Developer Resources
ThreatMetrix® device fingerprinting integration allows our risk team to conduct real-time monitoring by detecting transaction and device anomalies and by enabling detection of the transaction’s originating-device IP address. Device fingerprinting is required for all Web transactions and the implementation is only on the checkout/payment page.
Our Data Collector product allows our risk team to capture and analyze user behavior on your website. This data is leveraged in real-time transaction risk decisions to both decrease fraud and increase acceptance rates. Implementation of this service follows the entire customer journey, from the first landing page, through registration, shopping and checkout/payment pages.
This section describes the information that is required on the Web form.
The GetSessionTags API is used to generate a session identifier, referred to as a WebSessionID, that is used for the Data Collector and ThreatMetrix service implementations.
GetSessionTags should only be called once in the first page of your flow that a user lands on. The WebSessionID should be stored and passed to all subsequent pages in your flow that will use Data Collector and/or Device Fingerprinting, ensuring that the same WebSessionID is used throughout the user’s session.
When the GetSessionTags API is called, a {WebSessionID} and {OrgID} are returned.
Both {WebSessionID} and {OrgID} parameters must be embedded in the device fingerprinting JavaScript on the Web form.
Note: The Data Collector script-loading is asynchronous and should be placed at the top of the page. The Fingerprinting script could take up to five seconds to process the tag links. We recommend placing the tag links code for Fingerprinting at the bottom of the page and disabling the Submit button until the page loads completely.
When the form is submitted to the Web server, the {WebSessionID} parameter is required for the ChargePaymentFraudRequest API call.
For Device Fingerprinting, copy and paste the following code into your Web form on the Payment page only, and then replace the information within the brackets with the OrgID and WebSessionID response parameters returned by the GetSessionTags API call.
<%@ taglib uri="http://java.sun.com/jstl/core" prefix="c"%>
<!-- Begin fingerprinting tags below -->
<p style="background:url(https://fp.ecustomerpayments.com/DF/fp/clear.png?org_id="{OrgID}"&session_id="{WebSessionID}"&m=1)"></p>
<img src="https://fp.ecustomerpayments.com/DF/fp/clear.png?org_id="{OrgID}"&session_id={WebSessionID}"&m=2" alt=""/>
<script src="https://fp.ecustomerpayments.com/DF/fp/check.js?org_id="{OrgID}"&session_id="{WebSessionID}" type="text/javascript"></script>
<!-- End fingerprinting tags -->
The assigned Account Name and {WebSessionID} must be embedded in the Data Collector content server and subsequent JavaScript on the Web form.
The first page and all subsequent pages should include the below code in the HEAD section to initiate Data Collector. AccountName and WebSessionID should be replaced with the Account Name given to you during onboarding and the WebSessionID created when you called the GetSessionTags API earlier:
<!-- Begin Data Collector tags below -->
<script src="https://riskcsproxy.ecustomersupport.com/DCCSProxy/Service/vdccs.js?AccountName=XXXX&WebSessionID=YYYY" async type=“text/javascript”></script>
The first page and all subsequent pages should include the below code in the HEAD section to initiate Data Collector. AccountName and WebSessionID should be replaced with the Account Name given to you during onboarding and the WebSessionID created when you called the GetSessionTags API earlier:
<!-- Begin Data Collector tags below -->
<script src="https://collectorsvc.ecustomersupport.com/DCCSProxy/Service/vdccs.js?AccountName=XXXX&WebSessionID=YYYY" async type=“text/javascript”></script>