<< Back to Categories

Payment & Transaction Fraud

User, Payment, & Transaction Fraud Detection

IPQS IP Reputation API, Email Verification API, Phone Number Validation API, and Device Fingerprint Technology support additional parameters to score payments or users, detect e-commerce fraud, and provide real-time online payment fraud detection. This transaction screening service is ideal for preventing chargeback fraud and performing advanced user scoring through our transaction risk API, which can identify even the most sophisticated fraudulent transactions on websites and apps.

IPQS can analyze additional user data for orders, payments, transactions, lead generation, and personal user information to enhance the accuracy of the transaction risk API fraud score. The fields listed below are entirely optional and provide additional data that can be used to detect fraudulent payments and suspicious behavior likely to generate chargeback fraud disputes. Any further data beyond the IP address greatly improves the detection of high-risk activity.

The transaction_details object displays transaction risk analysis. If only one address is available for the user or transaction screening process, enter the address data into the billing or shipping variables, rather than entering the same address in both variables. Passing the email address also contributes to detecting fraudulent users. However, the API will only perform a light abusive check. A full lookup with Email Verification API will provide greater detail and accuracy for email reputation. The transaction variables listed below are optional; you can ignore any irrelevant variables.

Example Request

In this example, the API will check the email address and phone number for recent abuse and validate the phone number. Only email addresses checked with our dedicated Email Verification API will be fully validated.

Request Parameters

Key	Expected Values	Description
billing_first_name	String	The customer's billing first name.
billing_last_name	String	The customer's billing last name.
billing_company	String	The customer's billing company.
billing_country	String	The customer's billing country name or billing country ISO-Alpha2. (EG: United States or US)
billing_address_1	String	The customer's billing street address part 1.
billing_address_2	String	The customer's billing street address part 2.
billing_city	String	The customer's billing city.
billing_region	String	The customer's billing region or state.
billing_postcode	String / Number	The customer's billing postcode or zipcode.
billing_email	String	The customer's billing email address.
billing_phone	Number	The customer's billing 11 to 14 digit phone number. (If less than 10 digits provided, the country code will be guessed by our AI.)
shipping_first_name	String	The customer's shipping first name.
shipping_last_name	String	The customer's shipping last name.
shipping_company	String	The customer's shipping company.
shipping_country	String	The customer's shipping country name or shipping country ISO-Alpha2. (EG: United States or US)
shipping_address_1	String	The customer's shipping street address part 1.
shipping_address_2	String	The customer's shipping street address part 2.
shipping_city	String	The customer's shipping city.
shipping_region	String	The customer's shipping region or state.
shipping_postcode	String / Number	The customer's shipping postcode or zipcode.
shipping_email	String	The customer's shipping email address.
shipping_phone	Number	The customer's shipping 11 to 14 digit phone number. (If less than 10 digits provided, the country code will be guessed by our AI.)
username	String	The customer's username.
password_hash	SHA256 / string	For security reasons and following industry best practices, a SHA256 hash of the user's password for better user analysis.
credit_card_bin	Number	First six digits of the credit or debit card, referred to as the Bank Identification Number.
credit_card_hash	SHA256 / string	For security reasons and following industry best practices, a SHA256 hash of the credit card number is accepted to check against blacklisted cards.
credit_card_expiration_month	Number	Two number format of the credit card's expiration month. For example, May would be "05".
credit_card_expiration_year	Number	Two number format of the credit card's expiration year. For example, 2022 would be "22".
avs_code	String	One letter Address Verification Service (AVS) response code provided by the credit card processor or bank. A full list of acceptable response codes can be viewed here. If your system cannot retrieve the exact response code, values of "pass" or "fail" can be used.
cvv_code	String	One letter Card Verification Value (CVV2) response code provided by the credit card processor or bank. A full list of acceptable response codes can be viewed here. If your system cannot retrieve the exact response code, values of "pass" or "fail" can be used.
order_amount	Number	Total balance of the entire order without currency symbols.
order_quantity	Number	Quantity of items for this order.
recurring	Boolean	Is this a recurring order that automatically rebills?
recurring_times	Number	If this is a recurring order, then how many times has this recurring order rebilled? For example, if this is the third time the user is being billed, please enter this value as "3". If this is the initial recurring order, please leave the value as blank or enter "1".

Success Response Example

This is an example success response in JSON format. Responses are also available in XML format.

{
	"message":"Success.",
	"success":true,
	"proxy":false,
	"ISP":"Cox Communications",
	"organization":"Cox Communications",
	"ASN":22773,
	"host":"ip70.lv.lv.cox.net",
	"country_code":"US",
	"city":"Nevada",
	"region":"Las Vegas",
	"is_crawler":false,
	"connection_type":"Residential",
	"latitude":36.14,
	"longitude":-115.20,
	"timezone":"America Los_Angeles",
	"vpn":false,
	"tor":false,
	"active_vpn":false,
	"active_tor":false,
	"recent_abuse":true,
	"abuse_velocity":"medium",
	"bot_status":false,
	"mobile":false,
	"fraud_score":24,
	"operating_system":Mac 10.8,
	"browser":Chrome 81.0,
	"device_model":iPad,
	"device_brand":Apple,
	"transaction_details":{
		"valid_billing_address":false,
		"valid_shipping_address":false,
		"valid_billing_email":false,
		"valid_shipping_email":false,
		"risky_billing_phone":false,
		"risky_shipping_phone":false,
		"billing_phone_carrier":"AT&T Mobility",
		"shipping_phone_carrier	":"Rogers Canada",
		"billing_phone_line_type":"Wireless",
		"shipping_phone_line_type":"Landline",
		"billing_phone_country":"US",
		"billing_phone_country_code":"1",
		"shipping_phone_country":"US",
		"shipping_phone_country_code":"1",
		"fraudulent_behavior":false,
		"bin_country":"US",
		"bin_type":"Credit",
		"bin_bank_name":"CITIBANK N.A.",
		"risk_score":17,
		"risk_factors":["Billing phone number is inactive.", "Billing email is associated with recent chargebacks."],
		"is_prepaid_card":false,
		"risky_username":false,
		"valid_billing_phone":true,
		"valid_shipping_phone":false,
		"leaked_billing_email":true,
		"leaked_shipping_email":false,
		"leaked_user_data":true,
		"user_activity":"high",
		"phone_name_identity_match":"Match",
		"phone_email_identity_match":"Mismatch",
		"phone_address_identity_match":"No Match",
		"email_name_identity_match":"Unknown",
		"name_address_identity_match":"Match",
		"address_email_identity_match":"Match"
	},
	"request_id":"0w8WYS"
}

Response Parameters

The Proxy Detection API returns the following variables, which provide risk analysis for users and transactions. You can also treat "billing" or "shipping" variables as a user's primary or secondary information group, even when billing is not involved, such as for lead generation or user scoring purposes.

The risk_score is a vital component in the risk analysis process. It serves as a quick and effective way to identify suspicious user behavior, with scores of 75 or higher indicating such behavior. Scores of 90 or higher point to high-risk payment details or user data.

All response variables are returned within the transaction_details object. These variables are populated when at least 1 transaction data parameter is present in the initial API request. The following transaction variables are "null" when the necessary transaction parameters are not passed with the initial API request. For example, not passing the billing_email will return valid_billing_email as null.

Key	Description	Expected Values
risk_score	Confidence that this user or transaction is exhibiting malicious behavior. Scores are 0 - 100, with 75+ as suspicious and 90+ as high risk. This value uses different calculations with less weight on the IP reputation compared to the overall "Fraud Score".	Float
risk_factors	Explanation for elevated Risk Scores to better understand why the payment or user was associated with fraudulent behavior and considered a high risk.	String
valid_billing_address	Physical address validation and reputation analysis.	Boolean
valid_shipping_address	Physical address validation and reputation analysis.	Boolean
valid_billing_email	Light abusive check and reputation analysis for the email address. It is recommended to use our dedicated Email Verification API for deeper analysis.	Boolean
valid_shipping_email	Light abusive check and reputation analysis for the email address. It is recommended to use our dedicated Email Verification API for deeper analysis.	Boolean
leaked_billing_email	Indicates if the email address has recently been exposed or compromised in a database breach.	Boolean
user_activity	Frequency at which this user makes legitimate purchases, account registrations, and engages in legitimate customer behavior online. Values can be "high", "medium", "low", or "none". Values of "high" or "medium" are strong signals of healthy usage. New user data without a history of legitimate behavior will have a value as "none". This field is restricted to higher plan tiers.	String
leaked_shipping_email	Indicates if the email address has recently been exposed or compromised in a database breach.	Boolean
leaked_user_data	Indicates if the user's data (including phone & address) have recently been exposed or compromised in a database breach.	Boolean
risky_billing_phone	Reputation analysis for abusive activity associated with the phone number.	Boolean
risky_shipping_phone	Reputation analysis for abusive activity associated with the phone number.	Boolean
valid_billing_phone	Valid & active phone number with the phone carrier (not disconnected).	Boolean
valid_shipping_phone	Valid & active phone number with the phone carrier (not disconnected).	Boolean
billing_phone_carrier	Phone number provider company such as "AT&T" or "Bell Canada".	String
shipping_phone_carrier	Phone number provider company such as "AT&T" or "Bell Canada".	String
billing_phone_line_type	Landline, Wireless, Toll Free, VOIP, Satellite, Premium Rate, Pager, Internet Service Provider or Unknown.	String
shipping_phone_line_type	Landline, Wireless, Toll Free, VOIP, Satellite, Premium Rate, Pager, Internet Service Provider or Unknown.	String
billing_phone_country	2-letter country code associated with the phone number.	String
billing_phone_country_code	Country dialing code associated with the phone number.	Integer
shipping_phone_country	2-letter country code associated with the phone number.	String
shipping_phone_country_code	Country dialing code associated with the phone number.	Integer
bin_country	Country associated with the credit card BIN.	String
bin_bank_name	The bank or processor name associated with the credit card BIN, such as Citibank, Chase, Capital One, etc.	String
bin_type	Type of card associated with the credit card BIN. Values can be "Credit", "Debit", "Prepaid", or "Virtual". Prepaid and Virtual credit cards carry slightly higher risk.	String
risky_username	Username frequently associated with fraudulent behavior.	Boolean
is_prepaid_card	Status of the credit card as prepaid.	Boolean
fraudulent_behavior	Indicates high risk behavior patterns and a high chance of fraud.	Boolean
phone_name_identity_match	Enterprise Account Feature — Indicates a reverse identity match between the billing phone number and first/last name. Values: "Unknown" - no checks processed, "Match" - positive identity match, "Mismatch" - data matches another user, "No Match" - could not pair identity data.	String
phone_email_identity_match	Enterprise Account Feature — Indicates a reverse identity match between the billing phone number and email address. Values: "Unknown" - no checks processed, "Match" - positive identity match, "Mismatch" - data matches another user, "No Match" - could not pair identity data.	String
phone_address_identity_match	Enterprise Account Feature — Indicates a reverse identity match between the billing phone number and physical address. Values: "Unknown" - no checks processed, "Match" - positive identity match, "Mismatch" - data matches another user, "No Match" - could not pair identity data.	String
email_name_identity_match	Enterprise Account Feature — Indicates a reverse identity match between the billing email address and first/last name. Values: "Unknown" - no checks processed, "Match" - positive identity match, "Mismatch" - data matches another user, "No Match" - could not pair identity data.	String
name_address_identity_match	Enterprise Account Feature — Indicates a reverse identity match between the billing first/last name and physical address. Values: "Unknown" - no checks processed, "Match" - positive identity match, "Mismatch" - data matches another user, "No Match" - could not pair identity data.	String
address_email_identity_match	Enterprise Account Feature — Indicates a reverse identity match between the billing physical address and email address. Values: "Unknown" - no checks processed, "Match" - positive identity match, "Mismatch" - data matches another user, "No Match" - could not pair identity data.	String

EXAMPLE CODE

PHP
PYTHON

// Your API Key.
$key = 'YOUR_API_KEY_HERE';

/*
* Retrieve the user's IP address. 
* You could also pull this from another source such as a database.
* 
*/
$ip = isset($_SERVER['HTTP_CF_CONNECTING_IP']) ? $_SERVER['HTTP_CF_CONNECTING_IP'] : $_SERVER['REMOTE_ADDR'];


// Retrieve additional (optional) data points which help us enhance fraud scores.
$user_agent = $_SERVER['HTTP_USER_AGENT']; 
$user_language = $_SERVER['HTTP_ACCEPT_LANGUAGE'];

// Set the strictness for this query. (0 (least strict) - 3 (most strict))
$strictness = 1;

// You may want to allow public access points like coffee shops, schools, corporations, etc...
$allow_public_access_points = 'true';

// Reduce scoring penalties for mixed quality IP addresses shared by good and bad users.
$lighter_penalties = 'false';

// Create parameters array.
$parameters = array(
	'user_agent' => $user_agent,
	'user_language' => $user_language,
	'strictness' => $strictness,
	'allow_public_access_points' => $allow_public_access_points,
	'lighter_penalties' => $lighter_penalties
);

/* User & Transaction Scoring
* Score additional information from a user, order, or transaction for risk analysis
* All transaction parameters are optional, please remove any that are not used
* Non paid actions such as lead generation and user scoring can be substituted into the "billing" or "shipping" variables
* This feature requires a Premium plan or greater
* Premium users can also adjust transaction scoring rules: https://www.ipqualityscore.com/user/transaction/weights
*/

//  All variables below are optional to supplement risk analysis and fraud scoring
	$transaction_parameters = array(
		'billing_first_name' => '',
		'billing_last_name' => '',
		'billing_company' => '',
		'billing_country' => '',
		'billing_address_1' => '',
		'billing_address_2' => '',
		'billing_city' => '',
		'billing_state' => '',
		'billing_zipcode' => '',
		'credit_card_hash' => '',
		'billing_phone' => '',
		'billing_email' => '',
		'shipping_first_name' => '',
		'shipping_last_name' => '',
		'shipping_company' => '',
		'shipping_country' => '',
		'shipping_address_1' => '',
		'shipping_address_2' => '',
		'shipping_city' => '',
		'shipping_state' => '',
		'shipping_zipcode' => '',
		'shipping_email' => '',
		'shipping_phone' => '',
		'username' => '',
		'password_hash' => '',
		'credit_card_bin' => '',
		'recurring' => '',
		'recurring_times' => '',
		'credit_card_expiration_month' => '',
		'credit_card_expiration_year' => '',
		'avs_code' => '',
		'cvv_code' => '',
		'order_amount' => '',
		'order_quantity' => ''
);

// Format Parameters
if(is_array($transaction_parameters)){
	$formatted_parameters = http_build_query(array_merge($parameters, $transaction_parameters));
} else {
	$formatted_parameters = http_build_query($parameters);
}

// Create API URL
$url = sprintf(
	'https://www.ipqualityscore.com/api/json/ip/%s/%s?%s', 
	$key,
	$ip, 
	$formatted_parameters
);

// Fetch The Result
$timeout = 5;

$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, $timeout);

$json = curl_exec($curl);
curl_close($curl);

// Decode the result into an array.
$result = json_decode($json, true);

// Check to see if our query was successful.
if(isset($result['success']) && $result['success'] === true){
	// NOTICE: If you want to use one of the examples below, remove
	// any lines containing /*, */ and *-, then remove * from any of the
	// the remaining lines.
	
	/*
	*- Transaction Scoring Example 1: Block high risk users or fraudulent payments simply based on the Risk Score
	* 
	* if($result['transaction_details']['risk_score'] >= 90){
	*		exit(header("Location: https://www.ipqualityscore.com/disable-your-proxy-vpn-connection"));
	* }
	*/
	
	/*
	*- Transaction Scoring Example 2: We'd like to block users with a risky phone number or invalid physical address
	* 
	* if($result['transaction_details']['valid_billing_address'] === false || $result['transaction_details']['valid_shipping_address'] === false || $result['transaction_details']['valid_billing_phone'] === false || $result['transaction_details']['valid_shipping_phone'] === false || $result['transaction_details']['risky_billing_phone'] === true || $result['transaction_details']['risky_shipping_phone'] === true){
	*		exit(header("Location: https://www.ipqualityscore.com/disable-your-proxy-vpn-connection"));
	* }
	*/
	
	/*
	*- Transaction Scoring Example 3: We'd like to block users with any occurrence of high risk behavior, invalid user data, or an overall Fraud Score >= 90
	* 
	* if($result['fraud_score'] >= 90 || $result['transaction_details']['valid_billing_address'] === false || $result['transaction_details']['valid_shipping_address'] === false || $result['transaction_details']['valid_billing_email'] === false || $result['transaction_details']['valid_shipping_email'] === false || $result['transaction_details']['risky_billing_phone'] === true || $result['transaction_details']['risky_shipping_phone'] === true || $result['transaction_details']['valid_billing_phone'] === false || $result['transaction_details']['valid_shipping_phone'] === false || $result['transaction_details']['risky_username'] === true || $result['transaction_details']['fraudulent_behavior'] === true){
	*		exit(header("Location: https://www.ipqualityscore.com/disable-your-proxy-vpn-connection"));
	* }
	*/
	
	/*
	*- Transaction Scoring Example 4: We'd like to block users with an overall Fraud Score >= 90, or users with tor connections, or users with abusive email addresses
	* 
	* if($result['fraud_score'] >= 90 || $result['tor'] === true || $result['transaction_details']['valid_billing_email'] === false || $result['transaction_details']['valid_shipping_email'] === false){
	*		exit(header("Location: https://www.ipqualityscore.com/disable-your-proxy-vpn-connection"));
	* }
	*/

	/*
	* If you are confused with these examples or simply have a use case
	* not covered here, please feel free to contact IPQualityScore's support
	* team. We'll craft a custom piece of code to meet your requirements.
	*/
}

# THIS SHOULD NEVER BE USED IN PRODUCTION AS IS!

# You may need to install Requests pip
# python -m pip install requests

import hashlib
from http.server import BaseHTTPRequestHandler, HTTPServer
import json
import requests

hostName = "localhost"
serverPort = 8080

class IPQS:
    key = "YOUR_API_KEY_HERE"

    def payment_transaction_fraud_prev(self, ip: str, vars: dict = {}) -> dict:
        """Method used to lookup Payment & Transaction Fraud Prevention API 

        Args:
            ip (str): _description_
            vars (dict, optional): Reffer to https://www.ipqualityscore.com/documentation/proxy-detection-api/transaction-scoring for variables.. Defaults to {}.

        Returns:
            dict: _description_
        """
        if not bool(vars):
            return {}

        url = "https://www.ipqualityscore.com/api/json/ip/%s/%s" %(self.key, ip)
        x = requests.get(url, params = vars)
        return (json.loads(x.text))



class MyServer(BaseHTTPRequestHandler):
    """This is an example basic web server. we limited it to handle "/" path only."""

    def do_GET(self):
        if self.path == "/":
            ipqs = IPQS()
            
            header_items= dict(self.headers.items())
            parameters = {
                'user_agent'                    : header_items['User-Agent'],
                'user_language'                 : header_items['Accept-Language'].split(',')[0],
                'strictness'                    : 0,
                'allow_public_access_points'    : 1,
                'lighter_penalties'             : 0
            }

            transaction_parameters = {
                'billing_first_name' : 'John',
                'billing_last_name' : 'Snow',
            }

            """
            All variables below are optional to supplement risk analysis and fraud scoring

            transaction_parameters = {
                'billing_first_name' : '',
                'billing_last_name' : '',
                'billing_company' : '',
                'billing_country' : '',
                'billing_address_1' : '',
                'billing_address_2' : '',
                'billing_city' : '',
                'billing_state' : '',
                'billing_zipcode' : '',
                'credit_card_hash' : hashlib.sha256('378734493671000').hexdigest(),
                'billing_phone' : '',
                'billing_email' : '',
                'shipping_first_name' : '',
                'shipping_last_name' : '',
                'shipping_company' : '',
                'shipping_country' : '',
                'shipping_address_1' : '',
                'shipping_address_2' : '',
                'shipping_city' : '',
                'shipping_state' : '',
                'shipping_zipcode' : '',
                'shipping_email' : '',
                'shipping_phone' : '',
                'username' : '',
                'password_hash' : hashlib.sha256('password').hexdigest(),
                'credit_card_bin' : '',
                'recurring' : '',
                'recurring_times' : '',
                'credit_card_expiration_month' : '',
                'credit_card_expiration_year' : '',
                'avs_code' : '',
                'cvv_code' : '',
                'order_amount' : '',
                'order_quantity' : ''
            }
            """            
            result = ipqs.payment_transaction_fraud_prev(self.client_address[0],{**parameters, **transaction_parameters})

            if 'success' in result and result['success'] == True:
                """
                NOTICE: If you want to use one of the examples below, remove
                any lines containing /*, */ and *-, then remove * from any of the
                the remaining lines.
                """


                """
                Transaction Scoring Example 1: Block high risk users or fraudulent payments simply based on the Risk Score
                """

                if result['transaction_details']['risk_score'] >= 90:
                    
                    self.send_response(303)
                    self.send_header('Content-type', 'text/html')
                    self.send_header('Location','https://www.ipqualityscore.com/disable-your-proxy-vpn-connection')
                    self.end_headers()
                    return
                
                """
                Transaction Scoring Example 2: We'd like to block users with a risky phone number or invalid physical address
                
                if result['transaction_details']['valid_billing_address'] == False or result['transaction_details']['valid_shipping_address'] == False or result['transaction_details']['valid_billing_phone'] == False or result['transaction_details']['valid_shipping_phone'] == False or result['transaction_details']['risky_billing_phone'] == True or result['transaction_details']['risky_shipping_phone'] == True:
                	self.send_response(303)
                    self.send_header('Content-type', 'text/html')
                    self.send_header('Location','https://www.ipqualityscore.com/disable-your-proxy-vpn-connection')
                    self.end_headers()
                    return
                """
                
                """
                Transaction Scoring Example 3: We'd like to block users with any occurrence of high risk behavior, invalid user data, or an overall Fraud Score >= 90
                
                if result['fraud_score'] >= 90 or result['transaction_details']['valid_billing_address'] == False or result['transaction_details']['valid_shipping_address'] == False or result['transaction_details']['valid_billing_email'] == False or result['transaction_details']['valid_shipping_email'] == False or result['transaction_details']['risky_billing_phone'] == True or result['transaction_details']['risky_shipping_phone'] == True or result['transaction_details']['valid_billing_phone'] == False or result['transaction_details']['valid_shipping_phone'] == False or result['transaction_details']['risky_username'] == True or result['transaction_details']['fraudulent_behavior'] == True:
                	self.send_response(303)
                    self.send_header('Content-type', 'text/html')
                    self.send_header('Location','https://www.ipqualityscore.com/disable-your-proxy-vpn-connection')
                    self.end_headers()
                    return
                """
                
                """
                 Transaction Scoring Example 4: We'd like to block users with an overall Fraud Score >= 90, or users with tor connections, or users with abusive email addresses
                
                if result['fraud_score'] >= 90 or result['tor'] == True or result['transaction_details']['valid_billing_email'] == False or result['transaction_details']['valid_shipping_email'] == False:
                	self.send_response(303)
                    self.send_header('Content-type', 'text/html')
                    self.send_header('Location','https://www.ipqualityscore.com/disable-your-proxy-vpn-connection')
                    self.end_headers()
                    return
                """

                """
                If you are confused with these examples or simply have a use case
                not covered here, please feel free to contact IPQualityScore's support
                team. We'll craft a custom piece of code to meet your requirements.
                """

            self.send_response(500)
            self.send_header("Content-type", "text/html")
            self.end_headers()
            self.wfile.write(bytes("<body>", "utf-8"))

if __name__ == "__main__":        
    webServer = HTTPServer((hostName, serverPort), MyServer)
    print("Server started http://%s:%s" % (hostName, serverPort))

    try:
        webServer.serve_forever()
    except KeyboardInterrupt:
        pass

    webServer.server_close()
    print("Server stopped.")

Ready to eliminate fraud?

Start fighting fraud now with 5,000 Free Lookups!

We're happy to answer any questions or concerns.

Chat with our fraud detection experts any day of the week.

Call us at: (800) 713-2618

Schedule a Demo Sign Up