Mastercard

Mastercard Confirmed Fraud

The Fraud and Loss Database (FLD) is the Mastercard_repository for fraud transactions, and it serves as the source of truth for fraud information within the enterprise. As mentioned below, this platform currently provides multiple channels for submission and management of fraud records.

GitHub OpenAPI

Documentation

📖
Authentication
https://developer.mastercard.com/fld-fraud-submission/documentation/api-basics/#authentication
📖
Documentation
https://developer.mastercard.com/fld-fraud-submission/documentation/api-reference/

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/mastercard/refs/heads/main/properties/mastercard-confirmed-fraud-openapi.yml

Code Examples

💻
CodeExamples
https://developer.mastercard.com/fld-fraud-submission/documentation/reference-app/

Other Resources

🔗
ReleaseNotes
https://developer.mastercard.com/fld-fraud-submission/documentation/announcements/
🔗
Security
https://developer.mastercard.com/fld-fraud-submission/documentation/api-basics/#encryption
🔗
Sandbox
https://developer.mastercard.com/fld-fraud-submission/documentation/api-basics/#environment-descriptions
🔗
UseCases
https://developer.mastercard.com/fld-fraud-submission/documentation/use-cases/
🔗
Sandbox
https://developer.mastercard.com/fld-fraud-submission/documentation/use-cases/testing/
🔗
Tutorials
https://developer.mastercard.com/fld-fraud-submission/documentation/tutorials/
🔗
Errors
https://developer.mastercard.com/fld-fraud-submission/documentation/code-and-formats/
🔗
FAQ
https://developer.mastercard.com/fld-fraud-submission/documentation/support/#faq
🔗
Support
https://developer.mastercard.com/fld-fraud-submission/documentation/support/#get-help

OpenAPI Specification

mastercard-confirmed-fraud-openapi.yml Raw ↑ 
openapi: 3.0.3
info:
  title: Mastercard Confirmed Fraud
  description: >-
    The Fraud and Loss Database (FLD) is the Mastercard_repository for fraud
    transactions, and it serves as the source of truth for fraud information
    within the enterprise. As mentioned below, this platform currently provides
    multiple channels for submission and management of fraud records.
  contact:
    name: API Support
    email: [email protected]
    url: https://developer.mastercard.com/support
  version: 1.3.06
servers:
- url: https://api.mastercard.com/fld/confirmed-frauds
  description: Global Production server (uses live data)
- url: https://api.mastercard.co.in/fld/confirmed-frauds
  description: India Production server (uses live data)
- url: https://sandbox.api.mastercard.com/fld/confirmed-frauds
  description: Global Sandbox server (testing environment)
- url: https://sandbox.api.mastercard.co.in/fld/confirmed-frauds
  description: India Sandbox server (testing environment)
tags:
- name: Confirmed  Fraud  Management
- name: Confirmed  Fraud  Submission
- name: Fraud
- name: Ica
- name: Issuer
- name: Mastercard
- name: States
- name: Statuses
paths:
  /mastercard-frauds:
    post:
      tags:
      - Confirmed  Fraud  Submission
      - Mastercard
      operationId: submitMastercardFraud
      description: >-
        This endpoint allows the initiator to add a new fraud record using
        minimal input parameters for Mastercard built transactions. To submit a
        transaction as fraud, a match has to be found in the Mastercard
        transaction data repository(Data Warehouse).
      summary: >-
        Add a New Fraud Record Using Minimal Input Parameters for Mastercard Built Transactions.
      x-mastercard-api-encrypted: true
      requestBody:
        $ref: '#/components/requestBodies/FraudMastercardRequest'
      responses:
        '200':
          $ref: '#/components/responses/FraudAdditionException'
        '201':
          $ref: '#/components/responses/FraudAddition'
        '202':
          $ref: '#/components/responses/FraudAddAccepted'
        '400':
          $ref: '#/components/responses/BadRequestError'
        '401':
          $ref: '#/components/responses/UnauthorizedError'
        '403':
          $ref: '#/components/responses/ForbiddenError'
        '429':
          $ref: '#/components/responses/RateLimitExceededError'
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
    put:
      tags:
      - Confirmed  Fraud  Management
      - Mastercard
      operationId: updateMastercardFraud
      description: >-
        This endpoint allows the initiator to change an existing fraud record
        using minimal input parameters for Mastercard built transactions. The
        initiator can modify both successful and rejected fraud transactions and
        also modify transactions which are submitted via other channels such as
        GFT, file upload, and online.
      summary: >-
        Change an Existing Fraud Record Using Minimal Input Parameters for Mastercard Built Transactions.
      x-mastercard-api-encrypted: true
      requestBody:
        $ref: '#/components/requestBodies/FraudRequestChange'
      responses:
        '200':
          $ref: '#/components/responses/FraudDataChanged'
        '400':
          $ref: '#/components/responses/BadRequestError'
        '401':
          $ref: '#/components/responses/UnauthorizedError'
        '403':
          $ref: '#/components/responses/ForbiddenError'
        '429':
          $ref: '#/components/responses/RateLimitExceededError'
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /issuer-frauds:
    post:
      tags:
      - Confirmed  Fraud  Submission
      - Issuer
      operationId: submitIssuerFraud
      description: >-
        This endpoint allows the initiator to add a new fraud record using
        complete input parameters for both Mastercard and Issuer built
        transactions. The transaction will be looked up in the Mastercard
        transaction data repository (Data Warehouse) and if a match is found, it
        is submitted as a Mastercard built fraud record. If no match is found,
        the transaction will be submitted as an Issuer built fraud record.
      summary: >-
        Add a New Fraud Record Using Complete Input Parameters for Both Mastercard and Issuer Built Transactions.
      x-mastercard-api-encrypted: true
      requestBody:
        $ref: '#/components/requestBodies/FraudIssuerRequest'
      responses:
        '200':
          $ref: '#/components/responses/FraudIssuerAdditionException'
        '201':
          $ref: '#/components/responses/FraudIssuerAddition'
        '400':
          $ref: '#/components/responses/BadRequestError'
        '401':
          $ref: '#/components/responses/UnauthorizedError'
        '403':
          $ref: '#/components/responses/ForbiddenError'
        '429':
          $ref: '#/components/responses/RateLimitExceededError'
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
    put:
      tags:
      - Confirmed  Fraud  Management
      - Issuer
      operationId: updateIssuerFraud
      description: >-
        This endpoint allows the initiator to change an existing fraud record
        using complete input parameters for both Mastercard and Issuer built
        transactions. The initiator can modify both successful and rejected
        fraud transactions and also modify transactions which are submitted via
        other channels such as GFT, file upload, and online.
      summary: >-
        Change an Existing Fraud Record Using Complete Input Parameters for Both Mastercard and Issuer Built Transactions.
      x-mastercard-api-encrypted: true
      requestBody:
        $ref: '#/components/requestBodies/FraudIssuerRequestChange'
      responses:
        '200':
          $ref: '#/components/responses/FraudIssuerDataChanged'
        '400':
          $ref: '#/components/responses/BadRequestError'
        '401':
          $ref: '#/components/responses/UnauthorizedError'
        '403':
          $ref: '#/components/responses/ForbiddenError'
        '429':
          $ref: '#/components/responses/RateLimitExceededError'
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /fraud-states:
    put:
      tags:
      - Fraud
      - States
      operationId: fraudState
      description: >-
        This endpoint allows the initiator to delete an existing fraud record or
        confirm a suspended fraud record for both Mastercard and Issuer built
        transactions. Operation type FDD will delete existing fraud records from
        FLD, irrespective of the fraud state i.e., success / rejected /
        suspended. And operation type FDE will confirm an existing fraud record
        which was suspended due to reasons such as potential duplicates, billing
        variance, suspicious amounts, etc.
      summary: >-
        Delete an Existing Fraud Record or Confirm a Suspended Fraud Record for Both Mastercard and Issuer Built Transactions.
      requestBody:
        $ref: '#/components/requestBodies/FraudStateRequest'
      responses:
        '200':
          $ref: '#/components/responses/FraudStateChanged'
        '400':
          $ref: '#/components/responses/BadRequestError'
        '401':
          $ref: '#/components/responses/UnauthorizedError'
        '403':
          $ref: '#/components/responses/ForbiddenError'
        '429':
          $ref: '#/components/responses/RateLimitExceededError'
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /fraud-statuses/icas/{ica}:
    get:
      tags:
      - Fraud
      - Ica
      - Statuses
      operationId: fraudRequestStatus
      description: >-
        This endpoint allows the initiator to get the status of an existing
        fraud record using combination of ICA, Ref ID & ACN, for both Mastercard
        and Issuer built transactions. The initiator can get status of fraud
        transaction submitted via any channel GFT, File upload, Online & API.
      summary: >-
        Get Status of an Existing Fraud Record for Both Mastercard and Issuer Built Transactions.
      parameters:
      - $ref: '#/components/parameters/ICA'
      - $ref: '#/components/parameters/Ref_Id'
      - $ref: '#/components/parameters/ACN'
      responses:
        '200':
          $ref: '#/components/responses/FraudStatusResponse'
        '400':
          $ref: '#/components/responses/FraudStatusBadRequestError'
        '429':
          $ref: '#/components/responses/RateLimitExceededError'
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
components:
  parameters:
    ICA:
      name: ica
      in: path
      required: true
      schema:
        type: string
        minLength: 3
        maxLength: 7
      example: '1076'
      description: >-
        Refers to the ICA of the fraud record which needs to be searched for its
        status. It is mandatory parameter along with Ref ID or ACN..
    Ref_Id:
      name: ref_id
      in: query
      schema:
        type: string
        minLength: 36
        maxLength: 36
        example: ecb2d942-eabd-42b6-87fd-69c19692bdc6
      description: >-
        Refers to the reference ID of the API call which was used to submit
        fraud record. This is optional parameter if ACN is present in the
        request.
    ACN:
      name: acn
      in: query
      schema:
        type: string
        minLength: 15
        maxLength: 15
        example: '418142102142002'
      description: >-
        Refers to the ACN of the fraud record whose status is to be fetched.
        This is optional parameter for record submitted through APIs.
  schemas:
    APIDataElement:
      required:
      - refId
      - timestamp
      - icaNumber
      type: object
      properties:
        refId:
          description: >-
            Unique identification generated by the transaction originator using
            UUID logic to unambiguously link a request and response message.
          type: string
          minLength: 36
          maxLength: 36
          example: ecb2d942-eabd-42b6-87fd-69c19692bdc6
        timestamp:
          type: string
          description: >-
            Timestamp of the request initiation by the originator in the format
            'YYYY-MM-DDThh:mm:ss:mmm+hh:mm'. The value of '+hh:mm' portion
            should always be '-05:00' or '-06:00' reflecting CST time.
          minLength: 25
          maxLength: 25
          example: '2021-02-02T02:34:37-06:00'
        icaNumber:
          description: >-
            ICA number of the Issuer or Acquirer initiating the fraud submission
            request.
          type: string
          minLength: 3
          maxLength: 7
          example: '1076'
        issuerSCAExemption:
          description: >-
            Issuer SCA (Strong Customer Authentication) Exemption value. Please
            refer to [Table
            16](https://developer.mastercard.com/fld-fraud-submission/documentation/parameters/annexure-1/#table-16-issuer-sca-strong-customer-authentication-exemption)
            for possible values.
          type: string
          minLength: 1
          maxLength: 2
          example: '09'
    MastercardFraud:
      allOf:
      - $ref: '#/components/schemas/APIDataElement'
      - type: object
        required:
        - providerId
        - transactionIdentifiers
        - cardNumber
        - transactionAmount
        - transactionDate
        - fraudTypeCode
        - accountDeviceType
        - cardInPossession
        properties:
          providerId:
            $ref: '#/components/schemas/SafeFraudProvider'
          transactionIdentifiers:
            type: array
            items:
              $ref: '#/components/schemas/TransactionIdentifier'
          cardNumber:
            description: >-
              Cardholder account number used in the fraudulent transaction.
              Card number to be verified through Luhn's algorithm.
            type: string
            minLength: 12
            maxLength: 19
            example: '5505135664572870000'
          transactionAmount:
            description: >-
              Transaction amount at the merchant location (without any
              decimals).
            type: string
            minLength: 1
            maxLength: 12
            example: '10350'
          transactionDate:
            description: >-
              Local date at the merchant location when the transaction
              occurred. Format is 'YYYYMMDD'.
            type: string
            minLength: 8
            maxLength: 8
            pattern: ^\d{4}(0[1-9]|1[012])(0[1-9]|[12][0-9]|3[01])$
            example: '20210115'
          fraudPostedDate:
            description: >-
              Date on which the fraud is posted in FLD by the originator.
              Format is 'YYYYMMDD'.It is optional field, if not provided FLD
              System will save it as System date.
            type: string
            minLength: 8
            maxLength: 8
            pattern: ^\d{4}(0[1-9]|1[012])(0[1-9]|[12][0-9]|3[01])$
            example: '20210120'
          fraudTypeCode:
            description: >-
              Code identifying the reason the originator submitted the
              transaction as fraud in FLD. Please refer to [Table
              1](https://developer.mastercard.com/fld-fraud-submission/documentation/parameters/annexure-1/#table-1-fraud-type-codes)
              for possible values.
            type: string
            minLength: 2
            maxLength: 2
            example: '04'
          fraudSubTypeCode:
            description: >-
              Code to further identify the reason that the originator
              submitted the transaction as a fraud in FLD. This attribute is
              mandatory for the Issuer but optional for the Acquirer. Please
              refer to [Table
              2](https://developer.mastercard.com/fld-fraud-submission/documentation/parameters/annexure-1/#table-2-fraud-sub-type-codes)
              for possible values.
            type: string
            minLength: 1
            maxLength: 1
            example: U
          accountDeviceType:
            description: >-
              Indicates if the account uses a magnetic stripe, chip, pin,
              contactless or any combination thereof. Please refer to [Table
              3](https://developer.mastercard.com/fld-fraud-submission/documentation/parameters/annexure-1/#table-3-account-device-type-codes)
              for possible values.
            type: string
            minLength: 1
            maxLength: 1
            example: '1'
          cardholderReportedDate:
            description: >-
              Date on which the cardholder had reported the fraud. Format is
              'YYYYMMDD'.
            type: string
            minLength: 8
            maxLength: 8
            pattern: ^\d{4}(0[1-9]|1[012])(0[1-9]|[12][0-9]|3[01])$
            example: '20210118'
          cardInPossession:
            description: >-
              Flag to indicate if the card holder was in possession of the
              card at the time the fraud occurred. Possible values are 'Y',
              'N' and 'U' (for Unknown).
            type: string
            minLength: 1
            maxLength: 1
            example: 'N'
          avsResponseCode:
            description: >-
              The Address Verification Service response code in the
              Authorization Request Response. Please refer to [Table
              4](https://developer.mastercard.com/fld-fraud-submission/documentation/parameters/annexure-1/#table-4-avs-response-codes)
              for possible values.
            type: string
            minLength: 1
            maxLength: 1
            example: U
          authResponseCode:
            description: >-
              Indicates the result of the authorization request. Please refer
              to [Table
              5](https://developer.mastercard.com/fld-fraud-submission/documentation/parameters/annexure-1/#table-5-authorization-response-codes)
              for possible values.
            type: string
            minLength: 2
            maxLength: 2
            example: '01'
          memo:
            description: >-
              Brief description by the originator providing some comment
              supporting the action.
            type: string
            minLength: 1
            maxLength: 1000
            example: This is a sample FDA minimal request.
    IssuerFraud:
      allOf:
      - $ref: '#/components/schemas/APIDataElement'
      - type: object
        required:
        - acquirerId
        - transactionIdentifiers
        - cardNumber
        - fraudTypeCode
        - fraudSubTypeCode
        - cardProductCode
        - transactionDate
        - settlementDate
        - transactionAmount
        - transactionCurrencyCode
        - billingAmount
        - billingCurrencyCode
        - merchantId
        - merchantName
        - merchantCity
        - merchantCountryCode
        - merchantPostalCode
        - merchantCategoryCode
        - terminalAttendanceIndicator
        - terminalId
        - terminalOperatingEnvironment
        - cardholderPresenceIndicator
        - cardPresenceIndicator
        - cardInPossession
        - catLevelIndicator
        - terminalCapabilityIndicator
        - posEntryMode
        - cvcInvalidIndicator
        - avsResponseCode
        - authResponseCode
        - accountDeviceType
        properties:
          acquirerId:
            description: Acquirer identification number (ICA number) for the transaction.
            type: string
            minLength: 3
            maxLength: 7
            example: '5450'
          transactionIdentifiers:
            type: array
            items:
              $ref: '#/components/schemas/TransactionIdentifier'
          cardNumber:
            description: >-
              Cardholder account number used in the fraudulent transaction.
              Card number to be verified through Luhn's algorithm.
            type: string
            minLength: 12
            maxLength: 19
            example: '5505135664572870000'
          fraudTypeCode:
            description: >-
              Code identifying the reason the originator submitted the
              transaction as fraud in FLD. Please refer to [Table
              1](https://developer.mastercard.com/fld-fraud-submission/documentation/parameters/annexure-1/#table-1-fraud-type-codes)
              for possible values.
            type: string
            minLength: 2
            maxLength: 2
            example: '04'
          fraudSubTypeCode:
            description: >-
              Code to further identify the reason that the originator
              submitted the transaction as fraud in FLD. Please refer to
              [Table
              2](https://developer.mastercard.com/fld-fraud-submission/documentation/parameters/annexure-1/#table-2-fraud-sub-type-codes)
              for possible values.
            type: string
            minLength: 1
            maxLength: 1
            example: U
          cardProductCode:
            description: >-
              Value identifying the type of card used in the transaction.
              Please refer to [Card Type Codes
              table](https://developer.mastercard.com/fld-fraud-submission/documentation/parameters/annexure-2/)
              for possible values.
            type: string
            minLength: 3
            maxLength: 3
            example: MSI
          transactionDate:
            description: >-
              Local date at the merchant location when the transaction
              occurred. Format is 'YYYYMMDD'.
            type: string
            minLength: 8
            maxLength: 8
            pattern: ^\d{4}(0[1-9]|1[012])(0[1-9]|[12][0-9]|3[01])$
            example: '20210115'
          settlementDate:
            description: Settlement date of transaction reported. Format is 'YYYYMMDD'.
            type: string
            minLength: 8
            maxLength: 8
            pattern: ^\d{4}(0[1-9]|1[012])(0[1-9]|[12][0-9]|3[01])$
            example: '20210116'
          fraudPostedDate:
            description: >-
              Date on which the fraud is posted in FLD by the originator.
              Format is 'YYYYMMDD'. It is optional field, if not provided FLD
              System will save it as System date.
            type: string
            minLength: 8
            maxLength: 8
            pattern: ^\d{4}(0[1-9]|1[012])(0[1-9]|[12][0-9]|3[01])$
            example: '20210120'
          cardholderReportedDate:
            description: >-
              Date on which the cardholder had reported the fraud. Format is
              'YYYYMMDD'.
            type: string
            minLength: 8
            maxLength: 8
            pattern: ^\d{4}(0[1-9]|1[012])(0[1-9]|[12][0-9]|3[01])$
            example: '20210118'
          transactionAmount:
            description: >-
              Transaction amount at the merchant location (without any
              decimals).
            type: string
            minLength: 1
            maxLength: 12
            example: '10350'
          transactionCurrencyCode:
            description: >-
              Code defining the currency used for the transaction amount. The
              code should be part of the numeric ISO Standard Currency Codes
              list.
            type: string
            minLength: 3
            maxLength: 3
            example: '826'
          billingAmount:
            description: >-
              Amount appearing on the cardholder statement in the cardholder's
              billing currency (without any decimals).
            type: string
            minLength: 1
            maxLength: 12
            example: '10350'
          billingCurrencyCode:
            description: >-
              Code defining the currency used for the billing amount. The code
              should be part of the numeric ISO Standard Currency Codes list.
            type: string
            minLength: 3
            maxLength: 3
            example: '826'
          merchantId:
            description: >-
              Card acceptor / merchant's unique identification number,
              assigned by the Acquirer.
            type: string
            minLength: 1
            maxLength: 15
            example: A42E51982100100
          merchantName:
            description: Name of the card acceptor.
            type: string
            minLength: 1
            maxLength: 22
            example: BANKNEWPORT
          merchantCity:
            description: City in which the merchant is located.
            type: string
            minLength: 1
            maxLength: 13
            example: PHOENIX
          merchantStateProvinceCode:
            description: >-
              If the card acceptor/merchant is in the US, the state in which
              it is located.
            type: string
            minLength: 2
            maxLength: 3
            example: AZ
          merchantCountryCode:
            description: Indicates the country in which the merchant is located.
            type: string
            minLength: 3
            maxLength: 3
            example: USA
          merchantPostalCode:
            description: Postal code at the merchant location.
            type: string
            minLength: 1
            maxLength: 10
            example: '85001'
          merchantCategoryCode:
            description: Card acceptor business code / merchant category code.
            type: string
            minLength: 4
            maxLength: 4
            example: '6011'
          terminalAttendanceIndicator:
            description: >-
              Indicates if the card acceptor was attending the terminal at the
              time of transaction. Please refer to [Table
              12](https://developer.mastercard.com/fld-fraud-submission/documentation/parameters/annexure-1/#table-12-terminal-attendance-indicator)
              for possible values.
            type: string
            minLength: 1
            maxLength: 1
            example: '1'
          terminalId:
            description: >-
              Unique code identifying a terminal at the card acceptor
              (merchant) location.
            type: string
            minLength: 1
            maxLength: 8
            example: 5055D305
          terminalOperatingEnvironment:
            description: >-
              Indicates whether the card acceptor is attending the terminal
              and the location of the terminal. Please refer to [Table
              13](https://developer.mastercard.com/fld-fraud-submission/documentation/parameters/annexure-1/#table-13-terminal-operating-environment)
              for possible values.
            type: string
            minLength: 1
            maxLength: 1
            example: '4'
          cardholderPresenceIndicator:
            description: >-
              Indicates whether the cardholder is present at the point of
              service and explains the condition if the cardholder is not
              present. Please refer to [Table
              6](https://developer.mastercard.com/fld-fraud-submission/documentation/parameters/annexure-1/#table-6-cardholder-presence-indicator)
              for possible values.
            type: string
            minLength: 1
            maxLength: 1
            example: '5'
          cardPresenceIndicator:
            description: >-
              Indicates whether the card was present at the point of service.
              Please refer to [Table
              7](https://developer.mastercard.com/fld-fraud-submission/documentation/parameters/annexure-1/#table-7-card-present-indicator)
              for possible values.
            type: string
            minLength: 1
            maxLength: 1
            example: '1'
          cardInPossession:
            description: >-
              Flag to indicate if the card holder was in possession of the
              card at the time the fraud occurred. Possible values are 'Y',
              'N' and 'U' (for Unknown).
            type: string
            minLength: 1
            maxLength: 1
            example: 'N'
          catLevelIndicator:
            description: >-
              Indicates whether the cardholder activated the terminal with the
              use of the card and the CAT security level. Please refer to
              [Table
              9](https://developer.mastercard.com/fld-fraud-submission/documentation/parameters/annexure-1/#table-9-cardholder-activated-terminal-level-indicator)
              for possible values.
            type: string
            minLength: 1
            maxLength: 1
            example: '1'
          terminalCapabilityIndicator:
            description: >-
              Indicates the terminal capability for transferring the data on
              the card into the terminal. Please refer to [Table
              14](https://developer.mastercard.com/fld-fraud-submission/documentation/parameters/annexure-1/#table-14-terminal-input-capability-indicator)
              for possible values.
            type: string
            minLength: 1
            maxLength: 1
            example: '5'
          electronicCommerceIndicator:
            description: >-
              Indicates the security protocol and authentication of the
              transaction. Mandatory if CAT Level = 6. Please refer to [Table
              10](https://developer.mastercard.com/fld-fraud-submission/documentation/parameters/annexure-1/#table-10-electronic-commerce-security-level-indicator)
              for possible values.
            type: string
            minLength: 1
            maxLength: 2
            example: '24'
          posEntryMode:
            description: >-
              Indicates how the PAN was entered at the terminal. Please refer
              to [Table
              8](https://developer.mastercard.com/fld-fraud-submission/documentation/parameters/annexure-1/#table-8-pos-entry-mode)
              for possible values.
            type: string
            minLength: 2
            maxLength: 2
            example: '05'
          cvcInvalidIndicator:
            description: >-
              Indicates whether the CVC was valid when authorization was
              attempted. Please refer to [Table
              15](https://developer.mastercard.com/fld-fraud-submission/documentation/parameters/annexure-1/#table-15-card-validation-code-cvc-indicator)
              for possible values.
            type: string
            minLength: 1
            maxLength: 1
            example: M
          avsResponseCode:
            description: >-
              The Address Verification Service response code in the
              Authorization Request Response. Please refer to [Table
              4](https://developer.mastercard.com/fld-fraud-submission/documentation/parameters/annexure-1/#table-4-avs-response-codes)
              for possible values.
            type: string
            minLength: 1
            maxLength: 1
            example: U
          authResponseCode:
            description: >-
              Indicates the result of the authorization request. Please refer
              to [Table
              5](https://developer.mastercard.com/fld-fraud-submission/documentation/parameters/annexure-1/#table-5-authorization-response-codes)
              for possible values.
            type: string
            minLength: 2
            maxLength: 2
            example: '01'
          secureCode:
            description: >-
              Indicates the type of security processing used for the PIN data.
              Mandatory if ecommerce indicator = 21 or 22. Please refer to
              [Table
              11](https://developer.mastercard.com/fld-fraud-submission/documentation/parameters/annexure-1/#table-11-secure-code)
              for possible values.
            type: string
            minLength: 1
            maxLength: 1
            example: '9'
          accountDeviceType:
            description: >-
              Indicates if the account uses a magnetic stripe, chip, pin,
              contactless or any combination thereof. Please refer to [Table
              3](https://developer.mastercard.com/fld-fraud-submission/documentation/parameters/annexure-1/#table-3-account-device-type-codes)
              for possible values.
            type: string
            minLength: 1
            maxLength: 1
            example: '1'
          acquirerRoutingTransitNumber:
            description: >-
              The identification number of the merchant's acquirer. Applicable
              for a single message transaction. Mandatory if an acquirer ICA
              value is '9999999'.
            type: string
            minLength: 10
            maxLength: 10
            example: '1790018674'
          issuerRoutingTransitNumber:
            description: >-
              The identification number of the issuing institution. Applicable
              for a single message transaction. Mandatory if an issuer ICA
              value is '9999999'.
            type: string
            minLength: 10
            maxLength: 10
            example: '1231380159'
          transactionIndicator:
            description: >-
              Indicates whether the transaction was initiated by the
              cardholder or the merchant as well as providing more detail as
              to the type of stored credentials being used for the
              transaction. Please refer to [Table
              17](https://developer.mastercard.com/fld-fraud-submission/documentation/parameters/annexure-1/#table-17-cardholder-merchant-initiated-transaction-indicator)
              for possible values.
            type: string
            minLength: 4
            maxLength: 4
            example: M101
          memo:
            description: >-
              Brief description by the originator providing some comment
              supporting the action.
            type: string
            minLength: 1
            maxLength: 1000
            example: This is a sample FDA complete request.
    UpdatedMastercardFraud:
      allOf:
      - $ref: '#/components/schemas/APIDataElement'
      - type: object
        required:
        - providerId
        - auditControlNumber
        properties:
          providerId:
            $ref: '#/components/schemas/SafeFraudProvider'
          auditControlNumber:
            description: >-
              Unique number

# --- truncated at 32 KB (84 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/mastercard/refs/heads/main/openapi/mastercard-confirmed-fraud-openapi.yml