Fraud Detection with BrainTree payment

Submitted by: 
Language: 
Visitors have accessed this post 1637 times.

Create a new table to store the transaction value of FraudLabs Pro and BrainTree payment processing. This table will be used during the settlement, void or refund process.

  1. CREATE TABLE `fraudlabs_pro` (
  2. `flp_transaction_id` CHAR(15) NOT NULL,
  3. `flp_status` VARCHAR(10) NOT NULL,
  4. `braintree_transaction_id` VARCHAR(10) NOT NULL
  5. PRIMARY KEY (`flp_transaction_id`)
  6. )
  7. COLLATE='utf8_general_ci'
  8. ENGINE=MyISAM;

Download FraudLabs Pro PHP class from http://www.fraudlabspro.com/downloads/FraudLabsPro.class.php.zip

Integrate FraudLabs Pro fraud detection logic with your BrainTree code. This code will perform a simple validation check of one credit card purchase and perform the appropriate action based on the fraud validation result.

  1. // Include FraudLabs Pro library
  2. require_once 'PATH_TO_FRAUDLABSPRO/lib/FraudLabsPro.class.php';
  3.  
  4. // Include BrainTree library
  5. require_once 'PATH_TO_BRAINTREE/lib/Braintree.php';
  6.  
  7. // We show the example code using the SandBox environment.
  8. Braintree_Configuration::environment('sandbox');
  9. Braintree_Configuration::merchantId('use_your_merchant_id');
  10. Braintree_Configuration::publicKey('use_your_public_key');
  11. Braintree_Configuration::privateKey('use_your_private_key');
  12.  
  13. // Create a free user account at <a href="http://www.fraudlabspro.com" rel="nofollow">http://www.fraudlabspro.com</a>, if you do not have one
  14. $fraud = new FraudLabsPro('use_your_fraudlabspro_api_key');
  15.  
  16. // Check this transaction for possible fraud. FraudLabs Pro support comprehensive validation check,
  17. // and for this example, we only perform the IP address, BIN and billing country validation.
  18. // For complete validation, please check our developer page at <a href="http://www.fraudlabspro.com/developer
  19. " rel="nofollow">http://www.fraudlabspro.com/developer
  20. </a>$fraudResult = $fraud->check(array(
  21. 'ipAddress' => $_SERVER['REMOTE_ADDR'],
  22. 'creditCardNumber' => $_POST['number'],
  23. 'billingCountry' => $_POST['country'],
  24. 'amount' => $_POST['amount']
  25. ));
  26.  
  27. // This transaction is legitimate, let's submit to Braintree
  28. if($fraudResult->fraudlabspro_status == 'APPROVE'){
  29. // Submit for settlement
  30. $result = Braintree_Transaction::sale(array(
  31. 'amount' => $_POST['amount'],
  32. 'creditCard' => array(
  33. 'number' => $_POST['number'],
  34. 'cvv' => $_POST['cvv'],
  35. 'expirationMonth' => $_POST['month'],
  36. 'expirationYear' => $_POST['year']
  37. ),
  38. 'options' => array(
  39. 'submitForSettlement' => true
  40. )
  41. ));
  42.  
  43. if ($result->success) {
  44. echo("Success! Transaction ID: " . $result->transaction->id);
  45. } else if ($result->transaction) {
  46. echo("Error: " . $result->message);
  47. echo("<br>");
  48. echo("Code: " . $result->transaction->processorResponseCode);
  49. } else {
  50. echo("Validation errors:<br>");
  51. foreach (($result->errors->deepAll()) as $error) {
  52. echo("- " . $error->message . "<br>");
  53. }
  54. }
  55. }
  56.  
  57. // Transaction has been rejected by FraudLabs Pro based on your custom validation rules.
  58. elseif($fraudResult->fraudlabspro_status == 'REJECT'){
  59. /*
  60. Do something here, try contact the customer for verification
  61. */
  62. }
  63.  
  64. // Transaction is marked for a manual review by FraudLabs Pro based on your custom validation rules.
  65. elseif($fraudResult->fraudlabspro_status == 'REVIEW'){
  66. // Authorize this order with BrainTree, but no settlement
  67. $result = Braintree_Transaction::sale(array(
  68. 'amount' => $_POST['amount'],
  69. 'creditCard' => array(
  70. 'number' => $_POST['number'],
  71. 'cvv' => $_POST['cvv'],
  72. 'expirationMonth' => $_POST['month'],
  73. 'expirationYear' => $_POST['year']
  74. ),
  75. 'options' => array(
  76. 'submitForSettlement' => false
  77. )
  78. ));
  79.  
  80. if ($result->success) {
  81. echo("Success! Transaction ID: " . $result->transaction->id);
  82.  
  83. try{
  84. // Initial MySQL connection
  85. $db = new PDO('mysql:host=your_database_host;dbname=your_database_name;charset=utf8', 'your_database_user', 'your_database_password');
  86. $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  87.  
  88. // Store the transaction information for decision making
  89. $st = $db->prepare('INSERT INTO `fraudlabs_pro` VALUES (:flpId, :flpStatus, :braintreeId)');
  90. $st->execute(array(
  91. ':flpId'=>$fraudResult->fraudlabspro_id,
  92. ':flpStatus'=>$fraudResult->fraudlabspro_status,
  93. ':braintreeId'=>$result->transaction->id
  94. ));
  95. }
  96. catch(PDOException $e){
  97. // MySQL error
  98. die($e->getFile() . ':' . $e->getLine() . ' ' . $e->getMessage());
  99. }
  100. } else if ($result->transaction) {
  101. echo("Error: " . $result->message);
  102. echo("<br>");
  103. echo("Code: " . $result->transaction->processorResponseCode);
  104. } else {
  105. echo("Validation errors:<br>");
  106. foreach (($result->errors->deepAll()) as $error) {
  107. echo("- " . $error->message . "<br>");
  108. }
  109. }
  110. }

Now, we are going to create a callback page to receive the review action, APPROVE or REJECT, performed by the merchant.

Note: You need to configure the callback URL at the FraudLabs Pro merchant area->settings page. It has to be pointed to the location where you hosted this "fraudlabspro-callback.php" file. Below is the sample code for fraudlabspro-callback.php

  1. $id = (isset($_POST['id'])) ? $_POST['id'] : '';
  2. $action = (isset($_POST['action'])) ? $_POST['action'] : '';
  3.  
  4. if($id && in_array($action, array('APPROVE', 'REJECT'))){
  5. try{
  6. // Initial MySQL connection
  7. $db = new PDO('mysql:host=your_database_host;dbname=your_database_name;charset=utf8', 'your_database_user', 'your_database_password');
  8. $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  9.  
  10. // Get the BrainTree Transaction ID
  11. $st = $db->prepare('SELECT * FROM `fraudlabs_pro` WHERE `flp_transaction_id`=:flpId AND `flp_status`=\'REVIEW\'');
  12. $st->execute(array(
  13. ':flpId'=>$id
  14. ));
  15.  
  16. if($st->rowCount() == 1){
  17. $row = $st->fetch(PDO::FETCH_ASSOC);
  18.  
  19. require_once 'PATH_TO_BRAINTREE/lib/Braintree.php';
  20.  
  21. Braintree_Configuration::environment('sandbox');
  22. Braintree_Configuration::merchantId('use_your_merchant_id');
  23. Braintree_Configuration::publicKey('use_your_public_key');
  24. Braintree_Configuration::privateKey('use_your_private_key');
  25.  
  26. if($action == 'REJECT'){
  27. // Merchant rejected the order. Void the transaction in Braintree
  28. Braintree_Transaction::void($row['braintree_transaction_id']);
  29. }
  30. else{
  31. // Merchant approved the order. Submit for settlement
  32. Braintree_Transaction::submitForSettlement($row['braintree_transaction_id']);
  33. }
  34.  
  35. // Update database
  36. $st = $db->prepare('UPDATE `fraudlabs_pro` SET `flp_status`=:action WHERE `flp_transaction_id`=:flpId');
  37. $st->execute(array(
  38. ':flpId'=>$id,
  39. ':action'=>$action
  40. ));
  41. }
  42. }
  43. catch(PDOException $e){
  44. // MySQL error
  45. die($e->getFile() . ':' . $e->getLine() . ' ' . $e->getMessage());
  46. }
  47. }

If there is a need to issue a refund of a settled transaction, below is the sample code of how to accomplish it.

  1. try{
  2. // Initial MySQL connection
  3. $db = new PDO('mysql:host=your_database_host;dbname=your_database_name;charset=utf8', 'your_database_user', 'your_database_password');
  4. $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  5.  
  6. // Get the BrainTree transaction ID based on the FraudLabs Pro ID
  7. $st = $db->prepare('SELECT * FROM `fraudlabs_pro` WHERE `flp_transaction_id`=:flpId');
  8. $st->execute(array(
  9. ':flpId'=>$_POST['flpId']
  10. ));
  11.  
  12. if($st->rowCount() == 1){
  13. $row = $st->fetch(PDO::FETCH_ASSOC);
  14.  
  15. require_once 'PATH_TO_BRAINTREE/lib/Braintree.php';
  16.  
  17. Braintree_Configuration::environment('sandbox');
  18. Braintree_Configuration::merchantId('use_your_merchant_id');
  19. Braintree_Configuration::publicKey('use_your_public_key');
  20. Braintree_Configuration::privateKey('use_your_private_key');
  21.  
  22. // Issue the refund
  23. $result = Braintree_Transaction::refund($row['braintree_transaction_id']);
  24.  
  25. // Update database
  26. $st = $db->prepare('UPDATE `fraudlabs_pro` SET `flp_status`=\'REFUNDED\' WHERE `flp_transaction_id`=:flpId');
  27. $st->execute(array(
  28. ':flpId'=>$_POST['flpId']
  29. ));
  30. }
  31. }
  32. catch(PDOException $e){
  33. // MySQL error
  34. die($e->getFile() . ':' . $e->getLine() . ' ' . $e->getMessage());
  35. }

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • You may insert videos with [video:URL]
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <th> <img> <h1> <h2> <h3> <iframe> [video]
  • You can enable syntax highlighting of source code with the following tags: <code>, <blockcode>, <asp>, <c>, <cpp>, <csharp>, <css>, <html4strict>, <java>, <javascript>, <mysql>, <php>, <python>, <sql>, <vb>, <vbnet>. The supported tag styles are: <foo>, [foo].
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.