pass outcome, set customer.emailAddress to equal test@approve.com
  • To trigger a Reject outcome, set customer.emailAddress to equal test@decline.com

General Notes

  • You must update the Primer orderId for each Riskified test. Reusing the same orderId returns a previous result. You can override the fraud order id by providing a fraudContext.fraudOrderId inside metadata.

Mapping

Base mapping

RiskifiedPrimer
idpayment.orderId
emailpayment.customer.emailAddress
created_atPayment creation time
currencypayment.currencyCode
gatewayProcessor or payment method
total_priceCalculated from the order items
cart_tokenpayment.metadata.fraud_context.device_details.cookie_token
referring_sitepayment.metadata.fraud_context.device_details.referring_site
sourcepayment.metadata.fraud_context.device_details.source
browser_ippayment.metadata.fraud_context.device_details.browser_ip
device_idpayment.metadata.fraud_context.device_details.device_id
client_details.user_agentpayment.metadata.fraud_context.device_details.user_agent
client_details.accept_languagepayment.metadata.fraud_context.device_details.accept_language
vendor_idpayment.metadata.fraud_context.merchant_details.merchant_provider_id
vendor_namepayment.metadata.fraud_context.merchant_details.merchant_name
line_items[].pricepayment.order.lineItems[].amount
line_items[].quantitypayment.order.lineItems[].quantity
line_items[].titlepayment.order.lineItems[].name
line_items[].brandpayment.order.lineItems[].productData.brand
line_items[].product_typepayment.order.lineItems[].productType
line_items[].skupayment.order.lineItems[].productData.sku
shipping_lines[0].pricepayment.order.shipping.amount
shipping_lines[0].titlepayment.order.shipping.methodName
customer.idpayment.customerId
customer.emailpayment.customer.emailAddress
customer.first_namepayment.customer.firstName
customer.last_namepayment.customer.lastName
customer.phonepayment.customer.mobileNumber
customer.address.first_namepayment.customer.billingAddress.firstName
customer.address.last_namepayment.customer.billingAddress.lastName
customer.address.address1payment.customer.billingAddress.addressLine1
customer.address.address2payment.customer.billingAddress.addressLine2
customer.address.country_codepayment.customer.billingAddress.countryCode
customer.address.citypayment.customer.billingAddress.city
customer.address.zippayment.customer.billingAddress.postalCode
customer.address.provincepayment.customer.billingAddress.state
billing_address.first_namepayment.customer.billingAddress.firstName
billing_address.last_namepayment.customer.billingAddress.lastName
billing_address.address1payment.customer.billingAddress.addressLine1
billing_address.address2payment.customer.billingAddress.addressLine2
billing_address.countrypayment.customer.billingAddress.country
billing_address.country_codepayment.customer.billingAddress.countryCode
billing_address.citypayment.customer.billingAddress.city
billing_address.zippayment.customer.billingAddress.postalCode
billing_address.provincepayment.customer.billingAddress.state
shipping_address.first_namepayment.customer.shippingAddress.firstName
shipping_address.last_namepayment.customer.shippingAddress.lastName
shipping_address.address1payment.customer.shippingAddress.addressLine1
shipping_address.address2payment.customer.shippingAddress.addressLine2
shipping_address.countrypayment.customer.shippingAddress.country
shipping_address.country_codepayment.customer.shippingAddress.countryCode
shipping_address.citypayment.customer.shippingAddress.city
shipping_address.zippayment.customer.shippingAddress.postalCode
shipping_address.provincepayment.customer.shippingAddress.state

Card, Apple Pay & Google Pay

RiskifiedPrimer
payment_details[0].cardholder_nameCardholder name
payment_details[0].credit_card_numberXXXX-XXXX-XXXX-LAST_4_DIGITS
payment_details[0].credit_card_binCard's first 6 digits
payment_details[0].credit_card_companyCard network
payment_details[0].authorization_idProcessor transaction ID
payment_details[0].authentication_result.eciECI
payment_details[0].authentication_result.cavvCryptogram
payment_details[0].authentication_result.liability_shiftTrue if eci is 02 or 05. False otherwise.
payment_details[0].avs_result_codeAVS result code
payment_details[0].cvv_result_codeCVV result code

PayPal

RiskifiedPrimer
payment_details[0].authorization_idPayPal Order ID or Billing Agreement ID
payment_details[0].payment_statusPayPal Status
payment_details[0].payer_emailPayPal email address

Custom field mapping

You can use Advanced Metadata Mapper with Riskified to map any metadata field to Riskified's requests.