Fraud Detection with BrainTree payment

Submitted by hexahow on Friday, December 27, 2013 - 10:48.
Create a new table to store the transaction value of FraudLabs Pro and BrainTree payment processing. This table will be used during the settlement, void or refund process. 
  1. CREATE TABLE `fraudlabs_pro` (
  2.     `flp_transaction_id` CHAR(15) NOT NULL,
  3.     `flp_status` VARCHAR(10) NOT NULL,
  4.     `braintree_transaction_id` VARCHAR(10) NOT NULL
  5.     PRIMARY KEY (`flp_transaction_id`)
  6. )
  7. COLLATE='utf8_general_ci'
  8. ENGINE=MyISAM;
Download FraudLabs Pro PHP class from http://www.fraudlabspro.com/downloads/FraudLabsPro.class.php.zip Integrate FraudLabs Pro fraud detection logic with your BrainTree code. This code will perform a simple validation check of one credit card purchase and perform the appropriate action based on the fraud validation result. 
  1. // Include FraudLabs Pro library
  2. require_once 'PATH_TO_FRAUDLABSPRO/lib/FraudLabsPro.class.php';
  3.  
  4. // Include BrainTree library
  5. require_once 'PATH_TO_BRAINTREE/lib/Braintree.php';
  6.  
  7. // We show the example code using the SandBox environment.              
  8. Braintree_Configuration::environment('sandbox');
  9. Braintree_Configuration::merchantId('use_your_merchant_id');
  10. Braintree_Configuration::publicKey('use_your_public_key');
  11. Braintree_Configuration::privateKey('use_your_private_key');
  12.  
  13. // Create a free user account at http://www.fraudlabspro.com, if you do not have one
  14. $fraud = new FraudLabsPro('use_your_fraudlabspro_api_key');
  15.  
  16. // Check this transaction for possible fraud. FraudLabs Pro support comprehensive validation check, 
  17. // and for this example, we only perform the IP address, BIN and billing country validation.
  18. // For complete validation, please check our developer page at http://www.fraudlabspro.com/developer
  19. $fraudResult = $fraud->check(array(
  20.     'ipAddress' => $_SERVER['REMOTE_ADDR'],
  21.     'creditCardNumber' => $_POST['number'],
  22.     'billingCountry' => $_POST['country'],
  23.     'amount' => $_POST['amount']
  24. ));
  25.  
  26. // This transaction is legitimate, let's submit to Braintree
  27. if($fraudResult->fraudlabspro_status == 'APPROVE'){
  28.     // Submit for settlement
  29.     $result = Braintree_Transaction::sale(array(
  30.         'amount' => $_POST['amount'],
  31.         'creditCard' => array(
  32.             'number' => $_POST['number'],
  33.             'cvv' => $_POST['cvv'],
  34.             'expirationMonth' => $_POST['month'],
  35.             'expirationYear' => $_POST['year']
  36.         ),
  37.         'options' => array(
  38.             'submitForSettlement' => true
  39.         )
  40.     ));
  41.  
  42.     if ($result->success) {
  43.         echo("Success! Transaction ID: " . $result->transaction->id);
  44.     } else if ($result->transaction) {
  45.         echo("Error: " . $result->message);
  46.         echo("<br>");
  47.         echo("Code: " . $result->transaction->processorResponseCode);
  48.     } else {
  49.         echo("Validation errors:<br>");
  50.         foreach (($result->errors->deepAll()) as $error) {
  51.             echo("- " . $error->message . "<br>");
  52.         }
  53.     }
  54. }
  55.  
  56. // Transaction has been rejected by FraudLabs Pro based on your custom validation rules.
  57. elseif($fraudResult->fraudlabspro_status == 'REJECT'){
  58.     /*
  59.     Do something here, try contact the customer for verification
  60.     */
  61. }
  62.  
  63. // Transaction is marked for a manual review by FraudLabs Pro based on your custom validation rules.
  64. elseif($fraudResult->fraudlabspro_status == 'REVIEW'){
  65.     // Authorize this order with BrainTree, but no settlement
  66.     $result = Braintree_Transaction::sale(array(
  67.         'amount' => $_POST['amount'],
  68.         'creditCard' => array(
  69.             'number' => $_POST['number'],
  70.             'cvv' => $_POST['cvv'],
  71.             'expirationMonth' => $_POST['month'],
  72.             'expirationYear' => $_POST['year']
  73.         ),
  74.         'options' => array(
  75.             'submitForSettlement' => false
  76.         )
  77.     ));
  78.  
  79.     if ($result->success) {
  80.         echo("Success! Transaction ID: " . $result->transaction->id);
  81.  
  82.         try{
  83.             // Initial MySQL connection
  84.             $db = new PDO('mysql:host=your_database_host;dbname=your_database_name;charset=utf8', 'your_database_user', 'your_database_password');
  85.             $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  86.  
  87.             // Store the transaction information for decision making
  88.             $st = $db->prepare('INSERT INTO `fraudlabs_pro` VALUES (:flpId, :flpStatus, :braintreeId)');
  89.             $st->execute(array(
  90.                 ':flpId'=>$fraudResult->fraudlabspro_id,
  91.                 ':flpStatus'=>$fraudResult->fraudlabspro_status,
  92.                 ':braintreeId'=>$result->transaction->id
  93.             ));
  94.         }
  95.         catch(PDOException $e){
  96.             // MySQL error
  97.             die($e->getFile() . ':' . $e->getLine() . ' ' . $e->getMessage());
  98.         }
  99.     } else if ($result->transaction) {
  100.         echo("Error: " . $result->message);
  101.         echo("<br>");
  102.         echo("Code: " . $result->transaction->processorResponseCode);
  103.     } else {
  104.         echo("Validation errors:<br>");
  105.         foreach (($result->errors->deepAll()) as $error) {
  106.             echo("- " . $error->message . "<br>");
  107.         }
  108.     }
  109. }
Now, we are going to create a callback page to receive the review action, APPROVE or REJECT, performed by the merchant. Note: You need to configure the callback URL at the FraudLabs Pro merchant area->settings page. It has to be pointed to the location where you hosted this "fraudlabspro-callback.php" file. Below is the sample code for fraudlabspro-callback.php 
  1. $id = (isset($_POST['id'])) ? $_POST['id'] : '';
  2. $action = (isset($_POST['action'])) ? $_POST['action'] : '';
  3.  
  4. if($id && in_array($action, array('APPROVE', 'REJECT'))){
  5.     try{
  6.         // Initial MySQL connection
  7.         $db = new PDO('mysql:host=your_database_host;dbname=your_database_name;charset=utf8', 'your_database_user', 'your_database_password');
  8.         $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  9.  
  10.         // Get the BrainTree Transaction ID
  11.         $st = $db->prepare('SELECT * FROM `fraudlabs_pro` WHERE `flp_transaction_id`=:flpId AND `flp_status`=\'REVIEW\'');
  12.         $st->execute(array(
  13.             ':flpId'=>$id
  14.         ));
  15.  
  16.         if($st->rowCount() == 1){
  17.             $row = $st->fetch(PDO::FETCH_ASSOC);
  18.  
  19.             require_once 'PATH_TO_BRAINTREE/lib/Braintree.php';
  20.  
  21.             Braintree_Configuration::environment('sandbox');
  22.             Braintree_Configuration::merchantId('use_your_merchant_id');
  23.             Braintree_Configuration::publicKey('use_your_public_key');
  24.             Braintree_Configuration::privateKey('use_your_private_key');
  25.  
  26.             if($action == 'REJECT'){
  27.                 // Merchant rejected the order. Void the transaction in Braintree
  28.                 Braintree_Transaction::void($row['braintree_transaction_id']);
  29.             }
  30.             else{
  31.                 // Merchant approved the order. Submit for settlement
  32.                 Braintree_Transaction::submitForSettlement($row['braintree_transaction_id']);
  33.             }
  34.  
  35.             // Update database
  36.             $st = $db->prepare('UPDATE `fraudlabs_pro` SET `flp_status`=:action WHERE `flp_transaction_id`=:flpId');
  37.             $st->execute(array(
  38.                 ':flpId'=>$id,
  39.                 ':action'=>$action
  40.             ));
  41.         }
  42.     }
  43.     catch(PDOException $e){
  44.         // MySQL error
  45.         die($e->getFile() . ':' . $e->getLine() . ' ' . $e->getMessage());
  46.     }
  47. }
If there is a need to issue a refund of a settled transaction, below is the sample code of how to accomplish it. 
  1. try{
  2.     // Initial MySQL connection
  3.     $db = new PDO('mysql:host=your_database_host;dbname=your_database_name;charset=utf8', 'your_database_user', 'your_database_password');
  4.     $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  5.  
  6.     // Get the BrainTree transaction ID based on the FraudLabs Pro ID
  7.     $st = $db->prepare('SELECT * FROM `fraudlabs_pro` WHERE `flp_transaction_id`=:flpId');
  8.     $st->execute(array(
  9.         ':flpId'=>$_POST['flpId']
  10.     ));
  11.  
  12.     if($st->rowCount() == 1){
  13.         $row = $st->fetch(PDO::FETCH_ASSOC);
  14.  
  15.         require_once 'PATH_TO_BRAINTREE/lib/Braintree.php';
  16.  
  17.         Braintree_Configuration::environment('sandbox');
  18.         Braintree_Configuration::merchantId('use_your_merchant_id');
  19.         Braintree_Configuration::publicKey('use_your_public_key');
  20.         Braintree_Configuration::privateKey('use_your_private_key');
  21.  
  22.         // Issue the refund
  23.         $result = Braintree_Transaction::refund($row['braintree_transaction_id']);
  24.  
  25.         // Update database
  26.         $st = $db->prepare('UPDATE `fraudlabs_pro` SET `flp_status`=\'REFUNDED\' WHERE `flp_transaction_id`=:flpId');
  27.         $st->execute(array(
  28.             ':flpId'=>$_POST['flpId']
  29.         ));
  30.     }
  31. }
  32. catch(PDOException $e){
  33.     // MySQL error
  34.     die($e->getFile() . ':' . $e->getLine() . ' ' . $e->getMessage());
  35. }

Tags

Add new comment

About text formats
  • 259 views