Integration Types
Other Features
Card Payments
Mobile Wallets
Alternative Payment Methods
Resources
NuDetect is a risk service provider that supports an array of risk assessments. The Mastercard Gateway supports the following risk assessments via NuDetect:
Based on the risk assessment, NuDetect provides a recommendation to either accept or reject the transaction. Where the recommendation is reject, the gateway blocks the transaction. The details of the risk assessment, including risk score, applied risk rules and their result is returned in the transaction response.
The integration steps to add NuDetect depend on your gateway integration model.
To use NuDetect via the gateway:
If you have a Hosted Checkout version 56+ integration then transactions initiated via Hosted Checkout will be automatically sent to NuDetect for risk scoring. The type of assessment will depend on your NuDetect risk profile configuration, either "Card Testing" or "Trusted Checkout" or both.
With "Trusted Checkout", if Hosted Checkout fails to collect fingerprint data then the transaction will not be sent to NuDetect for risk scoring.
When you collect payment details on your own payment page and submit them to the gateway using a Verify, Authorize, Pay, or Standalone Capture transaction, the implementation differs for "Card Testing" and "Trusted Checkout" risk assessments.
If you want to perform "Card Testing" and are configured for the "Card Testing" or "Card Testing + Trusted Checkout" NuDetect profile, the gateway handles the risk assessment via NuDetect for you.
If you want to perform "Trusted Checkout" and are configured for the "Trusted Checkout" or "Card Testing + Trusted Checkout" NuDetect profile, then you must integrate to Risk JS API to allow your payment page to collect fingerprint data. If the payment page fails to collect fingerprint data, then the transaction will not be sent to NuDetect for risk scoring.
Payment Options Inquiry
request to the gateway. If "Trusted Checkout" with or without "Card Testing" is enabled, the Payment Options Inquiry
response returns risk.fingerprintprovider
=NUDETECT
This section describes how to use Risk JS API in your NuDetect integration.
Perform a Create Session operation to obtain a session ID. Once you create a session, you can update the session with the request fields and values you wish to store in the session.
On your payment page, reference the Risk JS API (risk.js
) from the gateway servers. This will place a risk
object into the window/global namespace.
https://credimax.gateway.mastercard.com/static/risk-core/1.0.0/risk.min.js
risk.js Reference[JavaScript]
Note that upon completing the configuration using Risk.configure( )
method, the Risk JS SDK creates the following hidden input element inside the <form> element on the payment page, which is usually a wrapper for card details. The Risk JS SDK generates fingerprint data inside the hidden input element when the payer starts interacting with the payment page, for example, key strokes, moving or clicking mouse, etc.
<input name="nds-pmd" type="hidden">
If your payment page does not have a <form> element, you must manually insert the hidden input element, for example, <input name="nds-pmd" type="hidden"> before executing Risk.configure( )
method.
Once you have created a session, initialize the API using the Risk.configure( )
method. This method should be called during the page load or when the DOM is in ready state. It should be called only once for the page load. After calling this method, Risk JS will provide configuration values as member variables.
Provide the following mandatory fields as arguments to the riskConfig
object:
merchantId
: Your merchant identifier on the gateway.sessionId
: The session Id that you created using the Create Session call.apiVersion
: (Optional) The API version of the request. If you do not provide a value, the apiVersion
defaults to 56.riskProvider
: (Optional) The identifier of the risk service provider on the gateway. Currently, only NUDETECT risk service provider is supported via Risk JS API. If you do not provide a risk service provider, the Risk JS API will make a Payment Options Inquiry
request to determine the supported risk provider.You can provide an optional callback
function in the Risk.configure()
method, which will be invoked with the response
object as an argument upon completion of the method. The response
object will contain message
and status
properties to indicate whether the configuration was successful or failed due to an error.
If the configuration was successful:
{ status: "SUCCESS", message: "Risk SDK is configured successfully."}
If the configuration failed:
{ status: "ERROR", message: "Error message"}
Risk.configure({ merchantId: "TESTMERCHANT", sessionId: "SESSION0002899787259G30902270H6", apiVersion: 56, riskProvider: "NUDETECT" }, function(response) { // Handle Risk.configure() response */ console.log(response.message) // Configuration message: 'Risk SDK is configured successfully.' console.log(response.status) // Configuration status: 'SUCCESS' or 'ERROR' } );
You can add or update fields in the session you created in Step 1 using the Update Session call. It allows you to add payment and payer data into a session that can subsequently become the input to a Verify, Authorize or Pay operation to determine the risk associated with a payer. Perform Update Session when the payer clicks the "Pay Now" button.
order.amount
Please note that you cannot remove fields from a session but can only overwrite values for existing fields.
If Update Session was successful, the returned session will contain the payer's payment details from the interaction. Use the returned session to present an order confirmation page or to submit a payment to the gateway. See Perform an Operation Using the Session..