Sift
Wpay has partnered with Sift to leverage their machine learning capabilities to detect and prevent fraud. Sift makes risk predictions using your own data and data from across Sift’s global network to identify patterns across thousands of device, user, network, and transactional signals.
Whilst Cybersource evaluates orders after payments, Sift Payment Protection checks for frauds before payments, providing the flexibility for you to take actions on the transaction.
Similar to Cybersource, Sift returns three different possible fraud responses - Accept, Reject, or flagging an order for Review.
| Decision | Reason Code | Description |
|---|---|---|
| Accept | 100 | No fraud detected. Payment to proceed after fraud check. |
| Review | 480 | Fraud potential. Payment to proceed whilst the transaction is flagged for review in Sift. The fraud team should manually review the transaction to determine the next course of actions to take. |
| Reject | 481 | Fraud likely. Payment blocked and a Reject response returned to you to take further actions. |
You may then determine the desired customer experience and how you wish to proceed with the transaction based on fraud outcomes e.g. if the outcome is Reject (481) you may wish to block the user from your store.
Merchant Configuration
To utilise Sift capabilities, we will need to configure this for you along with any of your merchant-specific rules during the onboarding process. Once successfully set up you can submit a request to make a payment with Sift fraud payload included to trigger the fraud-checking process.
Step 1: Create a Sift Merchant Account
To begin using Sift as your fraud screening solution you first need to setup a Sift instance which will be specific to your organisation. Your Wpay account management representative will be able to support you through the steps of setting up the Sift instance as part of your integration process.
Step 2: Loading historical data into Sift
Sift uses a machine learning algorithm to perform fraud scoring for transactions. It's recommended by Sift to backfill at least 3 - 6 months of historical data to get the best performance from the platform from day one. Sift outlines how to complete this process on the following page. As an optional step you might also wish to backfill the decisions of your current fraud engine. Your Wpay account management representative will be able to support you through the steps of backfilling your historical data.
Step 3: Config API Keys for Sandbox & PROD
The Sift solution requires your Sift API-key to be set up in APIGEE to enable the connection between the Wpay Platform and Sift. This step needs to be completed for both the non-PROD and PROD environments. Your Wpay account management representative will be able to support you through the process.
Step 4: Configuration of the Sift Rules
Once the above steps have been completed it's now time to setup your fraud rules in Sift. Your Wpay account management representative will be able to support you through the steps configuring your fraud rules.
Fraud Rule Considerations
If you are already using an existing fraud screening provider for fraud scoring you will need to work with your account management representative to perform an analysis to ensure your existing rules can be imported into Sift. Alternatively, if you aren't using an existing fraud screening provider, you will need to define and implement your fraud rules.
Step 5: Integration with the Wpay Platform
Now that the pre-requisite steps have been completed you are now ready to integrate with the Wpay platform to use Sift as your fraud screening provider. The Sift payload has been designed as structured JSON with its own schema in order to make the information easier to read by your developers.
Customer Experience Considerations
Merchant must also update their orchestration logic and customer experience to handle a payment declined due to fraud before the payment occurs. Therefore, a new screen might be required to tell the customer their payment was unsuccessful but not tipping of a potential fraudster that it was due to fraud screening being utilised. The current process for Cybersource is post the payment being processed the merchant can reverse the transaction by either:
- Void the transaction, if processed as a pre-auth.
- Refund the transaction, if processed as a purchase.
Step 6: Embed the Sift snippets
| Description | Documentation | Notes |
|---|---|---|
| JavaScript Snippet for all web traffic (Front-End) | JavaScript Snippet | Where to deploy? On all customer facing pages on your website Before Login Set the $session_id field After Login Set the $user_id field (should match the $user_id on REST API). Maintain the $session_id Important Disable the JS snippet for ALL Internal User Activity i.e. admins, analysts making bookings/orders on the behalf of users etc |
| Mobile SDK Overview | Mobile SDK Overview | N/A |
| Mobile SDK for mobile apps (Front-end) | iOS SDK | Size 66 KB including dependencies Permissions Access to Internet (Required), Location (Optional), Gyroscope (Optional) OS Support iOS 10+ Data Usage ~6kb of data per minute of active app use; App State + Device Information Collected and Sent via SDK App State sent once every minute, Device Info sent once every hour or whenver it changes Installation Cocoapods + Carthage Installation OR via Github repo |
| Mobile SDK for mobile apps (Front-end) | Android SDK | Size 4.5 MB total with all dependencies (3 MB without common libraries) Permissions Access to Internet (Required), Fine Location (Optional), Coarse Location (Optional) OS Support Support for Jelly Bean 4.1.x (Android API 16+) Data Usage Uses ~6kb of data per minute of active app use; App State + Device Information Collected and Sent via SDK App State sent once every minute, Device Info sent once every hour or whenver it changes Installation Maven or Jcenter Integration OR via Github repo |
High Level Flow
Fraud Payload
The Fraud payload for Sift will be sent as part of the payment please refer to Making a Payment.
| Field | Description | Mandatory / Data Type |
|---|---|---|
| schemaId | The ID of the previously configured schema that will be used to validate the contents of the fraud payload. The schema ID will be given back to the merchant during their setup process. | Yes String |
| sessionId | The user's current session ID. | No String |
| orderId | The ID for tracking this order in your system. | No, but strongly recommended to improve fraud scoring. String |
| userEmail | Email of the user creating this order. | No String |
| amount | Total transaction amount. | No, but strongly recommended to improve fraud scoring. String |
| currency | ISO-4217 currency code for the amount. | No String |
| sellerUserId | The seller's user ID for marketplace. | No String |
| verificationPhoneNumber | Phone number of the user. This phone number will be used to send One-Time Password (OTP) when required. The phone number should be in E.164 format including + and a country code. | No String |
| shippingTrackingNumbers | Shipping tracking number(s) for the shipment of the product(s). | No Array of String |
| billingAddress - firstName | The first name of the customer paying for the good/service | No, but strongly recommended to improve fraud scoring. String |
| billingAddress - lastName | The last name of the customer paying for the good/service | No, but strongly recommended to improve fraud scoring. String |
| billingAddress - email | The email of the customer paying for the good/service | No String |
| billingAddress - phone | The phone number of the customer paying for the good/service. Provide the phone number as a string starting with the country code. Use E.164 format or send in the standard national format of number's origin. For example: "+61433666666" | No String |
| billingAddress - streetAddress | The street address of the customer paying for the good/service | No, but strongly recommended to improve fraud scoring. String |
| billingAddress - extendedAddress | The extended address of the customer paying for the good/service | No String |
| billingAddress - suburb | The suburb of the customer paying for the good/service | No, but strongly recommended to improve fraud scoring. String |
| billingAddress - stateOrTerritory | The state of the customer paying for the good/service | No, but strongly recommended to improve fraud scoring. String |
| billingAddress - postalCode | The postal code of the customer paying for the good/service | No, but strongly recommended to improve fraud scoring. String |
| billingAddress - countryCode | The country of the customer paying for the good/service. Use the two-character ISO-3166 country codes. | No, but strongly recommended to improve fraud scoring. String |
| orderFrom - storeId | The customer’s internal identifier for the specific physical location providing the good or service. | No String |
| orderFrom - storeAddress - name | The full name associated with the store address providing the good or service. | No String |
| orderFrom - storeAddress - address1 | The address first line of the store providing the good or service. | No String |
| orderFrom - storeAddress - address2 | The address second line of the store providing the good or service. | No String |
| orderFrom - storeAddress - suburb | The city of the store providing the good or service. | No String |
| orderFrom - storeAddress - postalCode | The postal code of the store providing the good or service. | No String |
| orderFrom - storeAddress - stateOrTerritory | The suburb of the store providing the good or service. | No String |
| orderFrom - storeAddress - countryCode | The ISO-3166 country code of the store providing the good or service. | No String |
| orderFrom - storeAddress - phone | The phone of the store providing the good or service. | No String |
| brandName | Name of the brand of product or service being purchased. | No String |
| siteDomain | Domain being interfaced with. Use fully qualified domain name. | No String |
| siteCountry | Country the company is providing service from. Use ISO-3166 country code. | No String |
| shippingAddress - firstName | The first name associated with the address where the product is shipped to. | No, but strongly recommended to improve fraud scoring. String |
| shippingAddress - lastName | The last name associated with the address where the product is shipped to. | No, but strongly recommended to improve fraud scoring. String |
| shippingAddress - email | The customer's email associated with the address where the product is shipped to. | No String |
| shippingAddress - phone | The customer's phone associated with the address where the product is shipped to. | No String |
| shippingAddress - streetAddress | The street address of the customer where the product is shipped to. | No, but strongly recommended to improve fraud scoring. String |
| shippingAddress - extendedAddress | The extended address of the customer where the product is shipped to. | No String |
| shippingAddress - suburb | The suburb of the customer where the product is shipped to. | No, but strongly recommended to improve fraud scoring. String |
| shippingAddress - stateOrTerritory | The state of the customer where the product is shipped to. | No, but strongly recommended to improve fraud scoring. String |
| shippingAddress - postalCode | The postal code of the customer where the product is shipped to. | No, but strongly recommended to improve fraud scoring. String |
| shippingAddress - countryCode | The ISO-3166 country code of the customer where the product is shipped to. | No, but strongly recommended to improve fraud scoring. String |
| expeditedShipping | A flag to indicate whether the user requested priority/expedited shipping on their order. | No Boolean |
| shippingMethod | The method of delivery to the user. | No Allowed values: [ electronic, physical] |
| shippingCarrier | Shipping carrier for the shipment of the product. | No String |
| shippingTrackingNumbers | Shipping tracking number(s) for the shipment of the product(s). | No Array of String |
| basketData - itemId | The item's unique identifier of good/service sold by your business. | No String |
| basketData - description | The item description | No String |
| basketData - quantity | The quantity of the item. | No String |
| basketData - price | The item unit price | No String |
| basketData - sku | If the item has a Stock-keeping Unit ID (SKU), provide it here. | No String |
| basketData - brand | The brand name of the item. | No String |
| basketData - category | The category this item is listed under in your business. e.g., "kitchen appliance", "menswear > pants". | No String |
| basketData - currencyCode | ISO-4217 currency code for the price. | No String |
| basketData - upc | If the item has a Universal Product Code (UPC), provide it here. | No String |
| basketData - isbn | If the item is a book with an International Standard Book Number (ISBN), provide it here. | No String |
| basketData - manufacturer | Name of the item's manufacturer. | No String |
| basketData - tags | The tags used to describe this item in your business. e.g., "funny", "halloween". | No Array of String |
| basketData - color | The color of the item. | No String |
| basketData - size | The size of the item. | No String |
| promotion - promotionId | The ID within your system that you use to represent this promotion. This ID is ideally unique to the promotion across users. | No String |
| promotion - description | Promotion description | No String |
| promotion - status | Promotion status | No Allowed values [ success, failure] |
| promotion - failureReason | Reason why adding a promotion fails. | No Allowed values [ already_used, invalid_code, not_applicable, expiredsuccess`] |
| promotion - discount - currencyCode | ISO-4217 currency code for the discount amount. | No String |
| promotion - discount - percentageOff | The percentage discount. If the discount is 10% off, you would send "0.1". | No String |
| promotion - discount - amount | The amount of the discount that the promotion offers. | No String |
| promotion - discount - minimumPurchaseAmount | The minimum amount someone must spend in order for the promotion to be applied. | No String |
| mobileApp - operatingSystem | Choose either mobileApp or browser, not both. The operating system on which application is running. (e.g. iOS, Android) | No String |
| mobileApp - osVersion | The operating system version on which application is running. (e.g. 10.3.1, 7.1.1) | No String |
| mobileApp - deviceManufacturer | The manufacturer of the device on which application is running. (e.g. Samsung, Apple, LG) | No String |
| mobileApp - deviceModel | The model of the device on which application is running. (e.g. SM-G920x, iPhone8,1) | No String |
| mobileApp - deviceUniqueId | The unique ID of the device on which application is running. For iOS, send the IFV identifier. For Android, send the Android ID. | No String |
| mobileApp - appName | The name of your application. | No String |
| mobileApp - appVersion | The version of your application. Our accepted format is numbers separated by periods. | No String |
| mobileApp - clientLanguage | The language the application content is being delivered in. Use ISO-3166 format for country codes. Examples: "en", "en-us, de", "fr-CH, fr;q=0.9, en;q=0.8, de;q=0.7, *;q=0.5", etc. | No String |
| browser - userAgent | Choose either mobileApp or browser, not both. | Yes if browser is not null / empty String |
| browser - acceptLanguage | The language(s) that the client is requesting the site content be delivered in. Use ISO-3166 format for country codes. Examples: "en", "en-us, de", "fr-CH, fr;q=0.9, en;q=0.8, de;q=0.7, *;q=0.5", etc. | No String |
| browser - contentLanguage | The language(s) of the user that the delivered site content is intended for. Use ISO-3166 format for country codes. Examples: "en", "en-us, de", "fr-CH, fr;q=0.9, en;q=0.8, de;q=0.7, *;q=0.5", etc. | No String |
Fraud Payload Example
Example of the fraud payload passed as part of a payment:
{
"data": {
"transactionType": {
"creditCard": "PREAUTH",
"giftCard": "PURCHASE",
"payPal": "PURCHASE",
"googlePay": {
"creditCard": "PREAUTH",
"debitCard": "PURCHASE"
},
"applePay": {
"creditCard": "PREAUTH",
"debitCard": "PURCHASE"
}
},
"clientReference": "ORDER-28168441",
"orderNumber": "CUST_ORDER-123654",
"payments": [
{
"paymentInstrumentId": "124****",
"amount": 14.99
}
]
},
"meta": {
"fraud": {
"provider": "sift",
"version": "sift_1.101",
"format": "JSON",
"responseFormat": "JSON",
"message": "",
"payload": {
"schemaId": "66847d9f-07c5-4647-****-************",
"sessionId": "gigtleqddo84l8cm15qe4il",
"orderId": "ORDER-28168441",
"userEmail": "[email protected]",
"amount": "14.99",
"currency": "AUD",
"billingAddress": {
"firstName": "John",
"lastName": "Sena",
"email": "[email protected]",
"phone": "0470623177",
"extendedAddress": "4th Floor",
"streetAddress": "407 Elizabeth Street",
"suburb": "Surry Hills",
"stateOrTerritory": "NSW",
"postalCode": "2765",
"countryCode": "AU"
},
"orderFrom": {
"storeId": "1234",
"storeAddress": {
"name": "Toongabbie",
"address1": "15 Aurelia Street",
"suburb": "Toongabbie",
"stateOrTerritory": "NSW",
"countryCode": "AU",
"phone": "(02) 9636 5121"
}
},
"brandName": "Woolworths online",
"siteDomain": "woolworths.com.au",
"siteCountry": "AU",
"shippingAddress": {
"firstName": "James",
"lastName": "Smith",
"email": "[email protected]",
"phone": "0470623177",
"extendedAddress": "4th Floor",
"streetAddress": "407 Elizabeth Street",
"suburb": "Surry Hills",
"stateOrTerritory": "NSW",
"postalCode": "2765",
"countryCode": "AU"
},
"expeditedShipping": true,
"shippingMethhod": "Physical",
"shippingCarrier": "UPS",
"shippingTrackingNumbers": [
"1Z204E380338943508",
"1Z204E380338943508"
],
"basketData": [
{
"itemId": "999084",
"description": "Cat Amongst The Pigeons Shiraz",
"quantity": 1,
"price": 14.99,
"sku": "322022",
"brand": "Cat Amongst The Pigeons",
"category": "56",
"tags": [
"Wine",
"Drinks",
"On Sale"
]
}
],
"promotion": [
{
"promotionId": "FirstTimeBuyer",
"description": "$5 off",
"status": "success",
"discount": {
"currencyCode": "AUD",
"amount": "1",
"minimumPurchaseAmount": "17"
}
}
],
"browser": {
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36",
"acceptLanguage": "en-US",
"contentLanguage": "en-GB"
}
}
},
"challengeResponses": [
{
"instrumentId": "124****",
"type": "STEP_UP",
"token": "**********************"
}
]
}
}
Example of Fraud Response - Accept
{
"data": {
"transactionId": "aaff67e0-e078-42b2-****-************",
"paymentRequestId": "f55bee99-5b75-41ad--****-************",
"type": "PAYMENT",
"status": "APPROVED",
"grossAmount": 14.99,
"executionTime": "2022-08-11T10:08:13.808Z",
"merchantId": "WpayTestAPM",
"merchantReferenceId": "5bhygswbhwx",
"clientReference": "2042f2be-699e-418c-****-************",
"fraudCheckProvider": "sift",
"instruments": [
{
"paymentInstrumentId": "2499531",
"instrumentType": "CREDIT_CARD",
"transactions": [
{
"type": "PREAUTH",
"executionTime": "2022-08-11T10:08:20.918Z",
"paymentTransactionRef": "100000002673****",
"status": "APPROVED",
"amount": 14.99
}
]
}
],
"subTransactions": [
{
"transactionReceipt": "100000002673****",
"partialSuccess": false,
"fraudResponse": {
"clientId": "sift_test_acct_id",
"riskScore": 0.5544041033169816, // risk score returned by Sift
"reasonCode": "100",
"decision": "ACCEPT", // Decision = ACCEPT
"riskInformation": [
{
"app": "decision",
"name": "Accept User",
"state": "running",
"decision": "accept_user_payment_abuse"
},
{
"app": "decision",
"name": "Accept Order",
"state": "running",
"decision": "accept_order_payment_abuse"
}
]
},
"paymentResponses": [
{
"paymentInstrumentId": "249****",
"paymentToken": "3ff50323-d8aa-4188-****-************",
"paymentTransactionRef": "100000002673****",
"threeDS": {
"sli": null,
"car": null,
"dsTransID": null
},
"receiptData": {
"expiryMonth": "12",
"cardSuffix": "1493",
"scheme": "MASTERCARD",
"expiryYear": "99"
},
"extendedTransactionData": [
{
"field": "bin",
"value": "521729"
},
{
"field": "stan",
"value": "003129"
},
{
"field": "rrn",
"value": "000000003129"
},
{
"field": "mid",
"value": "6110006020Q0008"
},
{
"field": "terminalId",
"value": "Q0008101"
}
],
"externalServiceCode": "00",
"externalServiceMessage": "APPROVED",
"paymentInstrumentType": "CREDIT_CARD"
}
]
}
]
},
"meta": {}
}
Example of Reject Fraud Response
{
"data": {
"transactionId": "54738bcd-9160-44de-****-************",
"paymentRequestId": "2a6c9a56-b292-4e13-****-************",
"type": "PAYMENT",
"status": "REJECTED",
"rollback": "NOT_REQUIRED",
"grossAmount": 0.01,
"executionTime": "2022-08-11T23:50:39.262Z",
"merchantId": "WpayTestAPM",
"merchantReferenceId": "lvjmy6ik75",
"clientReference": "lvjmy6ik75",
"fraudCheckProvider": "sift",
"instruments": [
{
"paymentInstrumentId": "249****",
"instrumentType": "CREDIT_CARD",
"transactions": []
}
],
"subTransactions": [
{
"fraudResponse": {
"clientId": "sift_test_acct_id",
"riskScore": 0.6722685731793858, // Fraud scoring
"reasonCode": "481",
"decision": "REJECT", // Decision = REJECT
"riskInformation": [
{
"app": "decision",
"name": "Block User",
"state": "running",
"decision": "block_user_payment_abuse"
},
{
"app": "decision",
"name": "Accept Order",
"state": "running",
"decision": "accept_order_payment_abuse"
}
]
}
}
]
},
"meta": {}
}
Example of Review Fraud Response
{
"data": {
"transactionId": "0f562574-3aa9-45f9-****-************",
"paymentRequestId": "116da4f9-1bcc-46c9-****-************",
"type": "PAYMENT",
"status": "APPROVED",
"grossAmount": 0.5,
"executionTime": "2022-08-12T02:10:55.957Z",
"merchantId": "WpayTestAPM",
"merchantReferenceId": "4a18dd32-efc2-4242-****-************",
"clientReference": "010219b3-4e44-48e2-****-************",
"fraudCheckProvider": "sift",
"instruments": [
{
"paymentInstrumentId": "249****",
"instrumentType": "APPLE_PAY",
"transactions": [
{
"type": "PREAUTH",
"executionTime": "2022-08-12T02:10:57.728Z",
"paymentTransactionRef": "100000002674****",
"status": "APPROVED",
"amount": 0.5
}
]
}
],
"subTransactions": [
{
"transactionReceipt": "100000002674****",
"partialSuccess": false,
"fraudResponse": {
"clientId": "sift_test_acct_id",
"riskScore": 0.6492781559924097, // Risk scoring
"reasonCode": "480",
"decision": "REVIEW", // Decision = REVIEW
"riskInformation": [
{
"app": "review queue",
"name": "Manual Review - User",
"state": "running",
"decision": "review"
},
{
"app": "review queue",
"name": "Manual Review - Order",
"state": "running",
"decision": "review"
}
]
},
"paymentResponses": [
{
"paymentInstrumentId": "249****",
"paymentToken": "affc24b1-3a03-4209-****-************",
"paymentTransactionRef": "100000002674****",
"extendedTransactionData": [
{
"field": "bin",
"value": "520424"
},
{
"field": "stan",
"value": "003144"
},
{
"field": "rrn",
"value": "000000003144"
},
{
"field": "mid",
"value": "6110006020Q0008"
},
{
"field": "terminalId",
"value": "Q0008101"
}
],
"externalServiceCode": "00",
"externalServiceMessage": "APPROVED",
"paymentInstrumentType": "APPLE_PAY"
}
]
}
]
},
"meta": {}
}
Updated over 1 year ago