{"templateId":"markdown","versions":[{"version":"v1","label":"v1 (latest)","link":"/products/fraudsight/device-data/web-tmx","default":true,"active":true,"folderId":"bcec2bc6"}],"sharedDataIds":{},"props":{"metadata":{"markdoc":{"tagList":["partial","admonition","code-snippet"]},"custom_product":"FraudSight","type":"markdown"},"seo":{"title":"Web device data","description":"Worldpay for Developers - docs, code examples, resources and tools. Everything you need to build your omnichannel payment solution.","siteUrl":"https://docs.worldpay.com/access","image":"/access/assets/worldpay-logo-light.21b7daf79984773a9fcd7d4fbcb07ae5289dfffd6023c4c3dca720c7058e53dc.33f780a6.svg","keywords":"documentation, api, openapi, sdks, developer, payments, json, payouts, 3ds","jsonLd":{"@context":"https://schema.org","@type":"Organization","url":"https://docs.worldpay.com/access","name":"Worldpay"},"meta":[{"name":"google-site-verification","content":"zjziIKaP3ImsqsfhYnEBnq1R85UabiSwl7HTXuwtZuo"},{"name":"doc_product","content":"Access"},{"name":"doc_category","content":"Documentation"}],"llmstxt":{"hide":false,"sections":[{"title":"Payments API","description":"Payment orchestration API combining fraud assessment, 3ds authentication, SCA exemptions, Worldpay Token creation and a card or wallet based payment.","includeFiles":["products/payments/@20240601/**/*"],"excludeFiles":[]},{"title":"Payment Queries API","description":"Querying your payments data, based on a variety of parameters.","includeFiles":["products/payment-queries/@v1/**/*"],"excludeFiles":[]},{"title":"Card BIN Data API","description":"Provides detailed information about a card.","includeFiles":["products/card-bin/@v1/**/*"],"excludeFiles":[]},{"title":"3DS Authentication API","description":"Request 3DS authentication to protect against fraud, be SCA compliant and to shift liability using this standalone API.","includeFiles":["products/3ds/@v3/**/*"],"excludeFiles":[]},{"title":"FraudSight API","description":"Request a risk assessment and receive a response with an outcome (e.g. lowRisk) using this standalone API.","includeFiles":["products/fraudsight/@v1/**/*"],"excludeFiles":[]},{"title":"Checkout SDK","description":"Integrate using our clientside SDKs for both web and native devices. Benefit from SAQ-A/PCI-SSF compliance.","includeFiles":["products/checkout/web/@v2/**/*","products/checkout/ios/@v4/**/*","products/checkout/android/@v4/**/*","products/checkout/react-native/@v3/**/*","products/checkout/flutter/@v1/**/*"],"excludeFiles":[]},{"title":"Tokens API","description":"Minimizes the exposure of sensitive card details and increases the security of your customer's card details.","includeFiles":["products/tokens/@v3/**/*"],"excludeFiles":[]},{"title":"Card Payments API","description":"Request a card payment using this standalone API, requires separate requests for 3DS, Fraud assessment etc.","includeFiles":["products/card-payments/@v7/**/*"],"excludeFiles":[]},{"title":"Card Verifications API","description":"Verify your customer's card to maximize your authentication rates.","includeFiles":["products/card-verifications/@v6/**/*"],"excludeFiles":[]},{"title":"Account Payouts API","description":"Send funds to your customer's bank accounts and search for payouts using parameters.","includeFiles":["products/account-payouts/@20250101/**/*"],"excludeFiles":[]},{"title":"APMs","description":"Pay using eWallets, bank transfers, direct debits, local card schemes, Postpay and eInvoice/ Buy Now Pay Later.","includeFiles":["products/apms/@20240701/**/*"],"excludeFiles":[]},{"title":"Balance API","description":"Request your account details for a single account or all accounts under an entity.","includeFiles":["products/balance/@20250101/**/*"],"excludeFiles":[]},{"title":"Card Payouts API","description":"Send funds to your customer's cards.","includeFiles":["products/card-payouts/@v4/**/*"],"excludeFiles":[]},{"title":"Events (Webhooks)","description":"Receive status updates from Access Worldpay by setting up a webhook.","includeFiles":["products/events/@v1/**/*"],"excludeFiles":[]},{"title":"FX API","description":"Manage Foreign Exchange (FX) on your payments.","includeFiles":["products/fx/@v1/**/*"],"excludeFiles":[]},{"title":"Hosted Payment Pages (HPP) API","description":"Our low-code option to take payments securely at the lowest PCI compliance level - SAQ A.","includeFiles":["products/hosted-payment-pages/@v1/**/*"],"excludeFiles":[]},{"title":"Money Transfers API","description":"Money Transfer OCTs (Original Credit Transaction) allow funds to be pushed to an eligible card in 30 minutes or less.","includeFiles":["products/money-transfers/@v1/**/*"],"excludeFiles":[]},{"title":"Parties API","description":"Create parties, manage your payout instruments and beneficial owners and carry out identity verification checks.","includeFiles":["products/parties/@20250101/**/*"],"excludeFiles":[]},{"title":"SCA Exemptions API","description":"Maximize a frictionless checkout experience by using issuer data insights to apply exemptions.","includeFiles":["products/sca-exemptions/@v1/**/*"],"excludeFiles":[]},{"title":"Split Payments API","description":"Divide funds from a single payment amongst yourself and your parties/sellers.","includeFiles":["products/split-payments/@20250625/**/*"],"excludeFiles":[]},{"title":"Statements API","description":"Retrieve your account statement and see individual entries for all credits and debits.","includeFiles":["products/statements/@20250101/**/*"],"excludeFiles":[]},{"title":"Transfers API","description":"Transfer funds from source account to target account.","includeFiles":["products/transfers/@20250101/**/*"],"excludeFiles":[]},{"title":"Verified Tokens API","description":"Verified Tokens ensures that your customer's payment details are valid and CIT compliant when creating a token.","includeFiles":["products/verified-tokens/@v3/**/*"],"excludeFiles":[]}],"excludeFiles":[]}},"dynamicMarkdocComponents":[],"compilationErrors":[],"ast":{"$$mdtype":"Tag","name":"article","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Last updated"]},": 16 July 2026 | ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/products/fraudsight/changelog/"},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Change log"]}]}]},{"$$mdtype":"Tag","name":"Admonition","attributes":{"type":"warning","name":"Move to Ravelin SDK"},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["The ThreatMetrix SDK is being phased out. Instructions for our ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/products/fraudsight/device-data/web"},"children":["FraudSight API"]}," and ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/products/payments/enable-features/fraud-assessment/device-data/web"},"children":["Payments API"]}," have been updated to use the Ravelin SDK."]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":1,"id":"web-device-data","__idx":0},"children":["Web device data"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["When combined with order and transaction details, device data (IP address, Device Id, geolocation information, etc.) can be a strong indicator for fraud or used via GeoIP lookup to create manual rules based on location."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Utilizing device data with Access FraudSight is a two-step process. Step one is to collect the device data. Step two is to submit an ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/products/fraudsight/assessment"},"children":["assessment"]}," that will use the device data for evaluation."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Described below is step one for Web (JS)."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"threatmetrix-js","__idx":1},"children":["ThreatMetrix JS"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["ThreatMetrix JS library for web sites. It leverages the ThreatMetrix platform to detect fraud and security vulnerabilities originating from browsers in real-time."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"overview-of-implementation","__idx":2},"children":["Overview of implementation"]},{"$$mdtype":"Tag","name":"ol","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Create a JavaScript file containing the \"ThreatMetrix JavaScript V4\" data below. The name of the file should be anonymous, e.g asdfghjkl.js"]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Rename the function threatmetrix.profile (from the file asdfghjkl.js) to something anonymous, e.g. awddc.prfl"]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["On the web page where device data collection will occur, place the following (or similar) in the head section ",{"$$mdtype":"Tag","name":"br","attributes":{},"children":[]}," ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["<script type=\"text/javascript\" src=\"path/to/asdfghjkl.js\"></script>"]}]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Call the device profiling function (awddc.prfl) from the web page using the following (or similar) ",{"$$mdtype":"Tag","name":"br","attributes":{},"children":[]}," ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["<script type=\"text/javascript\">awddc.prfl (\"PROFILING_DOMAIN\", \"ORGANISATION_ID\", sessionid);</script>"]}]}]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Note"]},": See “Details required” section below describing function parameters."]},{"$$mdtype":"Tag","name":"details","attributes":{},"children":[{"$$mdtype":"Tag","name":"summary","attributes":{},"children":["ThreatMetrix JavaScript v4"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Change the function name ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["threatmetrix.profile"]}," to one of your own in the following:"]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"file":"../code/threatmetrix-profile.js","language":"json","header":{"controls":{"copy":{}}},"lang":"json","source":"var threatmetrix=threatmetrix||{};threatmetrix.version=4,threatmetrix.create_url=function(t,e,r,n,c){function i(){return Math.floor(2742745743359*Math.random())}function a(){return o(i())}function o(t){return(t+78364164096).toString(36)}var m=i(),u=i(),l=885187064159;u=((u=u-u%256+threatmetrix.version)+m)%2742745743359,l=(l+m)%2742745743359;var s=\"https://\"+t+\"/\"+(m=a()+o(m))+e,h=[(u=o(l)+o(u))+\"=\"+r,a()+a()+\"=\"+n];return void 0!==c&&c.length>0&&h.push(a()+a()+\"=\"+c),s+\"?\"+h.join(\"&\")},threatmetrix.beacon=function(t,e,r,n){var c=\"turn:aa.online-metrix.net?transport=\",i=\"1:\"+e+\":\"+r,a={iceServers:[{urls:c+\"tcp\",username:i,credential:r},{urls:c+\"udp\",username:i,credential:r}]};try{var o=new RTCPeerConnection(a);o.createDataChannel(Math.random().toString());var m=function(){},u=function(t){o.setLocalDescription(t,m,m)};\"undefined\"==typeof Promise||o.createOffer.length>0?o.createOffer(u,m):o.createOffer().then(u,m),setInterval(function(){o.close()},1e4)}catch(t){}},threatmetrix.load_tags=function(t,e,r,n){threatmetrix.beacon(t,e,r,n);var c=document.getElementsByTagName(\"head\").item(0),i=document.createElement(\"script\");i.id=\"tmx_tags_js\",i.setAttribute(\"type\",\"text/javascript\");var a=threatmetrix.create_url(t,\".js\",e,r,n);i.setAttribute(\"src\",a),threatmetrix.set_csp_nonce(i),c.appendChild(i)},threatmetrix.csp_nonce=null,threatmetrix.register_csp_nonce=function(t){if(void 0!==t.currentScript&&null!==t.currentScript){var e=t.currentScript.getAttribute(\"nonce\");null!=e&&\"\"!==e?threatmetrix.csp_nonce=e:void 0!==t.currentScript.nonce&&null!==t.currentScript.nonce&&\"\"!==t.currentScript.nonce&&(threatmetrix.csp_nonce=t.currentScript.nonce)}},threatmetrix.set_csp_nonce=function(t){null!==threatmetrix.csp_nonce&&(t.setAttribute(\"nonce\",threatmetrix.csp_nonce),t.getAttribute(\"nonce\")!==threatmetrix.csp_nonce&&(t.nonce=threatmetrix.csp_nonce))},threatmetrix.cleanup=function(){for(;null!==(hp_frame=document.getElementById(\"tdz_ifrm\"));)hp_frame.parentElement.removeChild(hp_frame);for(;null!==(tmx_frame=document.getElementById(\"tmx_tags_iframe\"));)tmx_frame.parentElement.removeChild(tmx_frame);for(;null!==(tmx_script=document.getElementById(\"tmx_tags_js\"));)tmx_script.parentElement.removeChild(tmx_script)},threatmetrix.profile=function(t,e,r,n){void 0!==t&&void 0!==e&&void 0!==r&&8===e.length&&(threatmetrix.cleanup(),threatmetrix.register_csp_nonce(document),threatmetrix.load_tags(t,e,r,n))};\n"},"children":[]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"details-required","__idx":3},"children":["Details required"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["To call the device data function you need the following details:"]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"md-table-wrapper"},"children":[{"$$mdtype":"Tag","name":"table","attributes":{"className":"md"},"children":[{"$$mdtype":"Tag","name":"thead","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Placeholder"},"children":["Placeholder"]},{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Description"},"children":["Description"]}]}]},{"$$mdtype":"Tag","name":"tbody","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["ORGANISATION_ID"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["For testing, use: ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["afevfjm6"]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["For live, use: ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["dzppsd1h"]}]}]}]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["PROFILING_DOMAIN"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["For testing, use: ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["ddc-test.worldpay.com"]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["For live, use: ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["ddc.worldpay.com"]}]}]}]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["sessionId"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["You must generate a unique value for the page view to represent that specific device data collection.",{"$$mdtype":"Tag","name":"br","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Admonition","attributes":{"type":"info","name":"Note"},"children":["A valid sessionId is between 30 and 128 characters long and consists of only upper or lowercase English letters (a-z, A-Z), digits (0-9), hyphens (-) or underscores (_). To make an incorrect match unlikely we recommend a UUID."]}]}]}]}]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"example-sessionid-generation","__idx":4},"children":["Example sessionId generation"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["You must submit the sessionId in the ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/products/fraudsight/assessment"},"children":["assessment"]}," request in order for the device data to be applied as part of the risk assessment. We recommend you generate this in the backend as part of the page generation. Alternatively, you can generate it via JS and then submit it, so it's available in the backend."]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"header":{"controls":{"copy":{}}},"source":"function create_uuid() {\n  return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) {\n   var r = Math.random() * 16 | 0,\n     v = c == 'x' ? r : (r & 0x3 | 0x8);\n    return v.toString(16);\n });}\n"},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"call-threatmetrix-function","__idx":5},"children":["Call ThreatMetrix function"]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"header":{"controls":{"copy":{}}},"source":"var sessionid = create_uuid(); // function to create UUID\nawddc.prfl (\"PROFILING_DOMAIN\", \"ORGANISATION_ID\", sessionid); // call Threatmetrix\n"},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"linking-the-device-data-with-the-assessment","__idx":6},"children":["Linking the device data with the assessment"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["When sending the ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/products/fraudsight/assessment"},"children":["FraudSight assessment"]}," request, include the sessionId in ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["deviceData.collectionReference"]}]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Next steps"]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/products/fraudsight/assessment"},"children":["Assessment"]}]}]},"headings":[{"value":"Web device data","id":"web-device-data","depth":1},{"value":"ThreatMetrix JS","id":"threatmetrix-js","depth":2},{"value":"Overview of implementation","id":"overview-of-implementation","depth":3},{"value":"Details required","id":"details-required","depth":2},{"value":"Example sessionId generation","id":"example-sessionid-generation","depth":2},{"value":"Call ThreatMetrix function","id":"call-threatmetrix-function","depth":2},{"value":"Linking the device data with the assessment","id":"linking-the-device-data-with-the-assessment","depth":2}],"frontmatter":{"seo":{"title":"Web device data"}},"lastModified":"2026-07-02T08:33:58.000Z","pagePropGetterError":{"message":"","name":""}},"slug":"/products/fraudsight/device-data/web-tmx","userData":{"isAuthenticated":false,"teams":["anonymous"]},"isPublic":true}