Description: This tutorial demonstrates you on how to integrate FraudLabs Pro fraud detection into WePay payment.
PHP
Create a new table to store the transaction value of FraudLabs Pro and WePay payment processing. This table will be used during the settlement, void or refund process.
CREATE TABLE `fraudlabs_pro` ( `flp_transaction_id` CHAR(15) NOT NULL, `flp_status` VARCHAR(10) NOT NULL, `wepay_checkout_id` VARCHAR(30) NOT NULL, PRIMARY KEY (`flp_transaction_id`) ) COLLATE='utf8_general_ci' ENGINE=MyISAM;
Download FraudLabs Pro PHP class from https://github.com/fraudlabspro/fraudlabspro-php/releases
Integrate FraudLabs Pro fraud detection logic with your WePay code. This code will perform a simple validation check of one credit card purchase and perform the appropriate action based on the fraud validation result.
// Include FraudLabs Pro library
require_once 'PATH_TO_FRAUDLABSPRO/lib/FraudLabsPro.php';
// Include WePay library
require_once 'PATH_TO_WEPAY/lib/wepay.php';
// change to useProduction for live environments
Wepay::useStaging('your_wepay_client_id', 'your_wepay_client_secret');
$wepay = new WePay('your_wepay_access_token');
// Create a free user account at http://www.fraudlabspro.com, if you do not have one
FraudLabsPro\Configuration::apiKey('your_fraudlabspro_api_key');
// Check this transaction for possible fraud. FraudLabs Pro support comprehensive validation check,
// and for this example, we only perform the IP address, BIN and billing country validation.
// For complete validation, please check our developer page at http://www.fraudlabspro.com/developer
$orderDetails = [
'order' => [
'amount' => $_POST['amount'],
'paymentMethod' => FraudLabsPro\Order::CREDIT_CARD,
],
'card' => [
'number' => $_POST['card'],
],
'billing' => [
'city' => $_POST['city'],
'state' => $_POST['state'],
'postcode' => $_POST['zip'],
'country' => $_POST['country'],
],
];
// Sends the order details to FraudLabs Pro
$fraudResult = FraudLabsPro\Order::validate($orderDetails);
// This transaction is legitimate, let's submit to WePay
if($fraudResult->fraudlabspro_status == 'APPROVE'){
try{
$response = $wepay->request('credit_card/create', array(
'client_id' => 'your_wepay_client_id',
'user_name' => $_POST['name'],
'email' => $_POST['emailAddress'],
'cc_number' => $_POST['card'],
'cvv' => $_POST['cvv'],
'expiration_month' => $_POST['month'],
'expiration_year' => $_POST['year'],
'address' => array(
'address1' => $_POST['address'],
'city' => $_POST['city'],
'state' => $_POST['state'],
'country' => $_POST['country'],
'zip' => $_POST['zip']
)
));
// Create and capture this transaction
$response = $wepay->request('checkout/create', array(
'account_id' => 'account_id',
'short_description' => 'Sale for item XX',
'type' => 'SERVICE',
'amount' => $_POST['amount'],
'auto_capture' => true,
'payment_method_id' => $response->credit_card_id,
'payment_method_type' => 'credit_card'
)
));
} catch(WePayRequestException $e) {
// The card has been declined
}
}
// Transaction has been rejected by FraudLabs Pro based on your custom validation rules.
elseif($fraudResult->fraudlabspro_status == 'REJECT'){
/*
Do something here, try contact the customer for verification
*/
}
// Transaction is marked for a manual review by FraudLabs Pro based on your custom validation rules.
elseif($fraudResult->fraudlabspro_status == 'REVIEW'){
// Authorize this order with WePay first
try{
$response = $wepay->request('credit_card/create', array(
'client_id' => 'your_wepay_client_id',
'user_name' => $_POST['name'],
'email' => $_POST['emailAddress'],
'cc_number' => $_POST['card'],
'cvv' => $_POST['cvv'],
'expiration_month' => $_POST['month'],
'expiration_year' => $_POST['year'],
'address' => array(
'address1' => $_POST['address'],
'city' => $_POST['city'],
'state' => $_POST['state'],
'country' => $_POST['country'],
'zip' => $_POST['zip']
)
));
// Create this transaction but do not capture yet
$response = $wepay->request('checkout/create', array(
'account_id' => 'account_id',
'short_description' => 'Sale for item XX',
'type' => 'SERVICE',
'amount' => $_POST['amount'],
'auto_capture' => false,
'payment_method_id' => $response->credit_card_id,
'payment_method_type' => 'credit_card'
));
try{
// Initial MySQL connection
$db = new PDO('mysql:host=your_database_host;dbname=your_database_name;charset=utf8', 'your_database_user', 'your_database_password');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// Store the transaction information for decision making
$st = $db->prepare('INSERT INTO `fraudlabs_pro` VALUES (:flpId, :flpStatus, :wepayId)');
$st->execute(array(
':flpId'=>$fraudResult->fraudlabspro_id,
':flpStatus'=>$fraudResult->fraudlabspro_status,
':wepayId'=>$response->checkout_id
));
}
catch(PDOException $e){
// MySQL error
die($e->getFile() . ':' . $e->getLine() . ' ' . $e->getMessage());
}
} catch(WePayRequestException $e) {
// The card has been declined
}
}
Now, we are going to create a callback page to receive the review action, APPROVE or REJECT, performed by the merchant.
Note: You need to configure the callback URL at the FraudLabs Pro merchant area->settings page. It has to be pointed to the location where you hosted this “fraudlabspro-callback.php” file. Below is the sample code for fraudlabspro-callback.php
$id = (isset($_POST['id'])) ? $_POST['id'] : '';
$action = (isset($_POST['action'])) ? $_POST['action'] : '';
if($id && in_array($action, array('APPROVE', 'REJECT'))){
try{
// Initial MySQL connection
$db = new PDO('mysql:host=your_database_host;dbname=your_database_name;charset=utf8', 'your_database_user', 'your_database_password');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// Get the WePay Transaction ID
$st = $db->prepare('SELECT * FROM `fraudlabs_pro` WHERE `flp_transaction_id`=:flpId AND `flp_status`=\'REVIEW\'');
$st->execute(array(
':flpId'=>$id
));
if($st->rowCount() == 1){
$row = $st->fetch(PDO::FETCH_ASSOC);
require_once 'PATH_TO_WEPAY/lib/wepay.php';
// change to useProduction for live environments
Wepay::useStaging('your_wepay_client_id', 'your_wepay_client_secret');
$wepay = new WePay('your_wepay_access_token');
if($action == 'REJECT'){
// Merchant rejected the order. Cancel the transaction in BluePay
$response = $wepay->request('checkout/cancel', array(
'checkout_id' => $row['wepay_checkout_id'],
'cancel_reason' => 'Possible fraud'
));
}
else{
// Merchant approved the order. Capture the transaction in BluePay
$response = $wepay->request('checkout/capture', array(
'checkout_id' => $row['wepay_checkout_id']
));
}
// Update database
$st = $db->prepare('UPDATE `fraudlabs_pro` SET `flp_status`=:action WHERE `flp_transaction_id`=:flpId');
$st->execute(array(
':flpId'=>$id,
':action'=>$action
));
}
}
catch(PDOException $e){
// MySQL error
die($e->getFile() . ':' . $e->getLine() . ' ' . $e->getMessage());
}
}
If there is a need to issue a refund of a settled transaction, below is the sample code of how to accomplish it.
try{
// Initial MySQL connection
$db = new PDO('mysql:host=your_database_host;dbname=your_database_name;charset=utf8', 'your_database_user', 'your_database_password');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// Get the WePay transaction ID based on the FraudLabs Pro ID
$st = $db->prepare('SELECT * FROM `fraudlabs_pro` WHERE `flp_transaction_id`=:flpId');
$st->execute(array(
':flpId'=>$_POST['flpId']
));
if($st->rowCount() == 1){
$row = $st->fetch(PDO::FETCH_ASSOC);
// change to useProduction for live environments
Wepay::useStaging('your_wepay_client_id', 'your_wepay_client_secret');
$wepay = new WePay('your_wepay_access_token');
$response = $wepay->request('checkout/refund', array(
'checkout_id' => $row['wepay_checkout_id'],
'refund_reason' => 'your_refund_reason'
);
// Update database
$st = $db->prepare('UPDATE `fraudlabs_pro` SET `flp_status`=\'REFUNDED\' WHERE `flp_transaction_id`=:flpId');
$st->execute(array(
':flpId'=>$_POST['flpId']
));
}
}
catch(PDOException $e){
// MySQL error
die($e->getFile() . ':' . $e->getLine() . ' ' . $e->getMessage());
}