About Fraud prevention with IP tracking

General information about Fraud prevention

Pay-Jet Cockpit supports different processes for fraud prevention. These include inquiries with credit agencies for the monitoring of the card's country of origin and payment guarantees for credit cards.

A large proportion of fraud attempts come from foreign countries. Pay-Jet Cockpit can check the country of origin and, in many cases the city of the IP address used. If the country of origin or the IP address of your customer is not one of your supplies countries or is not the same country as the credit card Issuer, Pay-Jet Cockpit can send an alert via e-mail or automatically refuse the payment.

75% of all fraud attempts are made with foreign credit cards. Pay-Jet Cockpit can check the card’s origin: If you enter the delivery country as a parameter, Pay-Jet Cockpit returns the country of origin of Visa and MasterCard issued cards and sends an e-mail if the delivery country differs from the card’s origin. You can then find out from the customer why the card’s origin differs from the delivery country to avoid fraud. Pay-Jet Cockpit can optionally refuse such payments immediately.


Additional parameters for Fraud prevention

Definitions

Data formats

Format

Description

a

alphabetical

as

alphabetical with special characters

n

numeric

an

alphanumeric

ans

alphanumeric with special characters

ns

numeric with special characters

bool

boolean expression (true or false)

3

fixed length with 3 digits/characters

..3

variable length with maximum 3 digits/characters

enum

enumeration of allowed values

dttm

ISODateTime (YYYY-MM-DDThh:mm:ss)


Abbreviations

Abbreviation

Description

Comment

CND

condition


M

mandatory

If a parameter is mandatory, then it must be present

O

optional

If a parameter is optional, then it can be present, but it is not required

C

conditional

If a parameter is conditional, then there is a conditional rule which specifies whether it is mandatory or optional


Notice: Please note that the names of parameters can be returned in upper or lower case.


Additional parameters for calling Pay-Jet Cockpit interface for credit cards

Fraud prevention via IP-tracking relates to VISA and MasterCard credit cards via Pay-Jet Cockpit interfaces payssl.aspx, paynow.aspx and direct.aspx.

For standard integration and other special parameters for making a credit card payment via the payssl.aspx, paynow.aspx and direct.aspx interfaces, please check the credit card handbook.

Notice: By default the fraud prevention functions are not activated. Pay-Jet Support can activate these functions for you if required.

Notice: For security reasons, Pay-Jet Cockpit rejects all payment requests with formatting errors. Therefore, please use the correct data type for each parameter.

The following table describes the encrypted payment request parameters:

Oops, it seems that you need to place a table or a macro generating a table within the Table Filter macro.

The table is being loaded. Please wait for a bit ...

Key

Format

CND

Description

Beschreibung

IPAddr

ans..15

O

IP address. If you transfer the IP address, Cockpit can determine in which country and in which town your customer has connected with the Internet (see also IPZone). Format: 123.456.789.012

IP-Adresse. Damit kann das Cockpit ermitteln, in welchem Land und welcher Stadt Ihr Kunde mit dem Internet verbunden ist (vgl. IPZone). Format 123.456.789.012

IPZoneans..1100O

Codes of countries from which you accept orders, 3 digits numeric according to ISO 3166-1.

Separate several countries by commas: 036,040,124. If you transmit countries in IPZone, Cockpit checks the country of origin of your customer's IP address, whether it is included in your country list, and whether it corresponds to the country of the credit card (see below). Cockpit also transmits the IP-country to your shop (see below). If the IP-country is not in your list or does not match the credit card Cockpit can send a warning e-mail or refuse payments.

Codes der Länder, aus denen Sie Bestellungen akzeptieren, dreistellig numerisch gemäß ISO 3166-1.

Mehrere Länder durch Kommata trennen: 036,040,124. Wenn Sie Länder in IPZone übergeben, prüft das Cockpit, aus welchem Land die IP-Adresse Ihres Kunden stammt, ob es in Ihrer Länderliste enthalten ist und ob es mit dem Land der Kreditkarte (s.u.) übereinstimmt. Das Cockpit übergibt das IP-Land auch an Ihren Shop (s.u.). Wenn das IP-Land nicht in Ihrer Liste ist oder nicht zur Kreditkarte passt, kann das Cockpiteine Warnung per E-Mail senden oder Zahlungen ablehnen.

Zoneans..1100O

Codes of countries where you accept credit cards, 3 digits numeric or alphanumeric according to ISO 3166-1.

Separate several countries by commas: 036,040,124. If you transmit countries in Zone, Cockpit checks the country of origin of your customer's credit card (MasterCard, Visa) and whether it is included in your approved country list. Cockpit also transmits the card’s country to your shop (see below). If the card’s-country is not in your list or does not match your customer's IP address, Cockpit can send a warning e-mail or refuse payments. In order to refuse cards from particular countries (negative list) enter an exclamation mark before that country code: !036,!040,!124.

Please note, there is a maximum length of 1100 characters.

Codes der Länder, in denen Sie Kreditkarten akzeptieren, dreistellig numerisch oder alphanumerisch gemäß ISO 3166.1.

Mehrere Länder durch Kommata trennen: 036,040,124. Wenn Sie Länder in Zone übergeben, prüft das Cockpit, aus welchem Land die Kreditkarte (MasterCard, Visa) Ihres Kunden stammt und ob es in Ihrer Länderliste enthalten ist. Das Cockpit übergibt das Kartenland auch an Ihren Shop (s.u.). Wenn das Kartenland nicht in Ihrer Liste ist oder nicht zur IP-Adresse des Kunden passt, kann das Cockpit eine Warnung per E-Mail senden oder Zahlungen ablehnen. Um Karten aus bestimmten Ländern abzulehnen (Negativliste), geben Sie vor dem Ländercode ein Ausrufezeichen an: !036,!040,!124.

Bitte beachten Sie die Längenbegrenzung auf max. 1100 Zeichen.

Additional parameters for Fraud prevention for credit card payments


The following table describes the result parameters with which the Pay-Jet Cockpit responds to your system

(info) pls. be prepared to receive additional parameters at any time and do not check the order of parameters

(info) the key (e.g. MerchantId, RefNr) should not be checked case-sentive

Oops, it seems that you need to place a table or a macro generating a table within the Table Filter macro.

The table is being loaded. Please wait for a bit ...

Key

Format

CND

Description

Beschreibung

Zone

a..7

O

If country codes have been entered in Zone Cockpit returns the country code for the credit card or "UNKNOWN"

Falls bei der Anfrage Ländercodes in Zone übergeben wurden, gibt das Cockpit den Ländercode der Kreditkarte oder "UNKNOWN" zurück

IPZone

a..7

O

If IP-countries are transmitted in IPZone in the case of the inquiry Cockpit returns the country code of the IP address or "UNKNOWN"

Falls bei der Anfrage IP-Länder in IPZone übergeben wurden, gibt das Cockpit den Ländercode der IP-Adresse oder "UNKNOWN" zurück

IPZoneA2

a..7

O

If IPZone is submitted within the request Cockpit returns the two-character country code of the IP address or "UNKNOWN" (DE=Germany, FR=France etc.)

Falls bei der Anfrage IPZone übergeben wurde, gibt das Cockpit den zweistelligen Ländercode der IP-Adresse oder "UNKNOWN" zurück (DE=Deutschland, FR=Frankreich etc.)

IPState

a..32

O

If IPZone is submitted in the request Cockpit returns the federal state from which the IP address of your customer originates.

Falls bei der Anfrage IPZone übergeben wurde, gibt das Cockpit das Bundesland zurück, aus der die IP-Adresse Ihres Kunden stammt

IPCity

a..32

O

If IPZone is submitted in the request Cockpit returns the town/city from which the IP address of your customer originates.

Falls bei der Anfrage IPZone übergeben wurde, gibt das Cockpit die Stadt zurück, aus der die IP-Adresse Ihres Kunden stammt

IPLongitude

n..20

O

If IPZone is submitted in the request Cockpit returns the geographical longitude (floating point, decimal) of the dial-in node (PoP) of your customer.

Falls bei der Anfrage IPZone übergeben wurde, gibt das Cockpit den geographischen Längengrad (Fließkomma, dezimal) des Internet-Einwahlknotens Ihres Kunden zurück

IPLatitude

n..20

O

If IPZone is submitted in the request Cockpit returns the geographical latitude (floating point, decimal) of the dial-in node (PoP) of your customer

Falls bei der Anfrage IPZone übergeben wurde, gibt das Cockpit den geographischen Breitengrad (Fließkomma, dezimal) des Internet-Einwahlknotens Ihres Kunden zurück

fsStatus

ans..9

OC

Only via direct.aspx, only with EVO Payments International: ACCEPT=no suspicion of card fraud, DENY=refusal recommended, CHALLENGE= verification recommended, NOSCORE=No risk analysis, ENETFP=Exceptional error in the network, ERROR=Error in the data processing centre, ETMOUT=Timeout

Nur über direct.aspx, nur bei EVO Payments International: ACCEPT=Kein Verdacht auf Kartenbetrug, DENY=Abweisen empfohlen, CHALLENGE=Prüfung empfohlen, NOSCORE= keine Risikobewertung, ENETFP=Ausnahmefehler im Netzwerk, ERROR=Fehler im Rechenzentrum, ETMOUT=Timeout

fsCode

n4

OC

Only via direct.aspx, only with EVO Payments International: Recommended action: <0000> no result, <0100> accept, <0150> always accept, <0200> deny, <0250> always deny, <0300> suspicious, <0330> please check, <0400> suspicious ReD blacklist, <0500> questionable, <0600> questionable ReD blacklist, <0700> threshold exceeded, <0800> unusual usage, <901> intern ebitGuard error, <902> format error

Nur über direct.aspx, nur bei EVO Payments International: Handlungsempfehlung: <0000> keine Bewertung, <0100> annehmen, <0150> immer annehmen, <0200> ablehnen, <0250> immer ablehnen, <0300> verdächtig, <0330> überprüfen, <0400> verdächtig ReD-Blacklist, <0500> fragwürdig, <0600> fragwürdig ReD-Blacklist, <0700> Schwellwert überschritten, <0800> ungewöhnliches Nutzungsmuster, <901> interner ebitGuard-Fehler, <902> Formatfehler

Additional response parameters for fraud prevention for credit card payments



Calling the interface for editing a Blacklist

In order to create, read, update or delete a blacklist entry via a Server-to-Server connection, call the following URL:


Notice: For security reasons, Pay-Jet Cockpit rejects all payment requests with formatting errors. Therefore, please use the correct data type for each parameter.

The following table describes the encrypted payment request parameters:

Oops, it seems that you need to place a table or a macro generating a table within the Table Filter macro.

The table is being loaded. Please wait for a bit ...

KeyFormatCNDDescriptionBeschreibung

MerchantID

ans..30

M

MerchantID, assigned by Pay-Jet. Additionally this parameter has to be passed in plain language too.

HändlerID, die von Pay-Jet vergeben wird. Dieser Parameter ist zusätzlich auch unverschlüsselt zu übergeben.

KeyFormatCNDDescriptionBeschreibung

MAC

an64

M
Hash Message Authentication Code (HMAC) with SHA-256 algorithm. Details can be found here:
Hash Message Authentication Code (HMAC) mit SHA-256-Algorithmus. Details finden Sie hier:

Key

Format

CND

Description

Beschreibung
EventTokenenumMAbbreviation of the action to be done: <Create>, <Read>, <Update> or <Delete>Abkürzung der auszuführender Aktion: <Create>, <Read>, <Update> oder <Delete>
BlackListInfoans..1024MInformation about the blacklist entry as JSON string in the Base64 format. See table BlackListInfo below.Information über den Blacklist-Eintrag als JSON-String im Base64-Format. Siehe Tabelle BlackListInfo unten.

Parameters for calling the blacklist editing


The following table describes the result parameters with which the Pay-Jet Cockpit responds to your system

(info) pls. be prepared to receive additional parameters at any time and do not check the order of parameters

(info) the key (e.g. MerchantId, RefNr) should not be checked case-sentive

Oops, it seems that you need to place a table or a macro generating a table within the Table Filter macro.

The table is being loaded. Please wait for a bit ...

KeyFormatCNDDescriptionBeschreibung

MID

ans..30

M

MerchantID, assigned by Pay-Jet

HändlerID, die von Pay-Jet vergeben wird

KeyFormatCNDDescriptionBeschreibung

MAC

an64

M
Hash Message Authentication Code (HMAC) with SHA-256 algorithm. Details can be found here:
Hash Message Authentication Code (HMAC) mit SHA-256-Algorithmus. Details finden Sie hier:

KeyFormatCNDDescriptionBeschreibung
Status

a..50

M

OK (URLSuccess) or FAILED (URLFailure)

OK (URLSuccess) oder FAILED (URLFailure)

KeyFormatCNDDescriptionBeschreibung
Description

ans..1024

M
Further details in the event that payment is rejected. Please do not use the Description but the Code parameter for the transaction status analysis!
Nähere Beschreibung bei Ablehnung der Zahlung. Bitte nutzen Sie nicht den Parameter Description, sondern Code für die Auswertung des Transaktionsstatus!

Key

Format

CND

Description

Beschreibung

BlackListInfo

ans..1024

C

Information about the blacklist entry as JSON string in the Base64 format, if Status=OK. See table BlackListInfo below.

Information über den Blacklist-Eintrag als JSON-String im Base64-Format, wenn Status=OK. Siehe Tabelle BlackListInfo unten.

Result parameters for calling the blacklist editing


BlackListInfo

Following table describes the BlackListInfo object for EventToken Insert:

Oops, it seems that you need to place a table or a macro generating a table within the Table Filter macro.

The table is being loaded. Please wait for a bit ...

Key

Format

CND

Description

Beschreibung
CategoryenumMCategory <EDD> for direct debit or <CC> for credit cardKategorie <EDD> für Lastschrift oder <CC> für Kreditkarte
Numberans..64M

IBAN, if Category=EDD

Credit card number, if Category=CC

IBAN, wenn Category=EDD

Kreditkartennummer, wenn Category=CC

BICans..32CBIC, if Category=EDDBIC, wenn Category=EDD

Parameters for blacklist editing, EventToken Insert

 

Following table describes the BlackListInfo object for EventToken Update:

Oops, it seems that you need to place a table or a macro generating a table within the Table Filter macro.

The table is being loaded. Please wait for a bit ...

Key

Format

CND

Description

Beschreibung
BlockIDan..32MUnique BlockIDEindeutige BlockID
LockActiveboolM

Defines, if the entry should by blocked or not.

Blocked: <True>

Unlocked: <False>

Definiert, ob der Eintrag gesperrt werden soll oder nicht.

Gesperrt: <True>

Entsperrt: <False>

Parameters for blacklist editing, EventToken Update

 

Following table describes the BlackListInfo object for EventToken Delete:

Oops, it seems that you need to place a table or a macro generating a table within the Table Filter macro.

The table is being loaded. Please wait for a bit ...

Key

Format

CND

Description

Beschreibung

BlockID

an..32

M

Unique BlockID

Eindeutige BlockID

Parameters for blacklist editing, EventToken Delete

 

The following table describes the BlackListInfo object with which the Pay-Jet Cockpit responds:

Oops, it seems that you need to place a table or a macro generating a table within the Table Filter macro.

The table is being loaded. Please wait for a bit ...

Key

Format

CND

Description

Beschreibung

BlockID

an..32

M

Unique BlockID

Eindeutige BlockID

KeyFormatCNDDescriptionBeschreibung

MID

ans..30

M

MerchantID, assigned by Pay-Jet

HändlerID, die von Pay-Jet vergeben wird

Key

Format

CND

Description

Beschreibung

Category

enum

M

Category <EDD> for direct debit or <CC> for credit card

Kategorie <EDD> für Lastschrift oder <CC> für Kreditkarte

Number

ans..64

M

IBAN, if Category=EDD

Credit card number, if Category=CC

IBAN, wenn Category=EDD

Kreditkartennummer, wenn Category=CC

BIC

ans..32

C

BIC, if Category=EDD

BIC, wenn Category=EDD

KeyFormatCNDDescriptionBeschreibung

MAC

an64

M
Hash Message Authentication Code (HMAC) with SHA-256 algorithm. Details can be found here:
Hash Message Authentication Code (HMAC) mit SHA-256-Algorithmus. Details finden Sie hier:

Key

Format

CND

Description

Beschreibung

LockActive

bool

M

Defines, if the entry should by blocked or not.

Blocked: <True>

Unlocked: <False>

Definiert, ob der Eintrag gesperrt werden soll oder nicht.

Gesperrt: <True>

Entsperrt: <False>

Created

dttm

M

Time of creation (YYYY-MM-DD hh:mm:ss)

Zeit des Anlegens (YYYY-MM-DD hh:mm:ss)

Changed

dttm

M

Time of modification (YYYY-MM-DD hh:mm:ss)

Zeit der Änderung (YYYY-MM-DD hh:mm:ss)

Result parameters for blacklist editing