Antifraud
Learn how Bamboo’s anti-fraud module improves payment security and supports risk evaluation during the authorization process.
Overview
The anti-fraud module strengthens transaction security by analyzing behavioral, device, and network data before authorization. It evaluates multiple signals (such as IP address, customer identity, and device characteristics) to identify risk patterns and prevent fraudulent activity.
When creating a purchase, Bamboo first validates the completeness of the request model. Once the request passes structural validation, the anti-fraud engine evaluates behavioral, device, and network data to detect risk patterns and reduce fraudulent activity.
Although none of these fields are strictly mandatory, some are highly recommended for accurate risk evaluation and to minimize false declines.
Highly recommended parameters
The following parameters are strongly recommended to ensure accurate fraud detection and risk scoring. These fields significantly improve the system’s ability to distinguish legitimate transactions from potential fraudulent activity.
Property | Type | Description |
|---|---|---|
|
| IP address of the payer’s device, captured at checkout. Validated when present. |
|
| Type of identification document used by the payer. Validated when present. |
|
| Document number corresponding to the selected type. Validated when present. |
|
| Payer’s phone number, used for behavioral and contact validation. Validated when present. |
Before antifraud scoring, Bamboo validates that all optional objects or fields included in the request are complete. For example, if
Customer.DocumentorCustomer.PhoneNumberis sent, all required values must be filled; otherwise, the request fails validation.
Transactions missing these parameters may experience less accurate risk assessment and higher false-positive rates.
Recommended parameters
The following parameters enrich the anti-fraud model and improve transaction scoring, but are not critical for initial evaluation. Their inclusion provides additional context about the payer’s environment and behavior.
| Property | Type | Description |
|---|---|---|
AntifraudData → AntifraudFingerprintId | string | Session identifier generated by the Bamboo JavaScript fingerprint library. Links device and browser session to the purchase. |
AntifraudData → AntifraudMetadataIn | object | Dictionary of custom key–value pairs that can include contextual or business-specific variables (e.g., customer segment, device model, or sales channel) |
Customer → Address → Country | string | Country of the payer’s billing address. |
Customer → Address → State | string | State or region of residence. |
Customer → Address → City | string | City of residence. |
Customer → Address → AddressDetail | string | Street name, number, or apartment. |
Customer → Address → PostalCode | string | Postal code of the billing address. |
Validation rules apply before antifraud evaluation. When an optional object (e.g.
Customer.Address) is present, all of its subfields must be completed.
Device Fingerprint Setup
The device fingerprint library collects device, browser, and behavioral information from the payer’s session. Although not mandatory, its use is recommended to enhance risk evaluation and accuracy in the fraud scoring model.
JavaScript library import
The library must be imported directly from Bamboo’s public endpoint, including the merchant’s PublicAccountKey as a query parameter.
<script
src="{API_Environment}/v1/Scripts/Antifraud.js?key={PublicAccountKey}"
type="text/javascript">
</script>| Parameter | Description |
|---|---|
{API_Environment} | Base URL of the environment: https://api.stage.bamboopayment.com (staging) or https://api.bamboopayment.com (production). |
{PublicAccountKey} | Public key of the merchant account, used to identify the merchant when initializing the fingerprint. |
The script must always be loaded directly from Bamboo’s domain. It must not be downloaded, cached, or served from a local server or third-party CDN. This ensures that merchants always use the latest version and maintain compliance with Bamboo’s security standards.
getSessionAntifraud
This method initializes the fingerprint process and returns a unique SessionId (string).
The value must be sent in the purchase request as AntifraudData → AntifraudFingerprintId.
<script type="text/javascript">
var sessionId = getSessionAntifraud();
console.log("Antifraud SessionId:", sessionId);
</script>
Integrating the Antifraud in the Payment Flow
| Property | Type | Description |
|---|---|---|
SessionId | string | Unique identifier associated with the device fingerprint. It links the session collected by the JavaScript library to the purchase request. |
The fingerprint session is automatically tied to the payer’s device and browser context. It is recommended to generate a new
SessionIdfor each checkout attempt to ensure accuracy in risk evaluation.
Discover the API
Once the anti-fraud fields are properly implemented, the next step is to integrate them within the Create Purchase operation.
Country Requirements
Review country-specific requirements for documents, bank formats, and supported currencies.
Create a Purchase
See how the AntifraudData and ClientIp parameters are included within the payment flow.
Error Codes
Understand possible error responses related to purchase creation and antifraud validation.
Updated 8 days ago