Fingerprint configuration for Cybersource analysis
What is Fingerprint?
Fingerprint is the digital identification of the buyer's device. This identification is made up of a series of data collected on the checkout page of the website or application, such as:
- Shopper's device IP;
- Browser version;
- Operating system;
- Language and country compatibility.
Fingerprint identifies the device used per browsing session and persists for approximately 24 hours. If the page is closed and the shopper returns to the site by opening a new page, or if the application is closed and opened again, you must generate a new session and a new session ID.
Fingerprinting is important for fraud analysis because shopping cart data alone is often not enough to ensure an accurate analysis. The data collected by Fingerprinting complements the analysis and increases the security of your store.
Important
To meet the requirements of the General Data Protection Law (LGPD), include information about collecting data from the shopper's device in your e-commerce's cookie policy.
Who creates the Fingerprint?
For analyses via Cybersource, the Fingerprint is created before the fraud analysis request by Threatmetrix, the company that identifies the device.
To establish communication between your checkout page and Threatmetrix and send the shopper's data, you need to insert a Fingerprint code into your e-commerce; read more about this in How to configure Fingerprint in Cybersource?
Fingerprint flow with Cybersource
Fingerprint creation occurs separately from the fraud analysis request.
See the representation of the Fingerprint creation and fraud analysis request flow:
Fingerprint creation step
- The shopper fills in the data requested on the store's checkout page (website or app);
- The store's checkout page, already configured with the Fingerprint code, collects the shopper's data and sends it to Threatmetrix requesting device identification (Fingerprint creation);
- Threatmetrix creates a fingerprint of the shopper's device.
Fraud analysis stage
- The store sends the fraud analysis request with the
Customer.BrowserFingerprintfield to the Antifraude Gateway; - The Antifraude Gateway validates the request and requests fraud analysis from Cybersource;
- Cybersource queries the Fingerprint in Threatmetrix, performs fraud analysis and sends the recommendation (Accept/Reject/Review) to the Antifraude Gateway;
- The Antifraude Gateway returns the fraud analysis result to the store;
- The store returns the transaction status (approved or not approved) to the shopper.
Where to send the Fingerprint?
In the fraud analysis request with Cybersource, the value of the Customer.BrowserFingerprint parameter will be the ProviderIdentifier generated by the store.
Note that the value of Customer.BrowserFingerprint is not the Fingerprint itself, but rather an indication of the transaction Fingerprint (ProviderIdentifier). This indication will be used by Cybersource to query the Fingerprint in the device identification service (Threatmetrix) and thus use it to compose the fraud analysis.
Attention:
The field for sending the Fingerprint identifier is different when the fraud analysis is part of the transaction request, that is, for customers integrated with the Pagador API, Cielo E-commerce API or Split APIs. Check the
ProviderIdentifierfield for each situation:
- Cybersource fraud analysis using Payment Gateway send the
ProviderIdentifierin thePayment.FraudAnalisys.FingerPrintIdparameter;- Cybersource fraud analysis using the API E-commerce Cielo : send the
ProviderIdentifierin thePayment.FraudAnalysis.Browser.BrowserFingerprintparameter;- Cybersource Fraud Analysis for shoppers Split via Pagador API: send the
ProviderIdentifierin thePayment.FraudAnalisys.FingerPrintIdparameter;- Cybersource fraud analysis for customers Split via Cielo E-commerce API send the
ProviderIdentifierin thePayment.FraudAnalysis.Browser.BrowserFingerprintparameter.
How to configure Fingerprint in Cybersource?
Fingerprint consists of implementing a script on your checkout page (front-end), in the part where the shopper fills in the registration data.
Fingerprint configuration will be different for each type of client application (web, Android or iOS), but the variables used are the same; see the table below with the Fingerprint variables.
Fingerprint variables
The following table presents the variables for configuring Fingerprint with Threatmetrix and Cybersource.
| VARIABLE | DESCRIPTION | VALUE | FORMAT | SIZE |
|---|---|---|---|---|
org_id | Indicates the environment in Threatmetrix: Sandbox or Production. | Sandbox = 1snn5n9w Production = k8vif92e | String | 08 |
ProviderMerchantId | Identifier of your store or operation, provided by Braspag, in the format braspag_storename. Different from MerchantId. | Provided by Braspag after integration. | String | 30 |
ProviderIdentifier | Variable that you should generate to identify the session. We recommend using a GUID. This is the value that will be sent in the Customer.BrowserFingerprint field. | Custom | GUID or String, in which integer, upper or lower case letter, hyphen and "_" (underscore) are accepted. | 88 |
session_id (for web) | Concatenation of the ProviderMerchantId and ProviderIdentifier variables. The session_id value will compose the Threatmetrix URL that will be sent in the script of the web integration. | Custom | ProviderMerchantIdProviderIdentifier | 118 |
MyVariable (for mobile) | Concatenation of the ProviderMerchantId and ProviderIdentifier variables. See more details in 6. Create the session identification variable | Custom | ProviderMerchantIdProviderIdentifier | 118 |
Updated 2 days ago