1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.recaptchaenterprise.v1beta1; 18 19import "google/api/annotations.proto"; 20import "google/api/client.proto"; 21import "google/api/field_behavior.proto"; 22import "google/api/resource.proto"; 23import "google/protobuf/timestamp.proto"; 24 25option csharp_namespace = "Google.Cloud.RecaptchaEnterprise.V1Beta1"; 26option go_package = "cloud.google.com/go/recaptchaenterprise/v2/apiv1beta1/recaptchaenterprisepb;recaptchaenterprisepb"; 27option java_multiple_files = true; 28option java_outer_classname = "RecaptchaEnterpriseProto"; 29option java_package = "com.google.recaptchaenterprise.v1beta1"; 30option objc_class_prefix = "GCRE"; 31option php_namespace = "Google\\Cloud\\RecaptchaEnterprise\\V1beta1"; 32option ruby_package = "Google::Cloud::RecaptchaEnterprise::V1beta1"; 33 34// Service to determine the likelihood an event is legitimate. 35service RecaptchaEnterpriseServiceV1Beta1 { 36 option (google.api.default_host) = "recaptchaenterprise.googleapis.com"; 37 option (google.api.oauth_scopes) = 38 "https://www.googleapis.com/auth/cloud-platform"; 39 40 // Creates an Assessment of the likelihood an event is legitimate. 41 rpc CreateAssessment(CreateAssessmentRequest) returns (Assessment) { 42 option (google.api.http) = { 43 post: "/v1beta1/{parent=projects/*}/assessments" 44 body: "assessment" 45 }; 46 option (google.api.method_signature) = "parent,assessment"; 47 } 48 49 // Annotates a previously created Assessment to provide additional information 50 // on whether the event turned out to be authentic or fradulent. 51 rpc AnnotateAssessment(AnnotateAssessmentRequest) 52 returns (AnnotateAssessmentResponse) { 53 option (google.api.http) = { 54 post: "/v1beta1/{name=projects/*/assessments/*}:annotate" 55 body: "*" 56 }; 57 option (google.api.method_signature) = "name,annotation"; 58 } 59} 60 61// The create assessment request message. 62message CreateAssessmentRequest { 63 // Required. The name of the project in which the assessment will be created, 64 // in the format `projects/{project_number}`. 65 string parent = 1 [ 66 (google.api.field_behavior) = REQUIRED, 67 (google.api.resource_reference) = { 68 type: "cloudresourcemanager.googleapis.com/Project" 69 } 70 ]; 71 72 // Required. The assessment details. 73 Assessment assessment = 2 [(google.api.field_behavior) = REQUIRED]; 74} 75 76// Describes an event in the lifecycle of a payment transaction. 77message TransactionEvent { 78 // Enum that represents an event in the payment transaction lifecycle. 79 enum TransactionEventType { 80 // Default, unspecified event type. 81 TRANSACTION_EVENT_TYPE_UNSPECIFIED = 0; 82 83 // Indicates that the transaction is approved by the merchant. The 84 // accompanying reasons can include terms such as 'INHOUSE', 'ACCERTIFY', 85 // 'CYBERSOURCE', or 'MANUAL_REVIEW'. 86 MERCHANT_APPROVE = 1; 87 88 // Indicates that the transaction is denied and concluded due to risks 89 // detected by the merchant. The accompanying reasons can include terms such 90 // as 'INHOUSE', 'ACCERTIFY', 'CYBERSOURCE', or 'MANUAL_REVIEW'. 91 MERCHANT_DENY = 2; 92 93 // Indicates that the transaction is being evaluated by a human, due to 94 // suspicion or risk. 95 MANUAL_REVIEW = 3; 96 97 // Indicates that the authorization attempt with the card issuer succeeded. 98 AUTHORIZATION = 4; 99 100 // Indicates that the authorization attempt with the card issuer failed. 101 // The accompanying reasons can include Visa's '54' indicating that the card 102 // is expired, or '82' indicating that the CVV is incorrect. 103 AUTHORIZATION_DECLINE = 5; 104 105 // Indicates that the transaction is completed because the funds were 106 // settled. 107 PAYMENT_CAPTURE = 6; 108 109 // Indicates that the transaction could not be completed because the funds 110 // were not settled. 111 PAYMENT_CAPTURE_DECLINE = 7; 112 113 // Indicates that the transaction has been canceled. Specify the reason 114 // for the cancellation. For example, 'INSUFFICIENT_INVENTORY'. 115 CANCEL = 8; 116 117 // Indicates that the merchant has received a chargeback inquiry due to 118 // fraud for the transaction, requesting additional information before a 119 // fraud chargeback is officially issued and a formal chargeback 120 // notification is sent. 121 CHARGEBACK_INQUIRY = 9; 122 123 // Indicates that the merchant has received a chargeback alert due to fraud 124 // for the transaction. The process of resolving the dispute without 125 // involving the payment network is started. 126 CHARGEBACK_ALERT = 10; 127 128 // Indicates that a fraud notification is issued for the transaction, sent 129 // by the payment instrument's issuing bank because the transaction appears 130 // to be fraudulent. We recommend including TC40 or SAFE data in the 131 // `reason` field for this event type. For partial chargebacks, we recommend 132 // that you include an amount in the `value` field. 133 FRAUD_NOTIFICATION = 11; 134 135 // Indicates that the merchant is informed by the payment network that the 136 // transaction has entered the chargeback process due to fraud. Reason code 137 // examples include Discover's '6005' and '6041'. For partial chargebacks, 138 // we recommend that you include an amount in the `value` field. 139 CHARGEBACK = 12; 140 141 // Indicates that the transaction has entered the chargeback process due to 142 // fraud, and that the merchant has chosen to enter representment. Reason 143 // examples include Discover's '6005' and '6041'. For partial chargebacks, 144 // we recommend that you include an amount in the `value` field. 145 CHARGEBACK_REPRESENTMENT = 13; 146 147 // Indicates that the transaction has had a fraud chargeback which was 148 // illegitimate and was reversed as a result. For partial chargebacks, we 149 // recommend that you include an amount in the `value` field. 150 CHARGEBACK_REVERSE = 14; 151 152 // Indicates that the merchant has received a refund for a completed 153 // transaction. For partial refunds, we recommend that you include an amount 154 // in the `value` field. Reason example: 'TAX_EXEMPT' (partial refund of 155 // exempt tax) 156 REFUND_REQUEST = 15; 157 158 // Indicates that the merchant has received a refund request for this 159 // transaction, but that they have declined it. For partial refunds, we 160 // recommend that you include an amount in the `value` field. Reason 161 // example: 'TAX_EXEMPT' (partial refund of exempt tax) 162 REFUND_DECLINE = 16; 163 164 // Indicates that the completed transaction was refunded by the merchant. 165 // For partial refunds, we recommend that you include an amount in the 166 // `value` field. Reason example: 'TAX_EXEMPT' (partial refund of exempt 167 // tax) 168 REFUND = 17; 169 170 // Indicates that the completed transaction was refunded by the merchant, 171 // and that this refund was reversed. For partial refunds, we recommend that 172 // you include an amount in the `value` field. 173 REFUND_REVERSE = 18; 174 } 175 176 // Optional. The type of this transaction event. 177 TransactionEventType event_type = 1 [(google.api.field_behavior) = OPTIONAL]; 178 179 // Optional. The reason or standardized code that corresponds with this 180 // transaction event, if one exists. For example, a CHARGEBACK event with code 181 // 6005. 182 string reason = 2 [(google.api.field_behavior) = OPTIONAL]; 183 184 // Optional. The value that corresponds with this transaction event, if one 185 // exists. For example, a refund event where $5.00 was refunded. Currency is 186 // obtained from the original transaction data. 187 double value = 3 [(google.api.field_behavior) = OPTIONAL]; 188 189 // Optional. Timestamp when this transaction event occurred; otherwise assumed 190 // to be the time of the API call. 191 google.protobuf.Timestamp event_time = 4 192 [(google.api.field_behavior) = OPTIONAL]; 193} 194 195// The request message to annotate an Assessment. 196message AnnotateAssessmentRequest { 197 // Enum that represents the types of annotations. 198 enum Annotation { 199 // Default unspecified type. 200 ANNOTATION_UNSPECIFIED = 0; 201 202 // Provides information that the event turned out to be legitimate. 203 LEGITIMATE = 1; 204 205 // Provides information that the event turned out to be fraudulent. 206 FRAUDULENT = 2; 207 208 // Provides information that the event was related to a login event in which 209 // the user typed the correct password. Deprecated, prefer indicating 210 // CORRECT_PASSWORD through the reasons field instead. 211 PASSWORD_CORRECT = 3 [deprecated = true]; 212 213 // Provides information that the event was related to a login event in which 214 // the user typed the incorrect password. Deprecated, prefer indicating 215 // INCORRECT_PASSWORD through the reasons field instead. 216 PASSWORD_INCORRECT = 4 [deprecated = true]; 217 } 218 219 // Enum that represents potential reasons for annotating an assessment. 220 enum Reason { 221 // Default unspecified reason. 222 REASON_UNSPECIFIED = 0; 223 224 // Indicates that the transaction had a chargeback issued with no other 225 // details. When possible, specify the type by using CHARGEBACK_FRAUD or 226 // CHARGEBACK_DISPUTE instead. 227 CHARGEBACK = 1; 228 229 // Indicates that the transaction had a chargeback issued related to an 230 // alleged unauthorized transaction from the cardholder's perspective (for 231 // example, the card number was stolen). 232 CHARGEBACK_FRAUD = 8; 233 234 // Indicates that the transaction had a chargeback issued related to the 235 // cardholder having provided their card details but allegedly not being 236 // satisfied with the purchase (for example, misrepresentation, attempted 237 // cancellation). 238 CHARGEBACK_DISPUTE = 9; 239 240 // Indicates that the completed payment transaction was refunded by the 241 // seller. 242 REFUND = 10; 243 244 // Indicates that the completed payment transaction was determined to be 245 // fraudulent by the seller, and was cancelled and refunded as a result. 246 REFUND_FRAUD = 11; 247 248 // Indicates that the payment transaction was accepted, and the user was 249 // charged. 250 TRANSACTION_ACCEPTED = 12; 251 252 // Indicates that the payment transaction was declined, for example due to 253 // invalid card details. 254 TRANSACTION_DECLINED = 13; 255 256 // Indicates the transaction associated with the assessment is suspected of 257 // being fraudulent based on the payment method, billing details, shipping 258 // address or other transaction information. 259 PAYMENT_HEURISTICS = 2; 260 261 // Indicates that the user was served a 2FA challenge. An old assessment 262 // with `ENUM_VALUES.INITIATED_TWO_FACTOR` reason that has not been 263 // overwritten with `PASSED_TWO_FACTOR` is treated as an abandoned 2FA flow. 264 // This is equivalent to `FAILED_TWO_FACTOR`. 265 INITIATED_TWO_FACTOR = 7; 266 267 // Indicates that the user passed a 2FA challenge. 268 PASSED_TWO_FACTOR = 3; 269 270 // Indicates that the user failed a 2FA challenge. 271 FAILED_TWO_FACTOR = 4; 272 273 // Indicates the user provided the correct password. 274 CORRECT_PASSWORD = 5; 275 276 // Indicates the user provided an incorrect password. 277 INCORRECT_PASSWORD = 6; 278 279 // Indicates that the user sent unwanted and abusive messages to other users 280 // of the platform, such as spam, scams, phishing, or social engineering. 281 SOCIAL_SPAM = 14; 282 } 283 284 // Required. The resource name of the Assessment, in the format 285 // `projects/{project_number}/assessments/{assessment_id}`. 286 string name = 1 [ 287 (google.api.field_behavior) = REQUIRED, 288 (google.api.resource_reference) = { 289 type: "recaptchaenterprise.googleapis.com/Assessment" 290 } 291 ]; 292 293 // Optional. The annotation that will be assigned to the Event. This field can 294 // be left empty to provide reasons that apply to an event without concluding 295 // whether the event is legitimate or fraudulent. 296 Annotation annotation = 2 [(google.api.field_behavior) = OPTIONAL]; 297 298 // Optional. Reasons for the annotation that are assigned to the event. 299 repeated Reason reasons = 3 [(google.api.field_behavior) = OPTIONAL]; 300 301 // Optional. Unique stable hashed user identifier to apply to the assessment. 302 // This is an alternative to setting the `hashed_account_id` in 303 // `CreateAssessment`, for example, when the account identifier is not yet 304 // known in the initial request. It is recommended that the identifier is 305 // hashed using hmac-sha256 with stable secret. 306 bytes hashed_account_id = 4 [(google.api.field_behavior) = OPTIONAL]; 307 308 // Optional. If the assessment is part of a payment transaction, provide 309 // details on payment lifecycle events that occur in the transaction. 310 TransactionEvent transaction_event = 5 311 [(google.api.field_behavior) = OPTIONAL]; 312} 313 314// Empty response for AnnotateAssessment. 315message AnnotateAssessmentResponse {} 316 317// Password leak verification info. 318message PasswordLeakVerification { 319 // Optional. Scrypt hash of the username+password that the customer wants to 320 // verify against a known password leak. 321 bytes hashed_user_credentials = 1 [(google.api.field_behavior) = OPTIONAL]; 322 323 // Output only. Whether or not the user's credentials are present in a known 324 // leak. 325 bool credentials_leaked = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; 326 327 // Optional. The username part of the user credentials for which we want to 328 // trigger a leak check in canonicalized form. This is the same data used to 329 // create the hashed_user_credentials on the customer side. 330 string canonicalized_username = 3 [(google.api.field_behavior) = OPTIONAL]; 331} 332 333// A reCAPTCHA Enterprise assessment resource. 334message Assessment { 335 option (google.api.resource) = { 336 type: "recaptchaenterprise.googleapis.com/Assessment" 337 pattern: "projects/{project}/assessments/{assessment}" 338 }; 339 340 // Reasons contributing to the risk analysis verdict. 341 enum ClassificationReason { 342 // Default unspecified type. 343 CLASSIFICATION_REASON_UNSPECIFIED = 0; 344 345 // Interactions matched the behavior of an automated agent. 346 AUTOMATION = 1; 347 348 // The event originated from an illegitimate environment. 349 UNEXPECTED_ENVIRONMENT = 2; 350 351 // Traffic volume from the event source is higher than normal. 352 TOO_MUCH_TRAFFIC = 3; 353 354 // Interactions with the site were significantly different than expected 355 // patterns. 356 UNEXPECTED_USAGE_PATTERNS = 4; 357 358 // Too little traffic has been received from this site thus far to generate 359 // quality risk analysis. 360 LOW_CONFIDENCE_SCORE = 5; 361 362 // The request matches behavioral characteristics of a carding attack. 363 SUSPECTED_CARDING = 6; 364 365 // The request matches behavioral characteristics of chargebacks for fraud. 366 SUSPECTED_CHARGEBACK = 7; 367 } 368 369 // Output only. The resource name for the Assessment in the format 370 // `projects/{project_number}/assessments/{assessment_id}`. 371 string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; 372 373 // The event being assessed. 374 Event event = 2; 375 376 // Output only. Legitimate event score from 0.0 to 1.0. 377 // (1.0 means very likely legitimate traffic while 0.0 means very likely 378 // non-legitimate traffic). 379 float score = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; 380 381 // Output only. Properties of the provided event token. 382 TokenProperties token_properties = 4 383 [(google.api.field_behavior) = OUTPUT_ONLY]; 384 385 // Output only. Reasons contributing to the risk analysis verdict. 386 repeated ClassificationReason reasons = 5 387 [(google.api.field_behavior) = OUTPUT_ONLY]; 388 389 // Information about the user's credentials used to check for leaks. 390 // This feature is part of the Early Access Program (EAP). Exercise caution, 391 // and do not deploy integrations based on this feature in a production 392 // environment. 393 PasswordLeakVerification password_leak_verification = 7; 394 395 // Assessment returned by account defender when a hashed_account_id is 396 // provided. 397 AccountDefenderAssessment account_defender_assessment = 8; 398 399 // Assessment returned by Fraud Prevention when TransactionData is provided. 400 FraudPreventionAssessment fraud_prevention_assessment = 11; 401} 402 403message Event { 404 // Setting that controls Fraud Prevention assessments. 405 enum FraudPrevention { 406 // Default, unspecified setting. If opted in for automatic detection, 407 // `fraud_prevention_assessment` is returned based on the request. 408 // Otherwise, `fraud_prevention_assessment` is returned if 409 // `transaction_data` is present in the `Event` and Fraud Prevention is 410 // enabled in the Google Cloud console. 411 FRAUD_PREVENTION_UNSPECIFIED = 0; 412 413 // Enable Fraud Prevention for this assessment, if Fraud Prevention is 414 // enabled in the Google Cloud console. 415 ENABLED = 1; 416 417 // Disable Fraud Prevention for this assessment, regardless of opt-in 418 // status or the Google Cloud console settings. 419 DISABLED = 2; 420 } 421 422 // Optional. The user response token provided by the reCAPTCHA Enterprise 423 // client-side integration on your site. 424 string token = 1 [(google.api.field_behavior) = OPTIONAL]; 425 426 // Optional. The site key that was used to invoke reCAPTCHA Enterprise on your 427 // site and generate the token. 428 string site_key = 2 [(google.api.field_behavior) = OPTIONAL]; 429 430 // Optional. The user agent present in the request from the user's device 431 // related to this event. 432 string user_agent = 3 [(google.api.field_behavior) = OPTIONAL]; 433 434 // Optional. The IP address in the request from the user's device related to 435 // this event. 436 string user_ip_address = 4 [(google.api.field_behavior) = OPTIONAL]; 437 438 // Optional. The expected action for this type of event. This should be the 439 // same action provided at token generation time on client-side platforms 440 // already integrated with recaptcha enterprise. 441 string expected_action = 5 [(google.api.field_behavior) = OPTIONAL]; 442 443 // Optional. Unique stable hashed user identifier for the request. The 444 // identifier must be hashed using hmac-sha256 with stable secret. 445 bytes hashed_account_id = 6 [(google.api.field_behavior) = OPTIONAL]; 446 447 // Optional. Data describing a payment transaction to be assessed. Sending 448 // this data enables reCAPTCHA Enterprise Fraud Prevention and the 449 // FraudPreventionAssessment component in the response. 450 TransactionData transaction_data = 13 451 [(google.api.field_behavior) = OPTIONAL]; 452 453 // Optional. The Fraud Prevention setting for this Assessment. 454 FraudPrevention fraud_prevention = 17 455 [(google.api.field_behavior) = OPTIONAL]; 456} 457 458// Transaction data associated with a payment protected by reCAPTCHA Enterprise. 459message TransactionData { 460 // Structured address format for billing and shipping addresses. 461 message Address { 462 // The recipient name, potentially including information such as "care of". 463 string recipient = 1; 464 465 // The first lines of the address. The first line generally contains the 466 // street name and number, and further lines may include information such as 467 // an apartment number. 468 repeated string address = 2; 469 470 // The town/city of the address. 471 string locality = 3; 472 473 // The state, province, or otherwise administrative area of the address. 474 string administrative_area = 4; 475 476 // The CLDR country/region of the address. 477 string region_code = 5; 478 479 // The postal or ZIP code of the address. 480 string postal_code = 6; 481 } 482 483 // Details about a user's account involved in the transaction. 484 message User { 485 // Unique account identifier for this user. If using account defender, 486 // this should match the hashed_account_id field. Otherwise, a unique and 487 // persistent identifier for this account. 488 string account_id = 6; 489 490 // The epoch milliseconds of the user's account creation. 491 int64 creation_ms = 1; 492 493 // The email address of the user. 494 string email = 2; 495 496 // Whether the email has been verified to be accessible by the user (OTP or 497 // similar). 498 bool email_verified = 3; 499 500 // The phone number of the user, with country code. 501 string phone_number = 4; 502 503 // Whether the phone number has been verified to be accessible by the user 504 // (OTP or similar). 505 bool phone_verified = 5; 506 } 507 508 // Line items being purchased in this transaction. 509 message Item { 510 // The full name of the item. 511 string name = 1; 512 513 // The value per item that the user is paying, in the transaction currency, 514 // after discounts. 515 double value = 2; 516 517 // The quantity of this item that is being purchased. 518 int64 quantity = 3; 519 520 // When a merchant is specified, its corresponding account_id. Necessary to 521 // populate marketplace-style transactions. 522 string merchant_account_id = 4; 523 } 524 525 // Details about the transaction from the gateway. 526 message GatewayInfo { 527 // Name of the gateway service (for example, stripe, square, paypal). 528 string name = 1; 529 530 // Gateway response code describing the state of the transaction. 531 string gateway_response_code = 2; 532 533 // AVS response code from the gateway 534 // (available only when reCAPTCHA Enterprise is called after authorization). 535 string avs_response_code = 3; 536 537 // CVV response code from the gateway 538 // (available only when reCAPTCHA Enterprise is called after authorization). 539 string cvv_response_code = 4; 540 } 541 542 // Unique identifier for the transaction. This custom identifier can be used 543 // to reference this transaction in the future, for example, labeling a refund 544 // or chargeback event. Two attempts at the same transaction should use the 545 // same transaction id. 546 optional string transaction_id = 11; 547 548 // The payment method for the transaction. The allowed values are: 549 // 550 // * credit-card 551 // * debit-card 552 // * gift-card 553 // * processor-{name} (If a third-party is used, for example, 554 // processor-paypal) 555 // * custom-{name} (If an alternative method is used, for example, 556 // custom-crypto) 557 string payment_method = 1; 558 559 // The Bank Identification Number - generally the first 6 or 8 digits of the 560 // card. 561 string card_bin = 2; 562 563 // The last four digits of the card. 564 string card_last_four = 3; 565 566 // The currency code in ISO-4217 format. 567 string currency_code = 4; 568 569 // The decimal value of the transaction in the specified currency. 570 double value = 5; 571 572 // The value of shipping in the specified currency. 0 for free or no shipping. 573 double shipping_value = 12; 574 575 // Destination address if this transaction involves shipping a physical item. 576 Address shipping_address = 6; 577 578 // Address associated with the payment method when applicable. 579 Address billing_address = 7; 580 581 // Information about the user paying/initiating the transaction. 582 User user = 8; 583 584 // Information about the user or users fulfilling the transaction. 585 repeated User merchants = 13; 586 587 // Items purchased in this transaction. 588 repeated Item items = 14; 589 590 // Information about the payment gateway's response to the transaction. 591 GatewayInfo gateway_info = 10; 592} 593 594message TokenProperties { 595 // Enum that represents the types of invalid token reasons. 596 enum InvalidReason { 597 // Default unspecified type. 598 INVALID_REASON_UNSPECIFIED = 0; 599 600 // If the failure reason was not accounted for. 601 UNKNOWN_INVALID_REASON = 1; 602 603 // The provided user verification token was malformed. 604 MALFORMED = 2; 605 606 // The user verification token had expired. 607 EXPIRED = 3; 608 609 // The user verification had already been seen. 610 DUPE = 4; 611 612 // The user verification token did not match the provided site key. 613 // This may be a configuration error (for example, development keys used in 614 // production) or end users trying to use verification tokens from other 615 // sites. 616 SITE_MISMATCH = 5 [deprecated = true]; 617 618 // The user verification token was not present. It is a required input. 619 MISSING = 6; 620 621 // A retriable error (such as network failure) occurred on the browser. 622 // Could easily be simulated by an attacker. 623 BROWSER_ERROR = 7; 624 } 625 626 // Whether the provided user response token is valid. When valid = false, the 627 // reason could be specified in invalid_reason or it could also be due to 628 // a user failing to solve a challenge or a sitekey mismatch (i.e the sitekey 629 // used to generate the token was different than the one specified in the 630 // assessment). 631 bool valid = 1; 632 633 // Reason associated with the response when valid = false. 634 InvalidReason invalid_reason = 2; 635 636 // The timestamp corresponding to the generation of the token. 637 google.protobuf.Timestamp create_time = 3; 638 639 // The hostname of the page on which the token was generated. 640 string hostname = 4; 641 642 // Action name provided at token generation. 643 string action = 5; 644} 645 646// Assessment for Fraud Prevention. 647message FraudPreventionAssessment { 648 // Information about stolen instrument fraud, where the user is not the 649 // legitimate owner of the instrument being used for the purchase. 650 message StolenInstrumentVerdict { 651 // Probability (0-1) of this transaction being executed with a stolen 652 // instrument. 653 float risk = 1; 654 } 655 656 // Information about card testing fraud, where an adversary is testing 657 // fraudulently obtained cards or brute forcing their details. 658 message CardTestingVerdict { 659 // Probability (0-1) of this transaction attempt being part of a card 660 // testing attack. 661 float risk = 1; 662 } 663 664 // Information about behavioral trust of the transaction. 665 message BehavioralTrustVerdict { 666 // Probability (0-1) of this transaction attempt being executed in a 667 // behaviorally trustworthy way. 668 float trust = 1; 669 } 670 671 // Probability (0-1) of this transaction being fraudulent. Summarizes the 672 // combined risk of attack vectors below. 673 float transaction_risk = 1; 674 675 // Assessment of this transaction for risk of a stolen instrument. 676 StolenInstrumentVerdict stolen_instrument_verdict = 2; 677 678 // Assessment of this transaction for risk of being part of a card testing 679 // attack. 680 CardTestingVerdict card_testing_verdict = 3; 681 682 // Assessment of this transaction for behavioral trust. 683 BehavioralTrustVerdict behavioral_trust_verdict = 4; 684} 685 686// Account defender risk assessment. 687message AccountDefenderAssessment { 688 // Labels returned by account defender for this request. 689 enum AccountDefenderLabel { 690 // Default unspecified type. 691 ACCOUNT_DEFENDER_LABEL_UNSPECIFIED = 0; 692 693 // The request matches a known good profile for the user. 694 PROFILE_MATCH = 1; 695 696 // The request is potentially a suspicious login event and should be further 697 // verified either via multi-factor authentication or another system. 698 SUSPICIOUS_LOGIN_ACTIVITY = 2; 699 700 // The request matched a profile that previously had suspicious account 701 // creation behavior. This could mean this is a fake account. 702 SUSPICIOUS_ACCOUNT_CREATION = 3; 703 704 // The account in the request has a high number of related accounts. It does 705 // not necessarily imply that the account is bad but could require 706 // investigating. 707 RELATED_ACCOUNTS_NUMBER_HIGH = 4; 708 } 709 710 // Labels for this request. 711 repeated AccountDefenderLabel labels = 1; 712} 713