ALL
Server API version 1.0
Java

icon-search-large

Risk-assess bankaccount

POST https://{domainname}/v1/{merchantId}/riskassessments/bankaccounts

Risk assessments

Through this API you can have our fraud prevention systems assess the risk for potential fraud based using the details you provide. You can either have us assess this risk when you submit the transaction for processing or you can do this separately from the payment process, using the risk assessment calls.

We offers two groups of checks:

  • Centred around card data
  • Centred around bank account data
Both groups perform multiple check within one call depending on configuration.

Request

The evaluation of the risk on bank account data is less concerned with additional data, but focusses primarily just on the bank account data. As an online authorization is not possible against a bank account most checks focus on the, fairly static, checks whether the bank account data is wellformed, i.e. algorithms checks, correct length and syntax. Some are however based on more or less static blacklists that do try to take past transaction results into consideration. This API allows you to submit almost the same data as when you do a transaction. In this case the data is only used to assess the risk and not actually process a payment.

PayloadRiskAssessmentBankAccount

Property Type Required Details
Group bankAccountBban object no read close
close

Description

Object containing account holder name and bank account information
  • SDK Object type
    BankAccountBban
  • Property is part of a group
    Learn more

    Properties that make up a group are mutually exclusive, which means you can only include one of each group in any given call.

    If there are multiple groups at one level in the object hierarchy we use numbers to distinguish groups from one another.

close

Description

Name of the account holder

Depends on:

Required for Create and Update token calls for ACH (730).
close

Description

Bank account number

Depends on:

Required for Direct Debit UK (705) and ACH (730) payments, except when a token has been included in the request that includes this value.
Required for Create and Update token calls.
close

Description

Bank code

Depends on:

Required for Direct Debit UK (705) and ACH (730) payments, except when a token has been included in the request that includes this value.
Required for Create and Update token calls for ACH (730).
close

Description

Name of the bank
close

Description

Branch code
close

Description

Bank check digit
close

Description

ISO 3166-1 alpha-2 country code of the country where the bank account is held For UK payouts this value is automatically set to GB as only payouts to UK accounts are supported.
Group bankAccountIban object no read close
close

Description

Object containing account holder name and IBAN information
  • SDK Object type
    BankAccountIban
  • Property is part of a group
    Learn more

    Properties that make up a group are mutually exclusive, which means you can only include one of each group in any given call.

    If there are multiple groups at one level in the object hierarchy we use numbers to distinguish groups from one another.

close

Description

Name in which the account is held.

Depends on:

Required for the creation of a Payout
Required for Create and Update token calls.
close

Description

The IBAN is the International Bank Account Number. It is an internationally agreed format for the BBAN and includes the ISO country code and two check digits.

Depends on:

Required for the creation of a Payout
Required for Create and Update token.
Required for payments with product 9000 in Austria (AT) and Germany (DE).
Required for Create mandate and Create payment with mandate calls
fraudFields object no read close
close

Description

Object containing additional data that will be used to assess the risk of fraud
  • SDK Object type
    FraudFields
close

Description

Indicates that invoice and shipping addresses are equal.
close

Description

Additional black list input
close

Description

The address that belongs to the owner of the card
  • SDK Object type
    Address
close

Description

Additional address information
close

Description

City
Note: For payments with product 1503 the maximum length is not 40 but 20.

Depends on:

Required for Invoice payments (201)
Required for Direct Debit UK (705), except when a token has been included in the request that includes this value.
Required for the creation of a Payout.
Required for payments with product 9000 or 9001.
Required when address is included in Seller.
close

Description

ISO 3166-1 alpha-2 country code

Depends on:

Required, except when a token has been included in the request that includes this value.
Required when address is included in Seller.
close

Description

House number

Depends on:

Required when address is included in Seller.
close

Description

Full name of the state or province
close

Description

State code
Note: For payments with product 1503 the maximum length is not 9 but 2.
close

Description

Streetname

Depends on:

Required for Invoice payments (201)
Required for Direct Debit UK (705), except when a token has been included in the request that includes this value.
Required for the creation of a Payout.
Required for payments with product 9000 or 9001.
Required when address is included in Seller.
close

Description

Zip code
Note: For payments with product 1503 the maximum length is not 10 but 8.

Depends on:

Required for Direct Debit UK (705), except when a token has been included in the request that includes this value.
Required for payments with product 9000 or 9001.
close

Description

The IP Address of the consumer that is making the payment

Depends on:

This field is required for payments with products 863, 9000 and 9001, and hosted checkouts with products 9000 and 9001.
close

Description

Degree of default form fill, with the following possible values:
  • automatically - All fields filled automatically
  • automatically-but-modified - All fields filled automatically, but some fields were modified manually
  • manually - All fields were entered manually
close

Description

Indicates that the device fingerprint has been used while processing the order.
close

Description

One must set the deviceFingerprintTransactionId received by the response of the endpoint /{merchant}/products/{paymentProductId}/deviceFingerprint
close

Description

One of the following gift card types:
  • celebrate-fall - Celebrate Fall
  • grandparents-day - Grandparent's Day
  • independence-day - Independence Day
  • anniversary - Anniversary
  • birthday - Birthday
  • congratulations - Congratulations
  • april-fools-day - April Fool's Day
  • easter - Easter
  • fathers-day - Father's Day
  • graduation - Graduation
  • holiday - Holiday
  • seasons-greetings - Season's Greetings
  • passover - Passover
  • kwanzaa - Kwanzaa
  • halloween - Halloween
  • mothers-day - Mother's Day
  • new-years-day - New Year's Day
  • bosses-day - Bosses' Day
  • st-patricks-day - St. Patrick's Day
  • sweetest-day - Sweetest Day
  • christmas - Christmas
  • baby-shower - Baby Shower
  • thanksgiving - Thanksgiving
  • other - Other
  • valentines-day - Valentine's Day
  • wedding - Wedding
  • secretarys-day - Secretary's Day
  • chinese-new-year - Chinese New Year
  • hanukkah - Hanukkah
close

Description

Gift message
close

Description

Specifies if the consumer (initially) had forgotten their password
  • true - The consumer has forgotten their password
  • false - The consumer has not forgotten their password
close

Description

Specifies if the consumer entered a password to gain access to an account registered with the you
  • true - The consumer has used a password to gain access
  • false - The consumer has not used a password to gain access
close

Description

Specifies if the consumer has a history of online shopping with the merchant
  • true - The consumer is a known returning consumer
  • false - The consumer is new/unknown consumer
close

Description

Timezone in which the order was placed
close

Description

Comments included during shipping
close

Description

Shipment tracking number
close

Description

Details on how the order is shipped to the customer
  • SDK Object type
    FraudFieldsShippingDetails
close

Description

Details regarding the shipping method
close

Description

Shipping method speed indicator
close

Description

Shipping method type indicator
close

Description

Array of up to 16 userData fields, each with a max length of 256 characters, that can be used for fraudscreening
close

Description

The website from which the purchase was made
order object no read close
close

Description

Order object containing order related data
  • SDK Object type
    OrderRiskAssessment
close

Description

Object containing additional input on the order
  • SDK Object type
    AdditionalOrderInputAirlineData
close

Description

Object that holds airline specific data
  • SDK Object type
    AirlineData
close

Description

Numeric code identifying the agent
close

Description

Airline numeric code
close

Description

Date of the Flight
Format: YYYYMMDD
close

Description

Object that holds the data on the individual legs of the ticket
close
  • SDK Object type
    AirlineFlightLeg
close

Description

Reservation Booking Designator
close

Description

Arrival airport/city code
close

Description

The arrival time in the local time zone
Format: HH:MM
close

Description

IATA carrier code
close

Description

Identifying number of a ticket issued to a passenger in conjunction with this ticket and that constitutes a single contract of carriage
close

Description

The coupon number associated with this leg of the trip. A ticket can contain several legs of travel, and each leg of travel requires a separate coupon
close

Description

Date of the leg
Format: YYYYMMDD
close

Description

The departure time in the local time at the departure airport
Format: HH:MM

Depends on:

Required for PayPal (840) when Airline data is submitted
close

Description

An endorsement can be an agency-added notation or a mandatory government required notation, such as value-added tax. A restriction is a limitation based on the type of fare, such as a ticket with a 3-day minimum stay
close

Description

New ticket number that is issued when a ticket is exchanged
close

Description

Fare of this leg
close

Description

Fare Basis/Ticket Designator
close

Description

Fee for this leg of the trip
close

Description

The flight number assigned by the airline carrier with no leading spaces
Should be a numeric string

Depends on:

Required for PayPal (840) when Airline data is submitted
close

Description

Sequence number of the flight leg
close

Description

Origin airport/city code
close

Description

PassengerClass if this leg
close
Deprecated: Use passengerClass instead

Description

ServiceClass of this leg (this field is used for fraud screening on the Ogone Payment Platform).

Possible values are:

  • economy
  • premium-economy
  • business
  • first
close

Description

Possible values are:
  • permitted = Stopover permitted
  • non-permitted = Stopover not permitted

Depends on:

Required for PayPal (840) when Airline data is submitted
close

Description

Taxes for this leg of the trip
close

Description

Airline tracing number
close

Description

  • true = The ticket is an E-Ticket
  • false = the ticket is not an E-Ticket
close

Description

  • true = a registered known consumer
  • false = unknown consumer
close

Description

  • true - Restricted, the ticket is non-refundable
  • false - No restrictions, the ticket is (partially) refundable
close

Description

  • true - The payer is the ticket holder
  • false - The payer is not the ticket holder
close

Description

This is the date of issue recorded in the airline system In a case of multiple issuances of the same ticket to a cardholder, you should use the last ticket date.
Format: YYYYMMDD
close

Description

Your ID of the consumer in the context of the airline data
close

Description

Name of the airline
close

Description

Name of passenger
close

Description

Object that holds the data on the individual passengers (this object is used for fraud screening on the Ogone Payment Platform)
close
  • SDK Object type
    AirlinePassenger
close

Description

First name of the passenger (this field is used for fraud screening on the Ogone Payment Platform)
close

Description

Surname of the passenger (this field is used for fraud screening on the Ogone Payment Platform)
close

Description

Surname prefix of the passenger (this field is used for fraud screening on the Ogone Payment Platform)
close

Description

Title of the passenger (this field is used for fraud screening on the Ogone Payment Platform)
close

Description

Place of issue
For sales in the US the last two characters (pos 14-15) must be the US state code.
close

Description

Passenger name record
close

Description

IATA point of sale name
close

Description

city code of the point of sale
close

Description

Possible values:
  • e-ticket
  • city-ticket-office
  • airport-ticket-office
  • ticket-by-mail
  • ticket-on-departure
close

Description

The ticket or document number contains:
  • Airline code: 3-digit airline code number
  • Form code: A maximum of 3 digits indicating the type of document, the source of issue and the number of coupons it contains
  • Serial number: A maximum of 8 digits allocated on a sequential basis, provided that the total number of digits allocated to the form code and serial number shall not exceed ten
  • TICKETNUMBER can be replaced with PNR if the ticket number is unavailable
close

Description

Total fare for all legs on the ticket, excluding taxes and fees. If multiple tickets are purchased, this is the total fare for all tickets
close

Description

Total fee for all legs on the ticket. If multiple tickets are purchased, this is the total fee for all tickets
close

Description

Total taxes for all legs on the ticket. If multiple tickets are purchased, this is the total taxes for all tickets
close

Description

Name of the travel agency issuing the ticket. For direct airline integration, leave this field blank
close

Description

Object containing amount and ISO currency code attributes
  • SDK Object type
    AmountOfMoney
close

Description

Amount in cents and always having 2 decimals
close

Description

Three-letter ISO currency code representing the currency for the amount
close

Description

Object containing the details of the consumer
  • SDK Object type
    CustomerRiskAssessment
close

Description

Object containing billing address details
  • SDK Object type
    Address
close

Description

Additional address information
close

Description

City
Note: For payments with product 1503 the maximum length is not 40 but 20.

Depends on:

Required for Invoice payments (201)
Required for Direct Debit UK (705), except when a token has been included in the request that includes this value.
Required for the creation of a Payout.
Required for payments with product 9000 or 9001.
Required when address is included in Seller.
close

Description

ISO 3166-1 alpha-2 country code

Depends on:

Required, except when a token has been included in the request that includes this value.
Required when address is included in Seller.
close

Description

House number

Depends on:

Required when address is included in Seller.
close

Description

Full name of the state or province
close

Description

State code
Note: For payments with product 1503 the maximum length is not 9 but 2.
close

Description

Streetname

Depends on:

Required for Invoice payments (201)
Required for Direct Debit UK (705), except when a token has been included in the request that includes this value.
Required for the creation of a Payout.
Required for payments with product 9000 or 9001.
Required when address is included in Seller.
close

Description

Zip code
Note: For payments with product 1503 the maximum length is not 10 but 8.

Depends on:

Required for Direct Debit UK (705), except when a token has been included in the request that includes this value.
Required for payments with product 9000 or 9001.
close

Description

Object containing contact details like email address
  • SDK Object type
    ContactDetailsRiskAssessment
close

Description

Email address of the consumer
close

Description

The locale that the consumer should be addressed in (for 3rd parties). Note that some 3rd party providers only support the languageCode part of the locale, in those cases we will only use part of the locale provided.
close

Description

Object containing personal information like name, date of birth and gender
  • SDK Object type
    PersonalInformationRiskAssessment
close

Description

Object containing the name details of the consumer
  • SDK Object type
    PersonalNameRiskAssessment
close

Description

Given name(s) or first name(s) of the consumer
close

Description

Surname(s) or last name(s) of the consumer
close

Description

The prefix of the surname - in between first name and surname - of the consumer
close

Description

Object containing shipping address details
  • SDK Object type
    AddressPersonal
close

Description

Additional address information
close

Description

City

Depends on:

Required for Invoice payments (201)
Required for Direct Debit UK (705), except when a token has been included in the request that includes this value.
close

Description

ISO 3166-1 alpha-2 country code

Depends on:

Please note that this field is required, except when a token has been included in the request that includes this value.
close

Description

House number
close

Description

Object that holds the name elements
  • SDK Object type
    PersonalName
close

Description

Given name(s) or first name(s) of the consumer

Depends on:

Required for payments with product 806, 9000 or 9001.
close

Description

Surname(s) or last name(s) of the consumer

Depends on:

Required for the creation of a Payout.
Required for payments with product 806, 9000 or 9001.
close

Description

Middle name - In between first name and surname - of the consumer
close

Description

Title of consumer

Depends on:

Required for payments with product 9000 or 9001 in Austria (AT), Belgium (BE), Germany (DE), the Netherlands (NL) and Switzerland (CH).
close

Description

Full name of the state or province
close

Description

State code
close

Description

Streetname

Depends on:

Required for Invoice payments (201)
Required for Direct Debit UK (705), except when a token has been included in the request that includes this value.
close

Description

Zip code

Depends on:

Required for Direct Debit UK (705), except when a token has been included in the request that includes this value.
paymentProductId integer (5) no read close
close

Description

Payment product identifier
Please see payment products for a full overview of possible values.

Request example

SDK: Java

This scenario you will probably use the most

  • BankAccountBban bankAccountBban = new BankAccountBban();
    bankAccountBban.setAccountNumber("0532013000");
    bankAccountBban.setBankCode("37040044");
    bankAccountBban.setCountryCode("DE");
    
    AmountOfMoney amountOfMoney = new AmountOfMoney();
    amountOfMoney.setAmount(100L);
    amountOfMoney.setCurrencyCode("EUR");
    
    Address billingAddress = new Address();
    billingAddress.setCountryCode("US");
    
    CustomerRiskAssessment customer = new CustomerRiskAssessment();
    customer.setBillingAddress(billingAddress);
    customer.setLocale("en_US");
    
    OrderRiskAssessment order = new OrderRiskAssessment();
    order.setAmountOfMoney(amountOfMoney);
    order.setCustomer(customer);
    
    RiskAssessmentBankAccount body = new RiskAssessmentBankAccount();
    body.setBankAccountBban(bankAccountBban);
    body.setOrder(order);
    
    RiskAssessmentResponse response = client.merchant("merchantId").riskassessments().bankaccounts(body);
    
  • BankAccountIban bankAccountIban = new BankAccountIban();
    bankAccountIban.setIban("NL78RABO0190491810");
    
    AmountOfMoney amountOfMoney = new AmountOfMoney();
    amountOfMoney.setAmount(100L);
    amountOfMoney.setCurrencyCode("EUR");
    
    Address billingAddress = new Address();
    billingAddress.setCountryCode("NL");
    
    CustomerRiskAssessment customer = new CustomerRiskAssessment();
    customer.setBillingAddress(billingAddress);
    
    OrderRiskAssessment order = new OrderRiskAssessment();
    order.setAmountOfMoney(amountOfMoney);
    order.setCustomer(customer);
    
    RiskAssessmentBankAccount body = new RiskAssessmentBankAccount();
    body.setBankAccountIban(bankAccountIban);
    body.setOrder(order);
    
    RiskAssessmentResponse response = client.merchant("merchantId").riskassessments().bankaccounts(body);
    

Responses

Please find below an overview of the possible responses.

Response 200 - OKRiskAssessmentResponse

When a risk assessments check was performed successfully you will find the results of the performed check in the results array.

The results to the following checks are included:

  • dd-fraud-check - Checks performed by Intercard (only in Germany)
  • validation-bank-account - Validation of the bank account details using an account validation check provided by BankWizard from Experian
  • globalcollect-blacklist-check-dd - Checks performed against blacklist entries on the GlobalCollect platform
Depending on your configuration not all checks mentioned above might be performed.
The validation-bank-account result does not contain an overall result; instead each individual check performed has its own result. Depending on your intended use of the bank account data some of the checks performed by be less relevant. You should always check the checks that are relevant for your intended use.

Property Type Required Details
results array of object no read close
close

Description

Object that contains the results of the performed fraudchecks
close
  • SDK Object type
    ResultDoRiskAssessment
close

Description

The Risk Services category with the following possible values:
  • retaildecisionsCCFraudCheck - checks performed by Retail Decisions
  • globalcollectBlacklistCheckCC - Checked against the blacklist on the GlobalCollect platform
  • authorizationCheck - 0$ auth card account validation check
  • ddFraudCheck - Check performed for German market via InterCard
  • validationbankAccount - Bank account details are algorithmically checked if they could exist
  • globalcollectBlacklistCheckDD - Checked against the blacklist on the GlobalCollect platform
close

Description

Risk service result with the following possible results:
  • accepted - Based on the checks performed the transaction can be accepted
  • challenged - Based on the checks performed the transaction should be manually reviewed
  • denied - Based on the checks performed the transaction should be rejected
  • no-advice - No fraud check was requested/performed
  • error - The fraud check resulted in an error and the fraud check was thus not performed
close

Description

Object containing the results of the fraud checks performed by Retail Decisions
  • SDK Object type
    RetailDecisionsCCFraudCheckOutput
  • Property is part of a group
    Learn more

    Properties that make up a group are mutually exclusive, which means you can only include one of each group in any given call.

    If there are multiple groups at one level in the object hierarchy we use numbers to distinguish groups from one another.

close

Description

Provides additional information about the fraud result
close

Description

The raw score returned by the Neural check returned by the evaluation of the transaction
close

Description

List of RuleCategoryFlags as setup in the Retail Decisions system that lead to the result
close

Description

Object containing the results of the fraud checks performed on the bank account data
  • SDK Object type
    ValidationBankAccountOutput
  • Property is part of a group
    Learn more

    Properties that make up a group are mutually exclusive, which means you can only include one of each group in any given call.

    If there are multiple groups at one level in the object hierarchy we use numbers to distinguish groups from one another.

close

Description

Array of checks performed with the results of each check
close
  • SDK Object type
    ValidationBankAccountCheck
close

Description

Code of the bank account validation check
close

Description

Description of check performed
close

Description

Result of the bank account validation check performed, with the following possible results:
  • PASSED - The check passed
  • ERROR - The check did not pass
  • WARNING - Depending on your needs this either needs to be treated as a passed or error response. It depends on your business logic and for what purpose you want to use the validated bank account details.
  • NOTCHECKED - This check was not performed, usually because one of the earlier checks already caused an error response to be triggered
close

Description

Bank name, matching the bank code of the request
close

Description

Reformatted account number according to local clearing rules
close

Description

Reformatted bank code according to local clearing rules
close

Description

Reformatted branch code according to local clearing rules

Response example

SDK: Java

This scenario you will probably use the most

  • {
        "results" : [
            {
                "category" : "validationBankAccount",
                "validationBankAccountOutput" : {
                    "checks" : [
                        {
                            "code" : "0500",
                            "description" : "Bank/branch code format",
                            "result" : "PASSED"
                        },
                        {
                            "code" : "0050",
                            "description" : "Account number format",
                            "result" : "PASSED"
                        }
                    ],
                    "reformattedAccountNumber" : "0532013000",
                    "reformattedBankCode" : "37040044"
                },
                "result" : "no-advice"
            },
            {
                "category" : "globalcollectBlacklistCheckDD",
                "result" : "accepted"
            },
            {
                "category" : "ddFraudCheck",
                "result" : "accepted"
            }
        ]
    }
    

Response 400 - Bad requestErrorResponse

Property Type Required Details
errorId string yes read close
close

Description

Unique reference, for debugging purposes, of this error response
errors array of object yes read close
close

Description

List of one or more errors
close
  • SDK Object type
    APIError
close

Description

Category the error belongs to. The category should give an indication of the type of error you are dealing with. Possible values:
  • CONNECT_PLATFORM_ERROR - indicating that a functional error has occurred in the Connect platform.
  • PAYMENT_PLATFORM_ERROR - indicating that a functional error has occurred in the Payment platform.
  • IO_ERROR - indicating that a technical error has occurred within the Connect platform or between Connect and any of the payment platforms or third party systems.
close

Description

Error code
close

Description

HTTP status code for this error that can be used to determine the type of error
close

Description

ID of the error. This is a short human-readable message that briefly describes the error.
close

Description

Human-readable error message that is not meant to be relayed to consumer as it might tip off people who are trying to commit fraud
close

Description

Returned only if the error relates to a value that was missing or incorrect.
Contains a location path to the value as a JSonata query.
Some common examples:
  • a.b selects the value of property b of root property a,
  • a[1] selects the first element of the array in root property a,
  • a[b='some value'] selects all elements of the array in root property a that have a property b with value 'some value'.
close

Description

ID of the request that can be used for debugging purposes

Response example

SDK: Java

This scenario you will probably use the most

  • {
        "errorId" : "15eabcd5-30b3-479b-ae03-67bb351c07e6-00000092",
        "errors" : [
            {
                "code" : "20000000",
                "propertyName" : "bankAccountBban.accountNumber",
                "message" : "PARAMETER_NOT_FOUND_IN_REQUEST"
            }
        ]
    }
    
icon_top_1