API Reference
Log into Sandbox

Get Card Transaction Fraud

post
https://risk-{corename}.{env}.gpsrv.com/prp/1.0/getCardTransactionFraud

Use the Get Card Transaction Fraud API to evaluate the risk associated with specific card transactions and understand if a transaction is fraudulent, then take appropriate action based on predefined criteria. This endpoint provides detailed fraud detection insights, including rules triggered, actions taken, and supplementary fraud prevention decisions.

See About the Payment Risk Platform for more details.

Status codes

See Global Response Statuses for status codes that are common across endpoints.

Form Data
string
required

Web service username, as provided by Galileo.
Pattern: Max 50 characters
Example: "AbC123-9999"

string
required

Web service password, as provided by Galileo.
Pattern: Max 15 characters
Example: "4sb62fh6w4h7w34g"

string
required

Galileo-issued provider identifier.
Pattern: Max 10 digits
Example: "9999"

string
required

A unique provider-generated ID to identify this API call. A UUID is preferred.
Pattern: Max 60 characters
Example: "9845dk-39fdk3fj3-4483483478"

string
required

Unique identifier provided by Galileo during implementation to obtain client PRP configuration details.
Pattern: Max 50 characters
Example: "EPRP-test-1231231:1"

const
enum
required

Specifies the type of the transaction event.
Pattern: Debit
Example: "Debit"

Allowed:
date-time
required

Timestamp for when the transaction event occurred, in Mountain Standard Time (-0700). See Galileo System Time guide for details. May be the same timestamp as authTs.
Pattern: YYYY-MM-DD hh:mm:ss
Example: "2020-10-28 00:00:24"

string
required

Unique identifier of the account holder/customer associated with the event.
Pattern: Max 20 characters
Example: "p54789641"

string

Unique identifier of your customer account for which the related event is associated with.
Pattern: Max 20 characters
Example: "a125483"

string

An identifier of the card for which the related event is associated with.
Pattern: Max 20 characters
Example: "card_123"

string

Internal card authorization identifier associated with card transaction event.
Pattern: Max 4 characters
Example: "8989"

date-time

Authorization timestamp. Can specify any timezone.
Pattern: YYYY-MM-DD hh:mm:ss
Example: "2024-01-23T04:56:07.000+00:00"

number

The cardholder's available funds, also known as open to buy. Amount is checked during authorization validation to confirm the cardholder has sufficient funds to perform a transaction.
Pattern: Integer or decimal amount
Example: '200.00'

string

Cardholder’s city.
Pattern: Max 30 characters: letters, spaces, hyphen and period
Example: "Salt Lake City"

string

Cardholder’s state or province for non US countries.
Pattern: Max 60 characters
Example: "Washington"

string

Cardholder’s postal code (e.g. US ZIP code or local postal code).
Pattern: Min 5 characters and max 20 characters
Example: "98101"

string

Cardholder’s two-digit country code. See the IBAN Alpha-2 codes for details.
Pattern: Max 2 characters
Example: "US"

date-time

Start date-time for the account was marked ready to use (e.g. account open or account funded date).
Pattern: YYYY-MM-DD hh:mm:ss
Example: "2020-10-12T10:45:21.000+00:00"

date-time

Date-time for when the card was activated.
Pattern: YYYY-MM-DD hh:mm:ss
Example: "2020-10-10T08:12:35.000+00:00"

string

Status for the card.
Pattern: Max 10 character
Example: "Active"

number

Credit limit of the cardholder’s account as whole or decimal amount.
Pattern: Integer or decimal number
Example: '1000'

boolean

Specifies whether the merchant/acquirer attempted to authenticate the buyer using 3-D Secure. True if attempted, False if the merchant/acquirer did not attempt.
Pattern: True or False
Example: True

string

Merchant's city.
Pattern: Max 60 characters
Example: Seattle

string

Postal code (US zip code or local postal code) where the transaction or event was performed.
Pattern: Min 5 characters and max 20 characters
Example: "98102"

boolean

Whether a card was present during a transaction or event. True is card-not-present; False is card-present.
Pattern: True or False
Example: True

boolean

Whether a card was present during a transaction or event. True is card-not-present; False is card-present.
Pattern: True or False
Example: True

boolean

Whether this is a domestic transaction. True is a domestic transaction; False for an international transaction. Definition of domestic at the discretion of the client.
Pattern: True or False
Example: True

string

Card acceptor name/location. See Data element 43 of the ISO message.
Pattern: Max 50 characters
Example: "ROSS"

string

Card acceptor identification code. See Data element 42 of the ISO message.
Pattern: Max 15 characters
Example: "Ross_1234"

string
required

The card network. Acceptable values are: Visa, Mastercard, Discover, American Express, JCB, UnionPay, Accel, Star, Allpoint.
Pattern: Max 20 characters
Example: "Visa"

number

The requested amount.
Pattern: Integer or decimal amount
Example: '85'

boolean

Whether this is a transaction is contactless. True is a contactless transaction. Definition of contactless is at the discretion of the client.
Pattern: True or False
Example: True

boolean

Whether the card’s magnetic stripe was swiped. True is yes.
Pattern: True or False
Example: True

boolean

Whether the transaction is a recurring bill payment.True is for a recurring bill payment.
Pattern: True or False
Example: True

boolean

Whether the transaction used an EMV chip.True for when an EMV chip was used.
Pattern: True or False
Example: True

boolean

Whether the transaction is 3-D Secure. True if the transaction was authenticated using 3-D Secure.
Pattern: True or False
Example: True

string

Acquiring institution identification code. See Data element 32 of the ISO message.
Pattern: Max 6 characters
Example: "INST_12"

string

Merchant category code, also known as the MCC. This indicates the type of merchant at the point of sale, such as supermarket, auto supply, etc. Codes are defined in the ISO 18245. See Data element 18 of the ISO message.
Pattern: Max 4 characters
Example: "6011"

string

Message type indicator for the authorization message being sent by the card network.See Data element 22 of the ISO message.
Pattern: Max 4 characters
Example: "0180"

string

Point of service (POS) entry mode code. See Data element 22 of the ISO message.
Pattern: Max 2 characters
Example: "05"

string

Cardholder transaction type code. See Data element 3 subfield 1 of the ISO message.
Pattern: Max 2 characters
Example: "01"

string

Result from validating the 3-D Secure Accountholder authentication value. Accepted values: 'Y'- Validated, 'F' - Failed, 'N' - Not present.
Pattern: Max 1 character
Example: "Y"

string

Result from validating the 3-D Secure Accountholder authentication value. Accepted values: 'Y'- Validated, 'F' - Failed, 'N' - Not present.
Pattern: Max 1 character
Example: "Y"

string

Indicates the status of the pin. Accepted values: 'Y' - Validated, 'F' - Failed, 'N' - Not present, 'L' - Locked, 'M' - PIN not set, 'B' - Blocked).
Pattern: Max 1 character
Example: "N"

string

Risk code sent by card network.
Pattern: Max 3 characters
Example: "675"

string

Two character identifier for the country where the transaction was performed.
Pattern: Max 2 characters
Example: "US"

string

State where the transaction was performed.
Pattern: Max 20 characters
Example: "Washington"

string

Full province name where transaction occurred. This is only for international transactions. Leave empty for US based transactions.
Pattern: Max 20 characters
Example: "Ontario"

integer

Visa Advanced Authorization (VAA) risk score ranging from 0 to 99 or Mastercard Decision Intelligence (DI) score ranging from 0 to 999.
Pattern: Max 4 digits
Example: 56

string

Status of the account.
Pattern: Max 15 characters
Example: "Active"

boolean

Whether the account is active. True for when the account is active.
Pattern: True or False
Example: True

date-time

Date-time the cardholder applied for an account.
Pattern: YYYY-MM-DD hh:mm:ss
Example: "2020-10-10T08:12:35.000+00:00"

date-time

Date of last PIN failure.
Pattern: YYYY-MM-DD hh:mm:ss
Example: "2023-05-10T02:48:38.000+00:00"

boolean

Whether this was an ecommerce transaction. True is for ecommerce transactions.
Pattern: True or False
Example: True

boolean

Whether the AAV card value was validated and passed validation. True when the AVV card is validated and passed.
Pattern: True or False
Example: True

string

Indicates whether the AAV was authenticated or if an authentication attempt was made.
Pattern: 'Y'
Example: 'Y'

string

The ECI sent in the transaction message. This is specific to the card network. Possible values include: 05 (Visa), 212 (MasterCard), 5 (Discover), etc. See Data element 48 Sub Element 42.
Pattern: Max 3 characters
Example: "05"

boolean

True if the merchant/acquirer asserts that the communication channel between the buyer and the merchant is encrypted (e.g. with TLS/HTTPS). False if the merchant/acquirer makes no guarantee about the security of the communication channel with the buyer (e.g. uses HTTP). Proceed with caution when this field is False. A malicious third party could have compromised the transaction.
Pattern: True or False
Example: True

boolean

Whether the merchant authenticated the buyer with 3-D Secure. True if the merchant/acquirer asserts that it authenticated the buyer using 3-D Secure and obtained a valid CAVV/AAV from the card network or Galileo. False if the merchant/acquirer makes no assertion whether the buyer is fully authenticated using 3-D Secure.
Pattern: True or False
Example: True

string

Cryptogram version number for the EMV transaction.
Pattern: Max 2 characters
Example: "20"

string

Card verification results for the EMV transaction.
Pattern: Max 12 characters
Example: "a00120400400"

string

Derivative Key Index (DKI) for the EMV transaction. See Data element 55 for 9F10 value.
Pattern: Max 2 characters
Example: "65"

string

Visa only. Type of device used at the provisioning time from ISO8583. See Data element 125.
Pattern: Max 60 characters
Example: "dtype_123"

string

Three letter code for device_language at the provisioning time. See ISO 639.2 standards.
Pattern: Max 3 characters
Example: "eng"

string

Device ID at the time of provisioning.
Pattern: Max 60 characters
Example: "108998A103804F45740927FF9984ML91J43R"

string

Device phone number at the provisioning time when applicable. See Data element 125 for Visa or DE 124 for Mastercard.
Pattern: Max 12 characters
Example: "+18888888888"

string

Latitude and longitude with 2 digits of precision.
Pattern: Max 20 characters
Example: "+37.78/-122.43"

string

IP address of the device at the provisioning time.
Pattern: Max 60 characters
Example: "12.45.65.123"

string

Wallet device score at the provisioning time. See Data element 125 for Visa or DE 124 for Mastercard.
Pattern: Max 2 characters
Example: "78"

string

Account score at the provisioning time. See Data element 125 for Visa or DE 124 for Mastercard.
Pattern: Max 2 characters
Example: "5"

string

Identifies the method which the cardholder is attempting to tokenize a primary account number. See Data element 125 for Visa or DE 124 for Mastercard.
Pattern: Max 2 characters
Example: "02"

string

Account email address at the time of provisioning.
Pattern: Max 60 characters
Example: "[email protected]"

string

correlation_id at the time of provisioning.
Pattern: Max 20 characters
Example: "D0000000000000"

string

payment_app_instance_id at the time of provisioning.
Pattern: Max 60 characters
Example: "98HAKDSFNQ84R8109R412IU3NRKABSF230"

string

Cardholder name at the time of provisioning.
Pattern: Max 60 characters
Example: "Sam Smith"

string

Tokenization decision suggested by the wallet provider. See Data element 125 for Visa or DE 124 for Mastercard.
Pattern: Max 1 characters
Example: "2"

string

The version of the standards the wallet provider is using to determine the suggested tokenization recommendation. See Data element 125 for Visa or DE 124 for Mastercard.
Pattern: Max 60 characters
Example: "tokenstdvar_345"

string

Indicates the specific reason the wallet provider is suggesting the tokenization recommendation. See Data element 125 for Visa or DE 124 for Mastercard.
Pattern: Max 20 characters
Example: "00088C"

string

active_tokens at the time of provisioning.
Pattern: Max 2 characters
Example: 22

string

Mastercard only. Contains a value indicating the type of requested token. See DE 124 for Mastercard.
Pattern: Max 1 character
Example: "C"

string

consumer_identifier at the time of provisioning.
Pattern: Max 60 characters
Example: "cid_777"

boolean

Whether the account supports partial authorizations. True for an account that supports partial authorization.
Pattern: True or False
Example: True

boolean

Whether the card is EMV capable. True if card is EMV enabled.
Pattern: True or False
Example: True

boolean

Whether the transaction is when a card product is EMV and the terminal where the transaction is performed is EMV enabled but the transaction is non-EMV.
Pattern: True or False
Example: True

boolean

Whether it is the last preauthorization after multiple preauths that are tied together have been performed and acts as a complete advice/authorization.
Pattern: True or False
Example: True

boolean

Whether it is part of an incremental authorization tied to other purchases that will settle at the same time (e.g. multiple purchases from a mini-fridge in a hotel).
Pattern: True or False
Example: True

boolean

Whether the terminal is EMV capable. True when EMV is enabled.
Pattern: True or False
Example: True

boolean

Whether AVS was requested. True when requested.
Pattern: True or False
Example: True

string

Currency Code, Cardholder billing. See Data element 51 of the ISO message.
Pattern: Max 3 characters
Example: "371"

string

Currency Code, Transaction. See Data element 49 of the ISO message.
Pattern: Max 3 characters
Example: "304"

string

Card Acceptor Terminal Identification Code. See Data element 41 of the ISO message.
Pattern: Max 8 characters
Example: "05940594"

string

Visa only. SMS POS Condition. See Data element 25 of the ISO message.
Pattern: Max 2 characters
Example: "89"

string

Mastercard only. POS Data. See Data element 61 of the ISO message.
Pattern: Max 30 characters
Example: 00000000030000040000012039410324

boolean

Flag to indicate whether card is high risk.
Pattern: True or False
Example: True

string

A cryptogram that is generated by the chip on a card during a chip transaction and sent to Galileo to validate that the source of the transaction is legitimate.
Pattern: Max 1 characters
Example: N

string

Indicates status of CVV1. Accepted values: 'Y' - Verified, 'N' - Failed, 'None' - No CVV1 Passed.
Pattern: Max 4 characters
Example: 'Y'

string

Indicates status of CVV2. Accepted values: 'Y' - Verified, 'N' - Failed, 'None' - No CVV2 Passed.
Pattern: Max 4 characters
Example: 'N'

string

Indicates status of CVV3. Accepted values: 'Y' - Verified, 'N' - Failed, 'None' - No CVV3 Passed.
Pattern: Max 4 characters
Example: 'N'

string

Indicates the status of the offline pin. Accepted values: 'Y' - Verified, 'N' - Failed, 'E' - Offline Pin Try Count Exceeded, 'P' - Failed or tries exceeded, but within risk parameters, 'None' - No Offline PIN verification performed.
Pattern: Max 4 characters
Example: 'N'

number

Cashback amount that was requested.
Pattern: Max 10 characters
Example: 354

string

Hierarchy level 1 of your program.
Pattern: Consumer
Example: level 1

string

Hierarchy level 2 of your program.
Pattern: Max 60 characters
Example: Division - HSA

string

Hierarchy level 3 of your program.
Pattern: Max 60 characters
Example: Client

string

Hierarchy level 4 of your program.
Pattern: Max 60 characters
Example: Galileo

string

Hierarchy level 5 of your program.
Pattern: Max 60 characters
Example: Cohort

string

Hierarchy level 6 of your program.
Pattern: Max 60 characters
Example: Group

string

Hierarchy level 7 of your program.
Pattern: Max 60 characters
Example: Account ID

string

Hierarchy level 8 of your program.
Pattern: Max 60 characters
Example: level 8

string

Hierarchy level 9 of your program.
Pattern: Max 60 characters
Example: Card ID

string

Hierarchy level 10 of your program.
Pattern: Max 60 characters
Example: Card Type

string

Optional custom field containing additional data elements to send Galileo.
Pattern: Max 60 characters
Example: "field1val"

string

Optional custom field containing additional data elements to send Galileo.
Pattern: Max 60 characters
Example: "field2val"

string

Optional custom field containing additional data elements to send Galileo.
Pattern: Max 60 characters
Example: "field3val"

string

Optional custom field containing additional data elements to send Galileo.
Pattern: Max 60 characters
Example: "field4val"

string

Optional custom field containing additional data elements to send Galileo.
Pattern: Max 60 characters
Example: "field5val"

Response

Updated about 1 year ago

Language
URL
Response 
Click Try It! to start a request and see the response here! Or choose an example:
application/json
Updated about 1 year ago 






© Galileo Financial Technologies, LLC 2026   
  Privacy Disclosure



All documentation, including but not limited to text, graphics, images, and any other
content, are the exclusive property of Galileo Financial Technologies, LLC
and are protected by copyright laws. These materials may not be reproduced, distributed,
transmitted, displayed, or otherwise used without the prior written permission of
Galileo Financial Technologies, LLC. Any unauthorized use or reproduction of these materials
are expressly prohibited.