Invoking the Risk Inquiry Service

Pre-authorization and post-authorization are the two methods for invoking Risk Inquiry Service. Each unique method requires a different flow for implementation.

Pre-Authorization Method

A query is sent to Kount before attempting an authorization from the payment gateway during the pre-authorization method.

  • Allows you to avoid processing fees on orders you set to decline.

  • All credit card information can be sent to Kount.

  • You must make an update to Risk Inquiry Service call, MODE=U, to update order number and status of payment authorization, including AUTH, AVST, AVSZ, and CVVR data provided by payment gateway. For pre-authorization queries, the MACK=Y and AUTH=A fields are hardcoded until the MODE=U update call is made to update the appropriate MACK and AUTH values.

  • Consider the costs. You pay for inquiries to Kount even for AUTH=D orders. Orders that are declined by a business rule are never sent to the Payment Processor, alleviating extra payment processor fees.

    RIS_Preauthorization_Diagram.svg

Post-Authorization Method

A query is sent to Kount after the payment gateway is contacted during the post-authorization method.

  • All payment gateway information is passed to Kount (Authorization, AVS, CVV), allowing rules to be created regarding AVS and CVV data.

  • Some payment gateways do not pass credit card data once they have received it. This will prevent any linking on Payment Token across the Kount Network.

  • Single Risk Inquiry Service query. No update is necessary.

  • Consider the costs. You pay for inquiries to the payment processor even for AUTH=D orders. Only AUTH=A orders are posted in Kount.

    RIS_Post-authorization_Diagram.svg

Method Considerations

You might not be able to choose the method of invoking the Risk Inquiry Service if you are using a plugin, cartridge, or extension. You must ensure there is not a platform or internal constraint that will determine how this occurs. Extensive testing in the test environment is needed if you do not know your internal configuration.

Note

Command certificates are signed by Let's Encrypt. You must add Let's Encrypt to your list of trusted certificate authorities. The Let's Encrypt root certificate is available to download to add to your list. Instructions to install the certificate are available on the Ubuntu support site.

Was this article helpful?
1 out of 2 found this helpful