**Last updated**: 30 September 2025 | [**Change log**](/products/fraudsight/changelog/)

# Fraud assessment

`POST` your request to the `fraudsight:assess` action link.

## Assessment example request

POST  `https://try.access.worldpay-bsh.securedataplatform.com/fraudsight/assessment`

Risk assessment request body:

Card
Token
Network token
Card (masked)
Card + SCA Exemption request
## Schema

Full [API Reference here](/products/fraudsight/openapi)

## Assessment responses

Best practice
We return a `WP-CorrelationId` in the headers of service responses. We highly recommend you log this. The `WP-CorrelationId` is used by us to examine individual service requests.

Manual rules - highRisk
When manually created risk assessment rules are triggered, the `score` is ignored. It is therefore possible to see an assessment with a low score but still with a `highRisk` outcome.

You can see the full response schema in the [API reference](/products/fraudsight/openapi/other/assessment#other/assessment/response&c=200).

The response contains the outcome of your `assessment` request.

lowRisk
    {
        "outcome": "lowRisk",
        "transactionReference": "123456",
        "score": 44.2,
        "riskProfile": {
            "href": "https://access.worldpay-bsh.securedataplatform.com/riskprofile/eyJrIjoxLCJkIjoialRBL0FFelBzcnZ"
        }
    }
highRisk
    {
        "outcome": "highRisk",
        "transactionReference": "123456",
        "reason": [
            "Recent unexpected card activity"
        ],
        "score": 97.4,
        "riskProfile": {
            "href": "https://access.worldpay-bsh.securedataplatform.com/riskprofile/eyJrIjoxLCJkIjoialRBL0FFelBzcnZ"
        }
    }
review
    {
        "outcome": "review",
        "transactionReference": "123456",
        "reason": [
            "Recent unexpected card activity"
        ],
        "score": 85.5,
        "riskProfile": {
            "href": "https://access.worldpay-bsh.securedataplatform.com/riskprofile/eyJrIjoxLCJkIjoialRBL0FFelBzcnZ"
        }
    }
If the `exemption` object is used in the request:

lowRisk + exemption(authorization/lowValue)
    {
        "outcome": "lowRisk",
        "transactionReference": "123456",
        "score": 44.2,
        "exemption": {
            "placement": "authorization",
            "type": "lowValue"
        },
        "riskProfile": {
            "href": "https://access.worldpay-bsh.securedataplatform.com/riskprofile/eyJrIjoxLCJkIjoialRBL0FFelBzcnZ"
        }
    }
lowRisk + exemption(authorization/lowRisk)
    {
        "outcome": "lowRisk",
        "transactionReference": "123456",
        "score": 44.2,
        "exemption": {
            "placement": "authorization",
            "type": "lowRisk"
        },
        "riskProfile": {
            "href": "https://access.worldpay-bsh.securedataplatform.com/riskprofile/eyJrIjoxLCJkIjoialRBL0FFelBzcnZ"
        }
    }
lowRisk + exemption(authentication/lowRisk)
    {
        "outcome": "lowRisk",
        "transactionReference": "123456",
        "score": 44.2,
        "exemption": {
            "placement": "authentication",
            "type": "lowRisk"
        },
        "riskProfile": {
            "href": "https://access.worldpay-bsh.securedataplatform.com/riskprofile/eyJrIjoxLCJkIjoialRBL0FFelBzcnZ"
        }
    }
highRisk + exemption
    {
        "outcome": "highRisk",
        "transactionReference": "123456",
        "reason": [
            "Recent unexpected card activity"
        ],
        "score": 97.4,
        "exemption": {
            "placement": "authorization",
            "type": "lowValue"
        },
        "riskProfile": {
            "href": "https://access.worldpay-bsh.securedataplatform.com/riskprofile/eyJrIjoxLCJkIjoialRBL0FFelBzcnZ"
        }
    }
review + exemption
    {
        "outcome": "review",
        "transactionReference": "123456",
        "reason": [
            "Recent unexpected card activity"
        ],
        "score": 85.5,
        "exemption": {
            "placement": "authorization",
            "type": "lowValue"
        },
        "riskProfile": {
            "href": "https://access.worldpay-bsh.securedataplatform.com/riskprofile/eyJrIjoxLCJkIjoialRBL0FFelBzcnZ"
        }
    }
Info
The `outcome` is always specific to the fraud assessment. If an exemption is provided the `exemption.type` and `exemption.placement` is included in the response.

## Linking the FraudSight assessment

To improve future risk assessments we need to know the outcome of the payment authorization.

- If your are using our [Card Payments API](/products/card-payments/) apply the `riskProfile` provided in the [payment authorization](/products/card-payments/authorize-a-payment#fraudsight) request.
- If you are using another payment provider use the [FraudSight update](/products/fraudsight/update) resources.


## Applying the Exemption (if applicable)

This is only a consideration if you're using the `exemption` object in the request:

#### If the placement is `authorization`

* apply the `riskProfile` in the [payment authorization](/products/card-payments/authorize-a-payment#fraudsight) request


In the event that the exemption is not successful (honoured + authorized) when applied to the payment, the issuer responds with a soft decline ([refusal code 65](/products/reference/refusal-response)). The next logical step is to proceed with [3DS authentication](/products/3ds).

#### If the placement is `authentication`

* set the `challenge.preference` in the [3DS authentication](/products/3ds/web/authentication) to `noChallengeRequestedTRAPerformed`
* apply the `riskProfile` in the [payment authorization](/products/card-payments/authorize-a-payment#fraudsight) request


#### If no exemption is provided

* perform [3DS authentication](/products/3ds)
* apply the `riskProfile` in the [payment authorization](/products/card-payments/authorize-a-payment#fraudsight) request. Without this, the data model will not improve over time


**Next steps**

[FraudSight testing](/products/fraudsight/testing)