> ## Documentation Index
> Fetch the complete documentation index at: https://developers.pcibooking.net/llms.txt
> Use this file to discover all available pages before exploring further.

# Risk Assessment

> Assess the risk level of a tokenized card by cross-referencing billing address, card issuer country, and client IP address.

<Card title="Risk Assessment Guide" icon="book" href="/use-tokens/risk-assessment">
  Evaluate transaction risk before processing payments
</Card>

Performs a fraud risk assessment on a tokenized card by cross-referencing the billing address, card issuer country, and client IP address. Use this before processing a payment to detect mismatches that may indicate fraudulent activity, such as anonymous proxies or country discrepancies.

## Error Responses

| Code  | HTTP Status | Condition                         |
| ----- | ----------- | --------------------------------- |
| -125  | 400         | Payer details missing (null body) |
| -125  | 400         | CountryCode is empty              |
| -1003 | 401         | User is not the owner             |

## Parameter Constraints

* **CountryCode** is required and must be a 2-letter ISO country code.
* **ClientIPAddress**, **City**, and **StateProvince** are used for geo-validation against the card issuer country.
* **FirstName** and **LastName** are compared against the card owner name.

## Parameters

### Headers

<ParamField header="Authorization" type="string" required>
  Your API key prefixed with `APIKEY`. Example: `APIKEY your-api-key`. See the [Authentication guide](/getting-started/authentication).
</ParamField>

### Path Parameters

<ParamField path="cardToken" type="string" required>
  The token ID as returned by one of the tokenization methods.
</ParamField>

### Payer Information

<ParamField body="FirstName" type="string" required>
  Payer's first name.
</ParamField>

<ParamField body="LastName" type="string" required>
  Payer's last name.
</ParamField>

<ParamField body="Email" type="string" required>
  Payer's email address.
</ParamField>

<ParamField body="Phone" type="string" required>
  Payer's phone number.
</ParamField>

### Billing Address

<ParamField body="Address1" type="string" required>
  Primary billing address line.
</ParamField>

<ParamField body="Address2" type="string">
  Secondary billing address line.
</ParamField>

<ParamField body="Address3" type="string">
  Tertiary billing address line.
</ParamField>

<ParamField body="PoseCode" type="string" required>
  Billing postal/ZIP code.
</ParamField>

<ParamField body="City" type="string" required>
  Billing city.
</ParamField>

<ParamField body="StateProvince" type="string" required>
  Billing state or province.
</ParamField>

<ParamField body="CountryCode" type="string" required>
  2-letter country code.
</ParamField>

### Client Details

<ParamField body="clientIPAddress" type="string" required>
  Client's IP address. Both IPv6 and IPv4 formats are supported.
</ParamField>

<RequestExample>
  ```javascript Node.js theme={null}
  const response = await fetch(
    'https://service.pcibooking.net/api/payments/paycard/2821a46d80e14d1b96a7f18f1b81926d/op/validate',
    {
      method: 'POST',
      headers: {
        'Authorization': 'APIKEY your-api-key',
        'Content-Type': 'application/json'
      },
      body: JSON.stringify({
        FirstName: 'Juan',
        LastName: 'Dela Cruz',
        Email: 'juan@example.com',
        Phone: '14155551234',
        Address1: '123 Main Street',
        PoseCode: '10001',
        City: 'New York',
        StateProvince: 'NY',
        CountryCode: 'US',
        clientIPAddress: '203.0.113.42'
      })
    }
  );

  const data = await response.json();
  console.log(data);
  ```

  ```python Python theme={null}
  import requests

  response = requests.post(
      'https://service.pcibooking.net/api/payments/paycard/2821a46d80e14d1b96a7f18f1b81926d/op/validate',
      headers={
          'Authorization': 'APIKEY your-api-key',
          'Content-Type': 'application/json'
      },
      json={
          'FirstName': 'Juan',
          'LastName': 'Dela Cruz',
          'Email': 'juan@example.com',
          'Phone': '14155551234',
          'Address1': '123 Main Street',
          'PoseCode': '10001',
          'City': 'New York',
          'StateProvince': 'NY',
          'CountryCode': 'US',
          'clientIPAddress': '203.0.113.42'
      }
  )

  print(response.json())
  ```
</RequestExample>

## Response

<ResponseExample>
  ```json 200 theme={null}
  {
      "RiskLevel": "High",
      "Description": "Mismatch between billing address and credit card issuer country",
      "CountryByIP": "US",
      "IssuerCountry": "HK",
      "IssuerName": "CITIC BANK INTERNATIONAL, LTD.",
      "CardBrand": "VISA",
      "CardType": "CREDIT",
      "CardCategory": "CLASSIC",
      "CountryFromBillingAddress": "US",
      "AnonymousProxyUsed": false
  }
  ```

  ```json 400 theme={null}
  {
      "code": -125,
      "message": "Bad input data",
      "moreInfo": "Missing Payer details",
      "errorList": null
  }
  ```

  ```json 401 theme={null}
  {
      "code": -1003,
      "message": "Not authorized to access this resource",
      "moreInfo": "Bad or missing authorization data, expected APIKEY or Temp Session or One-Time Accesss Token",
      "errorList": null
  }
  ```

  ```json 404 theme={null}
  {
      "code": -160,
      "message": "Uri not found",
      "moreInfo": "Uri to Bank card not found",
      "errorList": null
  }
  ```
</ResponseExample>
