Forter Integration

Fortify your payments with Forter’s risk assessment.

PayU supports Forter’s risk assessment, allowing you to easily activate the service within your Authorization and Charge requests. After receiving Forter’s prediction, you can decide whether to authorize or block transactions accordingly. Forter also takes full liability for transactions they approve by implementing a chargeback guarantee policy. The service provides the following benefits:

An embedded risk assessment call within the Authorization and Charge requests.
Chargeback guarantee policy – If a Forter-approved transaction is later disputed, Forter commits to cover the transaction amount.
Can be used for transactions in every geographical location.

Configuring Forter

Start using Forter’s service by following these steps:

Add Forter as a Provider to your account.
Activate Forter’s risk assessment in the header of your Authorization or Charge request.
Ensure PaymentsOS' API requests include all fields required by Forter to perform the risk assessment. Mandatory fields divided by request-type are listed here.
Configure Business rules to determine how to proceed with transactions based on the risk assessment result. Note that you will need to devise your own blocking rules via the decision engine to prevent transactions from moving on to Authorization. Forter’s recommendations are not enacted automatically and thus require another step from your end to devise blocking rules. Our blocking recommendations are outlined below.

Flow Result and Chargebacks

After the main synchronous flow is complete, we inform Forter about the authorization result to enrich their algorithm and decision-making. The same applies to chargebacks as well.

Step 1: Add Forter as a Provider

Go to Account -> Providers and choose ‘Forter Risk’. Insert the Forter SiteID and SecretKey to finalize the configuration (grab the SiteID and SecretKey from the Forter Portal).

Provider Condiguration ID

By configuring Forter, you will automatically generate a Configuration ID for the integration. You will need to pass this ID in the header of the request. see Activating Forter Risk Check in Requests.

Step 2: Activate Forter Within Requests

To ensure transactions are reviewed by Forter, you must pass the x-risk-provider-config-id in the request header of the Authorization or Charge call, like so:

x-payments-os-env: test 
api-version: 1.3.0 
x-client-ip-address: 216.3.128.12 
x-risk-provider-config-id: 4efe54ff-5956-4df3-a295-b23c17836d21 
private-key: bede7ee5-eaaq-4c9a-bc1f-617ba28256ae 
app-id: com.zooz.docapp 
idempotency-key: AGJ8FJLkGHIpHUTK

Step 3: Pass all Required Fields for Forter’s Assessment

In addition to passing the x-risk-provider-config-id in the request header, and to ensure Forter reviews transactions, you must pass some Forter-specific fields according to the request-type you intend to send.

PaymentsOS maps Forter’s decision to one of the following statuses: Succeed, Failed, or Unreviewed. Succeed means that the transaction is approved and covered by Forter. PayU can then proceed with the transaction to the authorization/charge request.

Failed indicates that Forter does not approve the transaction, so you are advised not to proceed with the authorization or charge request.

Unreviewed indicates that Forter did not review the transaction according to its policy. This may happen if some Forter-specific parameters were missing from the request.

Viewing Forter's Analysis Result

In case you wish to see the analysis result for your own analytics or internal use, you can grab it from the Authorization or Charge responses:

Copy

...
{
  "risk_analysis":{
    "id":"f6b8938f-2f90-4c10-832b-027a8597f1e6",
    "result":{
      "status":"Succeed",
      "score":0
    }
  }
}
...

Step 4: Configure Blocking Rules

Use the decision engine to configure blocking rules according to Forter’s risk assessment.

Our recommendation is to block transactions with a Failed risk status. Note that unless you devise blocking rules, all transactions (whether with a Failed, Succeed or Unreviewed status) will be automatically sent for authorization.

Mandatory Fields Required by Forter

To ensure transactions are reviewed by Forter, you must pass some Forter-specific fields, depending on the request(s) you wish to be sending — Create Token, Create Payment, Create Authorization, or Create Charge.

Create Token Required Fields

The following fields are mandatory and are specific to Forter. Passing these fields is crucial to receive Forter’s risk assessment. Unless all fields are passed, Forter will return an Unreviewed status.

Field	Description
billing_address object	Notes specific to Forter Required when using the Forter risk provider. For a general description of this field, see the API Reference.
⇒ city string	Notes specific to Forter Required when using the Forter risk provider. For a general description of this field, see the API Reference.
⇒ country string	Notes specific to Forter Required when using the Forter risk provider. For a general description of this field, see the API Reference.
⇒ email string	Notes specific to Forter Required when using the Forter risk provider. For a general description of this field, see the API Reference.
⇒ first_name string	Notes specific to Forter Required when using the Forter risk provider. For a general description of this field, see the API Reference.
⇒ last_name string	Notes specific to Forter Required when using the Forter risk provider. For a general description of this field, see the API Reference.
⇒ line1 string	Notes specific to Forter Required when using the Forter risk provider. For a general description of this field, see the API Reference.
⇒ state string	Notes specific to Forter Required when using the Forter risk provider. For a general description of this field, see the API Reference.
⇒ zip_code string	Notes specific to Forter Required when using the Forter risk provider. For a general description of this field, see the API Reference.

Create Payment Required Fields

The following fields are mandatory and are specific to Forter. Passing these fields is crucial to receive Forter’s risk assessment. Unless all fields are passed, Forter will return an Unreviewed status.

Field	Description
order object	Notes specific to Forter Required when using the Forter risk provider. For a general description of this field, see the API Reference.
⇒ delivery_method string	Notes specific to Forter Required when using the Forter risk provider. For a general description of this field, see the API Reference.
⇒ delivery_type string	Notes specific to Forter Required when using the Forter risk provider. For a general description of this field, see the API Reference.
⇒ id string	Notes specific to Forter Required when using the Forter risk provider. For a general description of this field, see the API Reference.
⇒ line_items array	Notes specific to Forter Required when using the Forter risk provider. For a general description of this field, see the API Reference.
⇒⇒ id string	Notes specific to Forter Required when using the Forter risk provider. For a general description of this field, see the API Reference.
⇒⇒ item_type string	Notes specific to Forter Required when using the Forter risk provider. For a general description of this field, see the API Reference.
⇒⇒ name string	Notes specific to Forter Required when using the Forter risk provider. For a general description of this field, see the API Reference.
⇒⇒ quantity integer	Notes specific to Forter Required when using the Forter risk provider. For a general description of this field, see the API Reference.
⇒⇒ unit_price	Notes specific to Forter Required when using the Forter risk provider. For a general description of this field, see the API Reference.
shipping_address object	Notes specific to Forter Required when using the Forter risk provider. For a general description of this field, see the API Reference.
⇒ city string	Notes specific to Forter Required when using the Forter risk provider. For a general description of this field, see the API Reference.
⇒ country string	Notes specific to Forter Required when using the Forter risk provider. For a general description of this field, see the API Reference.
⇒ first_name string	Notes specific to Forter Required when using the Forter risk provider. For a general description of this field, see the API Reference.
⇒ last_name string	Notes specific to Forter Required when using the Forter risk provider. For a general description of this field, see the API Reference.
⇒ line1 string	Notes specific to Forter Required when using the Forter risk provider. For a general description of this field, see the API Reference.
⇒ state string	Notes specific to Forter Required when using the Forter risk provider. For a general description of this field, see the API Reference.
⇒ zip_code string	Notes specific to Forter Required when using the Forter risk provider. For a general description of this field, see the API Reference.

Create Authorization or Create Charge Required Fields

Field	Description
channel_type string	Notes specific to Forter The channel through which the order was placed. Can be one of the following values: `telephone_order`,`mail_order`,`virtual_terminal`,`web_order`,`mobile_order`.
⇒ forter object	Notes specific to Forter Object holding parameters that must be passed when using the Forter risk provider.
provider_specific_data object	Notes specific to Forter Object holding parameters that must be passed when using the Forter risk provider.
⇒⇒ additional_details object	Notes specific to Forter Object holding parameters that must be passed when using the Forter risk provider.
⇒⇒⇒ mobile_uid string	Notes specific to Forter The device identifier such as IMEI in Android or the vendor identifier in iOS, returned to you by the Forter mobile app SDK. Relevant to mobile transactions only.
⇒⇒⇒ token_cookie string	Notes specific to Forter The token cookie returned to you in the checkout page by the Forter checkout Javascript snippet.

Last modified July 15, 2022