# Support
source: https://developer.mastercard.com/fld-fraud-submission/documentation/supportnew/index.md

## FAQ {#faq}

The Fraud and Loss Database (FLD) is Mastercard's repository for fraudulent transactions, helping detect at-risk accounts and at-risk entities. This helps Mastercard develop fraud prevention programs, fraud trends and insights for all stakeholders. A fraud in FLD can be of two types:

* **Confirmed fraud**: An Issuer or its processor reports a transaction as fraudulent when a cardholder identifies it or the Issuer confirms it as fraud.
* **Suspected fraud**: An Issuer or Acquirer has a strong suspicion of fraud, but it cannot establish with certainty at that point in time. Issuer, Acquirer or its respective processor can report such a fraud.
An entity has the ability to perform the following operations in FLD.

* Add a new fraud record -- FDA (Fraud Data Add)
* Change an existing fraud record -- FDC (Fraud Data Change)
* Delete an existing fraud record -- FDD (Fraud Data Delete)
* Confirm a suspended record -- FDE (Fraud Data Confirm)
When an Issuer submits a fraud record, FLD tries to match it against a transaction which is already present in Mastercard systems. If it finds a successful match, FLD uses the information already available with Mastercard to build the fraud record. Mastercard defines this as a Mastercard-built fraud record. If FLD does nOt find a match, it still builds the fraud record using the information the Issuer provides. Mastercard classifies this as an Issuer-built fraud record. The goal of FLD APIs is to support all FLD operations across confirmed and suspected frauds, which will happen in a staggered manner. However, the current scope is confined to all FLD operations related to confirmed frauds by Issuers or their processors for both Mastercard and Issuer-built APIs. No. The FLD APIs are designed to support only one record per request to ensure real-time processing of fraudulent transactions. The transaction initiator generates a unique 36-character Reference ID (refId) using UUID logic and links every request and response message through it. The FLD application echoes this value in the response message. The Reference ID is always unique for a particular initiator and service combination.

1. Issuer A initiates FDA request using Reference ID as R1 -- Request is processed successfully.
2. Issuer A again initiates FDA request using Reference ID as R1 -- Request is not processed.
3. Issuer A initiates FDC request using Reference ID as R1 -- Request is processed successfully.
4. Issuer B now initiates FDA request using Reference ID as R1 -- Request is processed successfully.
The Audit Control Number (auditControlNumber) is a unique number generated by FLD application and provided in the response message for a successful fraud record submission (FDA). The request API uses this value as a reference to modify (FDC), delete (FDD), or convert a suspended (FDE) record. The FLD application does not generate this value if it does not process the FDA request. Mastercard's Customer Implementation Service (CIS) team helps you through the onboarding process for each environment. Once the connectivity is established successfully, you can start using the APIs. There are two environments where you need to get on-boarded.

* Sandbox or Mastercard Test Facility (MTF) is used for all the tests and pre-production validations.
* Production is used for commercial deployments.
FLD applies ISO 8583 standards for country and currency codes and updates them as needed. For more information, refer to the current list of ISO Country and Currency Codes in [Annexure 3](https://developer.mastercard.com/fld-fraud-submission/documentation/parameters/annexure-3/index.md). In the Production environment, you can subscribe to either minimal or complete FDA / FDC APIs according to your business need. However, it is advisable to test out all the APIs in the Sandbox environment to avoid any major development or rework at your end. Yes, that is possible, but there are exceptions.

* Operations on SMTM records can only be performed using the SMTM application.
* You can use FLD APIs to modify fraud records created in Mastercom Claim Manager, but not the other way around.
Mastercard recommends subscribing to all endpoints, but you can subscribe to specific endpoints according to your needs. Yes, you must encrypt API data for Fraud Data Add (Complete and Minimal) and change APIs.

## Get Help {#get-help}

### Contact us for technical support. {#contact-us-for-technical-support}