Fraud Notifications

This technical documentation is intended for all iyzico merchants, partners and PSP’s who would like to integrate iyzico's fraud protection solution.

iyzico combines advanced machine learning and artificial intelligence algorithms with rule based engines that continuously learn from iyzico's merchant network in order to detect and prevent fraud attempts. Sending correct payment data is the key for better accuracy.

Given solution can be used with all of iyzico PAYMENT METHODS options:

• NON-3DS

• 3DS

• PWI(PayWithiyzico)

• CF(Checkout Form)

• as well as Products

Decision

A payment fraud detection process may end in 3 possible scenarios:

1. If the payment request is not found to be risky, it will directly be accepted directly.

2. If the request is found to be too risky, it will be directly rejected by iyzico's fraud engine.

3. If the payment request is deemed as possibly risky, then the payment will be sent for manual review and may not be approved later.

Approval:

If the payment request completes successfully, the response will return a successful status.

Direct rejection:

If iyzico's fraud engine decides that a payment request is too risky, then the request is directly declined. In this case iyzico will return error code 6000 or 6001. These error codes are reserved for fraud protection. Error code 6001 represents black list and 6000 represents fraud engine rejections.

Merchants are able to see these values under “Validation Errors” menu* Error messages for these codes are “Payment request has not passed fraud check”.

Review state:

After a successful payment, iyzico returns a “fraudStatus” parameter in the response. This parameter can take 2 different values:

If the value for fraudStatus returned in response is 0, it indicates that the payment is being reviewed by iyzico's fraud team. In this case, you can mark the payment status as PENDING and withhold the delivery until a notification for the result of the review is received. To see the list of your pending payments, you can use the “Suspicious Transactions” menu on the merchant panel.

If the value for fraudStatus returned in response is 1, the corresponding transaction can be marked successful in your system.

You then need to update your payment result page according to the fraudStatus parameter. If the payment needs to be reviewed first, you can set the status for the corresponding order to pending/waiting for approval.

Notification

The results of the reviewed payments are sent to merchants via Instant Fraud Notifications (IFN).

Notification via emails:

When a payment request needs to be reviewed (fraudStatus=0), iyzico alerts the merchant (Merchant panel account email) by sending an email. After iyzico's fraud team has reviewed the payment request, merchants are informed about the outcome of the review (Merchant panel account email) by email again.

API Push Notifications:

iyzico also supports server to server API notifications. To use this service, merchants can simply enter their Callback (IFN) URL via their Merchant Panel. After iyzico's fraud team reviewed the payment request, iyzico sends a notification to the provided callback URL. Notifications can take these values:

Sample notification sent by iyzico;

curl -X POST --header "Content-Type:application/json" –data ‘{"paymentId":8580057,"fraudStatus":-1}’

curl -X POST 
--header "Content-Type:application/json" 
–data {"paymentId":8580057,"fraudStatus":-1}

iyzico POSTs this data to the merchant callback URL.

Pull Notifications:

The latest fraud status of a payments can be fetched via our API via through a “Retrieve Payment Request”. Merchants are able to use this request with “paymentId” (iyzico provided) or “paymentConversationId” (merchant provided) to get the value of the “fraudStatus” parameter.

The fraud status parameter can take these values.

Merchants are self-responsible for building a time based job scheduler to monitor the value of the fraudStatus parameter.