# Risk Management
source: https://developer.mastercard.com/mastercard-gateway/documentation/security-and-fraud/risk-management/index.md

Risk Management is a security feature that allows you to effectively mitigate fraud when processing e-commerce transactions. The Mastercard gateway currently supports risk assessment of transactions through risk service providers.

## Transaction risk management {#transaction-risk-management}

The integration path to the Risk Provider offers a preauthorization or post-authorization screening option. Select your preference when enabling your merchant for the Risk Service in the Merchant Manager Portal:

* **Partner-Managed Risk Assessment**: Payment service provider will be managing the risk assessment.
* **Merchant-Managed Risk Assessment**: Payment service provider wants to allow merchants to manage their risk assessment.
* **Standalone Risk Assessment**: Payment service provider can process risk assessment only and not financial transactions through the Mastercard gateway.

## Risk initiation {#risk-initiation}

You can choose when to send the transaction to the risk service provider for risk scoring. This is configured in your risk profile on the gateway by your payment service provider. The available options are:

* **Before transaction processing**: The risk assessment request includes relevant data elements from the transaction request, a unique transaction identifier, and a risk assessment identifier generated by the payment gateway. No AVS, CSC or other Acquirer Response data is available.
* **After transaction processing** : The risk assessment request includes relevant data elements from the transaction request, a unique transaction identifier, a risk assessment identifier generated by the payment gateway together with relevant transaction response data from the acquirer. AVS and CSC results are available for risk assessment.  

The available methods are:

* [Address Verification Service (AVS)](https://developer.mastercard.com/mastercard-gateway/documentation/security-and-fraud/risk-management/address-verification-service/index.md): AVS verifies that the billing address entered by the payer is the same as the one in the records held by the card issuer. If the addresses match, the transaction is approved. If they do not match, the transaction can be declined.

* [Device Fingerprinting](https://developer.mastercard.com/mastercard-gateway/documentation/security-and-fraud/risk-management/nudetect-risk-provider/index.md): In device fingerprinting, a device that makes a transaction can be identified using a combination of attributes provided by the device configuration and how the device is used. When a transaction is made, the system gathers information about the device, and this fingerprint can then be used to identify if a device is associated with any fraudulent activities. If any future transactions are attempted from a device that has been flagged as fraudulent, the system can alert the merchant or block the transaction entirely.

## Risk processing {#risk-processing}

Only Authorization, Pay, Verify, Refunds, and Standalone Refunds are assessed for risk. Risk assessment on other transactions such as Voids is not performed.

If risk assessment on Verify is not performed (due to the Bypass Risk flag or communications failure from the risk service provider), then the gateway allows you to risk to assess the first financial transaction received on the order following Verify unless you also opt to bypass risk on that transaction.

## Risk details {#risk-details}

When you are configured to use a risk service provider, transactions processed through the gateway will be assessed for risk, and the risk assessment result (`risk.response.gatewayCode`) will be returned in the transaction response. Orders that are flagged for review as a result of risk assessment may be reviewed to be accepted or rejected by the risk service provider. The review decision will be returned in the risk.response.review.decision field.

You can search for the order or transaction in Merchant Administration using the risk assessment result or the review decision status. The risk assessment details are displayed on the order and transaction details page.
**Risk Assessment Result API Reference** [\[REST\]](https://developer.mastercard.com/mastercard-gateway/documentation/api-reference/v100/rest/api-ops/index.md#transaction) [\[NVP\]](https://developer.mastercard.com/mastercard-gateway/documentation/api-reference/v100/nvp/api-ops/index.md#transaction)

You can choose to bypass risk assessment by providing the `risk.bypassMerchantRiskRules` field in the transaction request. The rules configured by your payment service provider will still be applied.
**Bypass Risk API Reference** [\[REST\]](https://developer.mastercard.com/mastercard-gateway/documentation/api-reference/v100/rest/api-ops/index.md#transaction) [\[NVP\]](https://developer.mastercard.com/mastercard-gateway/documentation/api-reference/v100/nvp/api-ops/index.md#transaction)
