# Enhance risk assessment quality

> Antom Shield uses real‑time machine learning to detect and prevent payment fraud, relying on high‑quality transaction data and integrated security SDKs to ensure accurate risk assessment and optimal protection.

Antom Shield analyzes payment gateway data in real time to identify potential fraudulent transactions and help you effectively mitigate related risks. The service's machine learning models rely on high‑quality transaction data for training. The richer and more accurate your payment request data, the stronger the fraud‑prevention performance. Antom commits that all related data are used exclusively for fraud detection and risk control, and never for any other purpose.

Data integration methods and data quality directly affect the accuracy of risk assessment. To achieve optimal protection results, we recommend:

- Submitting complete field information whenever you initiate a payment request.
- Integrating the corresponding buyer‑side security components, including Risk.js (for web) or Risk Android/iOS SDKs (for mobile). Refer to   [Integrate the security SDK](#Nvf0C)   for details.

## Recommended parameters {#B7byL}

To fully enable Antom Shield's functionality for lists, rules, and risk scoring, please ensure accurate transmission of the following key parameters. Missing or incorrect data will directly result in failed list matching or invalid rule evaluation. Complete and accurate data are the foundation for reliable risk scoring.

| **Parameter name** | **Description** | **Purpose** |
| --- | --- | --- |
| *order.buyer.referenceBuyerId* | Buyer's unique ID | Serves as the buyer's unique identifier, used for rule and list configuration and corresponding risk score calculation. |
| *order.buyer.buyerPhoneNo* | Buyer's phone number |  |
| *order.buyer.buyerEmail* | Buyer's email address |  |
| *env.deviceTokenId* | Device identification token | This data is used to identify the physical device and IP information used by the buyer to complete the transaction, and is applied in rule configuration and risk score calculation. |
| *env.clientIp* | Buyer's IP address |  |
| *order.shipping.shippingName* | Recipient's name | Serves as an identifier of the buyer's purchasing behavior, used for related rule configuration and risk score calculation. |
| *order.shipping.shippingAddress* | Shipping address |  |
| *order.shipping.shipToEmail* | Recipient email (for digital goods) | Used as an identifier of the buyer's purchasing behavior for related rule configuration and risk score calculation. |
| *order.shipping.shippingPhoneNo* | Recipient's phone number (including extension) |  |

When you integrate the Antom card payment products with API and have implemented the security SDK, Antom will also use data collected by the SDK for rule configuration and risk scoring within Antom Shield.

To effectively detect fraud and enhance payment security and service quality, Antom Shield collects certain device and transaction‑related information. If you wish to cancel the Antom Shield service or delete related data, please contact your account manager for assistance.

Antom Shield Premium provides a fully managed fraud risk management service led by Antom's team of risk control experts. After enabling this service, please ensure that all fields marked as risk‑related in your API interface documentation are transmitted accurately to guarantee effective execution of intelligent risk control decisions. The amount and quality of data you provide directly affect the precision of risk assessments — the more complete and accurate the data, the more reliable the evaluation and decision results.

For further details, see the introduction of   [Expert decisions](https://docs.antom.com/ac/antomshield/premium.md)  , and refer to   [**pay (One-time Payments)**](https://docs.antom.com/ac/ams/payment_cashier.md)   for parameter requirements.

## Integrate the security SDK {#Nvf0C}

The security SDK is a terminal device identification component provided by Antom, designed to collect and generate device identification information to support risk detection for transactions and accounts. When integrating Antom's card payment products via API, it is necessary to simultaneously integrate the security SDK. This enables the system to accurately identify terminal device characteristics and assess risk signals, ensuring the security and compliance of transactions.

| **Integration method** | **Application scenarios** |
| --- | --- |
| Integration with card payments via SDK | It is recommended that you integrate Antom card payments using the SDK method to achieve the best performance of Antom Shield. When using the SDK integration method, there is no need to integrate the security SDK separately.   For detailed SDK integration steps, please refer to the   [Card payments](https://docs.antom.com/ac/cashierpay/sdk_card.md)  . |
| Integration with card payments via API | If you choose to integrate Antom card payments using the API method, it is recommended to integrate the security SDK separately to ensure effective identification of risk signals from user devices.   For detailed steps on integrating the security SDK, please refer to the following section. |

### Integration flow {#I9hH2}

The following is a diagram illustrating the API integration process:

 ![](https://idocs-assets.marmot-cloud.com/storage/idocs87c36dc8dac653c1/yuque/idocs/2025/png/d5c56051-b55f-42f4-80e5-6a0d299e6a09.png)

### Integration steps {#ByREK}

Please follow the steps below to import the security SDK in advance according to your terminal type:

<!-- TabGroup -->

**Tab: Web/WAP**

Before starting the integration, please provide the production environment domain URL (for example: https://www.alipay.com) to the Antom Risk Control Team.

#### Step 1: Import the security SDK {#QnnqX}

 ```html
// Import the SDK package using a CDN resource:
    <script src="https://sdk.marmot-cloud.com/package/antom-web-security/1.1.1/dist/umd/ams-security.min.js"></script>
```

 ```bash
# Import the SDK package via npm:
    npm install ams-security

    import { AMSSecurity } from 'ams-security'
```

#### Step 2: Initialize the security SDK {#izpm9}

 ```javascript
/**
    * Check whether AMSSecuritySdk is ready.
    * If it is ready, call the initAPSecurity() method.
    * If it is not ready, listen for the onAPSecurityReady event and call initAPSecurity() again once the event is triggered.
    */
    if (window.APSecuritySdk) {
    console.log('AMSSecuritySdk is ready');
    initAPSecurity();
    } else {
    console.log('AMSSecuritySdk is not ready');
    window.onAPSecurityReady = function() {
        console.log('onAMSSecurityReady event triggered');
        initAPSecurity();
    };
    }

    /**
     * Initialize the AMSSecuritySdk
     * @param {string} scene - Scene: CARD
     * @param {object} options - Configuration options
     * @param {string} options.region - Region: SG/US/DE
     */
    function initAPSecurity() {
    AMSSecurity.init("CARD", { region: "SG" })
    }
```

#### Step 3: Initialize the device token {#uLdO0}

 Generate the     *deviceTokenId*     by calling the device fingerprint generation method to initialize the device token. The SDK collects device information and generates a device fingerprint. It is recommended to initialize the device fingerprint as early as possible after the application starts so that the token can later be retrieved directly using     *getDeviceToken*    .

 ```javascript
/**
    * Initialize the AMSSecuritySdk
    * @param {string} scene - Scene: CARD
    * @param {object} options - Configuration options
    * @param {string} options.region - Region: SG/US/DE
    */
    AMSSecurity.initToken("CARD", {}, (success: Boolean, tokenResult: any, msg: String) => {
    console.log("[Demo] initToken result success", success)
    console.log("[Demo] initToken result tokenResult", JSON.stringify(tokenResult))
    console.log("[Demo] initToken result msg", msg)
    });
```

#### Step 4: Obtain the device token {#lMsED}

 Query the     *deviceTokenId*     to obtain the terminal device token and then pass this token to Antom through the   [**pay (One-time Payments)**](https://docs.antom.com/ac/ams/payment_cashier.md)   API.

 ```javascript
AMSSecurity.getTokenResult("CARD", (tokenResult: TokenResult) => {
    console.log("[Demo] getDeviceToken tokenResult", JSON.stringify(tokenResult))
    });
```

**Tab: iOS**

Please ensure the following preparations are complete:

 - Xcode 12 or later is installed.
- iOS version 9.0 or above is used.

#### **Step 1: Import the security SDK** {#Gd9My}

 After downloading the SDK package, add the     *AMSComponent.framework*     to your project and make sure to add the compiler flag    -ObjC    under     **Build Settings > Linking > Other Linker Flags**    .

#### **Step 2: Initialize the security SDK** {#AblJY}

 ```swift
// Security SDK environment setup
    // scene: CARD
    // region: SG, US, or DE
    public static func initSecurity(_ scene: String, region: String)
```

#### **Step 3: Initialize the device token** {#jqqN9}

 Generate the     *deviceTokenId*     by calling the device fingerprint generation method to initialize the device token. The SDK collects device information and generates a device fingerprint. It is recommended to initialize the device fingerprint as early as possible after the application starts so that the token can later be retrieved directly using     *getDeviceToken*    .

 ```swift
// Device token initialization
    // scene: CARD
    public static func initToken(_ scene: String, callback: @escaping (AMSSecurityTokenResult?, String?) -> Void)
```

#### **Step 4: Obtain the device token** {#g2zFi}

 Query the     *deviceTokenId*     to obtain the terminal device token and then pass this token to Antom through the   [**pay (One-time Payments)**](https://docs.antom.com/ac/ams/payment_cashier.md)   API.

 ```swift
// Retrieve apdidToken synchronously
    // scene: CARD
    public static func getTokenResult(_ scene: String) -> AMSSecurityTokenResult?
```

**Tab: Android**

Please ensure the following preparations are complete:

 - The latest version of Android Studio is installed.
- The target runtime environment is        API Level 19 or above   .
- Gradle version 4.1 or higher        is used.
- AndroidX is enabled.
- A physical device or emulator is configured to run your application.

#### Step 1: Import the security SDK {#VNPmQ}

 After downloading the resource package, complete the following steps:

 1. Place the extracted .aar library file into the project's libs directory.
2. Declare the reference to the        .aar        file in the        build.gradle        file of your application module.
3. Add the required dependency information in the build.gradle file.

#### Step 2: Initialize the security SDK {#Jo8zh}

 ```java
// Security SDK environment setup
    // scene: CARD
    // region: SG, US, DE
    public static void initSecurity(Context context, String scene, String region)
```

#### **Step 3: Initialize the device token** {#yXvLe}

 Generate the     *deviceTokenId*     by calling the device fingerprint generation method to initialize the device token. The SDK collects device information and generates a device fingerprint. It is recommended to initialize the device fingerprint as early as possible after the application starts so that the token can later be retrieved directly using     *getDeviceToken*    .

 ```java
// Device token initialization
    // scene: CARD
    public static void initToken(String scene, final InitResultListener listener)
```

#### Step 4: Obtain the device token {#GA6gr}

 Query the     *deviceTokenId*     to obtain the terminal device token and then pass this token to Antom through the   [**pay (One-time Payments)**](https://docs.antom.com/ac/ams/payment_cashier.md)   API.

 ```java
// Device token retrieval (synchronous)
    // scene: CARD
    public static TokenResult getTokenResult(String scene)
```

<!-- /TabGroup -->