We always recommend using the latest versions of our SDKs. While older versions may support Premium Fraud Management Tools, in order to use all available features, you must use at least the version indicated below.

  • Java 3.1.0
  • .NET 5.0.0
  • Node 2.24.0
  • PHP 5.3.0
  • Python 4.3.0
  • Ruby 2.103.0

Using device data

Include the collected client device data via the top-level device_data parameter when creating a customer, payment method, or transaction.

Here's an example of passing device data with a transaction:

result = gateway.transaction.sale(
  :amount => "1000.00",
  :payment_method_nonce => nonce_from_the_client,
  :options => {
    :submit_for_settlement => true
  :device_data => params[:device_data]

And here's an example of passing device data with a payment method creation (thus triggering a verification request):

result = gateway.payment_method.create(
  :customer_id => "131866",
  :payment_method_nonce => nonce_from_the_client,
  :options => {
    :verify_card => true
  :device_data => params[:device_data]

When to pass device data

In general, we strongly recommend including device data on any event where:

  • a customer adds credit card data to your Vault
  • a customer initiates a transaction

We use both transactions and verification request data to ensure that you get the most comprehensive fraud protection possible. Our Premium Fraud Management Tools use device data to more accurately identify fraudulent requests.

This is especially important on verifications: verifying cards is the best way to stop fraudsters from getting into your Vault. Sending the verification with device data will ensure that preliminary fraud checks are being run in addition to normal AVS/CVV/risk threshold checks you may have enabled. This further augments the level of protection you have, helping to identify fraudulent patterns linked to a device sooner than if you only passed device data with transaction requests.


When you create PayPal transactions using our Vault flow, it's critical to include device data for a different reason – to reduce decline rates. See our PayPal guide for more details.

Skipping Premium Fraud Management Tools

If you do not want to perform Premium Fraud Management Tools checks on a specific transaction, pass options.skip_advanced_fraud_checking when creating the transaction via the API.

Customer email address

Passing a customer email is optional. If the customer does not provide an email, we recommend that you do not pass the parameter at all.

However, if you are using Kount Custom and your system requires a customer email address, pass the dummy address noemail@kount.com. With Kount, if multiple orders are made using the same email address but different card numbers or devices, Kount will flag these orders, which can lead to a high decline rate. Using noemail@kount.com instead of your own dummy address (e.g. fakeemail@merchant.com) will prevent Kount from linking orders based on the email address and will reduce the likelihood of false positives. Kount's system requires an email address, so when you do not pass a customer email, we will pass noemail@kount.com for you.

Response handling

We return the risk data on credit card verifications and on transactions with all compatible payment methods. The data includes the fraud service provider, the risk identifier, the device data captured flag, and the risk decision, which can provide further context on how a verification or transaction was scored by our Premium Fraud Management Tools. For users of Fraud Protection, the data will include the decision reasons. For users of Fraud Protection Advanced, the data will also include the risk score.


For users of our Java and .NET SDKs, you will need to upgrade to versions .NET 5.4.0 and Java 3.7.0 or later to see the decision reasons and risk score in the risk data.

#=> "Kount"
#=> "1SG23YHM4BT5"
#=> "Decline"
#=> true
#=> ["reason1", "reason2"]
#=> 42

The possible values of the risk decision are Not Evaluated, Approve, Review, and Decline.

See also

Next Page: Testing and Go Live →