Anti-fraud control

Also known as the InvoiceChangeNotification

All* the invoices that are added using the AddInvoice function are controlled by our anti-fraud system. This is done to make sure the customer is legit and minimize the risk of fraud. 

In short, this is how it works:

  1. An invoice is created using AddInvoice method
  2. A normal credit check is done on the customer
  3. If approved, the invoice is received by the anti-fraud system which responds with InvoiceStatus 0 (OnHold)
  4. After controlling the invoice, the anti-fraud system updates the status to either 1 (Preliminary) or 5 (Rejected)

What does this mean? If the status is 0, you should just wait until the invoice status is updated to either 1 or 5. The invoice can’t be activated unless the invoice’s status is 1. This means that the invoice is approved. If the system responds with status 5, then you can’t activate the invoice and therefore should not ship the order. Something may be fishy with the customer. Please note that rejected orders should not be shipped!

How long does it take for the anti-fraud system to respond? The majority of all responses are sent within a few seconds, but a callback can take up to 24 working hours in special cases. Keep in mind that when this happens, it normally means something’s wrong and therefore our anti-fraud department need to make a manual control. Often this turns out to be a fraud and even though it takes a few hours, the wait is well worth it.

Where does the system respond to? It responds with the invoice statuses to a callback located in your domain. This callback URL need to be username and password protected and the credentials need to be communicated to Collector.

How should the callback URL look like? The request from the anti-fraud system to the callback URL will contain the following parameters:

  • InvoiceNo
  • OrderNo
  • InvoiceStatus

This request is sent with a GET web request and the string is appened to the receiveing URL in the following format:

?InvoiceNo=[Invoicenumber]&OrderNo=[OrderNumber]&InvoiceStatus=[NewInvoiceStatus]

To answer the question, the callback URL should therefore look like this: 

https://www.merchantwebpage.com/CollectorInvoiceStatus?InvoiceNo=123456&OrderNo=Order123&InvoiceStatus=1

When you have recieved the callback, you will need to have a logic implemented to match the invoice number and order number from the request to the one in your system and then update the invoice status thereafter. If all goes well, you can activate the invoice as soon as the order is ready to be shipped. If the invoice is rejected, you will need to cancel the invoice. 

 InvoiceStatus index:

Invoice Status Description
0 OnHold (screening needed)
1 Preliminary (Approved, can be activated)
5 Rejected (Denied by Collector, can not be activated)

 

Response codes:
Collector applies a retry functionality on the status change notification callbacks. Should the callback fail, Collector will run a series of retries; once every ten minute for ten times.

Collector require a code equivalent to "OK" or a GONE response. The following response codes will be accepted as "OK":

  • Codes 200 - 299
  • Code 410 (GONE)

You therefore must return any of the above codes when a callback has been recieved sucessfully by your system.

Examples of codes that will initiate retries on the callback:

  • 301 (moved)
  • 403 (Forbidden)
  • 404 (not found)
  • 500 (Internal server error)

*In some special cases, this control can be turned off.