Description: This tutorial demonstrate you on how to integrate FraudLabs Pro fraud detection into BrainTree payment.
Create a new table to store the transaction value of FraudLabs Pro and BrainTree payment processing. This table will be used during the settlement, void or refund process.
CREATE TABLE `fraudlabs_pro` ( `flp_transaction_id` CHAR(15) NOT NULL, `flp_status` VARCHAR(10) NOT NULL, `braintree_transaction_id` VARCHAR(10) NOT NULL, PRIMARY KEY (`flp_transaction_id`) ) COLLATE='utf8_general_ci' ENGINE=MyISAM;
Download FraudLabs Pro PHP class from https://github.com/fraudlabspro/fraudlabspro-php/releases
Integrate FraudLabs Pro fraud detection logic with your BrainTree code. This code will perform a simple validation check of one credit card purchase and perform the appropriate action based on the fraud validation result.
// Include FraudLabs Pro library require_once 'PATH_TO_FRAUDLABSPRO/lib/FraudLabsPro.php'; // Include BrainTree library require_once 'PATH_TO_BRAINTREE/lib/Braintree.php'; // We show the example code using the SandBox environment. Braintree_Configuration::environment('sandbox'); Braintree_Configuration::merchantId('use_your_merchant_id'); Braintree_Configuration::publicKey('use_your_public_key'); Braintree_Configuration::privateKey('use_your_private_key'); // Create a free user account at http://www.fraudlabspro.com, if you do not have one FraudLabsPro\Configuration::apiKey('your_fraudlabspro_api_key'); // Check this transaction for possible fraud. FraudLabs Pro support comprehensive validation check, // and for this example, we only perform the IP address, BIN and billing country validation. // For complete validation, please check our developer page at http://www.fraudlabspro.com/developer $orderDetails = [ 'order' => [ 'amount' => $_POST['amount'], 'paymentMethod' => FraudLabsPro\Order::CREDIT_CARD, ], 'card' => [ 'number' => $_POST['number'], ], 'billing' => [ 'country' => $_POST['country'], ], ]; // Sends the order details to FraudLabs Pro $fraudResult = FraudLabsPro\Order::validate($orderDetails); // This transaction is legitimate, let's submit to Braintree if($fraudResult->fraudlabspro_status == 'APPROVE'){ // Submit for settlement $result = Braintree_Transaction::sale(array( 'amount' => $_POST['amount'], 'creditCard' => array( 'number' => $_POST['number'], 'cvv' => $_POST['cvv'], 'expirationMonth' => $_POST['month'], 'expirationYear' => $_POST['year'] ), 'options' => array( 'submitForSettlement' => true ) )); if ($result->success) { echo("Success! Transaction ID: " . $result->transaction->id); } else if ($result->transaction) { echo("Error: " . $result->message); echo(" "); echo("Code: " . $result->transaction->processorResponseCode); } else { echo("Validation errors: "); foreach (($result->errors->deepAll()) as $error) { echo("- " . $error->message . " "); } } } // Transaction has been rejected by FraudLabs Pro based on your custom validation rules. elseif($fraudResult->fraudlabspro_status == 'REJECT'){ /* Do something here, try contact the customer for verification */ } // Transaction is marked for a manual review by FraudLabs Pro based on your custom validation rules. elseif($fraudResult->fraudlabspro_status == 'REVIEW'){ // Authorize this order with BrainTree, but no settlement $result = Braintree_Transaction::sale(array( 'amount' => $_POST['amount'], 'creditCard' => array( 'number' => $_POST['number'], 'cvv' => $_POST['cvv'], 'expirationMonth' => $_POST['month'], 'expirationYear' => $_POST['year'] ), 'options' => array( 'submitForSettlement' => false ) )); if ($result->success) { echo("Success! Transaction ID: " . $result->transaction->id); try{ // Initial MySQL connection $db = new PDO('mysql:host=your_database_host;dbname=your_database_name;charset=utf8', 'your_database_user', 'your_database_password'); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // Store the transaction information for decision making $st = $db->prepare('INSERT INTO `fraudlabs_pro` VALUES (:flpId, :flpStatus, :braintreeId)'); $st->execute(array( ':flpId'=>$fraudResult->fraudlabspro_id, ':flpStatus'=>$fraudResult->fraudlabspro_status, ':braintreeId'=>$result->transaction->id )); } catch(PDOException $e){ // MySQL error die($e->getFile() . ':' . $e->getLine() . ' ' . $e->getMessage()); } } else if ($result->transaction) { echo("Error: " . $result->message); echo(" "); echo("Code: " . $result->transaction->processorResponseCode); } else { echo("Validation errors: "); foreach (($result->errors->deepAll()) as $error) { echo("- " . $error->message . " "); } } }
Now, we are going to create a callback page to receive the review action, APPROVE or REJECT, performed by the merchant.
Note: You need to configure the callback URL at the FraudLabs Pro merchant area->settings page. It has to be pointed to the location where you hosted this “fraudlabspro-callback.php” file. Below is the sample code for fraudlabspro-callback.php
$id = (isset($_POST['id'])) ? $_POST['id'] : ''; $action = (isset($_POST['action'])) ? $_POST['action'] : ''; if($id && in_array($action, array('APPROVE', 'REJECT'))){ try{ // Initial MySQL connection $db = new PDO('mysql:host=your_database_host;dbname=your_database_name;charset=utf8', 'your_database_user', 'your_database_password'); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // Get the BrainTree Transaction ID $st = $db->prepare('SELECT * FROM `fraudlabs_pro` WHERE `flp_transaction_id`=:flpId AND `flp_status`=\'REVIEW\''); $st->execute(array( ':flpId'=>$id )); if($st->rowCount() == 1){ $row = $st->fetch(PDO::FETCH_ASSOC); require_once 'PATH_TO_BRAINTREE/lib/Braintree.php'; Braintree_Configuration::environment('sandbox'); Braintree_Configuration::merchantId('use_your_merchant_id'); Braintree_Configuration::publicKey('use_your_public_key'); Braintree_Configuration::privateKey('use_your_private_key'); if($action == 'REJECT'){ // Merchant rejected the order. Void the transaction in Braintree Braintree_Transaction::void($row['braintree_transaction_id']); } else{ // Merchant approved the order. Submit for settlement Braintree_Transaction::submitForSettlement($row['braintree_transaction_id']); } // Update database $st = $db->prepare('UPDATE `fraudlabs_pro` SET `flp_status`=:action WHERE `flp_transaction_id`=:flpId'); $st->execute(array( ':flpId'=>$id, ':action'=>$action )); } } catch(PDOException $e){ // MySQL error die($e->getFile() . ':' . $e->getLine() . ' ' . $e->getMessage()); } }
If there is a need to issue a refund of a settled transaction, below is the sample code of how to accomplish it.
try{ // Initial MySQL connection $db = new PDO('mysql:host=your_database_host;dbname=your_database_name;charset=utf8', 'your_database_user', 'your_database_password'); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // Get the BrainTree transaction ID based on the FraudLabs Pro ID $st = $db->prepare('SELECT * FROM `fraudlabs_pro` WHERE `flp_transaction_id`=:flpId'); $st->execute(array( ':flpId'=>$_POST['flpId'] )); if($st->rowCount() == 1){ $row = $st->fetch(PDO::FETCH_ASSOC); require_once 'PATH_TO_BRAINTREE/lib/Braintree.php'; Braintree_Configuration::environment('sandbox'); Braintree_Configuration::merchantId('use_your_merchant_id'); Braintree_Configuration::publicKey('use_your_public_key'); Braintree_Configuration::privateKey('use_your_private_key'); // Issue the refund $result = Braintree_Transaction::refund($row['braintree_transaction_id']); // Update database $st = $db->prepare('UPDATE `fraudlabs_pro` SET `flp_status`=\'REFUNDED\' WHERE `flp_transaction_id`=:flpId'); $st->execute(array( ':flpId'=>$_POST['flpId'] )); } } catch(PDOException $e){ // MySQL error die($e->getFile() . ':' . $e->getLine() . ' ' . $e->getMessage()); }