A cardholder responded to an SMS fraud alert triggered by the Payment Risk Platform (PRP). This event delivers the direct feedback from the cardholder, which you can use to disposition a risky transaction. You must be subscribed to PRP to receive this event.
This event is triggered any time Galileo receives a valid SMS response from a cardholder regarding a suspicious transaction. Based on the response in the msg_body field, you can call the Program API to take action, such as freezing or unfreezing a card.
- Code —
n/a - Event trigger — Galileo receives a valid SMS response from a cardholder regarding a suspicious transaction.
- Processes — These processes contain the event trigger:
- Payment Risk Platform (PRP)
- Messaging Service
- Events API
- Program API
Fields
All fields are strings. Your field names may vary. Default fields are included in the default webhook template. See Default and optional fields for more information.
| Field | Default | Description |
|---|---|---|
| amount | The amount of the suspicious transaction. Example: |
|
| auth_id | Galileo-generated ID for the authorization. Use this ID to track the transaction throughout the Galileo system. For an explanation of how these IDs are generated, see Authorization identifiers. Example: |
|
| auth_ts | The date and time when the original authorization transaction occurred. Format is |
|
| auth_uid | Unique identifier for the original authorization. Use this ID to map the cardholder SMS response directly to the specific fraud alert that was sent. Example: |
|
| cad | Galileo-generated card ID. Example: |
|
| customer_opt_out | Indicates whether the cardholder opted out of future SMS alerts by responding with |
|
| feedback_ts | Date and time the cardholder responded to the SMS message. Format is |
|
| merchant_city | City where the merchant is located. Example: |
|
| merchant_country | ISO 3166-1 numeric country code for the merchant location. 3 digits. Example: |
|
| merchant_description | The description from the merchant where the suspicious transaction occurred. This is derived from DE043. Example: |
|
| merchant_postal_code | The postal code of the merchant location, such as a U.S. ZIP code or a Canadian postal code. The format of this field varies by card network and merchant country. For example, values can be 5-digit (91356), 9-digit (118031598), or alphanumeric (M5T2S8). A value of all zeros may indicate that no postal code was provided in the authorization request. Example: |
|
| merchant_state | Two-letter state or provincial designator for the merchants location. Example: |
|
| mobile_phone | X | The phone number of the cardholder who received the SMS alert. Example: |
| msg_body | X | The cardholder response to the SMS message in raw text. Example: |
| prn | X | Galileo 12-digit payment reference number (PRN) for the account. Example: |
| sender_phone | X | The SMS 10-Digit Long Code (10 DLC) that sent the SMS alert. Example: |
| type | X | The name of this event: |
Example
# prp_sms_suspicious_txn_alert example:
{
"amount": "75.00",
"auth_id": "12345141234123",
"auth_ts": "20250315:121504MST",
"auth_uid": "DHWJtI8zRjuDcgF8hru3oQ",
"cad": "12534",
"customer_opt_out": "True",
"feedback_ts": "20250315:121504MST",
"merchant_city": "Salt Lake City",
"merchant_country": "840",
"merchant_description": "123 WIDGETS MERCHANT BEVERLY HILLS CA",
"merchant_postal_code": "91356",
"merchant_state": "UT",
"mobile_phone": "1256127234",
"msg_body": "NO",
"prn": "999101003022",
"sender_phone": "(512) 555-0123",
"type": "prp_sms_suspicious_txn_alert"
}