# Mastercard Processing Fraud APIs source: https://developer.mastercard.com/mastercard-processing-fraud/documentation/index.md ## Overview {#overview} Mastercard Processing offers a Fraud and Risk Management product designed to provide a layered approach for the following: * Detecting and preventing fraud patterns. * Managing fraud losses and compliance needs. It is a modular solution that can be adjusted to your needs. You can select from a wide range of Fraud and Risk products and services to define your strategy. The services are complementary, and when combined, they greatly enhance fraud detection performance. The main part of the Fraud and Risk Management solution is the risk rule engine that is fully integrated with our Card Management System, which makes it capable of covering all your products configured in our system. Risk rules engine allows you to define risk policy on the following levels during the onboarding process: * **Portfolio**: Risk rules cover all cards issued for you. * **Product**: (BIN or BIN range) Different risk rules are defined for different products, for example, debit cards versus credit cards. * **PAN**: Risk rules set on a specific card number, for example, risk rule to disable magnetic stripe transactions on a compromised-suspected card. With the Mastercard Processing Fraud API, you can later manage risk rules on the PAN level in real time. Risk rules configured on the portfolio or product level can be managed through the Mastercard Processing operational support. ## Glossary and Conventions {#glossary-and-conventions} ### Glossary {#glossary} The glossary explains the various terms and definitions, and the acronyms used throughout this documentation. | **Term** | **Definition** | |-------------|--------------------------------------------------------------------------------------------------------------------------------------------------------| | API | Application Programming Interface | | Cardholder | An individual who is the card user is usually also the card owner. | | CBS | The core banking system is the issuer's server. | | CMS | Card Management System | | Issuer | The institution, bank, or fintech that issues a card. | | JSON | JavaScript Object Notation | | JWE | JSON Web Encryption | | MP | Mastercard Processing is a processor. | | operationId | It is a unique name for a particular API operation. It is usually in the form of text expressing the name of an operation (for example, `createCard`). | | OAS | The OpenAPI Specification is the documentation of an API constructed by the Open API 3.0 standard. | | Processor | It is a company providing services for issuers related to card issuance, card management, and processing transactions. | ### Formatting Conventions {#formatting-conventions} We use plain text names for our system objects (for example, account contract). For technical descriptions, we frame words in adherence to the OpenAPI Specification (OAS) naming conventions. Framed words can refer to: * API objects: `Client` * Field names required in API requests: `riskRuleType`. * Defined values you put into API requests or receive in API responses: `Risk Rule`. Some examples of non-predefined values are in plain text (for example, 'Smith'). * API methods and operationIds: `PUT`, `getRiskControls`. * Actors: issuer, processor, payment network, personalization bureau, and cardholder are in lower-case letters. ### REST Naming Conventions {#rest-naming-conventions} | **Term** | **Definition** | |-------------|----------------------------------------------------------------------------------------------------------| | method | An HTTP request method, such as `POST`, `GET`, `PUT`, or `PATCH`. | | operation | A specific procedure that is invoked on an object using a method. | | endpoint | A path or address that the API exposes for your requests. A single path can support multiple operations. | | operationId | A unique name used to identify a specific operation (for example, `reissueCard`). | The Mastercard Processing Fraud API specification uses the following case format: | Term | Case | Example | |------------------|------------|--------------------| | Property names | camelCase | riskControlType | | Path parameters | snake_case | client_id | | Query parameters | snake_case | risk_control_codes | | Path segments | kebab-case | /risk-controls | ## How It Works {#how-it-works} The Mastercard Processing Fraud and Risk Management solution provides the following modules: * Real-Time Fraud Detection and Prevention (**Fraud Rules Engine**): It is a set of rules applied in CMS, active during processing transactions. During onboarding, you choose which rules are going to be implemented and which parameters for them are going to be active with specified parameter values. While defining each risk rule, the issuer may choose its parameters from a wide range of authorization or transaction values. Risk rules can be based on each card operation parameter, such as: * Transaction type * Date and time * Geographical area * Acquirer and Merchant data * Cryptography data validation results * In addition, the Mastercard Decision Intelligence score available in the authorization message can be used as a decision parameter for risk rules. Every single transaction is checked against defined risk rules. In addition, risk rules can be applied to transactions that have already been processed (offline). It allows you to monitor suspicious transactions in real time and analyze risk in offline mode. * Real-Time Transaction Scoring and Decisioning (**Decision Intelligence**): It is the Mastercard scheme service that calculates the transaction risk score and adds it to an authorization request. Rules set during onboarding will define how the score will be used while processing transactions. * Real-Time Fraud Alerts and Notifications (Web Service \> SMS / PUSH): It is the Mastercard Processing notification service. In cases when a transaction violates rules, you receive alerts. * Fraud-Related Reporting Services (F\&LD(Mastercard)/FRS(Visa), AMS/EF): It is the Mastercard Processing service. On your behalf, Mastercard Processing reports fraudulent transactions to payment network databases, such as Mastercard's Fraud and Loss database. These repositories consolidate the fraud information to enhance the detection of fraud patterns and reduce losses due to fraud. * Risk Management module: It is a part of our CMS GUI called Workbench. This module enables risk rules management on a card level and fraud cases management. ![](https://static.developer.mastercard.com/content/mastercard-processing-fraud/uploads/how-it-works.png) The Mastercard Processing Fraud API and Workbench Risk Management module are alternative ways of communication with the CMS. The Risk Management module has more possibilities as it enables rules management on a card level and fraud case management. In contrast, the Fraud API is designed only for rules management on a card level and for reporting purposes. In both cases, alerts and notifications are supported. The Risk Management module and Fraud API can be used simultaneously, and both support alerts and notifications. The following operations on predefined risk controls are available: * Update risk control parameters. * Switch on or off risk control. * Retrieve risk controls' parameters and current usage. * Reset risk control counters. * Restore risk control original values. The Mastercard Processing Fraud API can be used to: * Improve cardholder's experience when a transaction is declined due to suspected fraud events generated based on risk rules. * Create a backend feature in your CBS, allowing real-time risk control management without the need to access the Workbench tool. ## Next Steps {#next-steps} * Review the [Quick Start Guide](https://developer.mastercard.com/platform/documentation/getting-started-with-mastercard-apis/quick-start-guide/) to learn how to use the Mastercard Developers platform. * See [API Basics](https://developer.mastercard.com/mastercard-processing-fraud/documentation/api-basics-section/index.md) to learn more about authentication and encryption. * See the [Tutorials](https://developer.mastercard.com/mastercard-processing-fraud/documentation/tutorials-and-guides/index.md) to learn how to get access to the API or build an end-to-end API application. * Review the [Use Cases](https://developer.mastercard.com/mastercard-processing-fraud/documentation/use-cases/index.md), their implementations, and sequence diagrams. * Use the [API Reference](https://developer.mastercard.com/mastercard-processing-fraud/documentation/api-reference/index.md) to review the OpenAPI Specification and execute each API endpoint. * Review the [Error Codes](https://developer.mastercard.com/mastercard-processing-fraud/documentation/code-and-formats/index.md) and the formats that we use. * Review [Support](https://developer.mastercard.com/mastercard-processing-fraud/documentation/support/index.md) to find answers to questions and get technical support.