Merchants > API Reference > Endpoints > Payment Method

Payment Method

This endpoint is used to inform Ravelin of payment methods being saved or used by a customer account.

The data that you use to populate the payment method varies between payment service providers (PSP) after tokenization. If your PSP is unable to provide you with a suitable instrument ID you should allow Ravelin to generate instrument IDs on your behalf by submitting either full PANs, or client-side encrypted cards. For more information, please refer to our PCI DSS documentation.

Ravelin does not accept submission of the CVV, PIN or magnetic stripe data to any of our API endpoints.

To request a recommendation at this endpoint use the Payment Method Registration checkpoint.

Field Status Definitions

Required Required fields must be sent. If the data is not sent Ravelin will return an error.

Important Important fields are crucial for performance where that data is relevant for your business.

Optional Optional fields are additional data points that can be shared with Ravelin.
These fields are unlikely to impact performance but may be visible in the Ravelin dashboard.

POST api.ravelin.com/v2/paymentmethod

Show all

timestamp integer required

The time at which this data payload was valid. When sending events in realtime, this will usually be 'now'. This is used to merge data that arrives out-of-order.

A Unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

customerId string required

The unique identifier of the customer. If your system allows anonymous checkout then we recommend making this the customer's email address.

eventType string optional

An eventType should identify what event in your system triggered this API call.

Pattern: ^[a-zA-Z0-9][a-zA-Z0-9-_]*$

tempCustomerId string optional

deprecated

Deprecated. Use customerId instead.

paymentMethod object optional

The payment method being registered by the customer.

One of the following:

Card - A credit or debit card.

Show definition

methodType string required

Card payment method indicator.

One of:

card - Card payment method indicator. Used for both credit and debit cards.
creditcard - Deprecated. Use card.
debitcard - Deprecated. Use card.

paymentMethodId string required

A unique identifier for this payment method, specific to this customer. Two customers should not use the same paymentMethodId.

scheme string optional

The card network or scheme, such as visa or mastercard. Ravelin will identify the scheme on your behalf if you send the cardBin, which should be preferred.

instrumentId string important

A unique identifier for the physical card, shared between customers. Used to link cards in Connect. Must not be a hash of the PAN.

If you use multiple PSPs who each generate their own equivalent of an instrumentId, you should consider prefixing their values to indicate their origin to avoid collisions. Common examples include Stripe's fingerprint, or Braintree's unique_number_identifier).

pan string pci, optional

The full Primary Account Number of the card.

This should be 14-19 digits. For example 1234123412341234. This should not contain hyphens or spaces.

Used by Ravelin to generate the instrumentId for this card.

If specified, you do not need to provide instrumentId, cardBin or cardLastFour.

Only PCI DSS SAQ-D certified merchants should submit the PAN to Ravelin. You must not send requests containing this field to api.ravelin.com, and must instead use pci.ravelin.com.

Please see our PCI DSS documentation for more information.

paymentAccountReference string important

The Payment Account Reference (PAR) is a unique, consistent, non-sensitive identifier for the current Primary Account Number (PAN) for the customer's payment account. However, unlike the PAN, which can change if a card is lost or stolen, the PAR can be remapped to identify a new PAN, and so remains the same for the lifetime of the payment account.

The PAR is issued by card schemes and is defined by the EMV® Payment Account Reference (PAR) White Paper (PDF download).

It is an ideal value to use as the instrumentId.

If you have the PAR when requesting a recommendation, and you've not already provided an instrumentId in a previous request, use the PAR as the instrumentId, and do not use this paymentAccountReference field.

If you do not have the PAR when requesting a recommendation, or you've already provided an instrumentId in a previous request, populate this paymentAccountReference field when the PAR is available.

Required length: 29 characters.

cardBin string important

The first six or eight digits of the card number/PAN. The Bank Identification Number (BIN), recently more commonly known as the Issuer Identification Number (IIN).

Given the BIN, Ravelin will populate the issuer, country of issuance, and card type on your behalf.

cardLastFour string important

The last four digits of the card number/PAN. Please note this will be truncated to the last two digits when an eight digit BIN is provided.

issuer string optional

The card issuer, who the true cardholder will report fraud to. Ravelin will identify the issuer on your behalf if you send the cardBin, which should be preferred.

prepaidCard boolean optional

Whether this is a prepaid debit card. Ravelin will identify whether the card is prepaid on your behalf if you send the cardBin which should be preferred.

countryIssued string optional

The country that the card was issued in. Ravelin will identify the country of issuance on your behalf if you send the cardBin, which should be preferred.

A ISO 3166-1 Alpha 3 or Alpha 2 country code.

expiryMonth integer important

The expiry month of the card.

expiryYear integer important

The expiry year of the card.

nameOnCard string important

The cardholder name.

billingAddress object important

The address of the registered cardholder, as used to pass AVS checks. It is common to have fewer location details for this address, but provide what you have.

Show definition

country string important

A ISO 3166-1 Alpha 3 or Alpha 2 country code.

postalCode string important

The postal or zip code. If provided without latitude or longitude, Ravelin will perform coarse geolocation in some countries.

latitude number important

The latitude of the location.

longitude number important

The longitude of the location.

addresseeName string optional

The name of the person that will accept delivery of goods to this address.

street1 string optional

The street address of the location.

street2 string optional

The street address of the location.

neighbourhood string optional

The neighbourhood of the location.

zone string optional

The zone of the location.

city string optional

The city/village/town

region string optional

The state/county of the location.

poBoxNumber string optional

The PO box number related to the location.

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

geohash string optional

deprecated

The geohash of the location.

corporateCard boolean optional

Whether this payment method is a corporate card.

virtualCard boolean optional

Whether this payment method is a virtual card.

successfulRegistration boolean optional

Whether the card was successfully registered with your gateway/PSP.

registrationTime integer important

The time that the card was saved to the customer's account. (Not the card start date.)

A Unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

lastVerified integer optional

The time at which the payment method was last verified by the customer. An example mechanism would be a random amount charged to the customer's card that they can confirm the amount of.

A Unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

compromised boolean optional

deprecated

Whether the card has been compromised.

compromisedReason string optional

deprecated

The reason why the card is considered compromised.

One of: cloned, databreach, found, lost, stolen, frozen, defrosted, or uncompromised.

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

active boolean optional

deprecated

Whether this card is still saved to the customer's account.

banned boolean optional

deprecated

Whether this card has been banned.

eWallet string optional

deprecated

The e-Wallet to which the customer associated the card.

One of: applepay, googlepay, samsungpay, amazonpay, or visacheckout.

nickName string optional

deprecated

The nickname the customer has given the payment method.

cardType string optional

deprecated

The card network or scheme, such as visa or mastercard. Ravelin will identify the cardType on your behalf if you send the cardBin, which should be preferred.

Payment Method Cipher - An encrypted payment method, containing the full card details encrypted via a Ravelin SDK.

Show definition

methodType string required

Client-side encrypted card payment method indicator.

Only: paymentMethodCipher.

cardCiphertext string required, pci

The card ciphertext produced by the Ravelin SDK card encryption.

This field constitutes cardholder data, and submission of this field therefore requires PCI DSS SAQ-A or SAQ-AEP certification. You must not send requests containing this field to api.ravelin.com, and must instead use pci.ravelin.com.

Please see our PCI DSS documentation for more information.

aesKeyCiphertext string required

The AES Key ciphertext produced by the Ravelin SDK card encryption.

algorithm string required

The algorithm used to generate the ciphertexts.

paymentMethodId string optional

A unique identifier for this payment method, specific to this customer. Two customers should not use the same paymentMethodId.

ravelinSDKVersion string optional

The version of the Ravelin SDK that performed this encryption.

keyIndex integer important

The index of the public RSA key used to encrypt the card.

keySignature string optional

An identifier for the public key used during encryption.

billingAddress object optional

Show definition

country string important

A ISO 3166-1 Alpha 3 or Alpha 2 country code.

postalCode string important

The postal or zip code. If provided without latitude or longitude, Ravelin will perform coarse geolocation in some countries.

latitude number important

The latitude of the location.

longitude number important

The longitude of the location.

addresseeName string optional

The name of the person that will accept delivery of goods to this address.

street1 string optional

The street address of the location.

street2 string optional

The street address of the location.

neighbourhood string optional

The neighbourhood of the location.

zone string optional

The zone of the location.

city string optional

The city/village/town

region string optional

The state/county of the location.

poBoxNumber string optional

The PO box number related to the location.

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

geohash string optional

deprecated

The geohash of the location.

registrationTime integer important

When the payment method was added to the customer's account. Note: this is not the card start date.

A Unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

ravelinjsVersion string optional

deprecated

The version of the ravelinjs library that performed this encryption.

Cash - The customer is paying in cash, or a cash-based payment method.

Show definition

methodType string required

Indicator of a cash payment, or cash-based payment method (e.g. paysafecard).

Only: cash.

scheme string optional

The name of the cash-based payment service used, if applicable.

Bank Account - Bank Accounts.

Show definition

methodType string required

Bank account payment method indicator.

Only: bankaccount.

paymentMethodId string required

A unique identifier for this payment method, specific to this customer. Two customers should not use the same paymentMethodId.

transferType string required

The type of transfer: whether the customer is initiating the payment, or you are withdrawing funds from the customer's bank account based on an agreement to initiate payments on their behalf. Use "push" for a customer-initiated payment (e.g. a bank transfer) and "pull" for a merchant-initiated payment (e.g. Direct Debit).

One of: push, or pull.

scheme string important

The name of the payment scheme or instrument used for the transfer of funds.

iban string important

IBAN (International Bank Account Number) Following the ISO 13616:2007 standard.

countryIssued string optional

A ISO 3166-1 Alpha 3 or Alpha 2 country code.

accountAddress object optional

Show definition

country string important

A ISO 3166-1 Alpha 3 or Alpha 2 country code.

postalCode string important

The postal or zip code. If provided without latitude or longitude, Ravelin will perform coarse geolocation in some countries.

latitude number important

The latitude of the location.

longitude number important

The longitude of the location.

addresseeName string optional

The name of the person that will accept delivery of goods to this address.

street1 string optional

The street address of the location.

street2 string optional

The street address of the location.

neighbourhood string optional

The neighbourhood of the location.

zone string optional

The zone of the location.

city string optional

The city/village/town

region string optional

The state/county of the location.

poBoxNumber string optional

The PO box number related to the location.

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

geohash string optional

deprecated

The geohash of the location.

accountType string optional

The type of the account.

One of the following:

SAVINGS: A savings account, which is designed to help customers save money and earn interest.
CURRENT: A checking account, which is designed for frequent transactions and typically has low or no interest rates.

accountOwnerName string optional

The name of the account owner.

accountOwnerType string optional

The type of customer or entity that the account is associated with, whether it's an individual or a business.

One of the following:

PERSONAL: A bank account owned and used by an individual for personal transactions. Can include joint accounts.
BUSINESS: A bank account owned by a company or organisation for business transactions.

bankCode string important

Code assigned by central bank to identify bank that account is associated with. Multiple bank code formats are supported.

bankName string optional

Name of bank which account belongs to.

bic string important

BIC - business identifier code for banks and other institutions. Following the ISO9362 standard.

accountNumber string important

The account number issued by the bank.

nickName string optional

The nickname for the payment method that the customers gives, if applicable.

registrationTime integer important

The time that the card was saved to the customer's account. (Not the card start date.)

A Unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

PayPal - PayPal payments.

Show definition

methodType string required

PayPal payment method indicator.

Only: paypal.

paymentMethodId string required

A unique identifier for this payment method, specific to this customer. Two customers should not use the same paymentMethodId.

payerId string important

PayPal payer ID.

email string important

Account email address.

billingAddress object optional

The address of the account holder. It is common to have fewer location details for this address, but provide what you have.

Show definition

country string important

A ISO 3166-1 Alpha 3 or Alpha 2 country code.

postalCode string important

The postal or zip code. If provided without latitude or longitude, Ravelin will perform coarse geolocation in some countries.

latitude number important

The latitude of the location.

longitude number important

The longitude of the location.

addresseeName string optional

The name of the person that will accept delivery of goods to this address.

street1 string optional

The street address of the location.

street2 string optional

The street address of the location.

neighbourhood string optional

The neighbourhood of the location.

zone string optional

The zone of the location.

city string optional

The city/village/town

region string optional

The state/county of the location.

poBoxNumber string optional

The PO box number related to the location.

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

geohash string optional

deprecated

The geohash of the location.

registrationTime integer important

The time that the card was saved to the customer's account. (Not the card start date.)

A Unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

lastVerified integer optional

The time at which the payment method was last verified by the customer. An example mechanism would be a random amount charged to the customer's card that they can confirm the amount of.

A Unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

nickName string optional

The nickname for the payment method that the customer gives, if applicable.

countryIssued string optional

The two-character ISO 3166-1 account country_code sent by PayPal.

verifiedAccount boolean optional

The customer’s PayPal account status. Indicates whether the account is verified or not.

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

banned boolean optional

deprecated

If the payment method has been banned

active boolean optional

deprecated

Whether the payment method is active for use by this account

Credit - This payment method type should be used for any payments made using credit that a customer has with the merchant.

Show definition

methodType string required

Credit payment method indicator.

Only: credit.

paymentMethodId string required

A unique identifier for this payment method, specific to this customer. Two customers should not use the same paymentMethodId.

scheme string important

The name of the store credit scheme used as a payment method, if applicable.

registrationTime integer optional

When the payment method was added to the customer's account.

A Unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

lastVerified integer optional

A Unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

Invoice - This payment method should be used whenever the merchant provides credit to the customer.

Show definition

methodType string required

Invoice payment method indicator.

Only: invoice.

paymentMethodId string required

A unique identifier for this payment method, specific to this customer. Two customers should not use the same paymentMethodId.

scheme string important

The name of the invoice or 'buy now, pay later' scheme used, if applicable.

registrationTime integer optional

When the payment method was added to the customer's account.

A Unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

lastVerified integer optional

A Unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

accountOwnerName string optional

The nickname for the payment method that the customers gives, if applicable.

accountAddress object optional

Show definition

country string important

A ISO 3166-1 Alpha 3 or Alpha 2 country code.

postalCode string important

The postal or zip code. If provided without latitude or longitude, Ravelin will perform coarse geolocation in some countries.

latitude number important

The latitude of the location.

longitude number important

The longitude of the location.

addresseeName string optional

The name of the person that will accept delivery of goods to this address.

street1 string optional

The street address of the location.

street2 string optional

The street address of the location.

neighbourhood string optional

The neighbourhood of the location.

zone string optional

The zone of the location.

city string optional

The city/village/town

region string optional

The state/county of the location.

poBoxNumber string optional

The PO box number related to the location.

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

geohash string optional

deprecated

The geohash of the location.

email string optional

The email address used by the customer to register an invoice or 'buy now, pay later' payment method.

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

Wallet - A digital wallet payment method.

Show definition

methodType string required

Wallet payment method indicator.

Only: wallet.

paymentMethodId string required

A unique identifier for this payment method, specific to this customer. Two customers should not use the same paymentMethodId.

scheme string required

The name of the digital wallet scheme or electronic payment service. For common wallets, please send the official name only, for example applepay or googlepay.

cardScheme string optional

The card network or scheme of the card used within a wallet payment method, such as visa or mastercard. Ravelin will identify the cardScheme on your behalf if you send the cardBin, which should be preferred.

instrumentId string important

A unique identifier for the physical card, shared between customers. Used to link cards in Connect. Must not be a hash of the PAN or DPAN.

pan string pci, optional

The full Primary Account Number of the card.

This should be 14-19 digits. For example 1234123412341234. This should not contain hyphens or spaces.

Used by Ravelin to generate the instrumentId for this card.

If specified, you do not need to provide instrumentId, cardBin or cardLastFour.

Only PCI DSS SAQ-D certified merchants should submit the PAN to Ravelin. You must not send requests containing this field to api.ravelin.com, and must instead use pci.ravelin.com.

Please see our PCI DSS documentation for more information.

paymentAccountReference string important

The PAR is issued by card schemes and is defined by the EMV® Payment Account Reference (PAR) White Paper (PDF download).

It is an ideal value to use as the instrumentId.

Required length: 29 characters.

cardBin string important

The first six or eight digits of the card number/PAN or DPAN. The Bank Identification Number (BIN), recently also known as the Issuer Identification Number (IIN).

If you have access to the card data within the wallet, then given the cardBIN Ravelin will populate the issuer, countryIssued, and cardType on your behalf.

cardLastFour string important

The last four digits of the card number/PAN or DPAN.

cardType string optional

deprecated

The card network or scheme, such as visa or mastercard. Should only be sent if you have access to the card data within the wallet, rather than just the DPAN. Ravelin will identify the cardType on your behalf if you send the cardBin, which should be preferred.

issuer string optional

The card issuer, who the true cardholder will report fraud to. Should only be sent if you have access to the card data within the wallet, rather than just the DPAN. Ravelin will identify the issuer on your behalf if you send the cardBin, which should be preferred.

prepaidCard boolean optional

Whether this is a prepaid debit card. Should only be sent if you have access to the card data within the wallet, rather than just the DPAN. Ravelin will identify the prepaidCard status on your behalf if you send the cardBin, which should be preferred.

countryIssued string optional

The country that the card was issued in. Should only be sent if you have access to the card data within the wallet, rather than just the DPAN. Ravelin will identify the countryIssued on your behalf if you send the cardBin, which should be preferred.

A ISO 3166-1 Alpha 3 or Alpha 2 country code.

expiryMonth integer important

The expiry month of the card.

expiryYear integer important

The expiry year of the card.

nameOnCard string important

The cardholder name.

billingAddress object important

The address of the registered cardholder, as used to pass AVS checks. It is common to have fewer location details for this address, but provide what you have.

Show definition

country string important

A ISO 3166-1 Alpha 3 or Alpha 2 country code.

postalCode string important

The postal or zip code. If provided without latitude or longitude, Ravelin will perform coarse geolocation in some countries.

latitude number important

The latitude of the location.

longitude number important

The longitude of the location.

addresseeName string optional

The name of the person that will accept delivery of goods to this address.

street1 string optional

The street address of the location.

street2 string optional

The street address of the location.

neighbourhood string optional

The neighbourhood of the location.

zone string optional

The zone of the location.

city string optional

The city/village/town

region string optional

The state/county of the location.

poBoxNumber string optional

The PO box number related to the location.

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

geohash string optional

deprecated

The geohash of the location.

successfulRegistration boolean optional

Whether the card was successfully registered with your gateway/PSP.

registrationTime integer important

The time that the card was saved to the customer's account. (Not the card start date.)

A Unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

lastVerified integer optional

The time at which the payment method was last verified by the customer. An example mechanism would be a random amount charged to the customer's card that they can confirm the amount of.

A Unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

googlePayAccountVerified boolean important

A Google Pay specific field, which is available in the AssuranceDetailsSpecifications object from the Google Pay API. If true, indicates that cardholder possession has been validated. We strongly recommend that you send this data for Google Pay transactions if you have access to this field.

googlePayCardholderAuthenticated boolean important

A Google Pay specific field, which is available in the AssuranceDetailsSpecifications object from the Google Pay API. If true, indicates that identification and verification was performed. We strongly recommend that you send this data for Google Pay transactions if you have access to this field.

email string important

The email address associated with the account where the wallet is set up. For example, this would be an @gmail.com email address for Google Pay wallets, or the email address associated with the Apple ID for Apple Pay wallets. In some cases a temporary email address may be used, for example, for Apple Pay this may be an @privaterelay.appleid.com email address.

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

active boolean optional

deprecated

Whether this card is still saved to the customer's account.

banned boolean optional

deprecated

Whether this card has been banned.

nickName string optional

deprecated

The nickname the customer has given the payment method.

From Transaction - Refer to the payment method used by a named transaction. For usage examples, see Saving payment methods after checkout and Associating refunds with payment methods.

Show definition

methodType string required

Indicator for using a payment method from another transaction.

Only: fromTransaction.

transactionId string important

The transaction ID to look up the payment method from.

gateway string important

The gateway that the transaction was processed through.

gatewayReference string important

The gateway ref provided by the gateway for the transaction.

paymentMethodId string optional

When present, will duplicate the payment method from the referenced transaction and save it under this paymentMethodId for use later. Used by Saving payment methods after checkout.

Direct Debit - Direct Debits. - deprecated.

Show definition

methodType string required

Direct Debit payment method indicator.

Only: directdebit.

paymentMethodId string required

A unique identifier for this payment method, specific to this customer. Two customers should not use the same paymentMethodId.

transferType string required

Bank transfer type

Only: directdebit.

scheme string required

The type of direct debit scheme.

One of: autogiro, bacs, becs, becsnz, betalingsservice, or sepa.

iban string optional

IBAN (International Bank Account Number) Following the ISO 13616:2007 standard.

countryIssued string optional

A ISO 3166-1 Alpha 3 or Alpha 2 country code.

accountAddress object optional

Show definition

country string important

A ISO 3166-1 Alpha 3 or Alpha 2 country code.

postalCode string important

The postal or zip code. If provided without latitude or longitude, Ravelin will perform coarse geolocation in some countries.

latitude number important

The latitude of the location.

longitude number important

The longitude of the location.

addresseeName string optional

The name of the person that will accept delivery of goods to this address.

street1 string optional

The street address of the location.

street2 string optional

The street address of the location.

neighbourhood string optional

The neighbourhood of the location.

zone string optional

The zone of the location.

city string optional

The city/village/town

region string optional

The state/county of the location.

poBoxNumber string optional

The PO box number related to the location.

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

geohash string optional

deprecated

The geohash of the location.

accountOwnerName string optional

The name of the account owner.

bankCode string optional

Code assigned by central bank to identify bank that account is associated with. Multiple bank code formats are supported.

bankName string optional

Name of bank which account belongs to.

bic string optional

BIC - business identifier code for banks and other institutions. Following the ISO9362 standard.

accountNumber string optional

The account number issued by the bank.

mandateRef string optional

The unique reference issued for the direct debit mandate.

mandateURL string optional

A URL to access the direct debit mandate agreement.

nickName string optional

The nickname for the payment method that the customers gives, if applicable.

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

Bank Transfer - Bank Transfers. - deprecated.

Show definition

methodType string required

Bank transfer payment method indicator.

Only: banktransfer.

paymentMethodId string required

A unique identifier for this payment method, specific to this customer. Two customers should not use the same paymentMethodId.

transferType string required

Bank transfer type

One of: bancontact, eps, giropay, ideal, inghomepay, sofort, or sepa.

iban string optional

IBAN (International Bank Account Number) Following the ISO 13616:2007 standard.

countryIssued string optional

A ISO 3166-1 Alpha 3 or Alpha 2 country code.

accountAddress object optional

Show definition

country string important

A ISO 3166-1 Alpha 3 or Alpha 2 country code.

postalCode string important

The postal or zip code. If provided without latitude or longitude, Ravelin will perform coarse geolocation in some countries.

latitude number important

The latitude of the location.

longitude number important

The longitude of the location.

addresseeName string optional

The name of the person that will accept delivery of goods to this address.

street1 string optional

The street address of the location.

street2 string optional

The street address of the location.

neighbourhood string optional

The neighbourhood of the location.

zone string optional

The zone of the location.

city string optional

The city/village/town

region string optional

The state/county of the location.

poBoxNumber string optional

The PO box number related to the location.

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

geohash string optional

deprecated

The geohash of the location.

accountOwnerName string optional

The name of the account owner.

bankCode string optional

Code assigned by central bank to identify bank that account is associated with. Multiple bank code formats are supported.

bankName string optional

Name of bank which account belongs to.

bic string optional

BIC - business identifier code for banks and other institutions. Following the ISO9362 standard.

accountNumber string optional

The account number issued by the bank.

nickName string optional

The nickname for the payment method that the customers gives, if applicable.

registrationTime integer important

The time that the card was saved to the customer's account. (Not the card start date.)

A Unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

Other - Other supported payment methods. - deprecated.

Show definition

methodType string required

Other payment method type indicator.

One of: voucher, bitcoin, transfer, paysafe, cheque, or edenred.

paymentMethodId string required

A unique identifier for this payment method, specific to this customer. Two customers should not use the same paymentMethodId.

registrationTime integer optional

When the payment method was added to the customer's account.

A Unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

lastVerified integer optional

A Unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC (nanoseconds are also accepted).

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

nickName string optional

deprecated

The nickname for the payment method that the customers gives, if applicable.

banned boolean optional

deprecated

If the payment method has been banned

active boolean optional

deprecated

Whether the payment method is active for use by this account

Removal: Used for marking a saved payment method as removed from the account.

Show definition

paymentMethodId string required

A unique identifier for this payment method, specific to this customer. Two customers should not use the same paymentMethodId.

active boolean required

False to indicate the payment method has been deactivated.

Only: false.

device object optional

The device used by the customer to trigger this update.

Show definition

deviceId string required

The ID of the device used by the customer to trigger this update.

ipAddress string important

The IP address of the device connecting to your services. Used in fraud and account-takeover detection.

When extracting this IP address, consider X-Forwarded-For.

language string important

The ISO 639 code of your customer's device's preferred language, or the IET Language Tag (BCP 47) values from the browser's Accept-Language header.

userAgent string important

The browser user-agent string, if the device represents a web browser - window.navigator.userAgent.

model string optional

The model/identifier name of the device if the device represents a native app. See here for iOS models: https://www.theiphonewiki.com/wiki/Models and here for Google Play supported models: http://storage.googleapis.com/play_public/supported_devices.csv.

os string optional

The operating system that the device is running.

type string optional

The type of device.

One of: computer, phone, or tablet.

manufacturer string optional

The maker of the device.

location object optional

The geolocated position of the device.

Show definition

country string important

A ISO 3166-1 Alpha 3 or Alpha 2 country code.

postalCode string important

The postal or zip code. If provided without latitude or longitude, Ravelin will perform coarse geolocation in some countries.

latitude number important

The latitude of the location.

longitude number important

The longitude of the location.

addresseeName string optional

The name of the person that will accept delivery of goods to this address.

street1 string optional

The street address of the location.

street2 string optional

The street address of the location.

neighbourhood string optional

The neighbourhood of the location.

zone string optional

The zone of the location.

city string optional

The city/village/town

region string optional

The state/county of the location.

poBoxNumber string optional

The PO box number related to the location.

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

geohash string optional

deprecated

The geohash of the location.

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

browser string optional

deprecated

The name of the web browser being used, if applicable. Prefer userAgent.

javascriptEnabled boolean optional

deprecated

Whether Javascript is enabled on the web browser.

cookiesEnabled boolean optional

deprecated

Whether cookies are enabled on the web browser.

screenResolution string optional

deprecated

The resolution of the screen on the device in the format XxY

deviceId string optional

The ID of the device used by the customer to trigger this update.

POST https://api.ravelin.com/v2/paymentmethod HTTP/1.1
Authorization: token ...
Content-Type: application/json

{
  "timestamp": 1512828988826,
  "customerId": "abc-123-ZYZ",
  "tempCustomerId": "abc-123-XYZ",
  "paymentMethod": {
    "methodType": "card",
    "paymentMethodId": "pm-abc123",
    "scheme": "visa",
    "instrumentId": "fp_abc123",
    "paymentAccountReference": "50019P9LBXOLHN9G7QMU5VN520YSY",
    "cardBin": "535522",
    "cardLastFour": "0001",
    "expiryMonth": 7,
    "expiryYear": 2020,
    "nameOnCard": "John Smith",
    "billingAddress": {
      "country": "GBR",
      "postalCode": "E1 1AA",
      "latitude": 51.503252,
      "longitude": -0.127899,
      "addresseeName": "John Smith",
      "street1": "123 fake st.",
      "street2": "floor 4, flat 48",
      "neighbourhood": "Hackney",
      "zone": "1",
      "city": "London",
      "region": "California",
      "poBoxNumber": "1234"
    },
    "corporateCard": true,
    "virtualCard": true,
    "successfulRegistration": true,
    "registrationTime": 1512828988826,
    "lastVerified": 1512828988826,
    "compromised": true,
    "compromisedReason": "stolen",
    "eWallet": "applepay"
  },
  "device": {
    "deviceId": "65fc5ac0-2ba3-4a3b-aa5e-f5a77b845260",
    "ipAddress": "81.152.92.84",
    "language": "en-US",
    "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36",
    "model": "Pixel XL",
    "os": "android",
    "type": "phone",
    "manufacturer": "google",
    "location": {
      "country": "GBR",
      "postalCode": "E1 1AA",
      "latitude": 51.503252,
      "longitude": -0.127899,
      "addresseeName": "John Smith",
      "street1": "123 fake st.",
      "street2": "floor 4, flat 48",
      "neighbourhood": "Hackney",
      "zone": "1",
      "city": "London",
      "region": "California",
      "poBoxNumber": "1234"
    }
  }
}

Response

Show all

status integer

The HTTP response status code.

timestamp integer

A Unix timestamp indicating when we finished handling the request.

message string

If an error has occurred, a description of the error.

data object

Contains our recommendations and related details.

Show definition

action string

Our recommended action.

Use this to determine how you should handle the order.

See source for the reason for this recommendation.

One of: ALLOW, REVIEW, or PREVENT.

source string

The reason for our recommended action.

Do not implement any logic based upon this field as we may add new values in the future without warning.

Options:

CHARGEBACK - The action was based the customer having at least one unforgiven dispute.
LOOKUP - The action was based on finding the customer in our Lookup fraud database.
MANUAL_REVIEW - The action was based on a manual review.
NETWORK - The action was based on how the customer was connected in our Connect graph network.
RATE_LIMIT - This request was rate-limited. The action was based on the default action for rate-limited requests.
RAVELIN - The action was based on the payment fraud score and your thresholds. See score.
RULE - The action was based on a rule.

score integer

The fraud score produced by the machine learning model. A value between 0 and 100. The higher the number the more fraudulently the model scored the customer.

This may not be the source of the final recommendation, see source.

customerId string

The ID of the customer to which this recommendation applies.

scoreId string

A unique ID for this score.

transactionOptimisation object

If transaction optimisation is enabled, and a transaction optimisation recommendation was requested, this will contain the recommendation and related details.

Show definition

transactionId string

The identifier for the transaction, as provided in the request.

action string

Our transaction optimisation recommendation for whether the transaction should be authenticated or sent straight to authorisation.

One of: AUTHENTICATE, or AUTHORISE.

exemption string

The SCA exemption type to request for the transaction.

One of: TRANSACTION_RISK_ANALYSIS, or LOW_VALUE.

threeDSChallengePreference string

The preference for whether or not a 3DS challenge should be performed. This field is only present if action is AUTHENTICATE.

One of: NO_PREFERENCE, NO_CHALLENGE_REQUESTED, CHALLENGE_REQUESTED, or CHALLENGE_REQUESTED_AS_MANDATE.

actionSource string

The source of the given recommendation.

One of: NO_ACTION_SOURCE, or CLIENT_RULE.

rules object

Indicates which rules were triggered to cause the given recommendation.

Show definition

triggered array

An array containing the details of the rules which were triggered.

Show definition

ruleId integer

The ID of the rule which triggered to produce the action.

ruleVersion integer

The version number of the rule which triggered to produce the action.

action string

The action which the rule produced.

One of: NONE, AUTHENTICATE, or AUTHORISE.

exemption string

The exemption which the rule produced.

One of: TRANSACTION_RISK_ANALYSIS, or LOW_VALUE.

threeDSChallengePreference string

The 3DS challenge preference which the rule produced.

One of: NO_PREFERENCE, NO_CHALLENGE_REQUESTED, CHALLENGE_REQUESTED, or CHALLENGE_REQUESTED_AS_MANDATE.

triggered boolean

Whether the rule triggered.

state string

The state of the rule when it executed. An active rule is live, whereas a passive rule is in test mode.

One of: active, or passive.

threeDS object

If 3DS data enrichment is enabled, and our transaction optimisation recommendation is AUTHENTICATE, this will contain an enriched AReq.

Show definition

areq object

Contains AReq fields that can be passed on to your 3DS provider.

Show definition

acctInfo object

Information about the cardholder's account.

Show definition

chAccAgeInd string

Length of time that the cardholder has had the account.

One of the following:

01 - No account (guest check-out)
02 - Changed during this transaction
03 - Less than 30 days
04 - 30−60 days
05 - More than 60 days

chAccDate string

Date that the cardholder opened the account.

nbPurchaseAccount string

Number of purchases by this cardholder account during the last six months.

paymentAccAge string

Date that the payment method was added to the cardholder’s account.

paymentAccInd string

Indicates the length of time since the payment method was added to the cardholder’s account.

One of the following:

01 - No account (guest check-out)
02 - During this transaction
03 - Less than 30 days
04 - 30−60 days
05 - More than 60 days

txnActivityDay string

Number of transactions (successful and abandoned) by this cardholder account across all payment methods in the last 24 hours.

txnActivityYear string

Number of transactions (successful and abandoned) by this cardholder account across all payment methods in the last year.

suspiciousAccActivity string

Indicates whether the 3DS Requestor has experienced suspicious activity (including previous fraud) on the cardholder account.

One of the following:

01 - No suspicious activity has been observed
02 - Suspicious activity has been observed

merchantName string

Merchant name assigned by the acquirer.

mcc string

Merchant category code. A card scheme specific code describing the merchant’s type of business, product or service.

addrMatch string

Indicates whether the billing address and shipping address are the same.

One of the following:

Y - Billing address matches shipping address
N - Billing address does not match shipping address

billAddrLine1 string

First line of the billing address associated with the card used for this purchase.

billAddrLine2 string

Second line of the billing address associated with the card used for this purchase.

billAddrCity string

The city of the billing address associated with the card used for this purchase.

billAddrState string

ISO 3166-2 country subdivision code for the state or province of the billing address associated with the card used for this purchase.

billAddrPostCode string

ZIP or other postal code of the billing address associated with the card used for this purchase.

billAddrCountry string

The numeric country code of the billing address associated with the card used for this purchase.

shipAddrLine1 string

First line of the shipping address requested by the cardholder.

shipAddrLine2 string

Second line of the shipping address requested by the cardholder.

shipAddrCity string

City of the shipping address requested by the cardholder.

shipAddrState string

ISO 3166-2 country subdivision code for the state or province of the shipping address requested by the cardholder.

shipAddrPostCode string

The ZIP or other postal code of the shipping address requested by the cardholder.

shipAddrCountry string

Numeric country of the shipping address requested by the cardholder.

warnings array

Warnings when the data you are sending may negatively impact fraud detection.

Show definition

class string

Identifier for this warning. Format is [a-z-]+ so you can safely record it in your metrics system.

help string

A link to more information about this class of warning and the impact of not resolving.

msg string

A description indicating why this warning has been issued.

cachedScore boolean

In order to provide resiliency, on the rare occasion that Ravelin isn’t able to calculate a fraud score, a cached score is used to determine the action. If a cached score was used, this field will be true.

effectiveTime string

Response Version 1

Specifies the time the score was originally calculated. Uses the format 2020-01-01T00:00:00.00000000Z.

comment string

Response Version 1

If the customer was manually reviewed, the comment left by the reviewer.

rules object

Response Version 2

Contains details about the rules which were triggered by this customer.

Show definition

passiveAction string

The action which would have been returned if all test rules were live.

triggered array

An array containing the details of the rules which were triggered.

Show definition

triggered boolean

Whether the rule triggered.

state string

The state of the rule. If the rule is live mode, the state will be active. If the rule is in test mode, the state will be passive.

One of: active, or passive.

ruleId integer

The ID of the rule which triggered to produce the action.

ruleVersion integer

The version number of the rule which triggered to produce the action.

category string

The category of the rule which triggered to produce the action, as set in the dashboard when the rule was created.

Options:

payment - Rules created to reduce payment fraud or implement payment-related business logic.
ato - Rules created to prevent account takeover.
txOptimisation - Rules created to optimise transaction routing and manage strong customer authentication exemptions.
refundAbuse - Rules created to prevent refund abuse.
psp - Rules created to optimise payment service providers performance.
supplier - Rules created to prevent supplier fraud.

description string

A human-readable explanation of why the rule triggered.

action string

The action which the rule produced.

connect object

Response Version 2

Contains details about the network the customer is connected to.

Show definition

fraudulent boolean

Indicates that the customer was within a certain distance to fraud in the network. The customer will have received a REVIEW or PREVENT payment fraud recommendation depending on their distance to fraud. See their customer profile in the Ravelin dashboard for more details about their distance to fraud.

lookup object

Response Version 2

Contains details about the Lookup results for the customer.

Show definition

lookupAction string

The payment fraud recommendation which was produced from the Lookup result. May not be the final recommendation.

One of: REVIEW, or PREVENT.

lookupResult object

Contains details about the Lookup results for the customer.

Show definition

industry string

If you have configured Lookup to only search a specific industry, this is the industry which was searched.

hasChargebacks boolean

Indicates whether the customer has disputes in any of the Lookup results.

reviewedAsFraudster boolean

Indicates whether the customer has been reviewed as a fraudster in any of the Lookup results.

email object

Contains details about the Lookup result found using the customer's email address.

Show definition

address string

The email address found in Lookup.

hasChargebacks boolean

Indicates the customer has disputes.

reviewedAsFraudster boolean

Indicates the customer has been reviewed as a fraudster.

telephone object

Contains details about the Lookup result found using the customer's telephone number.

Show definition

number string

The telephone number found in Lookup.

hasChargebacks boolean

Indicates the customer has disputes.

reviewedAsFraudster boolean

Indicates the customer has been reviewed as a fraudster.

ipAddress object

Contains details about the Lookup result found using the customer's IP address.

Show definition

address string

The IP address found in Lookup.

hasChargebacks boolean

Indicates whether the customer has disputes.

reviewedAsFraudster boolean

Indicates whether the customer has been reviewed as a fraudster.

market object

Response Version 2

Contains details about the market for the customer.

Show definition

city string

The city that the customer belongs to, based on their latest order. Used for reporting and risk bucketing.

This is populated from the order.marketCity field from the customer's latest order.

country string

The country the customer is from, based on their latest order. Used for reporting and risk bucketing.

This is populated from the order.country field from the customer's latest order.

region string

The country-group market the customer belongs to. E.g. 'southamerica', 'europe', 'emea'. Used for reporting and risk bucketing.

This is populated from the order.market field from the customer's latest order.

thresholds object

Response Version 2

Contains details about the machine learning fraud score thresholds.

Show definition

review integer

The review fraud score threshold. If the fraud score is used to produce the recommendation, a score above this threshold, but below the prevent threshold will produce a REVIEW recommendation.

prevent integer

The prevent fraud score threshold. If the fraud score is used to produce the recommendation, a score above this threshold will produce a PREVENT recommendation.

orderId string

Response Version 3

The ID of the order used to calculate the recommendation, typically the customer's latest order.

transactionId string

Response Version 3

The ID of the transaction used to calculate the recommendation, typically the customer's latest transaction.

{
  "status": 200,
  "timestamp": 1512828988826,
  "data": {
    "action": "ALLOW",
    "score": 12,
    "source": "RAVELIN",
    "customerId": "abc-123-ZYZ",
    "scoreId": "2bf39d-d1299-31",
    "transactionOptimisation": {
      "transactionId": "123-abc-XYZ",
      "action": "AUTHENTICATE",
      "exemption": "TRANSACTION_RISK_ANALYSIS",
      "threeDSChallengePreference": "NO_CHALLENGE_REQUESTED",
      "actionSource": "CLIENT_RULE",
      "rules": {
        "triggered": [
          {
            "ruleId": 1,
            "ruleVersion": 1,
            "action": "AUTHENTICATE",
            "exemption": "TRANSACTION_RISK_ANALYSIS",
            "threeDSChallengePreference": "NO_CHALLENGE_REQUESTED",
            "triggered": true,
            "state": "active"
          }
        ]
      }
    },
    "warnings": [
      {
        "class": "customer-not-found",
        "help": "https://developer.ravelin.com/api/warnings/#customer-not-found",
        "msg": "Customer \"abc-123-ZYZ\" not found."
      }
    ]
  }
}

Feedback

Was this page helpful?