Risk Management
Risk Management is a security feature that allows you to effectively mitigate fraud when processing e-commerce transactions. The Mastercard gateway currently supports risk assessment of transactions through risk service providers.
Transaction risk management
The integration path to the Risk Provider will offer a Pre-Authorization or Post-Authorization Screening option. Please select your preference when enabling your merchant for the Risk Service in the Merchant Manager Portal:
- Partner Managed Risk Assessment: Payment service provider will be managing the risk assessment.
- Merchant Managed Risk Assessment: Payment service provider wants to allow merchants to manage their risk assessment.
- Standalone Risk Assessment: Payment service provider can process risk assessment only and not financial transactions through the Mastercard gateway.
Risk initiation
You can choose when to send the transaction to the risk service provider for risk scoring. This is configured in your risk profile on the gateway by Your payment service provider. The available options are:
- Before transaction processing: The risk assessment request includes relevant data elements from the transaction request, a unique transaction identifier, and a risk assessment identifier generated by the payment gateway. No AVS, CSC or other acquirer response data is available.
- After transaction processing: The risk assessment request includes relevant data elements from the transaction request, a unique transaction identifier, a risk assessment identifier generated by the payment gateway together with relevant transaction response data from the acquirer. AVS and CSC results are available for risk assessment
Risk processing
Only Authorization, Pay, Verify, Refunds, and Standalone Refunds are assessed for risk. Risk assessment on other transactions such as Voids is not performed.
If risk assessment on Verify is not performed (due to the Bypass Risk flag or communications failure from the risk service provider), then the gateway will allow you to risk assess the first financial transaction received on the order following Verify unless you also opt to bypass risk on that transaction.
Risk details
When you are configured to use a risk service provider, transactions processed through the gateway will be assessed for risk, and the risk assessment result (risk.response.gatewayCode) will be returned in the transaction response. Orders that are flagged for review as a result of risk assessment may be reviewed to be accepted or rejected on the risk service provider. The review decision will be returned in the risk.response.review.decision field.
Risk Assessment Result API Reference [REST][NVP]
You can choose to bypass risk assessment by providing risk.bypassMerchantRiskRules field in the transaction request. The rules configured by Your payment service provider will still be applied.
Bypass Risk API Reference [REST][NVP]
You can search for the order or transaction in Merchant Administration using the risk assessment result or the review decision status. The risk assessment details are displayed on the order and transaction details page.