Cybersource Decision Manager
Effective fraud prevention is crucial for safeguarding both your business and your consumers against unauthorized activity. Cybersource Decision Manager is a proven fraud detection tool that uses advanced intelligence. It leverages insights from billions of transactions processed annually by Visa and Cybersource worldwide to identify high-risk transactions and enable more accurate, confident decisions. Real-time fraud detection aims to identify as many fraudulent activities as possible, while balancing two key priorities: protecting your business from threats and providing seamless payment experiences.
Features
- Combines Machine Learning Models: Instead of depending on a single statistical algorithm, Cybersource Decision Manager integrates multiple machine learning (ML) techniques. This use of artificial intelligence results in more precise and reliable fraud scoring.
- Data Enrichment: The system is enhanced with over 260 fraud detectors, providing a comprehensive assessment of transaction risk for improved accuracy in fraud detection.
- Configurable Rules: Users can create detailed rules with multiple conditions, leveraging various data points to customize fraud prevention strategies.
- Visa Intelligence: The solution benefits from continuous advancements through collaboration with Visa’s Advanced Analytics and Research teams, ensuring access to the latest fraud detection innovations.
What does mean for you?
- Pre-authorization Screening: Allows you to make more informed decisions by filtering out risky transactions before approval.
- Proven Fraud Prevention Tool: Provides deep data insights and advanced intelligence to protect your business from threats, ensure operational efficiency, and deliver frictionless payment experiences.
- Customer Differentiation: Uses identity analysis and device fingerprinting to distinguish between genuine customers and potential fraudsters, helping you stay ahead of emerging fraud patterns, identify good customer behavior, and detect customers who are new to your database.
- Advanced Machine Learning: Employs sophisticated machine learning technologies fueled with insights from a unified consortium model, which accesses data from 141 billion transactions processed globally on the VISA network.
- Leverage Past Transactions: Uses the Rules Suggestion Engine to automatically generate recommended fraud rules based on emerging patterns, enabling you to continuously refine and improve your fraud strategies.
Data fields
When you send a payment request, there are various fields included that need to be filled out. We encourage you to send as many fields as possible, as not all of them are mandatory. Sending more data in your request also helps the machine learning models to get educated in real time by consuming and assessing the data signals for more effective fraud detection. For a detailed description of data fields, refer to our API Reference.
Use the table below to see which fields you need to send in your request.
Mandatory | If you do not send these fields in your request, the fraud screening cannot be processed. | |
Highly recommended | Useful data that will help you detect fraud. You should strongly consider sending these fields in your request to enhance your fraud detection. | |
Industry-specific (airline) | Essential data if you are operating in a specific industry. | |
Industry-specific (hospitality) | Essential points if you are operating in a specific industry. | |
Industry-specific (retail) | Essential data if you are operating in a specific industry. | |
Conditional | Required data to use depending on the specific object. If you don't include it, the entire object will not be sent for fraud screening, affecting your overall fraud detection results. | |
Additional | Optional data that can improve your fraud detection. |
Property | Type | Suggestion | Details |
---|---|---|---|
order | object | Order object containing order-related data. Please note that this object is required to be able to submit the amount. | |
amountOfMoney | object | Object containing amount and ISO currency code attributes. | |
currencyCode | string(3) | Three-letter ISO currency code representing the currency for the amount. | |
amount | integer(12) | Amount in cents and always having 2 decimals. | |
references | object | Object that holds all reference properties that are linked to this transaction. | |
merchantReference | string | Your unique reference of the transaction that is also returned in our report files. This is almost always used for your reconciliation of our report files. Note:
|
|
invoiceData | object | Object containing additional invoice data. | |
additionalData | string | Additional data for printed invoices. | |
additionalInput.airlineDate | object | ||
agentNumericCode | string(8) | Numeric code identifying the agent. | |
code | string(3) | Airline numeric code. | |
flightDate | string(8) | Date of the flight. Format: YYYYMMDD | |
flightLegs.items | object | ||
airlineClass | string | Reservation Booking Designator. | |
arrivalAirport | string(3) | Arrival airport/city code. | |
carrierCode | string(2) | IATA carrier code. | |
date | string(8) | Date of the leg. YYYYMMDD |
|
departureTime | string(6) | The departure time in the local time at the departure airport. Format: HH:MM |
|
flightNumber | string(4) | The flight number assigned by the airline carrier with no leading spaces. Should be a numeric string. | |
originAirport | string(3) | Origin airport/city code. | |
issueDate | string(16) | This is the date of issue recorded in the airline system In a case of multiple issuances of the same ticket to a cardholder, you should use the last ticket date. Format: YYYYMMDD | |
name | string(16) | Name of the airline. | |
passengerName | string(8) | Name of passenger. | |
placeOfIssue | string | Place of issue. For sales in the US the last two characters (pos 14-15) must be the US state code. | |
pointOfSale | string | IATA point of sale name. | |
pnr | string(217) | Passenger name record. | |
posCityCode | string | City code of the point of sale. | |
ticketNumber | string | The ticket or document number. On GlobalCollect Payment Platform it contains:
|
|
passengerName | string(49) | Name of the passenger. | |
ticketNumber | string(13) | The ticket or document number. On the Ogone Payment Platform and the GlobalCollect Payment Platform it contains:
|
|
placeOfIssue | string(15) | Place of issue. For sales in the US the last two characters (POS 14-15) must be the US state code. |
|
pointOfSale | string(25) | IATA point of sale name. | |
posCityCode | string(10) | City code of the point of sale. | |
additionalInput.lodgingData | object | Object that holds lodging specific data. | |
folioNumber | string(25) | The Lodging Folio Number assigned to the itemized statement of charges and credits associated with this lodging stay, which can be any combination of characters and numerals defined by the Merchant or authorized Third Party Processor. | |
checkInDate | string(8) | The date the guest checks into (or plans to check in to) the facility. Format: YYYYMMDD |
|
checkOutDate | string(8) | The date the guest checks out of (or plans to check out of) the facility. Format: YYYYMMDD |
|
isConfirmedReservation | boolean | Indicates whether the room reservation is confirmed.
|
|
numberOfAdults | integer(3) | The total number of adult guests staying (or planning to stay) at the facility (i.e., all booked rooms). | |
numberOfNights | integer(4) | The number of nights for the lodging stay. | |
numberOfRooms | integer(4) | The number of rooms rented for the lodging stay. | |
propertyPhoneNumber | string(20) | The local phone number of the facility in an international phone number format. | |
propertyCustomerServicePhoneNumber | string(20) | The international customer service phone number of the facility. | |
rooms.items | array of objects | Object that holds lodging-related room data. | |
typeOfRoom | string(12) | Describes the type of room, e.g., standard, deluxe, suite. | |
typeOfBed | string(12) | Size of bed, e.g., king, queen, double. | |
dailyRoomRate | string(12) | Daily room rate exclusive of any taxes and fees. Note: The currencyCode is presumed to be identical to the order.amountOfMoney.currencyCode. |
|
dailyRoomRateCurrencyCode | string(3) | Currency for daily room rate. The code should be in 3 letter ISO format. | |
dailyRoomTaxAmount | string(12) | Daily room tax. Note: The currencyCode is presumed to be identical to the order.amountOfMoney.currencyCode. |
|
customer | object |
Object containing the details of the customer. Depends on: required, except when a token has been included in the request that includes at least the countryCode in the billingAddress. |
|
merchantCustomerId | string(15) | Your identifier for the customer. It can be used as a search criteria in the GlobalCollect Payment Console and is also included in the GlobalCollect report files. It is used in the fraud-screening process for payments on the Ogone Payment Platform. Depends on:
|
|
isPreviousCustomer | boolean | Specifies if the customer has a history of online shopping with the merchant.
|
|
contactDetails | object | Object containing contact details like email address and phone number. | |
emailAddress | string(70) | Email address of the customer. The '+' character is not allowed in this property for transactions that are processed by TechProcess Payment Platform. | |
phoneNumber | string(20) | Phone number of the customer. The '+' character is not allowed in this property for transactions that are processed by TechProcess Payment Platform. | |
personalInformation | object | Object containing personal information like name, date of birth and gender. | |
name | object | Object containing the name details of the customer. | |
firstName | string(15) | Given name(s) or first name(s) of the customer. The '+' character is not allowed in this property for transactions that are processed by TechProcess Payment Platform. | |
surname | string(70) | Surname(s) or last name(s) of the customer. The surname is truncated after 25 characters, with the limit being applied after surnamePrefix is prepended, for payments, refunds or payouts that are processed by the WL Online Payment Acceptance platform The '+' character is not allowed in this property for transactions that are processed by TechProcess Payment Platform. | |
locale | string(6) |
The locale that the customer should be addressed in (for 3rd parties). Note that some 3rd party providers only support the languageCode part of the locale, in those cases we will only use part of the locale provided. |
|
billingAddress | object | Object containing billing address details. | |
street | string(50) | Street name. | |
houseNumber | string(15) | House number. The houseNumber is truncated after 10 characters for payments, refunds or payouts that are processed by the WL Online Payment Acceptance platform. | |
additionalInfo | string(50) | Additional address information. The additionalInfo is truncated after 10 characters for payments, refunds or payouts that are processed by the WL Online Payment Acceptance platform. | |
zip | string | Zip code. Note: For payments with product 1503 the maximum length is not 10 but 8. |
|
city | string | City. Note: For payments with product 1503 the maximum length is not 40 but 20. |
|
state | string(50) | Full name of the state or province. | |
countryCode | string(2) | ISO 3166-1 alpha-2 country code. | |
device | object | Object containing information on the device and browser of the customer. | |
acceptHeader | string | The accept-header of the customer client from the HTTP Headers. Required for 3-D Secure version 2 for the authenticationFlow "browser." | |
browserData | object | Object containing information regarding the browser of the customer. Required for 3D Secure version 2 for the browser flow. | |
colorDepth | integer | ColorDepth in bits. Value is returned from the screen.colorDepth property. If you use the latest version of our JavaScript Client SDK, we will collect this data and include it in the encryptedCustomerInput property. We will then automatically populate this data if available. Note: This data can only be collected if JavaScript is enabled in the browser. This means that 3-D Secure version 2.1 requires the use of JavaScript to enabled. In the upcoming version 2.2 of the specification this is no longer a requirement. As we currently support version 2.1 it means that this property is required when cardPaymentMethodSpecifInput.threeDSecure.authenticationFlow is set to "browser". Required for 3D Secure version 2 for the authenticationFlow "browser" | |
javaScriptEnabled | boolean |
Required in 3D Secure version 2.2. Required for 3D Secure version 2 for the authenticationFlow "browser" |
|
screenHeight | string | Height of the screen in pixels. Value is returned from the screen.height property. If you use the latest version of our JavaScript Client SDK, we will collect this data and include it in the encryptedCustomerInput property. We will then automatically populate this data if available. This data can only be collected if JavaScript is enabled in the browser. This means that 3D Secure version 2.1 requires the use of JavaScript to enabled. In the version 2.2 of the specification this is no longer a requirement. As we currently support version 2.1 it means that this property is required when cardPaymentMethodSpecifInput.threeDSecure.authenticationFlow is set to "browser". Required for 3D Secure version 2 for the authenticationFlow "browser" | |
screenWidth | string | Width of the screen in pixels. Value is returned from the screen.width property. If you use the latest version of our JavaScript Client SDK, we will collect this data and include it in the encryptedCustomerInput property. We will then automatically populate this data if available. This data can only be collected if JavaScript is enabled in the browser. This means that 3D Secure version 2.1 requires the use of JavaScript to enabled. In the version 2.2 of the specification this is no longer a requirement. As we currently support version 2.1 it means that this property is required when cardPaymentMethodSpecifInput.threeDSecure.authenticationFlow is set to "browser". Required for 3D Secure version 2 for the authenticationFlow "browser" | |
deviceFingerprintTransactionId | string | One must set the deviceFingerprintTransactionId received by the response of the endpoint /{merchant}/products/{paymentProductId}/ deviceFingerprint |
|
ipAddress | string(45) | The IP address of the customer client from the HTTP Headers. | |
timezoneOffsetUtcMinutes | string(6) | Offset in minutes of timezone of the client versus the UTC. Value is returned by the JavaScript getTimezoneOffset() API call. If you use the latest version of our JavaScript Client SDK, we will collect this data and include it in the encryptedCustomerInput property. We will then automatically populate this data if available. |
|
userAgent | string(6) | User-Agent of the client device/browser from the HTTP Headers. As a fall-back we will use the userAgent that might be included in the encryptedCustomerInput, but this is captured client side using JavaScript and might be different. | |
defaultFormFill | string | Degree of default form fill, with the following possible values:
|
|
account | object | Object containing data related to the account the customer has with you. | |
changeDate | object | The last date (YYYYMMDD) on which the customer made changes to their account with you. These are changes to billing & shipping address details, new payment account (tokens), or new users(s) added. | |
createDate | string(8) | The date (YYYYMMDD) on which the customer created their account with you. | |
hadSuspiciousActivity | boolean | ||
passwordChangeDate | string | The last date (YYYYMMDD) on which the customer changed their password for the account used in this transaction. | |
paymentAccountOnFile | object | Object containing information on the payment account data on file (tokens). | |
createDate | string | The date (YYYYMMDD) when the payment account on file was first created. In case a token is used for the transaction we will use the creation date of the token in our system in case you leave this property empty. | |
numberOfCardOnFileCreationAttemptsLast24Hours | integer(3) | Number of attempts made to add new card to the customer account in the last 24 hours. | |
hadSuspiciousActivity | boolean | Specifies if you have experienced suspicious activity on the account of the customer.
|
|
authentication | object | Object containing data on the authentication used by the customer to access their account. | |
method | string |
Authentication used by the customer on your website or app
|
|
shipping | object | Object containing information regarding shipping / delivery. | |
type | string | Indicates the merchandise delivery timeframe. Possible values:
|
|
emailAddress | string(70) | Email address linked to the shipping. | |
trackingNumber | string(19) | Shipment tracking number. | |
comments | string(160) | Comments included during shipping. | |
address | object | Object containing address information. | |
additionalInfo | string(50) | Additional address information. | |
city | string | City. | |
countryCode | string | ISO 3166-1 alpha-2 country code. | |
houseNumber | string (15) | House number. | |
name | object | Object that holds name elements. | |
firstName | string(15) | Given name(s) or first name(s) of the customer. | |
surname | string(70) | Surname(s) or last name(s) of the customer. The surname is truncated after 25 characters, with the limit being applied after surnamePrefix is prepended, for payments, refunds or payouts that are processed by the WL Online Payment Acceptance platform The '+' character is not allowed in this property for transactions that are processed by TechProcess Payment Platform. | |
state | string(35) | Full name of the state or province. | |
street | string(50) | Street name. | |
zip | string | Zip code. | |
shoppingCart | object | Shopping cart data, including items and specific amounts.Required by the GlobalCollect platform for payments and hosted checkouts with products 869 (China UnionPay), 9000 (AfterPay Installments) and 9001 (AfterPay Invoice). | |
isPreOrder | boolean | The customer is pre-ordering one or more items. | |
items.items | boolean | The customer is pre-ordering one or more items. | |
amountOfMoney | object | Object containing amount and ISO currency code attributes. Note: make sure you submit the amount and currency code for each line item. |
|
amount | integer(12) | Amount in cents and always having 2 decimals. | |
currencyCode | string(3) | Three-letter ISO currency code representing the currency for the amount. If productPrice is sent, then currencyCode must be sent. | |
invoiceData | object | Object containing the line items of the invoice or shopping cart. | |
description | string(116) | Shopping cart item description. Alternative productName. | |
orderLineDetails | object | Object containing additional information that when supplied can have a beneficial effect on the discount rates. | |
productCode | string(12) | Product or UPC Code, left justified. Note: Must not be all spaces or all zeros. It must be sent to use shoppingCart data points in your fraud screening. |
|
productType | string(12) | Code used to classify items that are purchased. Note: Must not be all spaces or all zeros |
|
productName | string(120) | The name of the product. The '+' character is not allowed in this property for transactions that are processed by TechProcess Payment Platform. | |
productCategory | string(50) | The category of the product (i.e. home appliance). This property can be used for fraud screening on the Ogone Platform. | |
productPrice | string(12) | The price of one unit of the product, the value should be zero or greater. | |
quantity | integer(4) | Quantity of the units being purchased, should be greater than zero. Note: Must not be all spaces or all zeros | |
cardPaymentMethodSpecificInput | object | Object containing the specific input details for card payments. | |
card | object | Object containing card details. The card details will be ignored in case the property networkTokenData is present. | |
cvv | string(4) | Card Verification Value, a 3 or 4 digit code as an additional security feature for card not present transactions. | |
cardNumber | string(19) | The complete credit/debit card number (also know as the PAN). The minimum input length is 12 digits. The card number is always obfuscated in any of our responses. |
|
expiryDate | string(4) | Expiry date of the card. Format: MMYY |
|
isRecurring | boolean |
|
|
paymentProductId | integer(5) | Payment product identifier. Please see payment products for a full overview of possible values. |
|
recurring | object | Object containing data related to recurring. | |
endDate | string(8) | The date that the trial period ends in YYYYMMDD format. | |
minFrequency | integer(4) | Minimum number of days between authorizations. If no value is provided we will set a default value of 30 days. | |
recurringPaymentSequenceIndicator | string |
Note: Will default to first when isRecurring is set to true, with the following exception that it is set to recurring when the customer is making the payment using a PayPal token.
|
|
unscheduledCardOnFileRequestor | string | Indicates which party initiated the unscheduled recurring transaction. Allowed values:
|
|
unscheduledCardOnFileSequenceIndicator | string |
|
|
threeDSecure | object | Object containing specific data regarding 3D Secure. | |
challengeIndicator | string | Allows you to indicate if you want the customer to be challenged for extra security on this transaction. Possible values:
|
|
exemptionRequest | string | Type of strong customer authentication (SCA) exemption requested for this transaction. Possible values:
|
|
externalCardholderAuthenticationData | object | Object containing 3D secure details. | |
cavv | string(50) | The CAVV (cardholder authentication verification value) or AAV (accountholder authentication value) provides an authentication validation value. Required by the GlobalCollect platform for ECI 2 and 5. | |
eci | integer(2) | Electronic Commerce Indicator provides authentication validation results returned after AUTHENTICATIONVALIDATION.
|
|
skipAuthentication | boolean |
|
|
redirectionData | object | Object containing browser specific redirection related data. | |
returnUrl | string(512) | The URL that the customer is redirect to after the payment flow has finished. You can add any number of key value pairs in the query string that, for instance help you to identify the customer when they return to your site. Please note that we will also append some additional key value pairs that will also help you with this identification process. Note: The provided URL should be absolute and contain the protocol to use, e.g. http:// or https://. For use on mobile devices a custom protocol can be used in the form of protocol://. This protocol must be registered on the device first. URLs without a protocol will be rejected. |
|
directDebitPaymentMethodSpecificInput | object | Object containing the specific input details for direct debit payments. | |
paymentProductId | integer(5) | Payment product identifier. Please see payment products for a full overview of possible values. |
|
paymentProduct705SpecificInput | object | Object containing UK Direct Debit specific details. | |
bankAccountBban | object | Object containing account holder name and bank account information. | |
accountNumber | string | Bank account number. | |
bankCode | string | Bank code. | |
branchCode | string | Branch code. | |
bankName | string(40) | Name of the bank. | |
countryCode | string(2) | ISO 3166-1 alpha-2 country code of the country where the bank account is held For UK payouts this value is automatically set to GB as only payouts to UK accounts are supported. | |
accountHolderName | string(30) | Name of the account holder. | |
sepaDirectDebitPaymentMethodSpecificInput | object | Object containing the specific input details for SEPA direct debit payments. | |
paymentProductId | integer(5) | Payment product identifier. Only available for PPID 771 and 770. Please see payment products for a full overview of possible values. | |
token | string(40) | ID of the token that holds previously stored card data. If both the token and card are provided, then the card takes precedence over the token. | |
fraudFields | object | Object containing additional data that will be used to assess the risk of fraud. | |
customerIpAddress | string(45) | The IP Address of the customer that is making the payment. The '+' character is not allowed in this property for transactions that are processed by TechProcess Payment Platform. | |
orderTimezone | string(2) | Timezone in which the order was placed. The '+' character is not allowed in this property for transactions that are processed by TechProcess Payment Platform. | |
giftCardType | string | One of the following gift card types:
|
|
giftMessage | string(160) | Gift message | |
userData | array | Array of up to 16 userData properties, each with a max length of 256 characters, that can be used for fraud screening. Use it for the fields that are specific to your business and beneficial to be used for your fraud monitoring. |