Anti-Fraud solutions Carat Portal Integration


Carat Portal is a multi-service payment gateway, capable of processing credit card transactions, bank transfers, invoice generations, integration with mobile payment options, among other services that can be easily added to the platform.

Carat Portal integrates anti-fraud solutions by including risk analysis on the payment process.

Anti-fraud service is supplied by HTML Payment Interface and is integrated with several risk analysis institutions. Thus, in case merchant enables anti-fraud service, each payment only will be confirmed if the chosen risk analysis institution approves the payment.

And to learn more about these nomenclatures (Bin, Software Express, Carat, e-Sitef) Learn more

Required credentials#

Carat Portal has integration with many risk analysis institutions. Thus, the merchant can choose with who will do risk analysis. Once select the risk analysis institution, the merchant should contact this institution and ask for required credentials. Credentials can differ depending of institution. After that the merchant should send these credentials to Carat Portal support that will register this data. Anti-fraud service configuration on merchant’s payments only be possible after credentials registered on Carat Portal production environment.

It is important remember to configure expiry time and the action that will be executed after that time expired. This configuration must be registered on Merchant’s Portal. Learn more.

For more information about the required credentials, read the chapter corresponding to the desired antifraud institution.


The anti-fraud analysis functionality can be used on the following Carat Portal interfaces:

CyberSourceClearSaleKondutoFraud Detect
HTML PaymentX(*)X(*)X(*)X(*)
REST Pre-AuthorizationXXXX
HTML Pre-AuthorizationX(*)X(*)X(*)X(*)
Payment link - PortalXXXX
(*): If payer, shipment and billing_data structures are provided in the HTML call, they will not be requested in the checkout screen.

Attention: For PRE-AUTHORIZATION transactions with risk analysis (anti-fraud) and not-SiTef routings, attention should be paid to the scenarios in which the risk analysis is carried out AFTER pre-authorization. In these scenarios, the pre-authorization transaction is confirmed regardless of the result of the risk analysis, and it is up to the merchant to decide - in light of the anti-fraud assessment - whether to effect its capture or not. The same is true for cases in which the risk analysis of the transaction is referred to a manual review by the anti-fraud institution.

Therefore the risk analysis cannot be used with the features below:

  • Recharge
  • Split

Because the nature of the flow, the payment methods below are not allowed to be used with risk analysis:

  • Banco do Brasil
  • e-Commerce Cielo 1.5 (NPC)
  • Itaú Shopline
  • MercadoPago
  • PagSeguro
  • PayPal

Debit Card#

For payments made with a debit card, the anti-fraud flow with the flag after auth does not apply.

Attention: It is important that the merchant sends as much information as he can when using Carat Portal's anti-fraud services. The quality of this information will directly and cumulatively affect the quality of the fraud analysis, bringing direct benefits to the merchant.