Server API version 1.0
Java

Results for

icon-search-large No search results yet
Enter your search query above

Risk-assess bankaccount

POST https://{domainname}/v1/{merchantId}/riskassessments/bankaccounts

Risk assessments

Through this API you can have our fraud prevention systems assess the risk for potential fraud based using the details you provide. You can either have us assess this risk when you submit the transaction for processing or you can do this separately from the payment process, using the risk assessment calls.

We offers two groups of checks:

  • Centred around card data
  • Centred around bank account data
Both groups perform multiple check within one call depending on configuration.

Request

The evaluation of the risk on bank account data is less concerned with additional data, but focusses primarily just on the bank account data. As an online authorization is not possible against a bank account most checks focus on the, fairly static, checks whether the bank account data is wellformed, i.e. algorithms checks, correct length and syntax. Some are however based on more or less static blacklists that do try to take past transaction results into consideration. This API allows you to submit almost the same data as when you do a transaction. In this case the data is only used to assess the risk and not actually process a payment.

PayloadRiskAssessmentBankAccount

        Property Type Required Description
object no,

one of group

SDK object type: BankAccountBban
Object containing account holder name and bank account information
accountHolderName string (30) depends

Name of the account holder
Depends on: Required for Create and Update token calls for ACH (730).

accountNumber string (30) depends

Bank account number
Depends on: Required for Direct Debit UK (705) and ACH (730) payments, except when a token has been included in the request that includes this value.
Required for Create and Update token calls.

bankCode string (15) depends

Bank code
Depends on: Required for Direct Debit UK (705) and ACH (730) payments, except when a token has been included in the request that includes this value.
Required for Create and Update token calls for ACH (730).

bankName string (40) no

Name of the bank

branchCode string (15) no

Branch code

checkDigit string (2) no

Bank check digit

countryCode string (2) no

ISO 3166-1 alpha-2 country code of the country where the bank account is held For UK payouts this value is automatically set to GB as only payouts to UK accounts are supported.

object no,

one of group

SDK object type: BankAccountIban
Object containing account holder name and IBAN information
accountHolderName string (30) depends

Name in which the account is held.
Depends on: Required for the creation of a Payout
Required for Create and Update token calls.

iban string (50) depends

The IBAN is the International Bank Account Number. It is an internationally agreed format for the BBAN and includes the ISO country code and two check digits.
Depends on: Required for the creation of a Payout
Required for Create and Update token.
Required for payments with product 9000 in Austria (AT) and Germany (DE).
Required for Create mandate and Create payment with mandate calls

object no SDK object type: FraudFields
Object containing additional data that will be used to assess the risk of fraud
addressesAreIdentical boolean no

Indicates that invoice and shipping addresses are equal.

blackListData string (50) no

Additional black list input

object no SDK object type: Address
The address that belongs to the owner of the card
additionalInfo string (50) no

Additional address information

city string (40) depends

City
Note: For payments with product 1503 the maximum length is not 40 but 20.
Depends on: Required for Invoice payments (201)
Required for Direct Debit UK (705), except when a token has been included in the request that includes this value.
Required for the creation of a Payout.
Required for payments with product 9000 or 9001.
Required when address is included in Seller.

countryCode string (2) depends

ISO 3166-1 alpha-2 country code
Depends on: Required, except when a token has been included in the request that includes this value.
Required when address is included in Seller.

houseNumber string (15) depends

House number
Depends on: Required when address is included in Seller.

state string (35) no

Full name of the state or province

stateCode string (9) no

State code
Note: For payments with product 1503 the maximum length is not 9 but 2.

street string (50) depends

Streetname
Depends on: Required for Invoice payments (201)
Required for Direct Debit UK (705), except when a token has been included in the request that includes this value.
Required for the creation of a Payout.
Required for payments with product 9000 or 9001.
Required when address is included in Seller.

zip string (10) depends

Zip code
Note: For payments with product 1503 the maximum length is not 10 but 8.
Depends on: Required for Direct Debit UK (705), except when a token has been included in the request that includes this value.
Required for payments with product 9000 or 9001.

customerIpAddress string (32) depends

The IP Address of the consumer that is making the payment
Depends on: This field is required for payments and hosted checkouts with products 9000 and 9001.

defaultFormFill string no

Degree of default form fill, with the following possible values:
  • automatically - All fields filled automatically
  • automatically-but-modified - All fields filled automatically, but some fields were modified manually
  • manually - All fields were entered manually

deviceFingerprintActivated boolean no

Indicates that the device fingerprint has been used while processing the order.

deviceFingerprintTransactionId string no

One must set the deviceFingerprintTransactionId received by the response of the endpoint /{merchant}/products/{paymentProductId}/deviceFingerprint

giftCardType string no

One of the following gift card types:
  • celebrate-fall - Celebrate Fall
  • grandparents-day - Grandparent's Day
  • independence-day - Independence Day
  • anniversary - Anniversary
  • birthday - Birthday
  • congratulations - Congratulations
  • april-fools-day - April Fool's Day
  • easter - Easter
  • fathers-day - Father's Day
  • graduation - Graduation
  • holiday - Holiday
  • seasons-greetings - Season's Greetings
  • passover - Passover
  • kwanzaa - Kwanzaa
  • halloween - Halloween
  • mothers-day - Mother's Day
  • new-years-day - New Year's Day
  • bosses-day - Bosses' Day
  • st-patricks-day - St. Patrick's Day
  • sweetest-day - Sweetest Day
  • christmas - Christmas
  • baby-shower - Baby Shower
  • thanksgiving - Thanksgiving
  • other - Other
  • valentines-day - Valentine's Day
  • wedding - Wedding
  • secretarys-day - Secretary's Day
  • chinese-new-year - Chinese New Year
  • hanukkah - Hanukkah

giftMessage string (160) no

Gift message

hasForgottenPwd boolean no

Specifies if the consumer (initially) had forgotten their password
  • true - The consumer has forgotten their password
  • false - The consumer has not forgotten their password

hasPassword boolean no

Specifies if the consumer entered a password to gain access to an account registered with the you
  • true - The consumer has used a password to gain access
  • false - The consumer has not used a password to gain access

isPreviousCustomer boolean no

Specifies if the consumer has a history of online shopping with the merchant
  • true - The consumer is a known returning consumer
  • false - The consumer is new/unknown consumer

orderTimezone string (2) no

Timezone in which the order was placed

shipComments string (160) no

Comments included during shipping

shipmentTrackingNumber string (19) no

Shipment tracking number

object no SDK object type: FraudFieldsShippingDetails
Details on how the order is shipped to the customer
methodDetails string (50) no

Details regarding the shipping method

methodSpeed integer no

Shipping method speed indicator

methodType integer no

Shipping method type indicator

userData array of string no
Array of up to 16 userData fields, each with a max length of 256 characters, that can be used for fraudscreening
website string (60) no

The website from which the purchase was made

object no SDK object type: OrderRiskAssessment
Order object containing order related data
object no SDK object type: AdditionalOrderInputAirlineData
Object containing additional input on the order
object no SDK object type: AirlineData
Object that holds airline specific data
agentNumericCode string (8) no

Numeric code identifying the agent

code string (3) yes

Airline numeric code

flightDate string (8) no

Date of the Flight
Format: YYYYMMDD

array no
Object that holds the data on the individual legs of the ticket
object no SDK object type: AirlineFlightLeg
airlineClass string (2) yes

Reservation Booking Designator

arrivalAirport string (3) yes

Arrival airport/city code

carrierCode string (2) yes

IATA carrier code

date string (8) yes

Date of the leg
Format: YYYYMMDD

departureTime string (6) depends

The departure time in the local time at the departure airport
Format: HH:MM
Depends on: Required for PayPal (840) when Airline data is submitted

fare string (12) no

Fare of this leg

fareBasis string (15) no

Fare Basis/Ticket Designator

flightNumber string (4) depends

The flight number assigned by the airline carrier with no leading spaces
Should be a numeric string
Depends on: Required for PayPal (840) when Airline data is submitted

number integer (5) yes

Sequence number of the flight leg

originAirport string (3) yes

Origin airport/city code

serviceClass enum no

ServiceClass of this leg (this field is used for fraud screening on the Ogone Payment Platform).

Possible values are:

  • economy
  • premium-economy
  • business
  • first

stopoverCode string depends

Possible values are:
  • permitted = Stopover permitted
  • non-permitted = Stopover not permitted
Depends on: Required for PayPal (840) when Airline data is submitted

invoiceNumber string (6) no

Airline tracing number

isETicket boolean no

  • true = The ticket is an E-Ticket
  • false = the ticket is not an E-Ticket

isRegisteredCustomer boolean no

  • true = a registered known consumer
  • false = unknown consumer

isRestrictedTicket boolean no

  • true - Restricted, the ticket is non-refundable
  • false - No restrictions, the ticket is (partially) refundable

isThirdParty boolean no

  • true - The payer is the ticket holder
  • false - The payer is not the ticket holder

issueDate string (8) no

This is the date of issue recorded in the airline system In a case of multiple issuances of the same ticket to a cardholder, you should use the last ticket date.
Format: YYYYMMDD

merchantCustomerId string (16) no

Your ID of the consumer in the context of the airline data

name string (20) yes

Name of the airline

passengerName string (49) no

Name of passenger

array no
Object that holds the data on the individual passengers (this object is used for fraud screening on the Ogone Payment Platform)
object no SDK object type: AirlinePassenger
firstName string (15) no

First name of the passenger (this field is used for fraud screening on the Ogone Payment Platform)

surname string (70) no

Surname of the passenger (this field is used for fraud screening on the Ogone Payment Platform)

surnamePrefix string (15) no

Surname prefix of the passenger (this field is used for fraud screening on the Ogone Payment Platform)

title string (35) no

Title of the passenger (this field is used for fraud screening on the Ogone Payment Platform)

placeOfIssue string (15) no

Place of issue
For sales in the US the last two characters (pos 14-15) must be the US state code.

pnr string (127) no

Passenger name record

pointOfSale string (25) no

IATA point of sale name

posCityCode string (10) no

city code of the point of sale

ticketDeliveryMethod string no

Possible values:
  • e-ticket
  • city-ticket-office
  • airport-ticket-office
  • ticket-by-mail
  • ticket-on-departure

ticketNumber string (13) no

The ticket or document number contains:
  • Airline code: 3-digit airline code number
  • Form code: A maximum of 3 digits indicating the type of document, the source of issue and the number of coupons it contains
  • Serial number: A maximum of 8 digits allocated on a sequential basis, provided that the total number of digits allocated to the form code and serial number shall not exceed ten
  • TICKETNUMBER can be replaced with PNR if the ticket number is unavailable

object yes SDK object type: AmountOfMoney
Object containing amount and ISO currency code attributes
amount integer (12) yes

Amount in cents and always having 2 decimals

currencyCode string (3) yes

Three-letter ISO currency code representing the currency for the amount

object no SDK object type: CustomerRiskAssessment
Object containing the details of the consumer
object no SDK object type: Address
Object containing billing address details
additionalInfo string (50) no

Additional address information

city string (40) depends

City
Note: For payments with product 1503 the maximum length is not 40 but 20.
Depends on: Required for Invoice payments (201)
Required for Direct Debit UK (705), except when a token has been included in the request that includes this value.
Required for the creation of a Payout.
Required for payments with product 9000 or 9001.
Required when address is included in Seller.

countryCode string (2) depends

ISO 3166-1 alpha-2 country code
Depends on: Required, except when a token has been included in the request that includes this value.
Required when address is included in Seller.

houseNumber string (15) depends

House number
Depends on: Required when address is included in Seller.

state string (35) no

Full name of the state or province

stateCode string (9) no

State code
Note: For payments with product 1503 the maximum length is not 9 but 2.

street string (50) depends

Streetname
Depends on: Required for Invoice payments (201)
Required for Direct Debit UK (705), except when a token has been included in the request that includes this value.
Required for the creation of a Payout.
Required for payments with product 9000 or 9001.
Required when address is included in Seller.

zip string (10) depends

Zip code
Note: For payments with product 1503 the maximum length is not 10 but 8.
Depends on: Required for Direct Debit UK (705), except when a token has been included in the request that includes this value.
Required for payments with product 9000 or 9001.

object no SDK object type: ContactDetailsRiskAssessment
Object containing contact details like email address
emailAddress string no

Email address of the consumer

locale string (6) no

The locale that the consumer should be addressed in (for 3rd parties). Note that some 3rd party providers only support the languageCode part of the locale, in those cases we will only use part of the locale provided.

object no SDK object type: PersonalInformationRiskAssessment
Object containing personal information like name, date of birth and gender
object no SDK object type: PersonalNameRiskAssessment
Object containing the name details of the consumer
firstName string (15) no

Given name(s) or first name(s) of the consumer

surname string (70) no

Surname(s) or last name(s) of the consumer

surnamePrefix string (15) no

The prefix of the surname - in between first name and surname - of the consumer

object no SDK object type: AddressPersonal
Object containing shipping address details
additionalInfo string (50) no

Additional address information

city string (40) depends

City
Depends on: Required for Invoice payments (201)
Required for Direct Debit UK (705), except when a token has been included in the request that includes this value.

countryCode string (2) depends

ISO 3166-1 alpha-2 country code
Depends on: Please note that this field is required, except when a token has been included in the request that includes this value.

houseNumber string (15) no

House number

object no SDK object type: PersonalName
Object that holds the name elements
firstName string (15) depends

Given name(s) or first name(s) of the consumer
Depends on: Required for payments with product 9000 or 9001.

surname string (70) depends

Surname(s) or last name(s) of the consumer
Depends on: Required for the creation of a Payout.
Required for payments with product 9000 or 9001.

surnamePrefix string (15) no

Middle name - In between first name and surname - of the consumer

title string (35) depends

Title of consumer
Depends on: Required for payments with product 9000 or 9001 in Austria (AT), Belgium (BE), Germany (DE), the Netherlands (NL) and Switzerland (CH).

state string (35) no

Full name of the state or province

stateCode string (9) no

State code

street string (50) depends

Streetname
Depends on: Required for Invoice payments (201)
Required for Direct Debit UK (705), except when a token has been included in the request that includes this value.

zip string (10) depends

Zip code
Depends on: Required for Direct Debit UK (705), except when a token has been included in the request that includes this value.

paymentProductId integer (5) no

Payment product identifier
Please see payment products for a full overview of possible values.

Request example

SDK: Java

This scenario you will probably use the most

  • BankAccountBban bankAccountBban = new BankAccountBban();
    bankAccountBban.setAccountNumber("0532013000");
    bankAccountBban.setBankCode("37040044");
    bankAccountBban.setCountryCode("DE");
    
    AmountOfMoney amountOfMoney = new AmountOfMoney();
    amountOfMoney.setAmount(100L);
    amountOfMoney.setCurrencyCode("EUR");
    
    Address billingAddress = new Address();
    billingAddress.setCountryCode("US");
    
    CustomerRiskAssessment customer = new CustomerRiskAssessment();
    customer.setBillingAddress(billingAddress);
    customer.setLocale("en_US");
    
    OrderRiskAssessment order = new OrderRiskAssessment();
    order.setAmountOfMoney(amountOfMoney);
    order.setCustomer(customer);
    
    RiskAssessmentBankAccount body = new RiskAssessmentBankAccount();
    body.setBankAccountBban(bankAccountBban);
    body.setOrder(order);
    
    RiskAssessmentResponse response = client.merchant("merchantId").riskassessments().bankaccounts(body);
    
  • BankAccountIban bankAccountIban = new BankAccountIban();
    bankAccountIban.setIban("NL78RABO0190491810");
    
    AmountOfMoney amountOfMoney = new AmountOfMoney();
    amountOfMoney.setAmount(100L);
    amountOfMoney.setCurrencyCode("EUR");
    
    Address billingAddress = new Address();
    billingAddress.setCountryCode("NL");
    
    CustomerRiskAssessment customer = new CustomerRiskAssessment();
    customer.setBillingAddress(billingAddress);
    
    OrderRiskAssessment order = new OrderRiskAssessment();
    order.setAmountOfMoney(amountOfMoney);
    order.setCustomer(customer);
    
    RiskAssessmentBankAccount body = new RiskAssessmentBankAccount();
    body.setBankAccountIban(bankAccountIban);
    body.setOrder(order);
    
    RiskAssessmentResponse response = client.merchant("merchantId").riskassessments().bankaccounts(body);
    

Responses

Please find below an overview of the possible responses.

Response 200 - OKRiskAssessmentResponse

When a risk assessments check was performed successfully you will find the results of the performed check in the results array.

The results to the following checks are included:

  • dd-fraud-check - Checks performed by Intercard (only in Germany)
  • validation-bank-account - Validation of the bank account details using an account validation check provided by BankWizard from Experian
  • globalcollect-blacklist-check-dd - Checks performed against blacklist entries on the GlobalCollect platform
Depending on your configuration not all checks mentioned above might be performed.
The validation-bank-account result does not contain an overall result; instead each individual check performed has its own result. Depending on your intended use of the bank account data some of the checks performed by be less relevant. You should always check the checks that are relevant for your intended use.

        Property Type Required Description
array no
Object that contains the results of the performed fraudchecks
object no SDK object type: ResultDoRiskAssessment
category string no

The Risk Services category with the following possible values:
  • retaildecisionsCCFraudCheck - checks performed by Retail Decisions
  • globalcollectBlacklistCheckCC - Checked against the blacklist on the GlobalCollect platform
  • authorizationCheck - 0$ auth card account validation check
  • ddFraudCheck - Check performed for German market via InterCard
  • validationbankAccount - Bank account details are algorithmically checked if they could exist
  • globalcollectBlacklistCheckDD - Checked against the blacklist on the GlobalCollect platform

result string no

Risk service result with the following possible results:
  • accepted - Based on the checks performed the transaction can be accepted
  • challenged - Based on the checks performed the transaction should be manually reviewed
  • denied - Based on the checks performed the transaction should be rejected
  • no-advice - No fraud check was requested/performed
  • error - The fraud check resulted in an error and the fraud check was thus not performed

object no,

one of group

SDK object type: RetailDecisionsCCFraudCheckOutput
Object containing the results of the fraud checks performed by Retail Decisions
fraudCode string no

Provides additional information about the fraud result

fraudNeural string no

The raw score returned by the Neural check returned by the evaluation of the transaction

fraudRCF string no

List of RuleCategoryFlags as setup in the Retail Decisions system that lead to the result

object no,

one of group

SDK object type: ValidationBankAccountOutput
Object containing the results of the fraud checks performed on the bank account data
array no
Array of checks performed with the results of each check
object no SDK object type: ValidationBankAccountCheck
code string no

Code of the bank account validation check

description string no

Description of check performed

result string no

Result of the bank account validation check performed, with the following possible results:
  • PASSED - The check passed
  • ERROR - The check did not pass
  • WARNING - Depending on your needs this either needs to be treated as a passed or error response. It depends on your business logic and for what purpose you want to use the validated bank account details.
  • NOTCHECKED - This check was not performed, usually because one of the earlier checks already caused an error response to be triggered

newBankName string no

Bank name, matching the bank code of the request

reformattedAccountNumber string no

Reformatted account number according to local clearing rules

reformattedBankCode string no

Reformatted bank code according to local clearing rules

reformattedBranchCode string no

Reformatted branch code according to local clearing rules

Response example

SDK: Java

This scenario you will probably use the most

  • {
        "results" : [
            {
                "category" : "validationBankAccount",
                "validationBankAccountOutput" : {
                    "checks" : [
                        {
                            "code" : "0500",
                            "description" : "Bank/branch code format",
                            "result" : "PASSED"
                        },
                        {
                            "code" : "0050",
                            "description" : "Account number format",
                            "result" : "PASSED"
                        }
                    ],
                    "reformattedAccountNumber" : "0532013000",
                    "reformattedBankCode" : "37040044"
                },
                "result" : "no-advice"
            },
            {
                "category" : "globalcollectBlacklistCheckDD",
                "result" : "accepted"
            },
            {
                "category" : "ddFraudCheck",
                "result" : "accepted"
            }
        ]
    }
    

Response 400 - Bad requestErrorResponse

     Property Type Required Description
errorId string yes

Unique reference, for debugging purposes, of this error response

array yes
List of one or more errors
object no SDK object type: APIError
category string no

Category the error belongs to. The category should give an indication of the type of error you are dealing with. Possible values:
  • CONNECT_PLATFORM_ERROR - indicating that a functional error has occurred in the Connect platform.
  • PAYMENT_PLATFORM_ERROR - indicating that a functional error has occurred in the Payment platform.
  • IO_ERROR - indicating that a technical error has occurred within the Connect platform or between Connect and any of the payment platforms or third party systems.

code string yes

Error code

httpStatusCode integer no

HTTP status code for this error that can be used to determine the type of error

id string no

ID of the error. This is a short human-readable message that briefly describes the error.

message string no

Human-readable error message that is not meant to be relayed to consumer as it might tip off people who are trying to commit fraud

propertyName string no

Returned only if the error relates to a value that was missing or incorrect.
Contains a location path to the value as a JSonata query.
Some common examples:
  • a.b selects the value of property b of root property a,
  • a[1] selects the first element of the array in root property a,
  • a[b='some value'] selects all elements of the array in root property a that have a property b with value 'some value'.

requestId string no

ID of the request that can be used for debugging purposes

Response example

SDK: Java

This scenario you will probably use the most

  • {
        "errorId" : "15eabcd5-30b3-479b-ae03-67bb351c07e6-00000092",
        "errors" : [
            {
                "code" : "20000000",
                "propertyName" : "bankAccountBban.accountNumber",
                "message" : "PARAMETER_NOT_FOUND_IN_REQUEST"
            }
        ]
    }
    
icon_top_1