🛡️ Anti-Fraud & Device Fingerprint
Production-ready guidance for merchants integrating A55’s risk signals and device fingerprint to increase approval rates and reduce fraud.
🚀 Overview
A55’s Anti-Fraud layer enriches each payment with behavioral and contextual data, allowing precise risk evaluation before authorization or 3DS.
By sending both device_info and antifraud_info, merchants enable smarter scoring — fewer false declines, lower chargebacks, and a frictionless checkout.
⚙️ 1. How Our Risk Engine Works
Our system evaluates each charge using five core dimensions:
| Category | Description |
|---|---|
| Device signals | Browser, IP, session, fingerprint, screen data |
| Behavioral rules | Retries, rapid value changes, multi-card patterns |
| Payment attributes | BIN, amount, currency, installment count, MCC |
| Customer metadata | Email, phone, address consistency |
| Historical reputation | Prior disputes, allow/deny lists |
Possible outcomes:
risk_approved→ proceeds to authorization (and 3DS if configured)risk_challenge→ triggers extra verification (e.g., 3DS challenge)risk_declined→ blocked before authorization
Goal: Reduce issuer declines and chargebacks while preserving a smooth checkout experience.
🧠 2. Why antifraud_info Matters
antifraud_info MattersThe antifraud_info block provides behavioral and historical context about the buyer and their relationship with the merchant.
This data empowers our models to differentiate trusted customers from high-risk profiles, resulting in:
- ⚡ Higher approval rates for legitimate users
- 🚫 Fewer chargebacks and fraud attempts
- 🤝 Smarter 3DS routing (only when needed)
Recommended Fields
| Field | Description | Example |
|---|---|---|
sales_channel | Purchase origin (web, app, etc.) | "web" |
cardholder_logged_in | Whether the user was logged in | true |
cardholder_since_days | Days since account creation | 365 |
days_since_first_purchase_cardholder | Days since first purchase | 120 |
days_since_last_purchase_cardholder | Days since last purchase | 30 |
card_replacement_count | Number of card changes | 1 |
profile_update_days_count | Days since profile update | 45 |
profile_data_changed | Whether critical data changed | 0 |
profile_field_changed | Flag for field change (email, password, tax_id , other .) | "email" |
purchase_history | Total number of past purchases | 8 |
merchant_customer_since_days | Relationship with merchant (days) | 720 |
days_since_first_purchase_merchant | Days since first merchant purchase | 700 |
days_since_last_purchase_merchant | Days since last merchant purchase | 5 |
Tip: Even partial antifraud_info greatly improves accuracy — send what you have!
🔍 Device Fingerprint Capture with A55Pay SDK
You can automatically capture the device fingerprint using the A55Pay SDK.
This fingerprint helps enhance fraud detection and improve 3DS approval rates.
1. Include the SDK Script
Add the following <script> tag to your checkout page before your main script:
<script src="https://cdn.jsdelivr.net/npm/a55pay-sdk"></script>2. Capture the Device Fingerprint
Once the page loads, the SDK will automatically generate a unique device_id.
You can log it, store it temporarily, or attach it to your payment payload.
Example:
<script>
// Automatically display the device_id when the page loads
window.addEventListener('load', function() {
setTimeout(function() {
const deviceId = A55Pay.getDeviceId(); // Example: db2c5ad0-6fe6-4821-baec-0d9e67cdab5d
console.log('🚀 SDK Loaded! Device ID automatically generated:', deviceId);
}, 1000); // Wait 1 second to ensure the SDK is fully loaded
});
</script>3. Sending the Fingerprint in the Charge Payload
When creating a charge, include the generated device_id inside the device_info field of your payload.
Example Payload:
const chargePayload = {
// Other fields...
device_info: {
device_id: deviceId // ! IMPOTANT SEND FINGERPRINT IN PAYLOAD CHARGE
}
// ...
};🧩 4. Example Payload
{
"merchant_id": "fc2226b9-cd39-4dbe-8314-c03279404049",
"wallet_uuid": "d02995ef-3c17-4816-a81c-af234f840f57",
"type_charge": "credit_card",
"currency": "BRL",
"description": "Order #A55-83921",
"items": [
{
"sku": "CABXIN-HDMI-2M",
"code": "HDMI-2025-001",
"name": "HDMI Cable 2m 4K",
"quantity": 1,
"unit_amount": 129.9,
"total_amount": 129.9
}
],
"payer_name": "John Souza",
"payer_email": "[email protected]",
"payer_tax_id": "38899334821",
"payer_cell_phone": "559999999999",
"payer_address": {
"street": "Av. Paulista",
"address_number": "1578",
"neighborhood": "Bela Vista",
"city": "São Paulo",
"state": "SP",
"postal_code": "01311-000",
"country": "BR"
},
"device_info": {
"device_id": "db2c5ad0-6fe6-4821-baec-0d9e67cdab5d", // ! IMPOTANT SEND FINGERPRINT IN PAYLOAD CHARGE
"ip_address": "177.92.34.56",
"user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)",
"http_browser_language": "pt-BR",
"http_browser_screen_width": "1920",
"http_browser_screen_height": "1080",
"http_browser_javascript_enabled": true
},
"antifraud_info": {
"sales_channel": "web",
"cardholder_logged_in": true,
"cardholder_since_days": 365,
"days_since_first_purchase_cardholder": 120,
"days_since_last_purchase_cardholder": 30,
"card_replacement_count": 1,
"profile_update_days_count": 45,
"profile_data_changed": 0,
"profile_field_changed": "email",
"purchase_history": 8,
"merchant_customer_since_days": 720,
"days_since_first_purchase_merchant": 700,
"days_since_last_purchase_merchant": 5
}
}🧭 5. Best Practices
- ✅ Always send
device_info.device_id - ✅ Normalize numeric fields (
daysas integers) - ✅ Send boolean values as
trueorfalse(never strings) - ✅ Use consistent channel naming (
web,app,pos) - ✅ Do not log sensitive fields (email, tax ID) in plain text
- ✅ Test different risk profiles in sandbox
🧰 6. Operational Recommendations
- Include
cardholder_logged_inandcardholder_since_days— they are top predictors of trust. - For marketplaces, use
merchant_customer_since_daysto evaluate buyer–seller relationship. - Update
profile_update_days_countwhenever key customer data changes. - If you maintain your own risk/trust score, include it as a custom key (e.g.
"internal_trust_score": 87).
🔒 7. Security & Compliance
- Transmit all risk data over HTTPS/TLS only.
- Treat antifraud fields as personal data (PII) under LGPD/GDPR.
- Retain data only for fraud prevention purposes.
- Hash or tokenize identifiers in logs.
✅ 8. Checklist Before Go-Live
| Step | Description | Status |
|---|---|---|
Send device_info.device_id in every charge | Improves fingerprint reliability | ☐ |
Populate antifraud_info with normalized data | Reduces false positives | ☐ |
Handle risk outcomes (risk_approved, risk_challenge, risk_declined) | Required for orchestration | ☐ |
| Verify webhook and redirect URLs | Ensures sync of risk + payment | ☐ |
| Test sandbox scenarios | New user / returning user / velocity | ☐ |
🧾 Summary
Integrating device_info and antifraud_info transforms your checkout into a data-driven risk-aware flow.
The result:
- More approvals ⚡
- Fewer chargebacks 🚫
- A seamless customer experience 🤝
📘 Learn more:
For extended documentation and SDK guides, visit: docs.a55.tech
Updated 25 days ago