Fraud and Security

Midtrans is PCI-DSS Level 1 and ISO 27001 compliant. We have met the most rigorous of industry standards for payments and information security. Midtrans is assessed by certified auditors on an annual basis. For more information regarding PCI Standard, please click here ↗. For more information reg...

Fraud in payments normally refers to a transaction that is unauthorized/illegal. For example, a fraudulent card transaction is a card transaction that is not authorized by the legitimate cardholder. The fraudsters typically illegally obtained the card information and then use it to purchase goods...

Midtrans provides a set of tools through AEGIS, Midtrans’ proprietary fraud detection system.AEGIS helps our partners to catch and detect fraudulent transactions, while keeping false positives at a minimum and maximizing acceptance rate.      

While our fraud detection system is exceptionally effective at preventing online frauds, we cannot guarantee that fraud attempts can be completely isolated. The ever-evolving nature of fraud means it is an inevitable risk online merchants need to embrace and adapt to, just like how businesses con...

Three Domain Secure (3D-Secure or 3DS) is a security protocol supplementing online transactions made using cards by authenticating cardholders with one time password (OTP).While processing transactions secured by 3DS, cardholders will be redirected onto their respective Issuing Banks’ page to inp...

Electronic Commerce Indicator (ECI) is a value returned by Directory Servers (namely Visa, MasterCard, JCB, and American Express) indicating the outcome of authentication attempted on transactions enforced by 3DS.Possible value returned by Visa ↗, American Express, and JCB and its interpretation:...

Midtrans’ proprietary fraud detection system, AEGIS provides a set of tools to help identify and prevent fraudulent transaction. The first mechanism is through a blacklist database we have. The second mechanism is through a rules-based engine that checks transaction patterns based on numerous dat...

Once online merchants start accepting online credit card payments, chargebacks and disputes are inevitable. As a payment gateway, Midtrans offers the 3DSecure as a form of protection, however 3DSecure does not guarantee a 100% fraud-free transactions. Banks and Principals (i.e. VISA, MasterCard, ...

With card-not-present transactions, merchants are exposed to the risk of accepting fraudulent transactions. Within the credit card realm, a transaction is considered as fraudulent if the transactions are not conducted by the rightful owner of the credit cards, or cardholder does not authorize the...

You can view the rejection reason of transaction in the dashboard by : 1. Open the Merchant Administration Portal (MAP) 2. Search the transaction that was declined 4. Click the OrderID to access the transaction details page. 3. Choose button "See Why" in the transactions details notification. Re...

Blacklisting is a condition in which we flag and store untrusted customer information. The customer have been blacklisted by Midtrans for several reasons, such as fraudulent reports from Principals or banks.Any transactions made by blacklisted customers will be immediately blocked to prevent succ...

Whitelisting is a process of giving exception to a customer in Midtrans Fraud Detection System (FDS) in order to relax the fraud filtering at customer's future card transactions. Merchant need to inform us the customer's email that will be used in future transactions; after the whitelist has been...

Chargeback is a fund reversal request from a cardholder for their card transactions, made via their issuing bank. Bank will then forward the request to merchant via payment gateway to request for further evidences if any, before proceeding with the fund reversal, if the evidences are deemed insuf...