Requesting and handling recommendations

On this page:

Alongside your payment fraud integration, there are two extra things to consider for transaction optimisation:

Requesting recommendations
Make sure you send us important transaction and payment method details. We will return a recommendation to authenticate or authorise with or without an exemption or 3DS challenge preference where applicable.
Update us with authentication and authorisation attempts
Make sure you update us at the end of the transaction about these attempts.

Requesting recommendations

A transaction optimisation recommendation can be requested by sending a request to the Checkout Endpoint and adding the transactionOptimisation=true query parameter to the end of the request’s URL. This must be used in addition to the score query parameter for specifying a Checkpoint.

For example: /v2/checkout?score=checkoutPreAuth&transactionOptimisation=true

This request must be sent before starting authentication or authorisation.

These are the important fields to send in the recommendation request:

Important Fields	How the field is used
transaction.amount	We make use of the transaction amount (converted to Euros) to determine if low value exemptions are available and also to match against any breached Reference Fraud Rates.
transaction.currency	We use this to help determine the transaction amount in Euros.
transaction.gateway transaction.acquirerId	We use the gateway and acquirer ID to match against any breached Reference Fraud Rates.
transaction.acquirerCountryCode	We use this to match against any country-specific Reference Fraud Rates. We also use it to determine if the transaction is One-Leg-Out.
paymentMethod.cardBin	We use this in several different ways: To infer the issuing country to maximise issuer intelligence. To determine the highest supported 3DS version for the payment methods using our own 3DS card range data and determine which SCA exemptions are available. To understand the card scheme and optimisation options. To understand if a transaction is One-Leg-Out.
transaction.transactionId transaction.paymentMethodId customerId	We use these to ensure that we can track the transaction throughout the scoring flow.
transaction.type paymentMethod.methodType	We use these to understand whether optimisation is possible for the transaction.
transaction.mcc transaction.acquirerBin paymentMethod.expiryYear paymentMethod.expiryMonth paymentMethod.instrumentId	We use these data points within our model to optimise our recommendations.

We only provide transaction optimisation routing recommendations if the paymentMethod.methodType is set to card. This is because other transaction types may be out of PSD2 scope, have Strong Customer Authentication built in already (e.g. Apple Pay), or do not support 3D Secure. Our recommendations are based around 3DS used as the mechanism to support SCA.

We will return a recommendation to either perform authentication or proceed directly to authorisation. A Strong Customer Authentication (SCA) exemption and 3DS challenge preference will be returned if applicable. The response will be appended to the payment fraud recommendation, with optimised recommendations being provided only to transactions that we believe are low risk.

Our recommendations will be driven by different sources:

Machine Learning: This will drive the majority of our recommendations for optimisable traffic.
Rules: You can request that Ravelin configure rules to be applied to optimisable traffic. However, we strongly recommend that recommendations be driven by our ML for optimisation purposes.
Compliance Logic: This will help identify traffic which cannot be optimised, as well as help keep you compliant with PSD2 SCA.

See the Checkout Endpoint Response API Reference for the format of the response.

The recommendation will be in the data.transactionOptimisation field. It is important that you handle the following fields in your integration:

More specific guidance on how to handle different recommendations is given in the next section.

Handling Recommendations

The table below explains what our recommendations may be and how to handle them.

Recommendation	Recommendation Handling
`AUTHENTICATE` with `TRANSACTION_RISK_ANALYSIS` and `NO_CHALLENGE_REQUESTED`	Send an authentication request to your 3DS provider. Make sure that you are requesting a TRA (low risk) exemption and specifying that no challenge is requested. If you are able to specify which 3DS Requestor Challenge Indicator value to use, set this to 05 (No challenge requested - transactional risk analysis is already performed).
`AUTHENTICATE` with `LOW_VALUE` and `NO_CHALLENGE_REQUESTED`	Send an authentication request to your 3DS provider. Make sure that you are requesting a low value exemption and specifying that no challenge is requested. If you are able to specify which 3DS Requestor Challenge Indicator value to use, set this to 10 (No challenge requested - use low value exemption).
`AUTHENTICATE` with `NO_PREFERENCE`	Send an authentication request to your 3DS provider. Make sure that you are specifying that you have no challenge preference. If you are able to specify which 3DS Requestor Challenge Indicator value to use, set this to 01 (No preference).
`AUTHENTICATE` with `NO_CHALLENGE_REQUESTED`	Send an authentication request to your 3DS provider. Make sure that you are specifying that no challenge is requested. If you are able to specify which 3DS Requestor Challenge Indicator value to use, set this to 02 (No challenge requested).
`AUTHENTICATE` with `CHALLENGE_REQUESTED`	Send an authentication request to your 3DS provider. Make sure that you are specifying that a challenge is being requested. If you are able to specify which 3DS Requestor Challenge Indicator value to use, set this to 03 (Challenge requested as a 3DS Requestor preference).
`AUTHENTICATE` with `CHALLENGE_REQUESTED_AS_MANDATE`	Send an authentication request to your 3DS provider. Make sure that you are specifying that a challenge is required due to authentication compliance mandates. If you are able to specify which 3DS Requestor Challenge Indicator value to use, set this to 04 (Challenge requested as mandate, e.g. required for 3DS2 compliance).
`AUTHORISE` with `TRANSACTION_RISK_ANALYSIS`	Send an authorisation request to your PSP. Make sure that you are flagging the TRA (low risk) exemption in the request.
`AUTHORISE` with `LOW_VALUE`	Send an authorisation request to your PSP. Make sure that you are flagging the low value exemption in the request.
`AUTHORISE`	Send an authorisation request to your PSP.

It is important that we are aware of any restrictions that your payment services providers may have when accepting routing and exemption recommendations. Please let us know if any of the following applies so that we can provide you with the best possible recommendations:

If any of your acquirers have breached their Reference Fraud Rates.
If you work with a PSP that has any restricted routing. For instance, if your PSP can only accept authenticate routing recommendations, we will ensure that our ML doesn’t return authorise routing recommendations, and we will return AUTHENTICATE with NO_PREFERENCE when the transaction is One-Leg-Out.

Example Recommendation Responses

Several example recommendation responses are shown below.

Recommendation: Send to 3D Secure for authentication with challenge as mandate

{
  "status": 200,
  "timestamp": 1738162660,
  "data": {
    "customerId": "134cc0c0-7bcc-480a-9363-622689121fd4",
    "action": "ALLOW",
    "score": 18,
    "source": "RAVELIN",
    "scoreId": "38ba2d2a-050e-480d-a386-be3834cc6a7f",
    "transactionOptimisation": {
      "action": "AUTHENTICATE",
      "actionSource": "COMPLIANCE",
      "threeDSChallengePreference": "CHALLENGE_REQUESTED_AS_MANDATE",
      "compliance": {
        "type": "PSD2",
        "optimisable": false,
        "description": "must authenticate transactions with value 500 EUR or greater"
      }
    }
  }
}

Recommendation: Send to 3D Secure for authentication with TRA (low risk) exemption and no challenge requested

{
  "status": 200,
  "timestamp": 1738162660,
  "data": {
    "customerId": "134cc0c0-7bcc-480a-9363-622689121fd4",
    "action": "ALLOW",
    "score": 18,
    "source": "RAVELIN",
    "scoreId": "b8f9df31-4d90-4406-8ab9-892ed4f1d690",
    "transactionOptimisation": {
      "action": "AUTHENTICATE",
      "actionSource": "ML",
      "exemption": "TRANSACTION_RISK_ANALYSIS",
      "threeDSChallengePreference": "NO_CHALLENGE_REQUESTED",
      "compliance": {
        "type": "PSD2",
        "optimisable": true,
        "excludedRecommendations": [
          {
            "recommendation": {
              "route": "AUTHENTICATE",
              "exemption": "LOW_VALUE"
            },
            "description": "only available for transactions with value less than 30 EUR"
          },
          {
            "recommendation": {
              "route": "AUTHORISE",
              "exemption": "LOW_VALUE"
            },
            "description": "only available for transactions with value less than 30 EUR"
          }
        ]
      }
    }
  }
}

Recommendation: Proceed to authorisation with low value exemption

{
  "status": 200,
  "timestamp": 1738162660,
  "data": {
    "customerId": "134cc0c0-7bcc-480a-9363-622689121fd4",
    "action": "ALLOW",
    "score": 18,
    "source": "RAVELIN",
    "scoreId": "f4a0ff67-99b4-40f6-9486-273319379d0c",
    "transactionOptimisation": {
      "action": "AUTHORISE",
      "actionSource": "ML",
      "exemption": "LOW_VALUE",
      "compliance": {
        "type": "PSD2",
        "optimisable": true
      }
    }
  }
}

Example where transaction optimisation is not supported

{
  "status": 200,
  "message": "no transaction optimisation recommendation due to payment fraud action type",
  "timestamp": 17381626600,
  "data": {
    "customerId": "134cc0c0-7bcc-480a-9363-622689121fd4",
    "action": "REVIEW",
    "score": 54,
    "source": "RAVELIN",
    "scoreId": "6849a141-89c9-4f18-a07a-40dd928f8dbf"
  }
}

Authentication and authorisation attempt updates

Once a transaction has finished processing, you should update Ravelin with the outcome.

Send a request to our Checkout Endpoint and provide all the details of any authentication and authorisation attempts.

These are important fields that must be included in the transaction around the authentication:

Important Fields	How the field is used
transaction.transactionId	We use the transactionId to associate the update back to the original transaction.
transaction.3ds.attempted transaction.3ds.challenged transaction.3ds.success	We use these fields to determine the transaction outcome as well as the performance of our recommendations and whether our recommendations were honoured by the client and issuer.
transaction.3ds.version transaction.3ds.eci	We use these fields for analysis and for more detailed segmentation in our analytics.

These are important fields that must be included in the transaction around the authorisation:

Important Fields	How the field is used
transaction.transactionId	We use the transactionId to associate the update back to the original transaction.
transaction.success transaction.softDecline transaction.declineCode	We use these fields to determine the transaction outcome as well as the performance of our recommendations and whether our recommendations were honoured by the client and issuer.

Managing payment fraud and transaction optimisation recommendations

We provide transaction optimisation recommendations on what is considered low risk payment fraud traffic. We will therefore only provide optimised routing recommendations when we return an Allow for payment fraud.

We recommend the following actions for our recommendations in markets where authentication mandates exist:

Recommendation	Recommendation handling
Payment Fraud `ALLOW`	This transaction carries a low payment fraud risk and may be optimisable. Follow the transaction optimisation recommendation provided.
Payment Fraud `REVIEW`	This transaction carries a medium payment fraud risk. Send to authentication with a 3DS Requestor Challenge Indicator value of 01 (no preference). Using this value will help to avoid friction and gain liability shift where possible.
Payment Fraud `PREVENT`	This transaction carries a high payment fraud risk. Stop processing.

Next steps

Test your transaction optimisation integration

Learn how to correctly handle transaction optimisation errors

Feedback

Was this page helpful?