Fraud Detection with BrainTree payment
Submitted by hexahow on Friday, December 27, 2013 - 10:48.
Create a new table to store the transaction value of FraudLabs Pro and BrainTree payment processing. This table will be used during the settlement, void or refund process.
Download FraudLabs Pro PHP class from http://www.fraudlabspro.com/downloads/FraudLabsPro.class.php.zip
Integrate FraudLabs Pro fraud detection logic with your BrainTree code. This code will perform a simple validation check of one credit card purchase and perform the appropriate action based on the fraud validation result.
Now, we are going to create a callback page to receive the review action, APPROVE or REJECT, performed by the merchant.
Note: You need to configure the callback URL at the FraudLabs Pro merchant area->settings page. It has to be pointed to the location where you hosted this "fraudlabspro-callback.php" file. Below is the sample code for fraudlabspro-callback.php
If there is a need to issue a refund of a settled transaction, below is the sample code of how to accomplish it.
- CREATE TABLE `fraudlabs_pro` (
- `flp_transaction_id` CHAR(15) NOT NULL,
- `flp_status` VARCHAR(10) NOT NULL,
- `braintree_transaction_id` VARCHAR(10) NOT NULL
- PRIMARY KEY (`flp_transaction_id`)
- )
- COLLATE='utf8_general_ci'
- ENGINE=MyISAM;
- // Include FraudLabs Pro library
- require_once 'PATH_TO_FRAUDLABSPRO/lib/FraudLabsPro.class.php';
- // Include BrainTree library
- require_once 'PATH_TO_BRAINTREE/lib/Braintree.php';
- // We show the example code using the SandBox environment.
- Braintree_Configuration::environment('sandbox');
- Braintree_Configuration::merchantId('use_your_merchant_id');
- Braintree_Configuration::publicKey('use_your_public_key');
- Braintree_Configuration::privateKey('use_your_private_key');
- // Create a free user account at http://www.fraudlabspro.com, if you do not have one
- $fraud = new FraudLabsPro('use_your_fraudlabspro_api_key');
- // Check this transaction for possible fraud. FraudLabs Pro support comprehensive validation check,
- // and for this example, we only perform the IP address, BIN and billing country validation.
- // For complete validation, please check our developer page at http://www.fraudlabspro.com/developer
- 'ipAddress' => $_SERVER['REMOTE_ADDR'],
- 'creditCardNumber' => $_POST['number'],
- 'billingCountry' => $_POST['country'],
- 'amount' => $_POST['amount']
- ));
- // This transaction is legitimate, let's submit to Braintree
- if($fraudResult->fraudlabspro_status == 'APPROVE'){
- // Submit for settlement
- 'amount' => $_POST['amount'],
- 'number' => $_POST['number'],
- 'cvv' => $_POST['cvv'],
- 'expirationMonth' => $_POST['month'],
- 'expirationYear' => $_POST['year']
- ),
- 'submitForSettlement' => true
- )
- ));
- if ($result->success) {
- echo("Success! Transaction ID: " . $result->transaction->id);
- } else if ($result->transaction) {
- echo("Error: " . $result->message);
- echo("<br>");
- echo("Code: " . $result->transaction->processorResponseCode);
- } else {
- echo("Validation errors:<br>");
- foreach (($result->errors->deepAll()) as $error) {
- echo("- " . $error->message . "<br>");
- }
- }
- }
- // Transaction has been rejected by FraudLabs Pro based on your custom validation rules.
- elseif($fraudResult->fraudlabspro_status == 'REJECT'){
- /*
- Do something here, try contact the customer for verification
- */
- }
- // Transaction is marked for a manual review by FraudLabs Pro based on your custom validation rules.
- elseif($fraudResult->fraudlabspro_status == 'REVIEW'){
- // Authorize this order with BrainTree, but no settlement
- 'amount' => $_POST['amount'],
- 'number' => $_POST['number'],
- 'cvv' => $_POST['cvv'],
- 'expirationMonth' => $_POST['month'],
- 'expirationYear' => $_POST['year']
- ),
- 'submitForSettlement' => false
- )
- ));
- if ($result->success) {
- echo("Success! Transaction ID: " . $result->transaction->id);
- try{
- // Initial MySQL connection
- $db = new PDO('mysql:host=your_database_host;dbname=your_database_name;charset=utf8', 'your_database_user', 'your_database_password');
- $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
- // Store the transaction information for decision making
- $st = $db->prepare('INSERT INTO `fraudlabs_pro` VALUES (:flpId, :flpStatus, :braintreeId)');
- ':flpId'=>$fraudResult->fraudlabspro_id,
- ':flpStatus'=>$fraudResult->fraudlabspro_status,
- ':braintreeId'=>$result->transaction->id
- ));
- }
- catch(PDOException $e){
- // MySQL error
- }
- } else if ($result->transaction) {
- echo("Error: " . $result->message);
- echo("<br>");
- echo("Code: " . $result->transaction->processorResponseCode);
- } else {
- echo("Validation errors:<br>");
- foreach (($result->errors->deepAll()) as $error) {
- echo("- " . $error->message . "<br>");
- }
- }
- }
- try{
- // Initial MySQL connection
- $db = new PDO('mysql:host=your_database_host;dbname=your_database_name;charset=utf8', 'your_database_user', 'your_database_password');
- $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
- // Get the BrainTree Transaction ID
- $st = $db->prepare('SELECT * FROM `fraudlabs_pro` WHERE `flp_transaction_id`=:flpId AND `flp_status`=\'REVIEW\'');
- ':flpId'=>$id
- ));
- if($st->rowCount() == 1){
- $row = $st->fetch(PDO::FETCH_ASSOC);
- require_once 'PATH_TO_BRAINTREE/lib/Braintree.php';
- Braintree_Configuration::environment('sandbox');
- Braintree_Configuration::merchantId('use_your_merchant_id');
- Braintree_Configuration::publicKey('use_your_public_key');
- Braintree_Configuration::privateKey('use_your_private_key');
- if($action == 'REJECT'){
- // Merchant rejected the order. Void the transaction in Braintree
- Braintree_Transaction::void($row['braintree_transaction_id']);
- }
- else{
- // Merchant approved the order. Submit for settlement
- Braintree_Transaction::submitForSettlement($row['braintree_transaction_id']);
- }
- // Update database
- $st = $db->prepare('UPDATE `fraudlabs_pro` SET `flp_status`=:action WHERE `flp_transaction_id`=:flpId');
- ':flpId'=>$id,
- ':action'=>$action
- ));
- }
- }
- catch(PDOException $e){
- // MySQL error
- }
- }
- try{
- // Initial MySQL connection
- $db = new PDO('mysql:host=your_database_host;dbname=your_database_name;charset=utf8', 'your_database_user', 'your_database_password');
- $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
- // Get the BrainTree transaction ID based on the FraudLabs Pro ID
- $st = $db->prepare('SELECT * FROM `fraudlabs_pro` WHERE `flp_transaction_id`=:flpId');
- ':flpId'=>$_POST['flpId']
- ));
- if($st->rowCount() == 1){
- $row = $st->fetch(PDO::FETCH_ASSOC);
- require_once 'PATH_TO_BRAINTREE/lib/Braintree.php';
- Braintree_Configuration::environment('sandbox');
- Braintree_Configuration::merchantId('use_your_merchant_id');
- Braintree_Configuration::publicKey('use_your_public_key');
- Braintree_Configuration::privateKey('use_your_private_key');
- // Issue the refund
- $result = Braintree_Transaction::refund($row['braintree_transaction_id']);
- // Update database
- $st = $db->prepare('UPDATE `fraudlabs_pro` SET `flp_status`=\'REFUNDED\' WHERE `flp_transaction_id`=:flpId');
- ':flpId'=>$_POST['flpId']
- ));
- }
- }
- catch(PDOException $e){
- // MySQL error
- }
Add new comment
- 280 views