Antifraud
Antifraud GetNet evaluates the risk of e-commerce transactions using data sent by customers, in addition to relying on machine learning technologies, neural networks, managerial decisions, and adjustable rules.
The more data available to train the models, the better the results and the higher the probability of detection. With this wealth of data, the number of fraud detectors increases, which means better accuracy in identifying the transaction’s risk.
Therefore, we request that you send all the information listed below, you can find the fields on
additional_data object:Customer information:
All information listed here are inside the
customer object.| Attribute | Type | Description | Example |
|---|---|---|---|
document_number | String | Purchaser's document number without punctuation (without mask) | 2441356709 |
document_type | String | Type of the buyer's identification document | CPF |
email | String | Purchaser's email | aceiti@getnet.com.br |
name | String | Purchaser's name | Jose da Silva |
phone number | String | Purchaser's phone number | 11999999999 |
Billing address:
All information listed here are inside the
customer object.| Attribute | Type | Description | Example |
|---|---|---|---|
billing_address | Object | Customer's address information for billing | - |
city | String | City name | São Paulo |
complement | String | Address complement | apto 43 |
country | String | Country, report in the ISO 3166-1 alpha-3 standard | BRA |
district | String | District | Jardins |
number | String | Street number | 123 |
postal_code | String | Postal Code, CEP in Brazil or ZIP in the United States (without mask) | 02576896 |
state | String | State (UF) | SP |
street | String | Street name | Dark Tower |
type | String | Address type | Residential |
Device information:
All information listed here are inside the
device object.| Attribute | Type | Description | Example |
|---|---|---|---|
device | Object | Set of data referring to the device used by the buyer | - |
device_id | String | Device unique Id | ae44e06c-3e85-44af-8542-bcaccd54ef2e |
finger_print | String | Identification hash (Device Fingerprint) of the device | aGVsbG8td29ybGQtZGV2aWNlLWlkCg== |
ip_address | String | IP address (IPv4) of the buyer's device. This attribute must be captured by your application, from the device of the buyer (mobile; browser; etc.) and sent in the payload, in order to enrich our preventive analyses | 10.0.0.1 |
For more details, see the API reference
Device Fingerprint Implementation
Device Fingerprint is a technique that collects dozens of data points from a user's device and network environment, enabling merchants to more effectively detect anomalies and enhance overall fraud prevention capabilities.
The integration flow for this method involves two main phases:
- A client-side step, where device data is captured by loading the antifraud URL containing the session ID previously generated by the e-commerce system.
- A backend step, where the e-commerce system submits the payment data to the Getnet API, including the aforementioned session ID.
Step 1: Capturing device data
To collect device information from the transacting user, construct the antifraud URL using the following format:
https://BASE_URL?session={session id}&country={country code}, where:https://BASE_URL corresponds to one of the following environments:
https://api.pre.globalgetnet.com/dpm/digital-platform/antifraud/afdf.js (stage),
https://api.globalgetnet.com/dpm/digital-platform/antifraud/afdf.js (production).
? indicates the beginning of the query section,
session={session_id} is a required parameter used to identify the device during the transaction analysis process, and its value must follow the UUIDv4 format,
& is used as a connector between query parameters,
country={country_code} corresponds to the second mandatory parameter, required to identify the country of origin and should have the value of the corresponding ISO country code (AR, BR, CL, MX).Once the URL is correctly constructed, you should implement the resulting antifraud url inside the
head or body tag of your web application, as you can see in the examples below:For
head tag:javascript
<head>
<script
type="text/javascript"
src="https://base_url?session=${session_id}&country=${country_code}" />
</head>javascript
<head>
<script
type="text/javascript"
src="https://base_url?session=${session_id}&country=${country_code}" />
</head>For
body tag:javascript
<body>
<noscript>
<iframe
style="width: 100px; height: 100px; border: 0; position:absolute; top: -5000px;"
src="https://base_url?session=${session_id}&country=${country_code}" />
</noscript>
</body>javascript
<body>
<noscript>
<iframe
style="width: 100px; height: 100px; border: 0; position:absolute; top: -5000px;"
src="https://base_url?session=${session_id}&country=${country_code}" />
</noscript>
</body>Step 2: Create payment through Getnet API
When the user initiates a payment, the previously generated
session_id must be included in the request body sent to the Getnet API. This value should be passed as the device_id within the device object, alongside the ip_address and the finger_print (fingerprint hash). The device object should be nested inside the second-level additional_data object, as shown below:json
additional_data: {
device: {
ip_address: {ip_address},
device_id: {session_id},
finger_print: {finger-print-hash}
}
}json
additional_data: {
device: {
ip_address: {ip_address},
device_id: {session_id},
finger_print: {finger-print-hash}
}
}For more details, see the API reference