Assisted card transaction risk management
Learn to leverage risk insights provided by the payment network and participate in the risk management process. Understand how to analyze merchant profiles and card transaction fraud scores based on automated decision models.
Prerequisites:
- Your card program has enabled the Shared Authorization model for card authorization.
Card Transaction Risk Defense
Card transaction risk management is the systemic process of identifying, analyzing, and mitigating financial liability and security threats in the payment lifecycle. Unlike basic security, which focuses on "locking the door," it is a dynamic decision-making engine that balances fraud prevention against revenue maximization.
If controls are too loose, fraud rises. If controls are too tight, legitimate transactions are rejected (false positives), damaging customer loyalty.
Effective risk management relies on a "defense-in-depth" strategy. This approach places multiple security barriers between a fraudster and the funds. In this embedded finance system, risk is managed across three distinct layers, each with specific responsibilities and visibility.
Layer 1: The Payment Network Layer (Global Defense)
This is the outermost layer of defense, operated by card schemes (e.g., Visa, Mastercard). Because these networks process billions of transactions globally, they have the unique ability to see macro-level attack patterns that a single platform or partner cannot detect.
- Global Threat Blocking: The network identifies and blocks large-scale attacks, such as "BIN attacks" (automated bots testing thousands of stolen card numbers) or coordinated attacks originating from high-risk geolocations.
- Catastrophic Stopgaps: Services like "Safety Net" automatically cut off transactions if an issuer or processor is overwhelmed by a fraud spike, preventing massive financial loss during system vulnerabilities.
- Stand-In Processing: If an issuing bank goes offline, the network can make risk-based approval decisions on their behalf to keep legitimate transactions flowing.
Layer 2: The Platform Layer (Aggregated Intelligence)
This layer represents the embedded financial system itself. It sits between the global network and the specific partner, aggregating data across all partners to identify trends and enforce baseline security. The MatchMove platform and the regional banking partners (depending on region) go hand-in-hand to secure card transactions at this level.
- Cross-Partner Velocity Checks: The platform monitors card usage across its entire ecosystem. If a card is used at Partner A and immediately used at Partner B in a suspicious manner, the platform can flag it at the system level.
- Fraud Checks: Using machine learning, the platform analyzes transaction metadata (device fingerprint, IP address, time of day) to assess transaction risk.
- Merchant Underwriting & Monitoring: The platform continuously evaluates the health of the partners themselves, ensuring that high chargeback rates or suspicious processing volumes are flagged for review.
Layer 3: The Partner Level (Contextual Rules)
This is the granular layer where you, the business user, apply controls based on your specific business model and customer knowledge. You understand your "normal" better than any algorithm.
- Custom Business Rules: You define specific logic relevant to your operations. For example, a high-value electronics retailer might set a rule to "Review all transactions over $1,000," while a digital goods provider might "Block all transactions from a specific country."
- Manual Review: You have the ability to inspect flagged transactions. You can look at the customer's history, contact them for verification, and make the final decision to capture or void the payment.
- Allow and Block Lists: You manage specific lists of trusted customers (VIPs) to bypass friction or known bad actors to block permanently, ensuring that your risk strategy evolves with your customer base.
Assisted card transaction risk evaluation
Partners who have enabled and are participating in the Shared Authorization model of authorizing card payments will also have the capability to participate in the card transaction risk management process.
Through the OPENLOOP_PRE_AUTH webhook, the card payment authorization data and the risk data will be included in the payload. Partners will then be able to assess the risk data and decide based on their relationship and customer data.
This risk assessment decision can be added as a factor to the authorization decision that is required to be passed as a response to the OPENLOOP_PRE_AUTH webhook before the authorization process can be completed.
This authorization response will follow the same response time allowance indicated in the Transaction authorization - Shared Authorization section.
In the staging environment, assisted card transaction risk evaluation can be tested by:
- Enabling the Shared Authorization model.
- Simulating a card transaction that will invoke the
OPENLOOP_PRE_AUTHwebhook containing the risk data. See Simulate card transactions section to learn more about the additional request parameter required to activate the risk data feature.
Accessing the card transaction risk data
Partners using the shared authorization model will receive these data fields in the Card Authorization Webhook under the risk_details payload block.
MatchMove will extract and store additional risk information received from Mastercard in DE 48 during the authorization process.
DE 48, sub-element 75 | Fraud Scoring Data Provides a fraud score between 000–999, where 000 indicates the lowest likelihood of fraud and 999 the highest. Also includes the key factors influencing the score. |
DE 48, sub-element 56 | Security Services Additional Data for Issuers Contains insights from Mastercard’s embedded security services (e.g., Decision Intelligence, Digital Transaction Insights), offering additional data supporting the fraud scores |
DE 61 | Point-of-Service (POS) Data elements Contains point-of-service data about the conditions that exist at the point of service at the time of the transaction. It is made up of multiple subfields, each capturing a specific aspect of the transaction environment |
DE 22, sub-element 2 | POS Terminal PIN Entry Mode Identify whether PIN was entered, bypassed, or not capable at the terminal—supporting stronger fraud detection for card-present transactions. |
DE 48, sub-element 22.01 | Low-Risk Merchant / SCA Exemption Indicator Determine whether a transaction carries a valid SCA exemption signal and the declared basis—low fraud TRA, recurring, low value, MIT, or SCA delegation. |
DE 48, sub-element 22.02 | Single Tap Indicator Distinguish contactless single-tap transactions for targeted velocity controls |
DE 48, sub-element 22.05 | Cardholder / Merchant-Initiated Transaction (MIT) Indicator Identify merchant-initiated vs. cardholder-initiated transactions for accurate liability assessment, and downstream reconciliation |
Risk data restrictions:
- Risk data are raw values extracted from the payment network request payload (with no transformation) and are only passed through by MatchMove.
- Risk data will only be included in the payload when they are provided by the network.
- Risk data fields will be omitted when no data is present.
- Risk data are available only in the Pre-Auth webhook (not in Post-Auth webhooks).
Below is the mapping between the risk fields and the webhook parameters:
DE 48, sub-element 75 (Fraud Scoring Data) |
| Overall fraud scoring information for the transaction |
|
| Transaction risk score (000–999) |
|
| Factors that influenced the fraud score |
|
| Model-based risk score (SafetyNet / Fraud Rule Manager) |
|
| Factors influencing the model score |
DE 48, sub-element 56 (Security Services Additional Data for Issuers) |
| Data from Mastercard real-time monitoring services |
|
| Three-character code identifying the security service used |
|
| Additional data supporting the fraud score |
DE 61, Point-of Service [POS] Data elements |
..
| Carries detailed information about the conditions present at the point of service when a transaction takes place |
DE 22, sub-element 2, POS Terminal PIN Entry Mode |
| PIN entry capability and method used at the point of service terminal |
DE 48, sub-element 22.01, Low-Risk Merchant Indicator |
| Acquirer-declared reason code indicating the basis on which SCA was not applied or an exemption was claimed in the authorization |
DE 48, sub-element 22.02, Single Tap Indicator |
| Flag indicating whether the merchant terminal supports single-tap contactless processing |
DE 48, sub-element 22.05, Cardholder / MIT Indicator |
| Indicates whether the transaction was initiated by the cardholder in real time (CIT) or by the merchant on the cardholder's behalf without their active presence (MIT) |
Sample Card Transaction OPENLOOP_PRE_AUTH webhook payload
You can refer to the Simulate Card Transactions section to learn more on how to invoke, simulate, and test these risk parameters.
{
"consumer": {
"consumer_name": "MatchMove Demo",
"prefund_balance": "1152873.755186"
},
"debit_credit_indicator": "D",
"payment_instrument": {
"balance_type": "Non Shared Balance",
"card_brand": "Master",
"card_form_factor": "virtual",
"card_type_code": "sgmmlitmccard",
"expiry": "2025-09-30",
"initial_instrument_id": "andt6f87b21efa58218eec8a3282aff5",
"masked_number": "XXXXXXXXXXXX9237",
"status": "active",
"transaction_instrument_id": "andt6f87b21efa58218eec8a3282aff5"
},
"time_stamp": "2020-09-05 23:55:09 +0800 UTC",
"total_amount": "2.60",
"total_currency": "SGD",
"transaction": {
"additional_fee_details": [
{
"cross_border_fee": {
"platform_fee": {
"fixed_fee": "0.01",
"variable_fee": "0.07",
"sub_total": "0.08"
},
"partner_fee": {
"fixed_fee": "0.01",
"variable_fee": "0.07",
"sub_total": "0.08"
}
}
}
],
"risk_details": {
"security_services_data": [
{
"indicator": "AQV",
"insight": "000"
},
{
"indicator": "AQS",
"insight": "400"
}
],
"fraud_scoring_data": [
{
"key": "FRAUD_SCORE",
"value": "007"
},
{
"key": "FRAUD_REASON_CODE",
"value": "99"
}
]
},
"authentication": {
"3ds_version": "3DS_VERSION_2.1",
"authentication_ucaf_value": "kBMe8+nDJxvZlyVsOmLWrnAh6-35",
"ecom_authentication_indicator": 212
},
"authorization": {
"card_amount": "1.00",
"card_currency": "SGD",
"fee_amount": "1.60",
"fee_currency": "SGD",
"id": "491443MTFTEST5358351017689237",
"local_transaction_timestamp": "",
"network": "Master",
"network_reference_number": "081300932050",
"total_amount": "2.60",
"total_currency": "SGD",
"transaction_amount": "1.00",
"transaction_currency": "SGD",
"transaction_type": "Purchase",
"additional_transaction_data": {
"multi_purpose_merchant_indicator": {
"low_risk_merchant_indicator": "01",
"single_tap_indicator": "1",
"transaction_initiator": "M102"
}
}
},
"balance": {
"post_transaction": {
"available": {
"amount": "",
"currency": "SGD"
},
"categories": [
{
"amount": "",
"currency": "",
"name": ""
}
]
},
"pre_transaction": {
"available": {
"amount": "73.00",
"currency": "SGD"
},
"categories": [
{
"amount": "0.00",
"currency": "SGD",
"name": "DEFAULT"
},
{
"amount": "23.00",
"currency": "SGD",
"name": "AUTH"
},
{
"amount": "50.00",
"currency": "SGD",
"name": "AUTH1"
}
]
}
},
"merchant_details": {
"country_code": "TWN",
"institution_code": "011255",
"merchant_category_code": "0780",
"merchant_id": "SLIJKOFGKEMGGCQ",
"name": "Test Account IND",
"terminal_id": "NJKAHMQB"
},
"payment_channel": {
"pos_entry_mode": "MANUALLY_KEYED_ECOM",
"pos_pin_entry_mode": "3"
},
"transaction_fees": [
{
"amount": "1.60",
"code": "Cross Border Fee",
"currency": "SGD",
"name": "Cross Border Fee"
}
],
"transaction_message": "",
"transaction_ref": "491443MTFTEST5358351017689237",
"transaction_rules": {},
"transaction_status": "",
"verification_details": {
"address_verification_data": ""
},
"pos_data": {
"terminal_attendance": "1",
"terminal_location": "0",
"cardholder_presence": "0",
"card_presence": "1",
"card_capture_capability": "0",
"transaction_status": "4",
"transaction_security": "2",
"cat_level": "0",
"input_capability": "2",
"pos_country_code": "SGP",
"postal_code": "018989"
}
},
"user": {
"email": "john.doe@matchmove.com",
"kyc_status": "pre-kyc",
"mobile": "80808080",
"mobile_country_code": "65",
"user_hash": "66b1270bed2a005xa331e6f7ad0e3a54"
},
"webhook_event": "OPENLOOP_PRE_AUTH"
}
On this page
- Assisted card transaction risk management