Here's an example of passing device data with a transaction:
$result = $gateway->transaction()->sale([ 'amount' => "1000.00", 'paymentMethodNonce' => nonceFromTheClient, 'options' => [ 'submitForSettlement' => true ], 'deviceData' => $_POST['device_data'] ]);
And here's an example of passing device data with a payment method creation (thus triggering a verification request):
$result = $gateway->paymentMethod()->create([ 'customerId' => '12345', 'paymentMethodNonce' => nonceFromTheClient, 'options' => [ 'verifyCard' => true ], 'deviceData' => $_POST['device_data'] ]);
In general, we strongly recommend including device data on any event where:
- a customer adds credit card data to your Vault
- a customer initiates a credit card or Google Pay transaction
We send both transactions and verification requests to Kount to ensure that you get the most comprehensive fraud protection possible, and Kount will be more accurate when you include device data.
This is especially important on verifications: verifying cards is the best way to stop fraudsters from getting into your Vault. Sending the verification to Kount with device data will ensure that preliminary fraud checks are being run in addition to normal AVS/CVV/risk threshold checks you may have enabled. This further augments the level of protection you have, as Kount is able to identify fraudulent patterns linked to a device sooner than if you only passed device data with transaction requests.
Passing a customer email is optional. If the customer does not provide an email, we recommend that you do not pass the parameter at all. However, if your system requires it, pass the dummy address
If multiple orders are made using the same email address but different card numbers or devices, Kount—our fraud detection partner—will flag these orders, which can lead to a high decline rate. Using firstname.lastname@example.org instead of your own dummy address (e.g. email@example.com) will prevent Kount from linking orders based on the email address and will reduce the likelihood of false positives. When you do not pass customer email, we will pass firstname.lastname@example.org for you.
We return the risk data on credit card and certain Google Pay transactions. The data includes the risk identifier, the device data captured flag, and the risk decision, which can provide further context on how a transaction was scored by Kount.
$result->transaction->riskData->id # "1SG23YHM4BT5" $result->transaction->riskData->decision # "Decline" $result->transaction->riskData->deviceDataCaptured # True
The possible values of the risk decision are Not Evaluated, Approve, Review, and Decline.
Still have questions?
If you can’t find an answer, contact our Support team