{"event":{"token":"YOUR_TOKEN","site_key":"KEY_ID","expected_action":"YOUR_CHECKOUT_ACTION_NAME","transaction_data":{"transaction_id":"txid-1234567890","payment_method":"credit-card","card_bin":"411111","card_last_four":"1234","currency_code":"USD","value":39.98,"user":{"email":"someEmailAddress@example.com"},"billing_address":{"recipient":"name1 name2","address":["123 Street Name","Apt 1"],"locality":"Sunnyvale","administrative_area":"CA","region_code":"USA","postal_code":"123456"}}}}
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-08-17。"],[],[],null,["# Protect payment transactions with Fraud Prevention\n\nThis page describes how to effectively protect payment transactions against\nattacks, such as carding, stolen instrument fraud, and account takeover payment\nfraud by using reCAPTCHA Fraud Prevention.\n\nreCAPTCHA Fraud Prevention helps you protect payment transactions\nby identifying targeted manual attacks and scaled fraud attempts. It\nautomatically trains behavior and transaction models to identify events that are\nlikely fraudulent and can result in a dispute or chargeback if accepted.\n\nAs part of these models, reCAPTCHA Fraud Prevention examines\ntransaction signals to enable detection of fraud. For example, a series of\npurchase attempts with low prices might indicate a carding attack. In the\nresponse, you receive risk scores for different types of fraud, which you can\nuse to send the transaction to a manual review, or directly block sufficiently\nsuspicious transactions.\n| **Note:** reCAPTCHA Fraud Prevention is [PCI compliant](/security/compliance/pci-dss).\n\nTo set up reCAPTCHA Fraud Prevention, you need to complete the\nfollowing steps:\n\n1. [Prepare your environment](#before).\n\n2. [Enable reCAPTCHA Fraud Prevention on your Google Cloud project](#enable).\n\n3. [Install reCAPTCHA JavaScript on your payment frontend by installing a score-based reCAPTCHA key](#installation).\n\n | **Note:** This is the same JavaScript that is used for other reCAPTCHA use cases such as bot detection and account protection.\n\n When the JavaScript is executed, reCAPTCHA generates a unique\n reCAPTCHA token for every user session and collects user\n behavioral data to evaluate the user.\n4. [Submit a create assessment API request from your backend with transaction data on user events in your payment workflow](#assessment).\n\n In the response of the create assessment API request, reCAPTCHA\n provides a score for transaction risk and additional reason code\n (for example, `suspected_carding`), if applicable.\n5. [Determine the next action for your users based on the scores](#interpret).\n\n You can choose to allow the transaction, ask for additional verification,\n forward to a manual review, or block the transaction.\n\nBefore you begin\n----------------\n\n1. If you are new to reCAPTCHA, then do the following:\n\n 1. [Configure reCAPTCHA on your Google Cloud project](/recaptcha/docs/prepare-environment).\n\n 2. [Create a score-based reCAPTCHA key](/recaptcha/docs/create-key-website).\n\n2. Ensure that your environment supports tokens larger than 8 kB because\n reCAPTCHA Fraud Prevention might use larger tokens.\n\nEnable reCAPTCHA Fraud Prevention\n---------------------------------\n\n1. In the Google Cloud console, go to the reCAPTCHA page.\n\n [Go to reCAPTCHA](https://console.cloud.google.com/security/recaptcha)\n2. Verify that the name of your project appears in the resource selector.\n\n If you don't see the name of your project, click the resource selector,\n then select your project.\n3. Click **settingsSettings**.\n\n4. In the **Fraud Prevention** pane, click **Configure**.\n\n5. Click the **Enable** toggle, and click **Save**.\n\nInstall reCAPTCHA on your payment frontend\n------------------------------------------\n\nTo start detecting attacks, install a score-based reCAPTCHA\nkey on each page in your payment user flow. This includes the interface where a\nuser reviews their cart, selects their payment method, and completes the purchase.\nAfter the user has made their selection at each step, call `grecaptcha.enterprise.execute()`\nto generate a token. To learn how to install score-based keys and call\n`execute()`, see [Install score-based keys](/recaptcha/docs/instrument-web-pages).\n\nThe following example shows how to integrate a score-based key on a credit\ncard transaction event: \n\n```\nfunction submitForm() {\n grecaptcha.enterprise.ready(function() {\n grecaptcha.enterprise.execute(\n 'reCAPTCHA_site_key', {action: 'purchase'}).then(function(token) {\n document.getElementById(\"token\").value = token;\n document.getElementByID(\"paymentForm\").submit();\n });\n });\n}\n``` \n\n```\n\u003cform id=\"paymentForm\" action=\"?\" method=\"POST\"\u003e\n Total: $1.99\n Credit Card Number: \u003cinput name=\"cc-number\" id=\"cc-number\" autocomplete=\"cc-number\"\u003e\u003cbr/\u003e\n \u003cinput type=\"hidden\" id=\"token\" name=\"recaptcha_token\"/\u003e\n \u003cbutton onclick=\"submitForm()\"\u003ePurchase\u003c/button\u003e\n\u003c/form\u003e\n``` \n\n```\n\u003cscript src=\"https://www.google.com/recaptcha/enterprise.js\" async defer\u003e\u003c/script\u003e\n```\n\nYou can experiment with this code in JSFiddle by clicking the `\u003c\u003e` icon in the\ntop-right corner of the code window. \n\n```html\n\u003chtml\u003e\n \u003chead\u003e\n \u003ctitle\u003eProtected Payment\u003c/title\u003e\n \u003cscript src=\"https://www.google.com/recaptcha/enterprise.js\" async defer\u003e\u003c/script\u003e\n \u003cscript\u003e\n function submitForm() {\n grecaptcha.enterprise.ready(function() {\n grecaptcha.enterprise.execute(\n 'reCAPTCHA_site_key', {action: 'purchase'}).then(function(token) {\n document.getElementById(\"token\").value = token;\n document.getElementByID(\"paymentForm\").submit();\n });\n });\n }\n \u003c/script\u003e\n \u003c/head\u003e\n \u003cbody\u003e\n \u003cform id=\"paymentForm\" action=\"?\" method=\"POST\"\u003e\n Total: $1.99\n Credit Card Number: \u003cinput name=\"cc-number\" id=\"cc-number\" autocomplete=\"cc-number\"\u003e\u003cbr/\u003e\n \u003cinput type=\"hidden\" id=\"token\" name=\"recaptcha_token\"/\u003e\n \u003cbutton onclick=\"submitForm()\"\u003ePurchase\u003c/button\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n```\n\n\u003cbr /\u003e\n\nCreate assessments with transaction data\n----------------------------------------\n\nTo enable payment fraud verdicts, create assessments with transaction data by\nusing the additional fields in the\n[projects.assessments.create](/recaptcha/docs/reference/rest/v1/projects.assessments/create)\nmethod.\n\nThe simplest integration includes the `transaction_id`, `payment_method`,\n`card_bin`, and `value`. To improve the detection quality, we recommend\nadding optional fields such as `email` and `billing_address`. \n\n```json\n{\n \"event\": {\n \"token\": \"\u003cvar translate=\"no\"\u003eYOUR_TOKEN\u003c/var\u003e\",\n \"site_key\": \"\u003cvar translate=\"no\"\u003eKEY_ID\u003c/var\u003e\",\n \"expected_action\": \"\u003cvar translate=\"no\"\u003eYOUR_CHECKOUT_ACTION_NAME\u003c/var\u003e\",\n \"transaction_data\": {\n \"transaction_id\": \"txid-1234567890\",\n \"payment_method\": \"credit-card\",\n \"card_bin\": \"411111\",\n \"card_last_four\": \"1234\",\n \"currency_code\": \"USD\",\n \"value\": 39.98,\n \"user\": {\n \"email\": \"someEmailAddress@example.com\"\n },\n \"billing_address\": {\n \"recipient\": \"name1 name2\",\n \"address\": [\n \"123 Street Name\",\n \"Apt 1\"\n ],\n \"locality\": \"Sunnyvale\",\n \"administrative_area\": \"CA\",\n \"region_code\": \"USA\",\n \"postal_code\": \"123456\"\n }\n }\n }\n}\n```\n\nTo improve the quality of scores, we recommend that you send\n[additional signals](/recaptcha/docs/additional-signals).\n\nTo learn about how to create assessments,\nsee [Create an assessment for your website](/recaptcha/docs/create-assessment-website).\nreCAPTCHA Fraud Prevention might use larger tokens, so ensure\nthat the request is sent in a POST request rather than GET; and in the\nbody, not in a header.\n\nInterpret assessments\n---------------------\n\nAfter you start sending the transaction data, you receive assessments as a\nJSON response with the `fraudPreventionAssessment` component in `riskAnalysis`.\n\nThe following example is a sample response: \n\n```json\n{\n \"event\": {....\n ....\n }\n .....\n ....\n ....\n\"riskAnalysis\": {\n \"score\": \"0.5\"\n \"reasons\": SUSPECTED_CARDING\n}\n\"fraudPreventionAssessment\": {\n \"transactionRisk\": 0.9,\n}\n}\n```\n\nThe response you receive includes a score and reason codes wherever applicable.\nThe higher the score, the more likely the transaction is fraudulent and risky;\nthe lower the score, the more likely the transaction is legitimate. For example,\na score of 0.9 indicates that the transaction is more likely\nfraudulent and risky, and a score of 0.1 indicates that\nthe transaction is more likely legitimate.\n\nYou are responsible for the actions you take based on the assessment.\nFor the simplest integration, you can set thresholds on `transactionRisk`\nto contribute to your decision. For example, it can contribute to sending to a\nmanual review or directly rejecting likely fraudulent transactions.\nYou can also use the score in your own fraud workflows, or as part of rules with\nyour existing system. Because reCAPTCHA examines unique signals\nand has a unique visibility of behavior across the internet, you can expect\nincremental value even with an already mature fraud-detection engine.\n\nEach score bucket is calibrated to a maximum false positive rate, which represents the maximum proportion of legitimate users that might experience additional friction. The thresholds you need to select depend on your business needs. The following are some examples of how you can use\nthe `transactionRisk` score:\n\nWhat's next\n-----------\n\n- To improve the quality of fraud detection, learn about [additional signals](/recaptcha/docs/additional-signals).\n- To annotate assessments, see [Annotate assessments with transaction events](/recaptcha/docs/annotate-assessment-fp)."]]