1. Card payment
Lesspay2.0
  • LESSPAY2 API Reference
    • Get started
    • Authentication
    • Parameter Specifications
    • Pay In
      • Overview
      • Development Guidelines
      • Local Payment Methods (LPMs)
      • Error Codes
      • Card payment
        • Card Payment
        • 3D Secure (3DS) Configuration
        • Fraud & Dispute Webhook Notifications
      • API List
        • Create Payin
        • Fetch Payin
      • Webhook
        • Payin webhook
    • Pay Out
      • Overview
      • Development Guidelines
      • Multiple Transfer Methods
      • Error Codes
      • API List
        • Create Payout
        • Payout Supported Banks
        • Fetch Payout
      • Webhook
        • Payout webhook
  1. Card payment

Fraud & Dispute Webhook Notifications

Overview#

In addition to standard payment lifecycle webhooks, the Lesspay2 platform also processes fraud decline and bank dispute event notifications from the upstream payment channel.
These event notifications are forwarded to the merchant's notify_url with additional event and event_data fields, allowing merchants to take appropriate action (e.g., flag the transaction, update internal records).
Important: These event notifications do not change the order status on the Lesspay2 platform. The order remains in its current state (e.g., SUCCEED). The purpose is purely informational — to alert the merchant about risk events.

Supported Event Types#

Event TypeTriggerDescription
payment_declinedThe upstream channel detects a payment decline with response code 30034 (Suspected Fraud) or 4xxxx (Risk Blocked)The payment was declined due to suspected fraud or risk rules
dispute_receivedThe upstream channel receives a dispute notification from the card schemeA cardholder has disputed the payment with their bank (chargeback initiated)

Response Code Reference#

Fraud Decline (payment_declined)
Response CodeDescription
30034Suspected fraud - Pick up. The issuer declined the payment due to suspected fraud.
41101Risk Blocked Transaction (client-level risk rule)
41201Decline list - Card number (client-level)
41301Fraud score exceeds threshold
42101Risk Blocked Transaction (entity-level risk rule)
42201Decline list - Card number (entity-level)
42301Fraud score exceeds threshold (entity-level)
For a full list of 4xxxx risk response codes, contact Lesspay Operations.
Bank Dispute (dispute_received)
CategoryDescription
fraudulentThe cardholder claims they did not authorize the transaction
unrecognizedThe cardholder does not recognize the transaction
product_service_not_receivedThe cardholder claims they did not receive the product/service
product_service_not_as_describedThe product/service was not as described
credit_not_processedThe cardholder claims a refund/credit was not processed
duplicateThe cardholder claims they were charged more than once
otherOther reasons

Webhook Callback Format#

When a fraud decline or dispute event is received from the upstream channel, the Lesspay2 platform sends a POST request to the merchant's notify_url with the following payload. The format is consistent with the standard Create Payin, with two additional fields: event and event_data.

Parameters#

Field NameTypeDescription
request_idStringMerchant's unique Request ID
pay_order_idStringLesspay's unique Order ID
order_statusStringCurrent order status (unchanged, e.g., SUCCEED)
order_status_intIntegerCurrent order status (numeric)
target_currencyStringTransaction currency
target_amountStringTransaction amount
product_nameStringProduct name
descriptionStringOrder description
api_versionStringAPI Version
channel_biz_dataObjectAdditional channel parameters
eventStringEvent type: payment_declined or dispute_received
event_dataObjectEvent-specific data (see below)
How to distinguish event notifications from payment notifications: If the event field is present and non-null, it is an event notification. Standard payment success/failure webhooks do not contain the event field.

Authentication#

The same signature mechanism applies as described in Payin webhook. The x-auth-signature header is included and should be verified using the same process.

Event 1: Payment Declined (Fraud)#

event_data Structure#

FieldTypeDescription
response_codeStringChannel response code (e.g., "30034", "41101")
response_summaryStringHuman-readable decline reason (e.g., "Suspected fraud - Pick up")
risk_flaggedBooleanWhether the transaction was flagged by the channel risk engine
checkout_payment_idStringChannel payment ID (e.g., "pay_xxxxxxxxxxxx")

Example Callback Payload#

{
    "pay_order_id": "P2011789219984105474",
    "request_id": "M20260228150001",
    "order_status": "SUCCEED",
    "order_status_int": 2,
    "target_currency": "USD",
    "target_amount": "100.00",
    "product_name": "Test Product",
    "description": "Test Order",
    "api_version": "V2",
    "success_url": "https://merchant.example.com/success",
    "fail_url": "https://merchant.example.com/fail",
    "event": "payment_declined",
    "event_data": {
        "response_code": "30034",
        "response_summary": "Suspected fraud - Pick up",
        "risk_flagged": true,
        "checkout_payment_id": "pay_xxxxxxxxxxxxxxxxxxxxx"
    }
}

Recommended Merchant Actions#

1.
Log the event for internal fraud monitoring and reporting.
2.
Flag the transaction in your system for manual review.
3.
Do not fulfill orders that have not been successfully paid.
4.
For 4xxxx codes (risk-blocked), consider adding the cardholder to your internal watchlist.
5.
For 30034 (suspected fraud), do not retry the payment with the same card.

Event 2: Dispute Received (Chargeback)#

event_data Structure#

FieldTypeDescription
dispute_idStringChannel dispute ID (e.g., "dsp_xxxxxxxxxxxxxxxxxxxx")
categoryStringDispute category (e.g., "fraudulent", "unrecognized")
amountLongDisputed amount in minor units (e.g., 8150 = 81.50 GBP)
currencyStringDispute currency (e.g., "GBP")
reason_codeStringCard scheme reason code (e.g., "10.4" for Visa fraud)
payment_methodStringCard scheme (e.g., "VISA", "MASTERCARD")
dateStringDispute date in ISO 8601 format
checkout_payment_idStringChannel payment ID linked to this dispute

Example Callback Payload#

{
    "pay_order_id": "P2011789219984105474",
    "request_id": "M20260228150001",
    "order_status": "SUCCEED",
    "order_status_int": 2,
    "target_currency": "GBP",
    "target_amount": "81.50",
    "product_name": "Test Product",
    "description": "Test Order",
    "api_version": "V2",
    "success_url": "https://merchant.example.com/success",
    "fail_url": "https://merchant.example.com/fail",
    "event": "dispute_received",
    "event_data": {
        "dispute_id": "dsp_xxxxxxxxxxxxxxxxxxxx",
        "category": "fraudulent",
        "amount": 8150,
        "currency": "GBP",
        "reason_code": "10.4",
        "payment_method": "VISA",
        "date": "2025-12-15T15:20:31Z",
        "checkout_payment_id": "pay_xxxxxxxxxxxxxxxxxxxxx"
    }
}

Recommended Merchant Actions#

1.
Log the dispute and create an internal dispute record.
2.
Review the transaction — gather evidence such as delivery receipts, customer communication, and transaction logs.
3.
Prepare evidence for potential dispute defense.
4.
Contact Lesspay Operations if you need assistance with the dispute process.
5.
Monitor dispute rates — high dispute rates can lead to penalties from card schemes.

Dispute Lifecycle#

The initial dispute_received event is the starting point. The dispute may progress through the following stages:
Payment Disputed → Evidence Required → Evidence Under Review → Won / Lost
                                     → Expired (no response)
                                     → Accepted (merchant accepted)
                                     → Canceled (issuer canceled)
Note: Currently only the dispute_received event is forwarded to merchants. Future updates may include additional dispute lifecycle events (e.g., dispute_won, dispute_lost, dispute_evidence_required).

Integration Checklist#

Update your webhook handler to check for the event field in incoming notifications
Handle payment_declined events — log fraud information and flag transactions
Handle dispute_received events — create dispute records and alert your operations team
Ensure your webhook endpoint returns HTTP 2xx for all event notifications (including events you choose not to act on)
Verify the x-auth-signature header as described in Payin webhook

Code Example (Java)#

FAQ#

Q: Will these event notifications change my order status?
A: No. The order status remains unchanged. These events are informational only.
Q: Can I receive both a payment_declined and a dispute_received for the same order?
A: Yes. A payment may first succeed (order_status=SUCCEED), and later receive a dispute_received when the cardholder disputes the charge. Separately, a payment_declined event indicates a failed payment attempt due to fraud detection — this is typically for transactions that were never successfully completed.
Q: What if I don't handle these events?
A: Your webhook endpoint should still return HTTP 2xx to acknowledge receipt. If it does not, Lesspay2 will retry the notification. Unhandled events will not affect your payment processing.
Q: Is the dispute_received amount always in minor units?
A: Yes. The amount field in event_data uses minor units (e.g., 8150 for GBP 81.50, 10000 for USD 100.00). The target_amount field in the top-level payload uses standard decimal format (e.g., "81.50").
Modified at 2026-02-28 10:57:03
Previous
3D Secure (3DS) Configuration
Next
Create Payin
Built with