Skip to main content
The rule sets that you have defined in Real-Time Decisioning may generate false positives where genuine transactions were incorrectly declined. You may also have false negatives where fraudulent transactions were incorrectly authorized. The /fraud endpoint allows you to inform the Real-Time Decisioning of both false positives and false negatives to help refine the accuracy of your RiskControl rule sets and prevent them from occurring for future transactions.

Reporting false negatives

Reporting false negatives allows you to create fraud labels to inform rule performance and optimization, as well as to create dashboards for fraud reporting. Use the /fraud endpoint to report false negatives. For details on the /fraud endpoint, see Fraud Feedback API Reference.

Reporting false positives

Reporting a false positive informs the Real-Time Decisioning that the affected transaction was genuine and allows you to override any rules that may have triggered a false flag. When you find a false positive:
  • Report the false positive using the /fraud endpoint.
  • Override the rule sets that declined the transaction so the cardholder can successfully complete a second transaction.

Suppressing rules

Before you can temporarily override a false positive using the /fraud endpoint, you must complete the following steps to suppress any rules that you want Marqeta to overlook when the affected cardholder makes another transaction:
1
Locate the MQ_RuleSuppressionEnabled feature in the Feature Platform section of the Real-Time Decisioning platform. This feature is a boolean flag that can be used with any existing rule to check if rule suppression is enabled for the cardholder. If you need help locating this feature, contact your Marqeta product support team.
2
Set an additional condition MQ_RuleSuppressionEnabled = false for each rule that you want to be suppressed when the cardholder retries the transaction.
If you want to suppress all rules, you must create a new rule with the following conditions:
  • event_type = TRANSACTION_RT
  • MQ_RuleSuppressionEnabled = true
  • primary action = ACCEPT

Overriding a declined transaction

The following shows the sequence for temporarily overriding a false positive using the /fraud endpoint:
1
The cardholder uses a card for purchase, initiating an authorization transaction.
2
The network sends the transaction to Marqeta. A TRANSACTION_RT event is generated, triggering a rule that results in a risk-no-review (decline) state.
3
Marqeta informs your system that the transaction was declined because a Real-Time Decisioning rule was triggered.
4
Your team notifies the cardholder that their transaction has been tagged as risky and has been declined.
5
The cardholder notifies you that they meant to make the purchase.
6
Your team uses the /fraud endpoint to notify Marqeta of the false positive. For example:
JSON
curl --location --request POST 'https://demo-api.marqeta.com/v3/fraud' \
--header 'Authorization: Basic <token> \
--header 'Content-Type: application/json' \
--data-raw '{
   "transaction_token" : "da374dce-ad6f-4bec-ade7-7f61f9x8db0",
   "is_fraud":false,
   "status": "CONFIRMED",
   "actor": "UNKNOWN",
   "amount": "1.23"
}'
7
Real-time Decisioning updates state to allow the next transaction to succeed, updating the state of CARD_FRAUD to false.
8
The next transaction coming in from the same user and card will then be allowed through Real-Time Decisioning.
9
Marqeta notifies you that the false positive state has been updated to accept the next transaction. Your team tells the cardholder they can try again.
10
The cardholder uses the card at the POS again within 10 minutes of the initial CARD_FRAUD event, the TRANSACTION_RT is evaluated as no-risk, and the transaction succeeds. If you want to configure a different time frame than the 10-minute default, edit the MQ_RuleSuppressionEnabled feature and change the time frame from 600000 to your desired number, in milliseconds.

Related topics

Fraud FeedbackFraud IntelligenceRelease NotesAuthorizations and Clearings ComparisonRiskControl Overview