Requesting and handling recommendations

On this page:

Alongside your payment fraud integration, there are two extra things to consider for transaction optimisation:

Requesting recommendations
Make sure you send us important transaction and payment method details. We will return a recommendation to authenticate or authorise with or without an exemption or 3DS challenge preference where applicable.
Update us with authentication and authorisation attempts
Make sure you update us at the end of the transaction about these attempts.

Requesting recommendations

A transaction optimisation recommendation can be requested by sending a request to the transaction endpoint.

The checkpoint=pspBeforeAuth query parameter at the end of your request URL is used for both payment fraud and transaction optimisation recommendations, but you will need to include &transactionOptimisation=true to ensure you also receive the latter.

For example, /psp/transaction?checkpoint=pspBeforeAuth&transactionOptimisation=true.

This recommendation request must be sent before performing authentication or authorisation.

There are important fields that must be included in the request:

Important Fields	How the field is used
transaction.amount	We make use of the transaction amount (converted to Euros) to determine if low value exemptions are available and also to match against any breached Reference Fraud Rates.
transaction.currency	We use this to help determine the transaction amount in Euros.
transaction.gateway transaction.acquirerId	We use the gateway and acquirer ID to match against any breached Reference Fraud Rates.
transaction.acquirerCountryCode	We use this to match against any country-specific Reference Fraud Rates. We also use it to determine if the transaction is One-Leg-Out.
paymentMethod.iin	We use this in several different ways: To infer the issuing country to maximise issuer intelligence. To determine the highest supported 3DS version for the payment methods using our own 3DS card range data and determine which SCA exemptions are available. To understand the card scheme and optimisation options. To understand if a transaction is One-Leg-Out.
transaction.transactionId transaction.stepId	We use these to ensure that we can track the transaction throughout the scoring flow.
transaction.type paymentMethod.methodType	We use these to understand whether optimisation is possible for the transaction.
transaction.mcc transaction.acquirerBin paymentMethod.expiryYear paymentMethod.expiryMonth paymentMethod.instrumentId	We use these data points within our model to optimise our recommendations.

We only provide transaction optimisation routing recommendations if the paymentMethod.methodType is set to card and the payment is not using an e-wallet. This is because other transaction types may be out of PSD2 scope, have Strong Customer Authentication built in already (e.g. Apple Pay), or do not support 3D Secure. Our recommendations are based around 3DS used as the mechanism to support SCA.

We will return a recommendation to either perform authentication through 3D Secure, or proceed directly to authorisation. A Strong Customer Authentication (SCA) exemption and 3DS challenge preference will also be returned if applicable.

Our recommendations will be driven by different sources:

Machine Learning: This will drive the majority of our recommendations for optimisable traffic.
Rules: You can request that Ravelin configure rules to be applied to optimisable traffic. However, we strongly recommend that recommendations be driven by our ML for optimisation purposes.
Compliance Logic: This will help identify traffic which cannot be optimised, as well as help keep you compliant with PSD2 SCA.

The response will be appended to the payment fraud recommendation, with optimised recommendations being provided only to transactions we believe are low risk.

The recommendation will be in the data.transactionOptimisation field. It is important that you handle the following fields in your integration:

More specific guidance on how to handle different recommendations is given in the next section.

Handling Recommendations

The table below explains what our recommendations may be and how to handle them.

Recommendation	Recommendation Handling
`AUTHENTICATE` with `TRANSACTION_RISK_ANALYSIS` and `NO_CHALLENGE_REQUESTED`	Send an authentication request to your 3DS provider. Make sure that you are requesting a TRA (low risk) exemption and specifying that no challenge is requested. If you are able to specify which 3DS Requestor Challenge Indicator value to use, set this to 05 (No challenge requested - transactional risk analysis is already performed).
`AUTHENTICATE` with `LOW_VALUE` and `NO_CHALLENGE_REQUESTED`	Send an authentication request to your 3DS provider. Make sure that you are requesting a low value exemption and specifying that no challenge is requested. If you are able to specify which 3DS Requestor Challenge Indicator value to use, set this to 10 (No challenge requested - use low value exemption).
`AUTHENTICATE` with `NO_PREFERENCE`	Send an authentication request to your 3DS provider. Make sure that you are specifying that you have no challenge preference. If you are able to specify which 3DS Requestor Challenge Indicator value to use, set this to 01 (No preference).
`AUTHENTICATE` with `NO_CHALLENGE_REQUESTED`	Send an authentication request to your 3DS provider. Make sure that you are specifying that no challenge is requested. If you are able to specify which 3DS Requestor Challenge Indicator value to use, set this to 02 (No challenge requested).
`AUTHENTICATE` with `CHALLENGE_REQUESTED`	Send an authentication request to your 3DS provider. Make sure that you are specifying that a challenge is being requested. If you are able to specify which 3DS Requestor Challenge Indicator value to use, set this to 03 (Challenge requested as a 3DS Requestor preference).
`AUTHENTICATE` with `CHALLENGE_REQUESTED_AS_MANDATE`	Send an authentication request to your 3DS provider. Make sure that you are specifying that a challenge is required due to authentication compliance mandates. If you are able to specify which 3DS Requestor Challenge Indicator value to use, set this to 04 (Challenge requested as mandate, e.g. required for 3DS2 compliance).
`AUTHORISE` with `TRANSACTION_RISK_ANALYSIS`	Send an authorisation request to your acquirer or the card scheme. Make sure that you are flagging the TRA (low risk) exemption in the request.
`AUTHORISE` with `LOW_VALUE`	Send an authorisation request to your acquirer or the card scheme. Make sure that you are flagging the low value exemption in the request.
`AUTHORISE`	Send an authorisation request to your acquirer or the card scheme.

It is important that we are aware of any restrictions that your payment partners may have when accepting routing and exemption recommendations. Please let us know if any of the following applies so that we can provide you with the best possible recommendations:

If you or any of your acquirers have breached their Reference Fraud Rates.
If you work with a payment partner that has any restricted routing. For instance, if your payment partner can only accept authenticate routing recommendations, we will ensure that our ML doesn’t return authorise routing recommendations, and we will return AUTHENTICATE with NO_PREFERENCE when the transaction is One-Leg-Out.

Example Recommendation Responses

Several example recommendation responses are shown below.

Recommendation: Send to 3D Secure for authentication with challenge as mandate

{
  "status": 200,
  "timestamp": 1738162660,
  "data": {
    "action": "ALLOW",
    "score": 18,
    "scoreId": "7fffffff985f3ab20133f3854-a0837cc1-0d5a-4436-902e-a9afcfd9e3a8",
    "transactionId": "b835c733-a50c-4048-a002-9c64d9b216c6",
    "transactionOptimisation": {
      "action": "AUTHENTICATE",
      "actionSource": "COMPLIANCE",
      "threeDSChallengePreference": "CHALLENGE_REQUESTED_AS_MANDATE",
      "compliance": {
        "type": "PSD2",
        "optimisable": false,
        "description": "must authenticate transactions with value 500 EUR or greater"
      }
    }
  }
}

Recommendation: Send to 3D Secure for authentication with TRA (low risk) exemption and no challenge requested

{
  "status": 200,
  "timestamp": 1738162660,
  "data": {
    "action": "ALLOW",
    "score": 18,
    "scoreId": "7fffffff9a06784b00a383df2-203ceb5e-b797-44ba-8afd-e59570ecec17",
    "transactionId": "b835c733-a50c-4048-a002-9c64d9b216c6",
    "rules": {},
    "transactionOptimisation": {
      "action": "AUTHENTICATE",
      "actionSource": "ML",
      "exemption": "TRANSACTION_RISK_ANALYSIS",
      "threeDSChallengePreference": "NO_CHALLENGE_REQUESTED",
      "compliance": {
        "type": "PSD2",
        "optimisable": true,
        "excludedRecommendations": [
          {
            "recommendation": {
              "route": "AUTHENTICATE",
              "exemption": "LOW_VALUE"
            },
            "description": "only available for transactions with value less than 30 EUR"
          },
          {
            "recommendation": {
              "route": "AUTHORISE",
              "exemption": "LOW_VALUE"
            },
            "description": "only available for transactions with value less than 30 EUR"
          }
        ]
      }
    }
  }
}

Recommendation: Proceed to authorisation with low value exemption

{
  "status": 200,
  "timestamp": 1738162660,
  "data": {
    "action": "ALLOW",
    "score": 18,
    "scoreId": "7fffffff9a065fe20028e9f66-5b61cf00-cc5c-4689-a772-d62a4ab06ad3",
    "transactionId": "b835c733-a50c-4048-a002-9c64d9b216c6",
    "transactionOptimisation": {
      "action": "AUTHORISE",
      "actionSource": "ML",
      "exemption": "LOW_VALUE",
      "compliance": {
        "type": "PSD2",
        "optimisable": true
      }
    }
  }
}

Example where transaction optimisation is not supported

{
  "status": 200,
  "timestamp": 1710859712297,
  "data": {
    "action": "REVIEW",
    "transactionId": "95482fce-8a04-4b5b-951b-123c29e70a83",
    "scoreId": "7fffffff9a06652102a2ab68f-b4ef16ef-5b4c-47b7-993e-570f573c864a",
    "score": 54
  },
  "message": "no transaction optimisation recommendation due to payment fraud action type"
}

Authentication and authorisation attempt updates

After you have attempted authentication and/or authorisation, you need to send us a request to our transaction endpoint with the outcome.

There are important fields that must be included in the request around the authentication:

Important Fields	How the field is used
transaction.transactionId transaction.stepId	We use these to associate the update back to the original transaction step.
threeds.challenged threeds.eci threeds.errorCode threeds.transStatus	We use these fields to determine the transaction outcome as well as the performance of our recommendations and whether our recommendations were honoured by the client and issuer.
threeds.version	We use this for analysis and for more detailed segmentation in our analytics.

There are important fields that must be included in the request around the authorisation:

Important Fields	How the field is used
transaction.transactionId transaction.stepId	We use these to associate the update back to the original transaction step.
transaction.success transaction.declineCode transaction.softDeclineCode	We use these fields to determine the transaction outcome as well as the performance of our recommendations and whether our recommendations were honoured by the client and issuer.

Handling soft declines

If you receive a soft decline code after the initial authorisation attempt, you can include this in a single update after the authorisation.

If we recommend going straight to authorisation and the issuer responds with a soft decline, some payment service providers automatically trigger Strong Customer Authentication. You can still update us about this in a single authentication and authorisation update, and use transaction.softDeclineCode field to indicate there was a soft decline. This will be used to improve our recommendations in the future.

If there are no mechanisms in place to automatically respond to soft declines today, we strongly recommend you introduce logic to send a transaction to 3DS authentication once a soft decline is received, setting the 3DS Requestor Challenge Indicator value to 04 (challenge requested - mandate). This will help to reduce latency in the overall transaction flow.

Managing payment fraud and transaction optimisation recommendations

We provide transaction optimisation recommendations on what is considered low risk payment fraud traffic. We will therefore only provide optimised routing recommendations when we return an Allow for payment fraud.

We recommend the following actions for our recommendations in markets where authentication mandates exist:

Recommendation	Recommendation handling
Payment Fraud `ALLOW`	This transaction carries a low payment fraud risk and may be optimisable. Follow the transaction optimisation recommendation provided.
Payment Fraud `REVIEW`	This transaction carries a medium payment fraud risk. Send to authentication with a 3DS Requestor Challenge Indicator value of 01 (no preference). Using this value will help to avoid friction and gain liability shift where possible.
Payment Fraud `PREVENT`	This transaction carries a high payment fraud risk. Stop processing.

Next steps

Test your transaction optimisation integration

Learn how to correctly handle transaction optimisation errors

Feedback

Was this page helpful?