Kount Data Device Collector

Kount has the ability to collect cardholder’s device information from a mobile device or computer to use when determining the risk score of a transaction.

Send Risk data directly to Kount (step 1 in image above)

The Session ID is a critical component of the Kount integration. There are two ways to create a Session ID:

Let Kount Do it (step 1b and 1c in image above)

This method is recommended by Kount. The value is created by Kount and will be returned when the device data collection SDK is downloaded. This method ensures the uniqueness of the SessionId and also ensures that it meets the requirements of a valid session ID.

Generate your Own (step 1a in image above)

Generate a unique SessionId (requirements below) and send to Kount

Kount documentation can be found here.

Download the Kount SDK here.

Send SessionId to ConnexPay (step 2 in image above)

Pass the SessionId to ConnexPay via the SessionId parameter in the Risk Data object of our Sales API when it’s time to process the credit card. This SessionId should match the SessionId of that particular transaction that was previously generated.

Sample Sale Request: POST https://sandboxsalesapi.connexpay.com/api/v1/sales

{
    "DeviceGuid": "{{Device}}",
    "Amount": 22.02,
    "OrderNumber": "CREDIT-TEST-01",
    "ConnexPayTransaction": {
        "ExpectedPayments": 1
    },
    "RiskData": {
        "SessionId": "SESSION-TEST-01",
        "Name": "APITest User",
        "Gender": "M",
        ...
    },
    "Card": {
        "CardHolderName": "Joe Cardholder",
        "CardNumber": "4111111111111111",
        "CVV2": "999",
        "ExpirationDate": "2501",
        "Customer": {
            "FirstName": "Joe",
            "LastName": "Cardholder",
            "Email": "[email protected]",
            "Address1": "123 Main St",
            "Address2": "Suite 500",
            "City": "Beverly Hills",
            "State": "CA",
            "Zip": "90210"
        }
    }
}

Receive the Sale response (step 5 in image above)

This should already be part of the normal workflow and does not require any additional development. The additional risk data sent along with the SessionId just assists with determining the risk score which determines if the sale should be processed.

SessionId requirements

  • Session IDs must be unique per request. They must be unique for a minimum of 30 days.
  • Session IDs must contain only alphanumeric characters (0-9, a-z or A-Z), dashes (-), or underscores (_).
  • Session IDs values should be 32 characters in length. Session ID values of less than 32 characters will be accepted, but it is strongly recommended to use a 32 character value.

📘

NOTE: If the Session ID exceeds 32 characters or contains any invalid characters, an error will be thrown when attempting to download the SDK

What data does the Device Collector capture?

Check out this page from Kount’s website. The last FAQ lists out all of the data it collects.

📘

Below are the data elements gathered during device data collection, including corresponding RIS response field names:

COOKIES: A flag to indicate if the device placing an order has ’cookies’ enabled or not.

COUNTRY: Two characters ISO country code associated with the physical device.

DEVICE_LAYERS: 5 device layers representing the operating system, browser, javascript settings, cookie setting, and flash settings. Device layers are used to create the device fingerprint.

FINGERPRINT: The unique fingerprint of the device placing the order.

FLASH: A flag to indicate if the device placing an order has ’flash’ enabled or not.

DEVICE COUNTRY: The country of origin set on the device by the user.

GEOX: Indicates the riskiest geographical location associated with the Persona.

HTTP_COUNTRY: The user's home country that the device owner has set in the device’s control panel settings.

JAVASCRIPT: A flag to indicate if the device placing an order has ’javascript’ enabled or not.

KAPT: Whether or not device data was collected by the Kount's Device Data Collector process.

LANGUAGE: The language the device owner has set in the device’s control panel settings.

LOCALTIME: The local time the device owner has set in the device’s control panel settings.

MOBILE_DEVICE: Indicates if the device placing the order is of a mobile nature (iPhone; Android; Blackberry; iPad, etc.).

MOBILE_FORWARDER: If the device is mobile, this indicates if it is using a forwarder to process the carrier’s service.

MOBILE_TYPE: iPhone; Android; Blackberry; iPad, etc.

NETW: Riskiest network type associated with the Persona within the last 14 days.

PC_REMOTE: Indicates if the device is enabled to use PC Remote software.

PROXY: Indicates if a Proxy server is detected.

REGN: The region associated with the device's location.

REGION: Region associated with the device location. This field is provided by the DDC unless only using merchant data from RIS, which makes this field null.
This field comes from the table device_info and the field is best_country.

TIMEZONE: The timezone the device owner has set in the device’s control panel settings. The value listed represents the number of minutes from Greenwich Meantime. Divide by 60 to get the number of hours.

VOICE_DEVICE: Indicates if the device is voice-activated (related to mobile devices and devices equipped with accessibility or screen-reading software).

Updated 11 days ago