Fraud

Overview

A fraud notification is sent to the merchants desired Notification URL containing useful information about the transaction if fraud occurs. Below explains the data the merchant can expect to be received in the Notification URL, the merchant can use this data to handle the transaction.

The merchant must submit their chosen Notification URL to eCOMM for it to be whitelisted and enabled for use. The notification will be sent via HTTP Form Post in XML format where the merchant should set up a handler to parse the response.

The fraud notification can be identified by using the apisignature, if fraud is specified then the following XML document relates to a fraud. The XML document will be transmitted through a field called data.

Please note that when setting up the handler, the merchant must also cater for the chargeback notification as the fraud and chargeback notification will be sent to the same URL.

Setting Up A Handler

It is up to the merchant to decide what may be the best decision when deciding on how to handle the fraud notification. The below example is intended to give the merchant an idea on how this can be achieved.

If the merchants notification URL is: http://example.com/Notification-Handler/Chargeback-Fraud-Notification/, the HTTP POST will be sent identical to the below sample URL:

http://example.com/Notification-Handler/Chargeback-Fraud-Notification/?apisignature=fraudtransactionnotification&data=<R>...</R>

The XML document will be enclosed in the data parameter which must be parsed in order to pull out the information the merchant may need to proceed.

The apisignature will be fraudtransactionnotification in this case.


Sample Notification Handler:
<?php
// Post Request - Fraud Notification
if(isset($_POST["data"])) //If we have data
{
	if($_POST["apisignature"] == "fraudtransactionnotification") //Fraud Notification
	{
		//Handler code for fraud
		$strData = $_POST["data"]; //Assign the data to variable $strData
		$XMLDataArray = simplexml_load_string($strData); //Used to parse XML at ease
		//...
		
		/* Obtain information from response fields */
		$ResponseR1 = (string)$XMLDataArray->R1;
		$ResponseR2 = (string)$XMLDataArray->R2;
		//... etc
		
		//Or loop through the elements
		/* END */
		
		//More code...
	}
	else if($_POST["apisignature"] == "chargeback") //Chargeback Notification
	{
		//Handler code for chargeback...
	}
}
?>
// Post Request - Fraud Notification
[HttpPost]
public IActionResult NotificationURL(string apisignature, string data)
{
	if(data != null) //If we have data
	{
		if(apisignature == "fraudtransactionnotification") //Fraud Notification
		{
			//Handler code for fraud
			
			/* Parse XML from response */
			XmlDocument xDoc = new XmlDocument();
			xDoc.LoadXml(data);
			/* END */

			/* Obtain information from response fields */
			XmlNodeList ResponseR1 = xDoc.GetElementsByTagName("R1");
			XmlNodeList ResponseR2 = xDoc.GetElementsByTagName("R2");
			//... etc
			
			//Or loop through the elements
			/* END */
			
			//More code...
		}
		else if(apisignature == "chargeback") //Chargeback Notification
		{
			//Handler code for chargeback...
		}
	}
	
	return View();
}

Data Returned

The fraud notification will POST an XML document, below will help identify what XML fields are included and what to expect.

A well defined XML document response will be returned with the following information:
FieldName Description
R1 Merchant Transaction Code
R2 ARN
R3 Amount
R4 Currency

Sample XML Notification

Below demonstrates what is contained inside the data parameter of the notification.

<!-- Sample XML Document, contained inside the `data=` parameter -->
<R>
	<R1>5a017421-0a92-4141-a4e9-2fd3969307db</R1>
	<R2>05421215223811034925862</R2>
	<R3>100</R3>
	<R4>EUR</R4>
</R>