Standalone Risk Assessment
Create or Update Risk Assessment
                            Request to send a card transaction to a risk service provider without processing a payment. 
You can use this operation when you want to:
- Assess risk: request the risk service provider to assess the risk of a card transaction and provide a result. In this case set requestAction to RISK_ASSESSMENT.
- Provide information only: inform the risk service provider about a card transaction or the outcome of processing a card transaction. You do not require the risk service provider to provide a risk assessment result. In this case set requestAction to INFORMATION_ONLY and provide details about the transaction processing result in the transactionProcessingResponse parameter group.
Authentication
This operation requires authentication via one of the following methods:
- Certificate authentication.
- 
                            
                                            To authenticate to the API two additional NVP parameters must be supplied in the request.
                                            Provide 'merchant.<your gateway merchant ID>' in the apiUsername field and your API password in the apiPassword field.
Request
Fields
A series of related orders that execute one commercial agreement.
For example, linking the orders for a series of recurring payments (a mobile phone subscription), split tenders (one payment using two cards), or when the merchant offers to take payments by a series of installments (hire purchase).
You must provide this data for some types of payments (such as recurring), but you can provide it for any cases where you want to link orders together.
Enumeration
                        
                                            OPTIONAL
                                
                The type of commercial agreement that the payer has with you.
Value must be a member of the following list. The values are case sensitive.
INSTALLMENT
                                        An agreement where the payer authorizes the payment for a single purchase to be split into a number of payments processed at agreed intervals. For example, pay for a purchase in six monthly installments.
OTHER
                                        An agreement where the merchant wants to link related payments for any purpose other than processing recurring, installment, or unscheduled payments. For example, split tender payments.
RECURRING
                                        An agreement where the payer authorizes the merchant to process payments for recurring bills or invoices at agreed intervals (for example, weekly, monthly). The amount might be fixed or variable.
UNSCHEDULED
                                        An agreement where the payer authorizes the merchant to automatically deduct funds for a payment for an agreed purchase when required (unscheduled). For example, auto top-ups when the account value falls below a threshold.
String
                        = CREATE_OR_UPDATE_RISK_ASSESSMENT
                                    FIXED
                                
                Any sequence of zero or more unicode characters.
Details of the payer's billing address.
The payer's billing address.
This data may be used to qualify for better interchange rates on corporate purchase card transactions.
String
                        
                                            OPTIONAL
                                
                The city portion of the address.
Data can consist of any characters
String
                        
                                            OPTIONAL
                                
                The name of the company associated with this address.
Data can consist of any characters
Upper case alphabetic text
                        
                                            OPTIONAL
                                
                The 3 letter ISO standard alpha country code of the address.
Data must consist of the characters A-Z
Alphanumeric + additional characters
                        
                                            OPTIONAL
                                
                The post code or zip code of the address.
Data may consist of the characters 0-9, a-z, A-Z, ' ', '-'
String
                        
                                            OPTIONAL
                                
                The state or province of the address.
Data can consist of any characters
String
                        
                                            OPTIONAL
                                
                The three character ISO 3166-2 country subdivision code for the state or province of the address.
Providing this field might improve your payer experience for 3-D Secure payer authentication.
Data can consist of any characters
String
                        
                                            OPTIONAL
                                
                The first line of the address.
For example, this may be the street name and number, or the Post Office Box details.
Note: The transaction response will contain a concatenation of street and street2 data. If the concatenated value is more than the maximum field length, street2 data will be truncated.
Data can consist of any characters
String
                        
                                            OPTIONAL
                                
                The second line of the address (if provided).
Note: This field will be empty in the transaction response, as street2 data will be concatenated into the street field.
Data can consist of any characters
String
                        
                                            OPTIONAL
                                
                A transient identifier for the request, that can be used to match the response to the request.
The value provided is not validated, does not persist in the gateway, and is returned as provided in the response to the request.
Data can consist of any characters
Information about the customer, including their contact details.
Email
                        
                                            OPTIONAL
                                
                The email address of the customer.
Ensures that the email address is longer than 3 characters and adheres to a generous subset of valid RFC 2822 email addresses
Telephone Number
                        
                                            OPTIONAL
                                
                The payer's mobile phone or cell phone number in ITU-T E123 format, for example +1 607 1234 5678
The number consists of:
- '+'
- country code (1, 2 or 3 digits)
- 'space'
- national number ( which may embed single spaces characters for readability).
Data consists of '+', country code (1, 2 or 3 digits), 'space', and national number (which may embed single space characters for readability)
Telephone Number
                        
                                            OPTIONAL
                                
                The payer's phone number in ITU-T E123 format, for example +1 607 1234 456
The number consists of:
- '+'
- country code (1, 2 or 3 digits)
- 'space'
- national number ( which may embed single spaces characters for readability).
Data consists of '+', country code (1, 2 or 3 digits), 'space', and national number (which may embed single space characters for readability)
Information about the device used by the payer for this transaction.
String
                        
                                            OPTIONAL
                                
                The User-Agent header of the browser the customer used to place the order.
For example, MOZILLA/4.0 (COMPATIBLE; MSIE 5.0; WINDOWS 95)
Data can consist of any characters
String
                        
                                            OPTIONAL
                                
                Information collected about a remote computing device for the purpose of providing a unique identifier for the device.
For example, session ID, blackbox ID.
Data can consist of any characters
String
                        
                                            OPTIONAL
                                
                The IP address of the device used by the payer, in nnn.nnn.nnn.nnn format.
Data can consist of any characters
String
                        
                                            OPTIONAL
                                
                The mobile phone manufacturer's identifier for the model of the mobile device used to initiate the payment.
Data can consist of any characters
Alphanumeric + additional characters
                        REQUIRED
                                        
                The unique identifier issued to you by your payment provider.
This identifier can be up to 12 characters in length.
Data may consist of the characters 0-9, a-z, A-Z, '-', '_'
Information about the order associated with this transaction.
Decimal
                        
                                            OPTIONAL
                                
                The total amount for the order.
This is the net amount plus any surcharge.
Data is a string that consists of the characters 0-9 and '.' and represents a valid decimal number.
Decimal
                        
                                            OPTIONAL
                                
                The amount the payer has chosen to receive as cash in addition to the amount they are paying for the goods or services they are purchasing from you.
The cash back amount is included in the total amount of the order you provide in order.amount.
Data is a string that consists of the characters 0-9 and '.' and represents a valid decimal number.
Upper case alphabetic text
                        REQUIRED
                                        
                The currency of the order expressed as an ISO 4217 alpha code, e.g. USD.
Data must consist of the characters A-Z
String
                        
                                            OPTIONAL
                                
                Short textual description of the contents of the order.
Data can consist of any characters
Information about a price reduction you have applied to the order.
For example, you may apply discounts for trade, employees, bulk purchase, or a sales promotion.
Decimal
                        
                                            OPTIONAL
                                
                The total amount of the discount you have applied to the order.
Data is a string that consists of the characters 0-9 and '.' and represents a valid decimal number.
String
                        
                                            OPTIONAL
                                
                The code you use to identify the reason for the discount.
Data can consist of any characters
Information about the items the payer purchases with the order.
String
                        
                                            OPTIONAL
                                
                The brand of the item.
For example, Dell.
Data can consist of any characters
String
                        
                                            OPTIONAL
                                
                Your category for the item.
Data can consist of any characters
String
                        REQUIRED
                                        
                A short name describing the item.
Data can consist of any characters
Decimal
                        REQUIRED
                                        
                The quantity of the item.
Data is a string that consists of the characters 0-9 and '.' and represents a valid decimal number greater than zero.
String
                        
                                            OPTIONAL
                                
                The SKU (Stock Keeping Unit) or the item identifier for this item.
Data can consist of any characters
Decimal
                        REQUIRED
                                        
                The cost price for the item.
Data is a string that consists of the characters 0-9, '.' and '-' and represents a valid decimal number.
Enumeration
                        REQUIRED
                                        
                Informs the risk service provider how you want them to process the information you have provided in the request.
Informs the risk service provider how you want them to process the information you have provided in the request..
Value must be a member of the following list. The values are case sensitive.
INFORMATION_ONLY
                                        You are informing the risk service provider about a card transaction or the outcome of a card transaction. You do not require the risk service provider to provide a risk assessment result.
RISK_ASSESSMENT
                                        You are requesting the risk service provider to assess the risk of a card transaction and provide a risk assessment result.
Alphanumeric + additional characters
                        REQUIRED
                                        
                A unique identifier for this risk assessment to distinguish it from any other risk assessment you create.
Data may consist of the characters 0-9, a-z, A-Z, '-', '_', ' ', '&', '+', '!', '$', '%', '.'
Shipping information for this order.
The address to which this order will be shipped.
String
                        
                                            OPTIONAL
                                
                The city portion of the address.
Data can consist of any characters
String
                        
                                            OPTIONAL
                                
                The name of the company associated with this address.
Data can consist of any characters
Upper case alphabetic text
                        
                                            OPTIONAL
                                
                The 3 letter ISO standard alpha country code of the address.
Data must consist of the characters A-Z
Alphanumeric + additional characters
                        
                                            OPTIONAL
                                
                The post code or zip code of the address.
Data may consist of the characters 0-9, a-z, A-Z, ' ', '-'
String
                        
                                            OPTIONAL
                                
                The state or province of the address.
Data can consist of any characters
String
                        
                                            OPTIONAL
                                
                The first line of the address.
For example, this may be the street name and number, or the Post Office Box details.
Note: The transaction response will contain a concatenation of street and street2 data. If the concatenated value is more than the maximum field length, street2 data will be truncated.
Data can consist of any characters
String
                        
                                            OPTIONAL
                                
                The second line of the address (if provided).
Note: This field will be empty in the transaction response, as street2 data will be concatenated into the street field.
Data can consist of any characters
Details of the contact person at the address the goods will be shipped to.
Email
                        
                                            OPTIONAL
                                
                The contact person's email address.
The field format restriction ensures that the email address is longer than 3 characters and adheres to a generous subset of valid RFC 2822 email addresses.
Ensures that the email address is longer than 3 characters and adheres to a generous subset of valid RFC 2822 email addresses
String
                        
                                            OPTIONAL
                                
                The first name of the person to whom the order is being shipped.
Data can consist of any characters
String
                        
                                            OPTIONAL
                                
                The last name or surname of the person to whom the order is being shipped.
Data can consist of any characters
Telephone Number
                        
                                            OPTIONAL
                                
                The contact person's mobile phone or cell phone number in ITU-T E123 format, for example +1 607 1234 5678
The number consists of:
- '+'
- country code (1, 2 or 3 digits)
- 'space'
- national number ( which may embed single spaces characters for readability).
Data consists of '+', country code (1, 2 or 3 digits), 'space', and national number (which may embed single space characters for readability)
Telephone Number
                        
                                            OPTIONAL
                                
                The contact person's phone number in ITU-T E123 format, for example +1 607 1234 456
The number consists of:
- '+'
- country code (1, 2 or 3 digits)
- 'space'
- national number ( which may embed single spaces characters for readability).
Data consists of '+', country code (1, 2 or 3 digits), 'space', and national number (which may embed single space characters for readability)
Enumeration
                        
                                            OPTIONAL
                                
                The shipping method used for delivery of this order.
Value must be a member of the following list. The values are case sensitive.
ELECTRONIC
                                        Electronic delivery.
GROUND
                                        Ground (4 or more days).
NOT_SHIPPED
                                        Order for goods that are not shipped (for example, travel and event tickets)
OVERNIGHT
                                        Overnight (next day).
PICKUP
                                        Shipped to a local store for pick up.
PRIORITY
                                        Priority (2-3 days).
SAME_DAY
                                        Same day.
Information about the payment type selected by the payer for this payment and the source of the funds.
Depending on the payment type the source of the funds can be a debit or credit card.
Information about the source of funds when it is directly provided.
Details as shown on the card.
Use this parameter group when you have sourced payment details using:
- Cards: The card details entered directly or collected using a Point of Sale (POS) terminal.
Expiry date, as shown on the card.
Digits
                        REQUIRED
                                        
                Month, as shown on the card.
Months are numbered January=1, through to December=12.
Data is a number between 1 and 12 represented as a string.
Digits
                        REQUIRED
                                        
                Year, as shown on the card.
The Common Era year is 2000 plus this value.
Data is a string that consists of the characters 0-9.
String
                        
                                            OPTIONAL
                                
                The cardholder's name as printed on the card.
Data can consist of any characters
Digits
                        
                                            OPTIONAL
                                
                Credit card number as printed on the card.
Data is a string that consists of the characters 0-9.
Digits
                        
                                            OPTIONAL
                                
                Card verification code, as printed on the back or front of the card.
Data is a string that consists of the characters 0-9.
Enumeration
                        
                                            OPTIONAL
                                
                The payment method used for this payment.
Value must be a member of the following list. The values are case sensitive.
CARD
                                        Use this value for payments that obtained the card details either directly from the card, or from a POS terminal, or from a wallet, or through a device payment method.
Information about the transaction.
DateTime
                        
                                            OPTIONAL
                                
                The date and time the transaction was created in your system or in the system that you used to submit the transaction to the acquirer.
An instant in time expressed in ISO8601 date + time format - "YYYY-MM-DDThh:mm:ss.SSSZ"
Enumeration
                        
                                            OPTIONAL
                                
                Indicates the channel through which you received authorization for the payment from the payer.
For example, set this value to INTERNET if the payer initiated the payment online.
If you have an existing agreement with the payer that authorizes you to process this payment (for example, a recurring payment) then set this value to MERCHANT. 
Value must be a member of the following list. The values are case sensitive.
CALL_CENTRE
                                        Transaction conducted via a call centre.
CARD_PRESENT
                                        Transaction where the card is presented to the merchant.
INTERNET
                                        Transaction conducted over the Internet.
MAIL_ORDER
                                        Transaction received by mail.
MERCHANT
                                        Transaction initiated by you based on an agreement with the payer. For example, a recurring payment, installment payment, or account top-up.
TELEPHONE_ORDER
                                        Transaction received by telephone.
VOICE_RESPONSE
                                        Transaction conducted by a voice/DTMF recognition system.
Enumeration
                        REQUIRED
                                        
                Informs the risk service provider about the type of transaction for which you are requesting a risk assessment.
Value must be a member of the following list. The values are case sensitive.
AUTHORIZATION
                                        Authorization
AUTHORIZATION_UPDATE
                                        Authorization Update
CAPTURE
                                        Capture
OTHER
                                        Any other transaction type
PAYMENT
                                        Payment (Purchase)
REFUND
                                        Refund
REFUND_AUTHORIZATION
                                        Refund Authorization
VERIFICATION
                                        Verification
VOID_AUTHORIZATION
                                        Void Authorization
VOID_CAPTURE
                                        Void Capture
VOID_PAYMENT
                                        Void Payment
VOID_REFUND
                                        Void Refund
Url
                        
                                            OPTIONAL
                                
                If transaction.source=INTERNET, provide the URL of the site (including the full path, parameters, port etc.
) on which the payer clicked the 'Pay' button to initiate the payment for this transaction.
Ensure that the URL begins with 'https' and is longer than 11 characters.
Provide this parameter group if you are requesting a risk assessment for a transaction that you have already submitted to the acquirer for processing.
Provide all available details about the transaction processing outcome, based on the response you have received from your acquirer.
String
                        
                                            OPTIONAL
                                
                Additional data that you may have received from the acquirer in the transaction response.
Data can consist of any characters
Decimal
                        
                                            OPTIONAL
                                
                The amount returned by the acquirer in the transaction response.
Only provide this amount if it differs from the amount you requested.
Data is a string that consists of the characters 0-9 and '.' and represents a valid decimal number.
Enumeration
                        
                                            OPTIONAL
                                
                The Address Verification Service (AVS) result returned by the acquirer in the transaction response.
Value must be a member of the following list. The values are case sensitive.
ADDRESS_MATCH
                                        The street address matched. The post conde and cardholder name did not match or were not provided or were provided but not checked.
ADDRESS_ZIP_MATCH
                                        Both the street address and post code matched. The cardholder name did not match or was not provided or was provided but not checked.
NAME_ADDRESS_MATCH
                                        The cardholder name and street address matched. The post code did not match or was not provided or was provided but not checked.
NAME_ADDRESS_ZIP_MATCH
                                        The cardholder name, street address and post code matched.
NAME_MATCH
                                        The cardholder name matched. The post code and street address did not match or were not provided or were provided but not checked.
NAME_ZIP_MATCH
                                        The cardholder name and post code matched. The street address did not match or was not provided or was provided but not checked.
NOT_AVAILABLE
                                        The issuer did not return address verification details.
NOT_REQUESTED
                                        AVS was not requested.
NOT_VERIFIED
                                        The issuer did not provide the AVS because this is an international transaction.
NO_MATCH
                                        No match. The cardholder name, street address or post code did not match or were not provided or were provided but not checked.
SERVICE_NOT_SUPPORTED
                                        AVS is not supported by the acquirer.
ZIP_MATCH
                                        The post code matched. The street address and cardholder name did not match or were not provided or were provided but not checked.
Enumeration
                        
                                            OPTIONAL
                                
                The Card Security Code (CSC) validation result returned by the acquirer in the transaction response.
Value must be a member of the following list. The values are case sensitive.
MATCH
                                        Valid or matched.
NOT_PRESENT
                                        Merchant indicated CSC not present on card.
NOT_PROCESSED
                                        Not processed.
NOT_SUPPORTED
                                        Card issuer is not registered and/or certified
NO_MATCH
                                        Invalid or not matched.
Enumeration
                        
                                            OPTIONAL
                                
                The transaction processing result returned by the acquirer in the transaction response.
Value must be a member of the following list. The values are case sensitive.
ACQUIRER_SYSTEM_ERROR
                                        You received a response from the acquirer indicating that the transaction could not be approved because an error occurred within the acquirer's system while attempting to process the transaction.
APPROVED
                                        You received a response from the acquirer indicating that the transaction was approved.
DECLINED
                                        You received a response from the acquirer indicating that the transaction was declined.
DECLINED_CSC
                                        You received a response from the acquirer indicating that the transaction was declined because of the Card Security Code (CSC) not being provided, invalid or not matching.
DECLINED_INVALID_PIN
                                        You received a response from the acquirer indicating that the transaction was declined because of the provided PIN being invalid.
DECLINED_PIN_REQUIRED
                                        You received a response from the acquirer indicating that the transaction was declined because a PIN was required but not provided.
EXPIRED_CARD
                                        You received a response from the acquirer indicating that the transaction was declined because the card has expired.
INSUFFICIENT_FUNDS
                                        You received a response from the acquirer indicating that the transaction was declined because of insufficient funds.
REFERRED
                                        You received a response from the acquirer indicating that the transaction could not be approved and that you need to contact the issuer to retrieve an Authorization Code.
Response
Fields
String
                        
                                            CONDITIONAL
                                
                A transient identifier for the request, that can be used to match the response to the request.
The value provided is not validated, does not persist in the gateway, and is returned as provided in the response to the request.
Data can consist of any characters
Alphanumeric + additional characters
                        ALWAYS PROVIDED
                                        
                A unique identifier for this risk assessment to distinguish it from any other risk assessment you create.
Data may consist of the characters 0-9, a-z, A-Z, '-', '_', ' ', '&', '+', '!', '$', '%', '.'
Details about the risk service provider for this risk assessment.
String
                        
                                            CONDITIONAL
                                
                The name of the risk service provider.
Data can consist of any characters
String
                        
                                            CONDITIONAL
                                
                The unique identifier for the risk assessment request submitted to the risk service provider.
The gateway generates this value and submits it in the request to the risk service provider so that you can track the risk assessment in the risk service provider's system.
Data can consist of any characters
Enumeration
                        
                                            CONDITIONAL
                                
                The overall result of risk assessment returned by the risk service provider.
Value must be a member of the following list. The values are case sensitive.
ACCEPT
                                        The Risk Service Provider assessed the information you submitted in the risk assessment request and considers the risk of completing the transaction as low risk.
NOT_CHECKED
                                        The Risk Service Provider did not risk assess the information you provided in the risk assessment request.
REJECT
                                        The Risk Service Provider assessed the information you submitted in the risk assessment request and considers the risk of completing the transaction as high risk.
REVIEW
                                        The Risk Service Provider assessed the information you submitted in the risk assessment request and considers the risk of completing the transaction as neither low risk or high risk and recommends that you perform a manual review before completing the transaction.
Enumeration
                        ALWAYS PROVIDED
                                        
                A system-generated high level overall result of the assessment.
Value must be a member of the following list. The values are case sensitive.
FAILURE
                                        The operation was declined or rejected by the gateway, acquirer or issuer
PENDING
                                        The operation is currently in progress or pending processing
SUCCESS
                                        The operation was successfully processed
UNKNOWN
                                        The result of the operation is unknown
Details of the decision need to make or have made, when the risk service provider has asked to you review this assessment.
Enumeration
                        
                                            CONDITIONAL
                                
                The status of the risk review decision.
Where a risk review is required you need to go to the risk service provider's system and make the decision. The decision will then be recorded against the risk assessment.
Value must be a member of the following list. The values are case sensitive.
ACCEPTED
                                        You made a review decision and accepted the payment for processing.
PENDING
                                        A decision to accept or reject the payment for processing is pending.
REJECTED
                                        You made a review decision and rejected the payment for processing.
String
                        
                                            CONDITIONAL
                                
                The reason you selected when you reviewed this order in the external risk service provider's system and decided to accept or reject the risk assessment.
Data can consist of any characters
String
                        
                                            CONDITIONAL
                                
                The note that you entered when you reviewed this payment in the risk service provider's system and decided to accept or reject the order.
Data can consist of any characters
DateTime
                        
                                            CONDITIONAL
                                
                The date and time you made the decision to accept or reject the payment in the risk service provider's system.
An instant in time expressed in ISO8601 date + time format - "YYYY-MM-DDThh:mm:ss.SSSZ"
String
                        
                                            CONDITIONAL
                                
                The identifier of the person who made the decision to accept or reject the payment in the risk service provider's system.
Data can consist of any characters
Details of the rules applied by the risk service provider to assess the risk of this payment being fraudulent, as provided by the risk service provider.
String
                        
                                            CONDITIONAL
                                
                The unique identifier for the rule.
Data can consist of any characters
String
                        
                                            CONDITIONAL
                                
                The name of the rule.
Data can consist of any characters
Signed Integer
                        
                                            CONDITIONAL
                                
                The score resulting from the application of this rule.
A number comprising the digits 0-9, having at least one digit and optionally a leading sign. (For a complete description, see http://www.w3.org/TR/xmlschema-2/#integer.)
Signed Integer
                        
                                            CONDITIONAL
                                
                The total of the risk scores for all risk rules applied by the risk service provider when assessing the risk of this payment being fraudulent.
The higher the score, the higher the fraud risk.
A number comprising the digits 0-9, having at least one digit and optionally a leading sign. (For a complete description, see http://www.w3.org/TR/xmlschema-2/#integer.)
Errors
Information on possible error conditions that may occur while processing an operation using the API.
Enumeration
                        
                Broadly categorizes the cause of the error.
For example, errors may occur due to invalid requests or internal system failures.
Value must be a member of the following list. The values are case sensitive.
INVALID_REQUEST
                                        The request was rejected because it did not conform to the API protocol.
REQUEST_REJECTED
                                        The request was rejected due to security reasons such as firewall rules, expired certificate, etc.
SERVER_BUSY
                                        The server did not have enough resources to process the request at the moment.
SERVER_FAILED
                                        There was an internal system failure.
String
                        
                Textual description of the error based on the cause.
This field is returned only if the cause is INVALID_REQUEST or SERVER_BUSY.
Data can consist of any characters
String
                        
                Indicates the name of the field that failed validation.
This field is returned only if the cause is INVALID_REQUEST and a field level validation error was encountered.
Data can consist of any characters
String
                        
                Indicates the code that helps the support team to quickly identify the exact cause of the error.
This field is returned only if the cause is SERVER_FAILED or REQUEST_REJECTED.
Data can consist of any characters
Enumeration
                        
                Indicates the type of field validation error.
This field is returned only if the cause is INVALID_REQUEST and a field level validation error was encountered.
Value must be a member of the following list. The values are case sensitive.
INVALID
                                        The request contained a field with a value that did not pass validation.
MISSING
                                        The request was missing a mandatory field.
UNSUPPORTED
                                        The request contained a field that is unsupported.
Enumeration
                        
                A system-generated high level overall result of the operation.
Value must be a member of the following list. The values are case sensitive.
ERROR
                                        The operation resulted in an error and hence cannot be processed.