When submitting the transaction, make sure to add the session variable: Įcho "Authcode: ". it is available when the transaction is submitted. you should store $session in your order record so that The first three of these are based on score thresholds (ie >-30 = pass, >-60 = warn UMprofilerResponse will return 'reject','pass','review' or 'error'. "-99" is a high risk transaction and should be investigated manually. "0" represents a clean, safe transaction.
The UMprofilerScore variable contains the score calculated by ThreatMetrix based on the device and transaction details. While it is not necessary to do anything with these variables, they can be useful in making business decisions such as whether to ship product or not. There are also additional response variables such as the profiler score that the developer may wish to capture. UMsession=u820nnd3t9tsfr7bhnxxfaww1sess57sspnk8hmrzkyrvh4wu9fa9w7idon4wue8 The session id needs to be passed in the UMsession variable with the rest of the transaction data. Typically this html can be added to bottom of the same page that is used to collect the card number. Taking the variables received during the 'getsession' call above, display the following HTML to the customer. The OrgID is needed for the HTML display but does not need to be stored for later use. The SessionID variable should be stored for the duration of the payment process. U820nnd3t9tsfr7bhnxxfaww1sess57sspnk8hmrzkyrvh4wu9fa9w7idon4wue8 In this example Hash would be set to s/sjhj2489sh/fe2cece09552cbb5855865c1f582252cff1e2dea The Hash variable is then set to type/seed/hash. For example, if your pin is '1234' and your seed is 'sjhj2489sh', the prehashed text would be getsession:1234:sjhj2489sh and the sha1 hash would be fe2cece09552cbb5855865c1f582252cff1e2dea. The Hash is calculated by concatenating the action (getsession), the pin, and a random seed separated by colons. The SourceKey variable is generated in the merchant console. A session id is retrieved by calling the "getsession" action in the profiler api. This session id must be generated by Newtek Gateway and should be stored throughout the check out process. To properly track the customer throughout the payment process a unique session id is required.
Developers using other libraries can request assistance by contacting the developer integration department at are three addition/changes that need to be made by the merchant's developer or software vendor:
Full support in the Soap API will be available in 1.5 when it is released. Partial support is available in the Soap API using the runTransactionAPI method. API Integrationĭevice identification is currently available on the Transaction API, PHP library and Dot Net DLL. The ThreatMetrix fraud module can be configured on a per source key basis to block transactions which reach a given score.įor pricing information merchants should contact their merchant service provider.įor development assistance please contact the integration support department. Once integrated, the ThreatMetrix scoring and extended device profile data is visible within the merchant console.
Merchants looking to enhance their fraud prevention efforts can leverage this premium service with a minimal amount of code change. The Newtek Gateway gateway provides an interface for integrating the ThreatMetrix service into merchant's existing transaction processing. Using device identification coupled with their advanced rules-engine, and machine learning technology, ThreatMetrix is able to stop first-time fraud and recognize valued, returning customers more effectively than competing alternatives. Their global fraud-prevention network is based on third generation device identification and transaction behavior tracking technology that delivers device and transaction confidence scores, reason codes and attributes in real-time. ThreatMetrix is the industry leader in device identification based fraud management. Device Identification and Fraud Prevention With ThreatMetrix Overview