Fraud Alert Response FAQs

Q: Is the webhook sent whenever an alert is raised in the Fraud system for a transaction that has been approved?

A: No, the webhook notification is not sent if there are no output tags against the transaction. Example output (action) tags: “Decline”, “DeclineAndBlockG5”, “Alert” (in the future).

Q: How do we communicate if the card has been blocked or not as part of the webhook?

A: This is currently based on the "notificationMessageContent" that changes accordingly.

Q: If the transaction is declined, but the card is not blocked, and the cardholder responds confirming that it’s fraud, will it block the card?

A: Yes, it blocks the card automatically. 

Q: How will the incident be reflected on the Fraud Portal when the alert has been responded to?

A: The incident will be marked as closed, with the corresponding Risk or No Risk tag against it. If there are multiple incidents against the same card, then all of the incidents will be closed simultaneously (the notifications would, however, be sent against individual transaction alerts).

Q: Will we still receive webhook notifications for suspended cards? For example, if a card is set to G5 (short-term block), are any webhook alerts suppressed, or should we expect all relevant events to continue as usual?

A: The webhook notification is still sent for suspended cards.

Q: After a fraud alert auto-closes after the 3-day timeout (Event Code 102), does the alert disappear from the ARIC interface for our analysts, or does it just change to a new status (For example, "Timed Out")?

A: The alert stay open and a transactionReturn message is sent saying “no-response” in its content.

Q: If one of our agents tries to resolve an alert in ARIC after the 3-day timeout has surpassed, does the ARIC interface still allow them to take action?

A: Yes