Learn how we handle the orders we detect as potentially fraudulent and how you help us in this process.
When we find suspicious orders, we ask you to delay the shipment so that we can perform a manual assessment and come to a resolution. While the assessment occurs, we set the orders' status to pending.
This functionality is only available for merchants in the US and UK and isn't enabled by default, so we have to activate the functionality for each account.
In a nutshell, the pending orders process implies:
Once your customer pays with Klarna and an order is created, we perform a fraud assessment. This step is reflected in the order through the parameter fraud_status
, with the possible values of ACCEPTED
, REJECTED
, or PENDING
.
If the fraud_status
parameter is set to PENDING
, the order is under fraud assessment. We put it on hold and ask you not to ship it until we finish the order review.
During this step, you have to notify your customer that the order is in progress and the shipment won't occur immediately.
Usually, the assessment process takes us from 4 to 8 business hours, but it could last a maximum of 24 hours.
After we complete the assessment, the fraud_status
parameter in the order is set to ACCEPTED
or REJECTED
, depending on our resolution.
When we have the assessment resolution, we'll inform you through HTTP push notifications. We send a POST
request to the notification URL you included when initiating a payment.
The body of the POST
request includes the order_id
, the timestamp of the decision in this date format, and one of the following events:
FRAUD_RISK_ACCEPTED
: An order was accepted after the assessment.FRAUD_RISK_REJECTED
: An order was rejected after the assessment.When you have pending orders activated, the two possible initial values for the fraud_status
parameter are:
ACCEPTED
: We automatically accepted the order when it was created.PENDING
: We're waiting for the fraud assessment. After the assessment, the fraud_status
parameter can change from PENDING
to the FRAUD_RISK_ACCEPTED
or FRAUD_RISK_REJECTED
status.
We'll send you push notifications about the assessment when the fraud_status
changes. We send the notifications every 10 minutes for 24 hours or until you reply to our POST
request with a 200
code. After 24 hours, we stop sending notifications.
The following is an example of a notification for an accepted order after a fraud assessment:
We highly recommend you validate the notification. You can check the details of your order and confirm that the fraud_status
parameter matches the notification.
You can override our resolution of the fraud assessment and reject an order we accepted or, the other way around, accept an order we rejected.
To reject an order we accepted, you simply send an API request to cancel the order.
To accept an order we rejected, you have to capture it within 4 hours after receiving the POST
request and send an API request to capture the order.
By accepting an order we rejected, you take over any fraud risk related to the order. Besides, if you don't capture the order within 4 hours, we'll cancel the order.