Getting started with Expedia's Fraud Prevention
Welcome to Expedia's Fraud Prevention. This page contains high level flows for our capabilities and provides you with a guide to set up your integration.
Fraud Prevention Screen Flow
Our fraud screen capabilities screen multiple types of traveler interactions and partner processing interactions. Here is a high level flow of how partner interactions and traveler interactions are screened by use case. Supporting SDK reference can be found here.
Account Takeover Prevention Flow
Our Account Takeover Prevention service ensures that any attempt at unauthorized access your customers' account is prevented. Here is a high level flow of how partner interactions and traveler interactions are screened by use case. Supporting SDK reference can be found here.
You're all set to integrate! Please use the following guide to set up your integration:
What you'll need:
- Trust Widget
- Download the Expedia Group Platform SDK and Authenticate
Trust Widget
The Trust Widget is lightweight, non-blocking JavaScript that collects user device data as the user navigates through the check out process. The data collected by the Trust Widget is used alongside the Booking Screen API to help make a fraud decision.
High-level integration flow
Trust Widget JavaScript context
For the Trust Widget to accurately collect device information, it must fulfill the following requirements:
- The Trust Widget must be placed on the page that collects payment information before the reservation is made.
- The Trust Widget must be placed in the header of the JavaScript, with the async attribute.
We recommend using a CDN to setup a reverse proxy, so that the client loads the script from the first party partner domain, and the Trust Widget is fetched from behind the scenes.
Your partner ID (PID) will be communicated to you by Fraud Prevention Support.
There are two separate URLs that should be used, depending on the environment for reverse proxy configuration (integration or try playground vs live site).
*Partner playground: https://trust-lab.expedia.com/trustService/getTrustWidget?pid=%PID%
*Partner live site : https://trust.expedia.com/trustService/getTrustWidget?pid=%PID%
Note: the PID should not be exposed at the page load and should be added by reverse proxy.
Example
If the partner domain is <www.mysurfshop.com>, the client should load the script on the webpage as <www.mysurfshop.com/trustService/getTrustWidget?pid=%PID%>.
The CDN cname should be updated to trust-lab.expedia.com for the lab environment or trust.expedia.com for the production environment and ?pid=<PID> should be appended to the URL. This reverse proxy setting enables mysurfshop.com to load the Trust Widget file from the Expedia.com domain and run as a 1st party to <mysurfshop.com>.
<html>
<head>
<script type="text/javascript">
//Client side functions
//...
function getSessionIdViaJs() {
return "MY_SESSION_ID_FROM_JS";
}
</script>
<script type="text/javascript">
var trustApi = trustApi || {};
trustApi.clientConfiguration = {
"webSessionProviderMethod": "JS",
"webSessionProviderMethodParam": "return getSessionIdViaJs()",
"placement": "PURCHASE",
"placementPage": "1",
"reportingSegment": "www.expedia.com"
}
function submitMyForm() {
// ...
var twPayload = trustApi.getTrustPayload();
// ... add twPayload to your server request
// ...
}
</script>
<script async src="https://yourdomain.com/trustService/getTrustWidget?pid=1001" />
</head>
<body>
<!-- ... -->
<form onSubmit="submitMyForm">
<!-- ... -->
</form>
</body>
</html>
You are now ready to start integration with the Fraud Prevention Service! Reference documentation can be found here.
If you have any questions regarding the product or need help with your integration, please visit the Frequently Asked Questions page for contact information.
Expedia Group Platform SDK
Please refer to the SDK quick start documentation to learn how to set up an Expedia Group Partner Account and use the Expedia Group platform SDK.