Method: fraudNotification

Notifies Google of a fraud dispute initiated by a customer.

It is recommended that Google is notified of all potential fraud that has occurred. A call to this method might be accompanied by a chargebackNotification or inquiryNotification Fraud can occur without a chargeback and a chargeback can occur without fraud. The information provided to this method does not initiate any money movement. It is used only to update Google's internal risk engine to reduce overall fraud. Google does not respond to this request with any information about the transaction.

If the echo is successful, the endpoint will return an HTTP 200 and the response will be of type EchoResponse.

If the endpoint encounters an error while processing the request, the endpoint will return HTTP 4xx or 5xx and the HTTP body will either be of type ErrorResponse or contain a generic error (e.g. a message similar to "There was an error. Please try again later.").

The generic error is used in situations where an ErrorResponse with a clear description could be used to help an attacker understand the payment integrator account identifier of other integrators. In these situations, where either the signing key doesn't match, the payment integrator identifier was not found, or the encryption key was unknown, this method will return a generic error. If the request signature could be verified, additional information regarding the error will be returned in an ErrorResponse.

An example request looks like:


{
  "requestHeader": {
    "protocolVersion": {
      "major": 1,
      "minor": 0,
      "revision": 0
    },
    "requestId": "f3b6cffe-6fa0-4c33-84b5-7ff8d1ac9ecc",
    "requestTimestamp": "1483532962000"
  },
  "paymentIntegratorAccountId": "SpeedyPaymentsIndia_INR",
  "captureRequestId": "G112YZH4XPDV88J",
  "fraudType": "FRAUDULENT_USE",
  "rawResult": {
    "scope": "VISA",
    "rawCode": "06"
  }
}

An example response looks like:


{
  "responseHeader": {
    "responseTimestamp": "1483532962349"
  },
  "result": "SUCCESS"
}

HTTP request

POST https://vgw.googleapis.com/gsp/google-card-fop-api/v1/inquiryNotification/:PIAID

Request body

The request body contains data with the following structure:

JSON representation
{
  "requestHeader": {
    object (RequestHeader)
  },
  "paymentIntegratorAccountId": string,
  "captureRequestId": string,
  "fraudType": enum (FraudType),
  "rawResult": {
    object (RawResult)
  }
}
Fields
requestHeader

object (RequestHeader)

REQUIRED: Common header for all requests.

paymentIntegratorAccountId

string

REQUIRED: This is the payment integrator account identifier that identifies contractual constraints around this transaction.

captureRequestId

string

REQUIRED: A unique identifier for the capture the potential fraud is associated with. This is the requestId generated by Google during the captureFundsReservation or capture for the original request.

fraudType

enum (FraudType)

REQUIRED: This is the type of fraud that may have occurred.

rawResult

object (RawResult)

REQUIRED: Raw result of the fraud notification from the issuer. Used to help inform Google's risk engine and analytics. In fraud code–mapping situations, data is sometimes lost. The integrator can choose to give Google a raw code. For example, a credit card gateway (the integrator) may use this field to communicate to Google the exact fraud code that was received from the VISA network. In that case, the scope would be "visa" and the rawCode would be whatever the VISA network returned.

Response body

This method supports multiple return types. For additional information about what 4XX or 5XX HTTP status code to return with an ErrorResponse, consult the ErrorResponse object and HTTP status codes documentation.

Possible response messages
HTTP 200 Status

object (FraudNotificationResponse)

HTTP 4XX / 5XX Status

object (ErrorResponse)

FraudType

Enums
UNKNOWN_TYPE Do not ever set this default value!
FRAUDULENT_USE Use was not authorized.
COUNTERFEIT Account owner did not knowingly participate in a transaction.
LOST The instrument was reported as lost by the account holder at the time of the transaction.
STOLEN The instrument was reported as comprimised by the account holder at the time of the transaction.
ACCOUNT_TAKEOVER The transaction was not authorized by the account holder.
FRAUDULENT_APPLICATION The user did not apply for this account or provided false details.
CARD_NOT_RECEIVED A card was reported as not received by the cardholder at the time of the transaction.
OTHER Unrecognized or unmapped type.
SCAM The cardholder was manipulated by a fraudster to provide payment in good-faith, to an account the cardholder believes belongs to a legitimate payee.
MERCHANT_FRAUD The cardholder was deliberately misled by the merchant.

FraudNotificationResponse

JSON representation
{
  "responseHeader": {
    object (ResponseHeader)
  },
  "result": enum (FraudNotificationResultCode)
}
Fields
responseHeader

object (ResponseHeader)

REQUIRED: Common header for all responses.

result

enum (FraudNotificationResultCode)

REQUIRED: Result of this call.

FraudNotificationResultCode

Result codes for the fraudNotification method.

Enums
UNKNOWN_RESULT Do not ever set this default value!
SUCCESS Fraud notification was successfully processed.