consumerAuthenticationInformation

The following fields provide consumer authentification information.

consumerAuthenticationInformation. accessToken

JSON Web Token (JWT) used to authenticate the customer with the authentication provider (for example, CardinalCommerce or RuPay).

Specifications

  • Data Type:
    String
  • Data Length:
    2048

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. accessToken
  • SCMP API Field:
    pa_access_token
  • Simple Order API Fields:
    • payerAuthEnrollReply_accessToken
    • payerAuthSetupReply_accessToken
consumerAuthenticationInformation

consumerAuthenticationInformation. acsOperatorID

Access Control Server (ACS) identifier assigned by the directory service.
Each directory service can assign a unique ID to each ACS. This field is used with 3-D Secure 2.0. Required in mada transaction responses.

Specifications

  • Data Type:
    String
  • Data Length:
    32

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. acsOperatorID
  • SCMP API Field:
    pa_acs_operator_id
  • Simple Order API Field:
    payerAuthEnrollReply_acsOperatorId
consumerAuthenticationInformation

consumerAuthenticationInformation. acsReferenceNumber

Unique identifier assigned by EMVCo upon testing and approval.
This field is used with 3-D Secure 2.0.

Specifications

  • Data Type:
    String
  • Data Length:
    32

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation.acsReferenceNumber
  • SCMP API Fields:
    • acs_reference_number
    • pa_acs_reference_number
  • Simple Order API Fields:
    • ccAuthService_acsReferenceNumber
    • payerAuthEnrollReply_acsReferenceNumber
consumerAuthenticationInformation

consumerAuthenticationInformation. acsRenderingType

Identifies the UI type that the ACS will use to complete the challenge.
Available only for mobile application transactions using the Cardinal Mobile SDK.
This field is a JSON object that comprises the following two fields, each two characters long.
  • ACS Interface Field Name:
    acsInterface
    is the ACS interface the challenge presents to the cardholder. Possible values:
    • 01
      : Native UI.
    • 02
      : HTML UI.
  • ACS UI Template Field Name:
    acsUiTemplate
    identifies the UI template format that the ACS first presents to the consumer. Possible values:
    • 01
      : Text.
    • 02
      : Single select.
    • 03
      : Multi select.
    • 04
      : OOB (Out of Band).
    • 05
      : HTML other.
Valid values for each interface:
  • Native UI:
    01-04
    .
  • HTML UI:
    01-05
    .
HTML other is valid only when combined with HTML UI. If HTML other is used with Native UI, it results in error=203.
JSON Object Example:
{ "acsRenderingType":{ "acsInterface";"02", "acsUiTemplate":03" } }

Specifications

  • Data Type:
    String
  • Data Length:
    See description.

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. acsRenderingType
  • SCMP API Field:
    pa_acs_rendering_type
  • Simple Order API Fields:
    • payerAuthEnrollReply_acsRenderingType
    • payerAuthValidateReply_acsRenderingType
consumerAuthenticationInformation

consumerAuthenticationInformation. acsTransactionId

Unique transaction identifier assigned by the access control server (ACS) to identify a single transaction.
When you request the payer authentication and authorization services separately, get the value for this field from the
consumerAuthenticationInformation. acsTransactionId
response field.

Specifications

  • Data Type:
    String
  • Data Length:
    36

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. acsTransactionId
  • SCMP API Fields:
    • acs_server_transaction_id
    • pa_acs_transaction_id
  • Simple Order API Fields:
    • ccAuthService_acsServerTransactionID
    • payerAuthEnrollReply_acsTransactionID
    • payerAuthValidateReply_acsTransactionID
consumerAuthenticationInformation

consumerAuthenticationInformation. acsUrl

URL for the card-issuing bank’s authentication form that you receive when the card is enrolled.
The value can be very large.

Specifications

  • Data Type:
    String
  • Data Length:
    2048

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. acsUrl
  • SCMP API Field:
    pa_enroll_acs_url
  • Simple Order API Field:
    payerAuthEnrollReply_acsURL
consumerAuthenticationInformation

consumerAuthenticationInformation. acsWindowSize

You can send this override field to set the challenge window size to display to the cardholder. The Access Control Server (ACS) replies with content that is formatted appropriately for this window size to allow for the best user experience.
The sizes are width x height in pixels of the window displayed in the cardholder browser. Possible values:
  • 01
    : 250x400
  • 02
    : 390x400
  • 03
    : 500x600
  • 04
    : 600x400
  • 05
    : Full page

Specifications

  • Data Type:
    String
  • Data Length:
    2

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. acsWindowSize
  • SCMP API Field:
    pa_acs_window_size
  • Simple Order API Field:
    payerAuthEnrollService_acsWindowSize
consumerAuthenticationInformation

consumerAuthenticationInformation. alternateAuthenticationData

Data that documents and supports a specific authentication process.

Specifications

  • Data Type:
    String
  • Data Length:
    2048

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. alternateAuthenticationData
  • SCMP API Field:
    pa_alternate_authentication_data
  • Simple Order API Field:
    payerAuthEnrollService_alternateAuthenticationData
consumerAuthenticationInformation

consumerAuthenticationInformation. alternateAuthenticationDate

Date and time in UTC of the cardholder authentication.
Format:
yyyyMMDDHHMM

Specifications

  • Data Type:
    String
  • Data Length:
    14

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. alternateAuthenticationDate
  • SCMP API Field:
    pa_alternate_authentication_date
  • Simple Order API Fields:
    • payerAuthEnrollReply_alternateAuthenticationDate
    • payerAuthEnrollService_alternateAuthenticationDate
consumerAuthenticationInformation

consumerAuthenticationInformation. alternateAuthenticationMethod

Mechanism used by the cardholder to authenticate to the 3-D Secure requestor.
Possible values:
  • 01
    : No authentication occurred.
  • 02
    : Login using merchant system credentials.
  • 03
    : Login using Federated ID.
  • 04
    : Login using issuer credentials.
  • 05
    : Login using third-party authenticator.
  • 06
    : Login using FIDO Authenticator.

Specifications

  • Data Type:
    String
  • Data Length:
    2

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. alternateAuthenticationMethod
  • SCMP API Field:
    pa_alternate_authentication_method
  • Simple Order API Fields:
    • payerAuthEnrollReply_alternateAuthenticationMethod
    • payerAuthEnrollService_alternateAuthenticationMethod
consumerAuthenticationInformation

consumerAuthenticationInformation. authenticationBrand

This response field indicates which directory server was used during the authentication process. This field is returned for the mada card scheme when fallback occurs.
This data is useful when the domestic scheme directory server is not present and authentication falls back to the global scheme directory server.
This field is implemented only for the Saudi Arabia region.
Possible values:
  • 1
    : Visa—Returned for mada VISA co-badged cards, when authentication falls back to the VISA directory server.
  • 2
    : Mastercard—Returned for mada Mastercard co-badged cards, when authentication falls back to the Mastercard directory server.
  • 3
    : Unknown—Returned for mada-only cards, when the mada directory server returns an error code.

Specifications

  • Data Type:
    String
  • Data Length:
    16

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation.authenticationBrand
  • SCMP API Field:
    • pa_enroll_pa_authentication_brand
    • pa_validate_pa_authentication_brand
  • Simple Order API Fields:
    • payerAuthEnrollReply_authenticationBrand
    • payerAuthValidateReply_authenticationBrand
consumerAuthenticationInformation

consumerAuthenticationInformation. authenticationDate

Date and time that the 3D Secure server authenticated the cardholder.
This field is available only for secure transactions in France on the
Banque de France et Tresor Public
,
BNP Paribas France
, and
Credit Mutuel-CIC
processors.
Format:
yyyyMMDDHHMMSS

Specifications

  • Data Type:
    String
  • Data Length:
    14

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation.authenticationDate
  • SCMP API Field:
    pa_authentication_date
  • Simple Order API Field:
    ccAuthService_paAuthenticationDate
consumerAuthenticationInformation

consumerAuthenticationInformation. authenticationPath

Indicates what displays to the customer during the authentication process.
This field can contain one of these values:
  • ADS
    : Card not enrolled. Customer prompted to activate the card during the checkout process.
  • ATTEMPTS
    : Attempts processing.
    Processing...
    briefly appears before the checkout process is completed.
  • ENROLLED
    : Card enrolled. The card issuer’s authentication window opens.
  • UNKNOWN
    : Card enrollment status cannot be determined.
  • NOREDIRECT
    : Card not enrolled, authentication unavailable, or error occurred. Nothing displays to the customer.
The following values can be returned if you are using rules-based payer authentication:
  • RIBA
    : The card-issuing bank supports risk-based authentication, but whether the cardholder is likely to be challenged cannot be determined.
  • RIBA_PASS
    : The card-issuing bank supports risk-based authentication, and it is likely that the cardholder will not be challenged to provide credentials, also known as
    silent authentication
    .

Specifications

  • Data Type:
    String
  • Data Length:
    255

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. authenticationPath
  • SCMP API Field:
    pa_enroll_authentication_path
  • Simple Order API Field:
    payerAuthEnrollReply_authenticationPath
consumerAuthenticationInformation

consumerAuthenticationInformation. authenticationResult

Raw authentication data that comes from the card-issuing bank.
Primary authentication field that indicates whether authentication was successful and the liability shift occurred. Examine the result of this field first.
This field contains one of these values:
  • -1
    : Invalid PARes.
  • 0
    : Successful validation.
  • 1
    : Cardholder is not participating, but the attempt to authenticate was recorded.
  • 6
    : Issuer unable to perform authentication.
  • 9
    : Cardholder did not complete authentication.

Specifications

  • Data Type:
    String with numbers only
  • Data Length:
    255

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. authenticationResult
  • SCMP API Field:
    pa_validate_authentication_result
  • Simple Order API Fields:
    • payerAuthEnrollReply_authenticationResult
    • payerAuthValidateReply_authenticationResult
consumerAuthenticationInformation

consumerAuthenticationInformation. authenticationStatusMsg

Message that explains the
consumerAuthenticationInformation. authenticationResult
response field.

Specifications

  • Data Type:
    String
  • Data Length:
    255

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. authenticationStatusMsg
  • SCMP API Field:
    pa_validate_authentication_status_msg
  • Simple Order API Fields:
    • payerAuthEnrollReply_authenticationStatusMessage
    • payerAuthValidateReply_authenticationStatusMessage
consumerAuthenticationInformation

consumerAuthenticationInformation. authenticationTransactionContext

Payer authentication transaction context identifier.
It links the check enrollment authentication and the validate authentication transactions.
This field is supported only for
RuPay
for the payer authentication seamless flow.
Get the value for this field from the
consumerAuthenticationInformation. authenticationTransactionContext
field in the check enrollment response.

Specifications

  • Data Type:
    String
  • Data Length:
    256

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. authenticationTransactionContext
  • SCMP API Field:
    No corresponding field.
  • Simple Order API Field:
    No corresponding field.
consumerAuthenticationInformation

consumerAuthenticationInformation. authenticationTransactionContextId

Payer authentication transaction context identifier. It links the validate authentication transaction and payment authorization transaction.
This field is supported only for
RuPay
for the payer authentication seamless flow.

Specifications

  • Data Type:
    String
  • Data Length:
    256

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. authenticationTransactionContextId
  • SCMP API Field:
    No corresponding field.
  • Simple Order API Field:
    No corresponding field.
consumerAuthenticationInformation

consumerAuthenticationInformation. authenticationTransactionId

Payer authentication transaction identifier that links the check enrollment and validates authentication transactions.
Use this field to resend the one-time password.
This field is available only for the
RuPay
processor for the payer authentication seamless flow.
Get the value for this field from the
consumerAuthenticationInformation. authenticationTransactionId
field in the check enrollment response.

Specifications

  • Data Type:
    String
  • Data Length:
    26

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation.authenticationTransactionId
  • SCMP API Fields:
    • pa_authentication_transaction_id
    • pa_enroll_authentication_transaction_id
  • Simple Order API Fields:
    • payerAuthEnrollReply_authenticationTransactionID
    • payerAuthEnrollService_authenticationTransactionID
    • payerAuthValidateService_authenticationTransactionID
consumerAuthenticationInformation

consumerAuthenticationInformation. authenticationType

Indicates the type of authentication that is used to challenge the cardholder.
This field is available only on the
RuPay
processor.
Possible Values:
  • 01
    : Static.
  • 02
    : Dynamic.
  • 03
    : OOB (Out of Band).
  • 20
    : Merchant hosted.
    RuPay
    :
    For payer authentication seamless flow.
IMPORTANT
EMV 3-D Secure 2.1.0 supports values
01-03
. Version 2.2.0 supports values
01-03
.

Specifications

  • Data Type:
    Integer
  • Data Length:
    2

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation.authenticationType
  • SCMP API Field:
    pa_authentication_type
  • Simple Order API Fields:
    • payerAuthEnrollReply_authenticationType
    • payerAuthValidateReply_authenticationType
consumerAuthenticationInformation

consumerAuthenticationInformation. authenticationValue

Authentication transaction token.
This field is supported only for
RuPay
. Include this field in authorizations that do not use a payment network token for the payer authentication seamless flow.
Get the value for this field from the
consumerAuthenticationInformation. transactionToken
field in the validate authentication response.

Specifications

  • Data Type:
    String
  • Data Length:
    256

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. authenticationValue
  • SCMP API Field:
    No corresponding field.
  • Simple Order API Field:
    No corresponding field.
consumerAuthenticationInformation

consumerAuthenticationInformation. authorizationPayload

The Base64-encoded JSON payload of authorization values returned in the challenge flow.

Specifications

  • Data Type:
    String
  • Data Length:
    255

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. authorizationPayload
  • SCMP API Field:
    authorization_payload
  • Simple Order API Fields:
    • payerAuthEnrollReply_authorizationPayload
    • payerAuthValidateReply_authorizationPayload
consumerAuthenticationInformation

consumerAuthenticationInformation. cardholderMessage

Text provided by the AC or issuer or both to the cardholder during a frictionless or decoupled transaction.
The issuer can provide information to the cardholder. For example, “Additional authentication is needed for this transaction. Please contact (Issuer Name) at xxx-xxx-xxxx.” The issuing bank can choose to support this value.

Specifications

  • Data Type:
    String
  • Data Length:
    128

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. cardholderMessage
  • SCMP API Field:
    pa_cardholder_message
  • Simple Order API Field:
    payerAuthEnrollReply_cardholderMessage
consumerAuthenticationInformation

consumerAuthenticationInformation. cavv

Cardholder authentication verification value (CAVV).
This value is a transaction identifier generated by the issuing bank during payer authentication.
This value must be 28-character Base64 or 40-character hex binary.
When you request the payer authentication and authorization services separately, get the value for this field from the
consumerAuthenticationInformation. cavv
response field.
Apple Pay and Samsung Pay Transactions
  • American Express: for a 20-byte cryptogram, set this field to the cryptogram for authorizations with payment network tokens. For a 40-byte cryptogram, set this field to block A of the cryptogram for authorizations with payment network tokens.
  • Discover: the value for this field can be a 20 or 40-character hex binary. All cryptograms use one of these formats.
  • Visa: the value for this field must be 28-character base 64 or 40-character hex binary. All cryptograms use one of these formats.
China UnionPay
This field and
processingInformation.commerceIndicator
field are required for authorizations for China UnionPay domestic debit cards.
FDC Nashville Global
For Visa Secure, this field is set to the value for the transaction identifier (XID) when the XID is present in the authorization request and the CAVV is not present.
Visa Platform Connect
The value for this field corresponds to this data in the TC 33 capture file:
  • Record: CP01 TCR8
  • Position: 77-78
  • Field: CAVV version and authentication action

Specifications

  • Data Type:
    String
  • Data Length (request):
    40
  • Data Length (response):
    255

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation.cavv
  • SCMP API Fields:
    • cavv
    • pa_enroll_cavv
    • pa_validate_cavv
  • Simple Order API Fields:
    • ccAuthService_cavv
    • payerAuthEnrollReply_cavv
    • payerAuthValidateReply_cavv
consumerAuthenticationInformation

consumerAuthenticationInformation. cavvAlgorithm

Algorithm for generating a cardholder authentication verification value (CAVV) or universal cardholder authentication field (UCAF) data.
This field is available only on
Credit Mutuel-CIC
for Visa Secure.
Possible values:
  • 0
    : Hash-based message authentication code (HMAC)
  • 1
    : Card verification value (CVV)
  • 2
    : CVV with authentication transaction number (ATN)

Specifications

  • Data Type:
    String
  • Data Length:
    1

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation.cavvAlgorithm
  • SCMP API Fields:
    • cavv_algorithm
    • pa_enroll_cavv_algorithm
    • pa_validate_cavv_algorithm
  • Simple Order API Fields:
    • ccAuthService_cavvAlgorithm
    • payerAuthEnrollReply_cavvAlgorithm
    • payerAuthValidateReply_cavvAlgorithm
consumerAuthenticationInformation

consumerAuthenticationInformation. challengeCancelCode

Indicates why a transaction was canceled.
Possible values:
  • 01
    : Cardholder selected Cancel.
  • 02
    : Reserved for future EMVCo use (values invalid until defined by EMVCo).
  • 03
    : Transaction timed out—Decoupled Authentication.
  • 04
    : Transaction timed out at ACS—other timeouts.
  • 05
    : Transaction timed out at ACS—First CReq not received by ACS.
  • 06
    : Transaction Error.
  • 07
    : Unknown.
  • 08
    : Transaction timed out at SDK.
France Country Specific Information
In France, this field is available only for secure transactions.
The transaction was not cancelled. It was sent to the payment card company and the issuer who can reject it with a soft decline by requesting additional cardholder authentication.
Possible values:
  • 01
    : Cardholder selected
    Cancel
    .
  • 03
    : Decoupled authentication caused the transaction to time out.
  • 04
    : Transaction timed out at the access control server (ACS), which is a server on the issuer side of the 3-D Secure protocol. This value includes all ACS timeouts not covered by the value
    05
    .
  • 05
    : Transaction timed out at the ACS because the first challenge request was not received by the ACS.
  • 06
    : Transaction error as determined by the 3-D Secure server.
  • 07
    : Unknown.
  • 08
    :
    Cybersource
    software timed out.
When you request the payer authentication and authorization services separately, get the value for this field from the
consumerAuthenticationInformation. challengeCancelCode
response field.

Specifications

  • Data Type:
    String
  • Data Length:
    2

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation.challengeCancelCode
  • SCMP API Field:
    challenge_cancel_code
  • Simple Order API Fields:
    • ccAuthService_challengeCancelCode
    • challenge_cancel_code
      (France only)
    • payerAuthEnrollReply_challengeCancelCode
    • payerAuthValidateReply_challengeCancelCode
consumerAuthenticationInformation

consumerAuthenticationInformation. challengeCode

Authentication type or challenge presented to the cardholder at checkout.
This field is available only for the
Banque de France et Tresor Public
,
BNP Paribas France
, and
Credit Mutuel-CIC
processors.
The challenge is issued after requesting secure transactions through the
Cybersource
payer authentication services.
A
challenge
means that strong customer authentication is required. The challenge status does the following:
  • Informs the issuer about the alternative authentication methods that the cardholder used.
  • Enables you to override default values for one transaction at a time and increase the authorization acceptance rate at the risk of accepting a liability shift for the transaction.
Possible values:
  • 01
    : No preference.
  • 02
    : No challenge requested, but the reason is unknown.
  • 03
    : You requested the challenge. You can default to this value for every transaction when you see an increase in fraud rates.
  • 04
    : Challenge mandated. Strong customer authentication is required when one of the following is true:
    • Transaction amount exceeds 30 EUR and there have been at least five transactions on the payment card during the preceding week.
    • Cumulative amount for the payment card during the preceding week exceeds 100 EUR.
  • 05
    : No challenge requested because transactional risk analysis has already been performed.
  • 06
    : No challenge requested because the purpose of this transaction is to share data, not to move money.
  • 07
    : No challenge requested because strong consumer authentication has already been performed.
  • 08
    : No challenge requested because the cardholder is on a white list of exempt cardholders.
  • 09
    : Challenge requested by issuer. Determine whether the cardholder is on a white list of exempt cardholders.
This field defaults to
01
on merchant configuration and can be overridden by the merchant. EMV 3-D Secure version 2.1.0 supports values
01
-
04
. Version 2.2.0 supports values
01
-
09
.

Specifications

  • Data Type:
    Integer
  • Data Length:
    2

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. challengeCode
  • SCMP API Field:
    pa_challenge_code
  • Simple Order API Fields:
    • ccAuthService_paChallengeCode
    • payerAuthEnrollService_challengeCode
consumerAuthenticationInformation

consumerAuthenticationInformation. challengeRequired

Indicates whether a challenge is required in order to complete authentication.
Regional mandates might determine that a challenge is required. Used by the Hybrid integration.
Possible values:
  • Y
    : Challenge required.
  • N
    : Challenge not required.

Specifications

  • Data Type:
    String
  • Data Length:
    1

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation.challengeRequired
  • SCMP API Field:
    challenge_required
  • Simple Order API Field:
    payerAuthEnrollReply_challengeRequired
consumerAuthenticationInformation

consumerAuthenticationInformation. credentialEncrypted

Indicates that you encrypted the passed credential.
This field is only used for IVR extension transactions in India.

Specifications

  • Data Type:
    Boolean
  • Data Length:
    1

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. credentialEncrypted
  • SCMP API Field:
    pa_credential_encrypted
  • Simple Order API Field:
    payerAuthValidateService_credentialEncrypted
consumerAuthenticationInformation

consumerAuthenticationInformation. customerCardAlias

An alias that uniquely identifies the customer's account and credit card on file.
This field is required if Tokenization is enabled in the merchant profile settings.

Specifications

  • Data Type:
    String
  • Data Length:
    128

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. customerCardAlias
  • SCMP API Field:
    pa_customer_cc_alias
  • Simple Order API Field:
    payerAuthEnrollService_customerCCAlias
consumerAuthenticationInformation

consumerAuthenticationInformation. dataQualityIndicator

This value indicates whether a payment authorization request or capture authorization request meets the Visa Secure data quality requirements.
The authorization response returns the authentication indicator in Field 34 (acceptance environment data in TLV format), Dataset ID 01 (authentication data), Tag C1.
IMPORTANT
This indicator does not appear in responses to authorization follow-on transactions.
Possible values for tag C1:
  • 0
    : The authorization request meets the Visa Secure data quality requirements.
  • 1
    : The authorization request does not meet the Visa Secure data quality requirements.

Specifications

  • Data Type: String
  • Data Length 10

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation.dataQualityIndicator
  • SCMP API Field:
    authentication_data_quality_indicator
  • Simple Order API Field:
    authenticationData_qualityIndicator
consumerAuthenticationInformation

consumerAuthenticationInformation. decoupledAuthenticationIndicator

Indicates whether the 3-D Secure requester agrees to use decoupled authentication if the ACS confirms its use.
Possible Values:
Y
: Decoupled Authentication is supported and preferred if a challenge is necessary.
N
: Do not use Decoupled Authentication (default).

Specifications

  • Data Type:
    String
  • Data Length:
    1

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. decoupledAuthenticationIndicator
  • SCMP API Field:
    pa_decoupled_authentication_indicator
  • Simple Order API Field:
    payerAuthEnrollService_decoupledAuthenticationIndicator
consumerAuthenticationInformation

consumerAuthenticationInformation. decoupledAuthenticationMaxTime

The maximum interval of time (in minutes) that the 3-D Secure requester waits for an Active Control Server (ACS) to return the result of a decoupled authentication transaction.
Possible Values: Numeric values between
1
and
10080
are accepted.

Specifications

  • Data Type:
    String
  • Data Length:
    5

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. decoupledAuthenticationMaxTime
  • SCMP API Field:
    pa_decoupled_authentication_max_time
  • Simple Order API Field:
    payerAuthEnrollService_decoupled_AuthenticationMaxTime
consumerAuthenticationInformation

consumerAuthenticationInformation. defaultCard

Indicates that the card being used is the one designated as the primary payment card for purchase.
This field can contain one of these values:
  • true
  • false
Recommended for Discover ProtectBuy.

Specifications

  • Data Type:
    Boolean
  • Data Length:
    1

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. defaultCard
  • SCMP API Field:
    pa_default_card
  • Simple Order API Field:
    payerAuthEnrollService_defaultCard
consumerAuthenticationInformation

consumerAuthenticationInformation. deviceChannel

Indicates the channel used for the transaction.
Required for SDK integration. Possible Values:
  • SDK
  • Browser
  • 3RI (3-D Secure Integrator Request)
IMPORTANT
If you use the SDK integration, this field is dynamically set to
SDK
. If you use the JavaScript code, this field is dynamically set to
Browser
. For merchant-initiated or 3RI transactions, you must set the field to
3RI
. If you use this field in addition to JavaScript code, you must set the field to
Browser
.

Specifications

  • Data Type:
    String
  • Data Length:
    10

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. deviceChannel
  • SCMP API Field:
    pa_device_channel
  • Simple Order API Field:
    payerAuthEnrollService_deviceChannel
consumerAuthenticationInformation

consumerAuthenticationInformation. deviceDataCollectionURL

Location to send the authentication JSON Web Token (JWT) when you invoke device data collection.

Specifications

  • Data Type:
    String
  • Data Length:
    100

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. deviceDataCollectionURL
  • SCMP API Field:
    pa_setup_pa_device_data_collection_url
  • Simple Order API Field:
    payerAuthSetupReply_deviceDataCollectionURL
consumerAuthenticationInformation

consumerAuthenticationInformation. directoryServerErrorCode

The directory server error code indicating a problem with the transaction.

Specifications

  • Data Type:
    String
  • Data Length:
    3

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation.directoryServerErrorCode
  • SCMP API Field:
    pa_directory_server_error_code
  • Simple Order API Fields:
    • payerAuthEnrollReply_directoryServerErrorCode
    • payerAuthValidateReply_directoryServerErrorCode
consumerAuthenticationInformation

consumerAuthenticationInformation. directoryServerErrorDescription

Directory server text and additional detail about the error for the transaction.

Specifications

  • Data Type:
    String
  • Data Length:
    4096

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. directoryServerErrorDescription
  • SCMP API Field:
    pa_directory_server_error_description
  • Simple Order API Fields:
    • payerAuthEnrollReply_directoryServerErrorDescription
    • payerAuthValidateReply_directoryServerErrorDescription
consumerAuthenticationInformation

consumerAuthenticationInformation. directoryServerTransactionId

Transaction ID that the directory server generates during authentication.
When you request the payer authentication and authorization services separately, get the value for this field from the
consumerAuthenticationInformation. threeDSServerTransactionId
response field.
Mastercard Identity Check on
Visa Platform Connect
The value for this field corresponds to the following data in the TC 33 capture file:
  • Record: CP01 TCR7
  • Position: 114-149
  • Field: MC AVV Verification—Directory Server Transaction ID
The TC 33 capture file contains information about the payments and credits that a merchant submits to
Cybersource
. The processor creates the TC 33 capture file at the end of the day and sends it to the merchant’s acquirer. The acquirer uses this information to facilitate end-of-day clearing processing with payment networks.

Specifications

  • Data Type:
    String
  • Data Length:
    36

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation.directoryServerTransactionId
  • SCMP API Fields:
    • directory_server_transaction_id
    • pa_enroll_directory_server_transaction_id
    • pa_validate_directory_server_transaction_id
  • Simple Order API Fields:
    • ccAuthService_directoryServerTransactionID
    • payerAuthEnrollReply_directoryServerTransactionID
    • payerAuthValidateReply_directoryServerTransactionID
consumerAuthenticationInformation

consumerAuthenticationInformation. dsReferenceNumber

Unique identifier assigned by the EMVCo.
This field is required in cardholder-initiated 3-D Secure fully-authenticated mada card transactions.
When you request the payer authentication and authorization services separately, get the value for this field from the response messages.

Specifications

  • Data Type:
    String
  • Data Length:
    23

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. dsReferenceNumber
  • SCMP API Field:
    ds_reference_number
  • Simple Order API Field:
    ccAuthService_dsReferenceNumber
consumerAuthenticationInformation

consumerAuthenticationInformation. eci

Numeric electronic commerce indicator (ECI) returned only for Visa, American Express, JCB, Diners Club, Discover, China UnionPay, and Elo transactions when the card is not enrolled.
IMPORTANT
This field applies only to cards that are not issued in the U.S.
If you are not using
Cybersource
payment services, you must send this value to your payment processor in the next request for card authorization.
This field contains one of these values:
  • 06
    : The card can be enrolled. Liability shift.
  • 07
    : The card cannot be enrolled. No liability shift.

Specifications

  • Data Type:
    String
  • Data Length:
    255

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. eci
  • SCMP API Fields:
    • pa_enroll_eci
    • pa_validate_eci
  • Simple Order API Fields:
    • payerAuthEnrollReply_eci
    • payerAuthValidateReply_eci
consumerAuthenticationInformation

consumerAuthenticationInformation. eciRaw

Raw electronic commerce indicator (ECI).
The field is absent if authentication fails.
This field can contain one of these values:
  • 01
    : Authentication attempted (Mastercard).
  • 02
    : Successful authentication (Mastercard).
  • 05
    : Successful authentication (Visa, American Express, JCB, Diners Club, Discover, China UnionPay, and Elo).
  • 06
    : Authentication attempted (Visa, American Express, JCB, Diners Club, Discover, China UnionPay, and Elo).

Specifications

  • Data Type:
    String
  • Data Length:
    255

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation.eciRaw
  • SCMP API Fields:
    • eci_raw
    • pa_enroll_eci_raw
    • pa_validate_eci_raw
  • Simple Order API Fields:
    • ccAuthService_eciRaw
    • payerAuthEnrollReply_eciRaw
    • payerAuthValidateReply_eciRaw
consumerAuthenticationInformation

consumerAuthenticationInformation. ecommerceIndicator

Indicator used to distinguish types of transactions.
This field contains one of these values:
  • aesk
    : American Express SafeKey authentication verified successfully.
  • aesk_attempted
    : Card not enrolled in American Express SafeKey, but the attempt to authenticate is recorded.
  • cs
    : Elo Compra Segura authentication verified successfully.
  • cs_attempted
    : Elo Compra Segura card not enrolled, but the attempt to authenticate is recorded.
  • dipb
    : Discover ProtectBuy authentication verified successfully.
  • dipb_attempted
    : Card not enrolled in Discover ProtectBuy, but the attempt to authenticate is recorded.
  • internet
    : Card not enrolled, or card type not supported by payer authentication. No liability shift.
  • js
    : J/Secure authentication verified successfully.
  • js_attempted
    : Card not enrolled, but the attempt to authenticate is recorded. Liability shift.
  • js_failure
    : J/Secure directory service is not available. No liability shift.
  • pb
    : Diners Club ProtectBuy authentication verified successfully.
  • pb_attempted
    : Card not enrolled in Diners Club ProtectBuy, but the attempt to authenticate is recorded.
  • spa
    : Mastercard Identity Check authentication verified successfully.
  • spa_failure
    : Mastercard Identity Check failed authentication.
  • up3ds
    : China UnionPay authentication verified successfully.
  • up3ds_attempted
    : China UnionPay card not enrolled, but the attempt to authenticate is recorded.
  • up3ds_failure
    : China UnionPay authentication unavailable.
  • vbv
    : Visa Secure authentication verified successfully.
  • vbv_attempted
    : Visa card not enrolled, but the attempt to authenticate is recorded. Liability shift.
  • vbv_failure
    : For the payment processors Barclays, Streamline, AIBMS, or FDC Germany, you receive this result if Visa’s directory service is not available. No liability shift.

Specifications

  • Data Type:
    String
  • Data Length:
    255

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. ecommerceIndicator
  • SCMP API Fields:
    • pa_enroll_e_commerce_indicator
    • pa_validate_e_commerce_indicator
  • Simple Order API Fields:
    • payerAuthEnrollReply_commerceIndicator
    • payerAuthValidateReply_commerceIndicator
consumerAuthenticationInformation

consumerAuthenticationInformation. effectiveAuthenticationType

The type of 3-D Secure transaction flow.
When you request the payer authentication and authorization services separately, get the value for this field from the
consumerAuthenticationInformation. effectiveAuthenticationType
response field.
Possible Values:
  • CH
    : Challenge.
    Strong customer authentication is required. The cardholder must prove that they are present and enter the payment details by providing two of the following elements:
    • Something on the cardholder's body. Example: fingerprint.
    • Something the cardholder has. Examples: plastic card, mobile device, token generator.
    • Something the cardholder knows. Examples: PIN, password.
  • FR
    : Frictionless.
    The transaction can proceed without cardholder authentication.
  • FD
    : Frictionless with delegation (challenge not generated by the issuer but by the scheme on behalf of the issuer).
    The issuer does not require cardholder authentication, but the payment card company might require it.

Specifications

  • Data Type:
    String
  • Data Length:
    2

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. effectiveAuthenticationType
  • SCMP API Field:
    effective_authentication_type
  • Simple Order API Fields:
    • ccAuthService_effectiveAuthenticationType
    • payerAuthEnrollReply_effectiveAuthenticationType
    • payerAuthValidateReply_effectiveAuthenticationType
consumerAuthenticationInformation

consumerAuthenticationInformation. exemptionDataRaw

Payer authentication exemption data field.
Raw exemption data field that is used for Carte Bancaire exemptions. For example,"low fraud merchant program." Used with payer authentication service response.

Specifications

  • Data Type:
    String
  • Data Length:
    4

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation.exemptionDataRaw
  • Simple Order API Field:
    payerAuthEnrollReply_exemptionDataRaw
consumerAuthenticationInformation

consumerAuthenticationInformation. idciDecision

Decision on the risk assessment from Mastercard.
This field is used only with Mastercard. It is required when the merchant requests the Identity Check Insights (IDCI) score.

Specifications

  • Data Type:
    String
  • Data Length:
    12

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. idciDecision
  • SCMP API Field:
    pa_idci_decision
  • Simple Order API Field:
    payerAuthEnrollReply_idciDecision
consumerAuthenticationInformation

consumerAuthenticationInformation. idciReasonCode1

Reason code from Mastercard.
This field is only used with Mastercard. It is required when the merchant requests the Identity Check Insights (IDCI) score. The reason code values range from
A
through
Z
. For a description of the reason codes values, see the appendix of the Mastercard Identity Check Program Guide.

Specifications

  • Data Type:
    String
  • Data Length:
    1

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. idciReasonCode1
  • SCMP API Field:
    pa_idci_reason_code1
  • Simple Order API Field:
    payerAuthEnrollReply_idciReasonCode1
consumerAuthenticationInformation

consumerAuthenticationInformation. idciReasonCode2

Reason code from Mastercard.
This field is only used with Mastercard. It is required when the merchant requests the Identity Check Insights (IDCI) score. The reason code values range from
A
through
Z
. For a description of the reason codes values, see the appendix of the Mastercard Identity Check Program Guide.

Specifications

  • Data Type:
    String
  • Data Length:
    2

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. idciReasonCode2
  • SCMP API Field:
    pa_idci_reason_code2
  • Simple Order API Field:
    payerAuthEnrollReply_idciReasonCode2
consumerAuthenticationInformation

consumerAuthenticationInformation. idciScore

Risk assessment from Mastercard.
Only for Mastercard. Required when the merchant requests the Identity Check Insights (IDCI) score. The risk score values range from
0
-
9
(low to high). Refer to the Appendix C in the Mastercard Identity Check Program Guide for additional information about the score values.

Specifications

  • Data Type:
    Integer
  • Data Length:
    1

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation.idciScore
  • SCMP API Field:
    pa_idci_score
  • Simple Order API Field:
    payerAuthEnrollReply_idciScore
consumerAuthenticationInformation

consumerAuthenticationInformation. interactionCounter

Indicates the number of authentication cycles that the cardholder attempted. The cycles are tracked by the issuing bank’s ACS.
Example
: The customer receives the challenge window, enters the one-time password, and clicks
Submit
. This sequence counts as one interaction.
Example:
The customer receives the challenge window, receives the bank message asking if the one-time password should be sent to their phone or email. The customer makes a selection before going to the next screen to enter the one-time password. This sequence counts as two interactions. The first interaction occurs when the customer chooses how to have the one-time password delivered. The second interaction occurs when the customer enters the one-time password and clicks
Submit
.

Specifications

  • Data Type:
    Integer
  • Data Length:
    2

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation.interactionCounter
  • SCMP API Field:
    pa_interaction_counter
  • Simple Order API Field:
    payerAuthValidateReply_interactionCounter
consumerAuthenticationInformation

consumerAuthenticationInformation. marketingOptIn

Indicates whether the customer has opted in for marketing offers.
Recommended for Discover ProtectBuy.
Possible values:
  • true
  • false

Specifications

  • Data Type:
    Boolean
  • Data Length:
    5

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. marketingOptIn
  • SCMP API Field:
    pa_marketing_optin
  • Simple Order API Field:
    payerAuthEnrollService_marketingOptIn
consumerAuthenticationInformation

consumerAuthenticationInformation. marketingSource

Indicates origin of the marketing offer.
Recommended for Discover ProtectBuy.

Specifications

  • Data Type:
    String
  • Data Length:
    40

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. marketingSource
  • SCMP API Field:
    pa_marketing_source
  • Simple Order API Field:
    payerAuthEnrollService_marketingSource
consumerAuthenticationInformation

consumerAuthenticationInformation. mcc

Merchant category code.

Specifications

  • Data Length:
    4

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. mcc
  • SCMP API Field:
    pa_mcc
  • Simple Order API Field:
    payerAuthEnrollService_MCC
consumerAuthenticationInformation

consumerAuthenticationInformation. merchantFraudRate

Calculated by merchants according to Payment Service Directive 2 (PSD2) and Regulatory Technical Standards (RTS). European Economic Area (EEA) card fraud divided by all EEA card volumes.
Possible Values:
  • 1
    : Represents fraud rate <=1.
  • 2
    : Represents fraud rate >1 and <=6.
  • 3
    : Represents fraud rate >6 and <=13.
  • 4
    : Represents fraud rate >13 and <=25.
  • 5
    : Represents fraud rate >25.

Specifications

  • Data Type:
    String
  • Data Length:
    2

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation.merchantFraudRate
  • SCMP API Field:
    pa_merchant_fraud_rate
  • Simple Order API Field:
    payerAuthEnrollService_merchantFraudRate
consumerAuthenticationInformation

consumerAuthenticationInformation. merchantScore

Risk score provided by merchants.

Specifications

  • Data Type:
    Integer
  • Data Length:
    2

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. merchantScore
  • SCMP API Field:
    pa_merchant_score
  • Simple Order API Field:
    payerAuthEnrollService_merchantScore
consumerAuthenticationInformation

consumerAuthenticationInformation. messageCategory

Category of the message for a specific use case.
Possible values:
  • 01
    : PA (payment authentication).
  • 02
    : NPA (nonpayment authentication).
  • 03-79
    : Reserved for EMVCo future use (values invalid until defined by EMVCo).
  • 80-99
    : Reserved for directory server use.

Specifications

  • Data Type:
    String
  • Data Length:
    2

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation.messageCategory
  • SCMP API Field:
    pa_message_category
  • Simple Order API Field:
    payerAuthEnrollService_messageCategory
consumerAuthenticationInformation

consumerAuthenticationInformation. networkScore

The global score calculated by the 3-D Secure scoring platform and returned to the merchant.
This field is available only for secure transactions in France on the
Banque de France et Tresor Public
,
BNP Paribas France
, and
Credit Mutuel-CIC
processors.
Possible values:
00
-
99
.
When you request the payer authentication and authorization services separately, get the value for this field from the
consumerAuthenticationInformation. networkScore
response field.

Specifications

  • Data Type:
    String
  • Data Length:
    2

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. networkScore
  • SCMP API Field:
    pa_network_score
  • Simple Order API Fields:
    • ccAuthService_paNetworkScore
    • payerAuthEnrollReply_networkScore
consumerAuthenticationInformation

consumerAuthenticationInformation. otpToken

One-time password that the cardholder entered.
RuPay
:
This field is supported only for the payer authentication seamless flow.

Specifications

  • Data Type:
    String
  • Data Length:
    255

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. otpToken
  • SCMP API Field:
    pa_otp_token
  • Simple Order API Field:
    pa_otpToken
consumerAuthenticationInformation

consumerAuthenticationInformation. overrideCountryCode

Two-character ISO standard country code.

Specifications

  • Data Type:
    String
  • Data Length:
    2

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation.overrideCountryCode
  • SCMP API Field:
    pa_merchant_country_code
  • Simple Order API Field:
    payerAuthEnrollService_merchantCountrycode
consumerAuthenticationInformation

consumerAuthenticationInformation. overridePaymentMethod

Specifies the payment account type used for the transaction.
This field overrides other payment types that might be specified in the request. Use one of the following values for this field:
  • NA
    : Does not apply. Do not override other payment types that are specified in the request.
  • CR
    : Credit card.
  • DB
    : Debit card.
  • VSAVR
    : Visa Vale Refeicao.
  • VSAVA
    : Visa Vale Alimentacao.

Specifications

  • Data Type:
    String
  • Data Length:
    10

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. overridePaymentMethod
  • SCMP API Field:
    pa_override_payment_method
  • Simple Order API Field:
    payerAuthEnrollService_overridePaymentMethod
consumerAuthenticationInformation

consumerAuthenticationInformation. pareq

Payer authentication request (PAReq) message that you must forward to the ACS.
The value can be very large. The value is encoded in Base64.

Specifications

  • Data Type:
    String
  • Data Length:
    No length limit.

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. pareq
  • SCMP API Field:
    pa_enroll_pareq
  • Simple Order API Field:
    payerAuthEnrollReply_paReq
consumerAuthenticationInformation

consumerAuthenticationInformation[]. paresStatus

Raw result of the authentication check.
This field can contain one of these values:
  • A
    : Proof of authentication attempt was generated.
  • C
    : Card challenged. This status is a temporary status for an in-flight transaction and can result in other authentication statuses after transaction is completed.
  • N
    : Customer failed or canceled authentication. Transaction denied.
  • R
    : Authentication rejected (used for 3-D Secure 2.x transactions only).
  • U
    : Authentication not completed regardless of the reason.
  • Y
    : Customer was successfully authenticated.

Specifications

  • Data Type:
    String
  • Data Length:
    255

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation[].paresStatus
  • SCMP API Fields:
    • pares_status
    • pa_enroll_pares_status
    • pa_validate_pares_status
  • Simple Order API Fields:
    • ccAuthService_paresStatus
    • payerAuthEnrollReply_paresStatus
    • payerAuthValidateReply_paresStatus
consumerAuthenticationInformation

consumerAuthenticationInformation. signedParesStatusReason

Provides additional information about the PARes status value.

Specifications

  • Data Type:
    String
  • Data Length:
    2

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. signedParesStatusReason
  • SCMP API Field:
    pares_status_reason
  • Simple Order API Fields:
    • payerAuthEnrollReply_authenticationStatusReason
    • payerAuthValidateReply_authenticationStatusReason
consumerAuthenticationInformation

consumerAuthenticationInformation. paSpecificationVersion

The EMV 3-D Secure version that was used to process the transaction.
Example
: 2.3.1
This field is available only for the
FDC Compass
and
Visa Platform Connect
processors.
Visa Platform Connect
The value for this field corresponds to this data in the TC 33 capture file:
  • Record: CP01 TCR7
  • Position: 113
  • Field: MC AVV Verification—Program Protocol
Mastercard Identity Check on Visa Platform Connect
Visa Platform Connect
Mastercard Identity Check might return one of these values during the authentication process.
Possible values:
  • 2.1.0
    : EMV 3-D Secure 2.1.0 (This value cannot be used after September 25, 2024, when EMV 3-D Secure 2.1 is no longer supported. All merchants must begin using EMV 3-D Secure 2.2 or later before that date to avoid any disruption in service.)
  • 2.2.0
    : EMV 3-D Secure 2.2.0
  • 2.3.0
    : EMV 3-D Secure 2.3.0
  • 2.4.0
    : EMV 3-D Secure 2.4.0
  • 2.5.0
    : EMV 3-D Secure 2.5.0
  • 2.6.0
    : EMV 3-D Secure 2.6.0
  • 2.7.0
    : EMV 3-D Secure 2.7.0
  • 2.8.0
    : EMV 3-D Secure 2.8.0
  • 2.9.0
    : EMV 3-D Secure 2.9.0

Specifications

  • Data Type:
    String
  • Data Length:
    20

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation.paSpecificationVersion
  • SCMP API Field:
    pa_specification_version
  • Simple Order API Field:
    ccAuthService_paSpecificationVersion
consumerAuthenticationInformation

consumerAuthenticationInformation. priorAuthenticationData

This field contains data that the ACS can use to verify the authentication process.

Specifications

  • Data Type:
    String
  • Data Length:
    2048

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. priorAuthenticationData
  • SCMP API Field:
    pa_prior_authentication_data
  • Simple Order API Field:
    payerAuthEnrollService_priorAuthenticationData
consumerAuthenticationInformation

consumerAuthenticationInformation. priorAuthenticationMethod

Method the cardholder used previously to authenticate to the 3-D Secure requester.
Possible values:
  • 01
    : Frictionless authentication occurred by ACS.
  • 02
    : Cardholder challenge occurred by ACS.
  • 03
    : AVS verified.
  • 04
    : Other issuer methods.
  • 05-79
    : Reserved for EMVCo future use (values invalid until defined by EMVCo).
  • 80-99
    : Reserved for directory server use.

Specifications

  • Data Type:
    String
  • Data Length:
    2

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. priorAuthenticationMethod
  • SCMP API Field:
    pa_prior_authentication_method
  • Simple Order API Field:
    payerAuthEnrollService_priorAuthenticationMethod
consumerAuthenticationInformation

consumerAuthenticationInformation. priorAuthenticationReferenceId

This field contains the ACS transaction ID for a prior authenticated transaction.
For example, the first recurring transaction that was authenticated with the cardholder.

Specifications

  • Data Type:
    String
  • Data Length:
    36

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. priorAuthenticationReferenceId
  • SCMP API Field:
    pa_prior_authentication_reference_id
  • Simple Order API Field:
    payerAuthEnrollService_priorAuthenticationReferenceID
consumerAuthenticationInformation

consumerAuthenticationInformation. priorAuthenticationTime

Date and time in UTC of the prior cardholder authentication.
Format:
yyyyMMDDHHMM

Specifications

  • Data Type:
    String
  • Data Length:
    12

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. priorAuthenticationTime
  • SCMP API Field:
    pa_prior_authentication_time
  • Simple Order API Field:
    payerAuthEnrollService_priorAuthenticationTime
consumerAuthenticationInformation

consumerAuthenticationInformation. productCode

Specifies the product code, which designates the type of transaction.
Specify one of the following values for this field:
  • AIR
    : Airline purchase.
  • ACC
    : Accommodation rental.
  • ACF
    : Account funding.
  • CHA
    : Check acceptance.
  • DIG
    : Digital goods.
  • DSP
    : Cash dispensing.
  • GAS
    : Fuel.
  • GEN
    : General retail.
  • LUX
    : Luxury retail.
  • PAL
    : Prepaid activation and load.
  • PHY
    : Goods or services purchase.
  • QCT
    : Quasi-cash transaction.
  • REN
    : Car rental.
  • RES
    : Restaurant.
  • SVC
    : Services.
  • TBD
    : Other.
  • TRA
    : Travel.

Specifications

  • Data Type:
    String
  • Data Length:
    3

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. productCode
  • SCMP API Field:
    pa_product_code
  • Simple Order API Field:
    payerAuthEnrollService_productCode
consumerAuthenticationInformation

consumerAuthenticationInformation. proofXml

Date and time of the enrollment check combined with the VEReq and VERes elements.
If you ever need to show proof of enrollment checking, you might need to parse the string for the information required by the payment card company. The value can be very large.
  • For cards issued in the US or Canada, Visa might require this data for specific merchant category codes.
  • For cards not issued in the US or Canada, your bank might require this data as proof of enrollment checking for any payer authentication transaction that you re-present because of a chargeback.

Specifications

  • Data Type:
    String
  • Data Length:
    No length limit.

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. proofXml
  • SCMP API Field:
    pa_enroll_proofxml
  • Simple Order API Field:
    payerAuthEnrollReply_proofXML
consumerAuthenticationInformation

consumerAuthenticationInformation. proxyPan

Encrypted version of the card number that is used in the payer authentication request message.

Specifications

  • Data Type:
    String
  • Data Length:
    255

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. proxyPan
  • SCMP API Field:
    pa_enroll_proxypan
  • Simple Order API Field:
    payerAuthEnrollReply_proxyPAN
consumerAuthenticationInformation

consumerAuthenticationInformation. referenceId

Reference ID that corresponds to the device fingerprinting data that was collected previously.

Specifications

  • Data Type:
    String
  • Data Length:
    50

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation.referenceId
  • SCMP API Fields:
    • pa_reference_id
    • pa_setup_pa_reference_id
  • Simple Order API Fields:
    • payerAuthEnrollService_referenceID
    • payerAuthSetupReply_referenceID
consumerAuthenticationInformation

consumerAuthenticationInformation. requestorInitiatedAuthenticationIndicator

Indicates the type of 3-D Secure Integrator Request (3RI Request).
Possible Values:
  • 01
    : Recurring transaction.
  • 02
    : Installment transaction.
  • 03
    : Add card.
  • 04
    : Maintain card.
  • 05
    : Account verification.
  • 06
    : Split/delayed shipment.
  • 07
    : Top-up.
  • 08
    : Mail order.
  • 09
    : Telephone order.
  • 10
    : Whitelist status check.
  • 11
    : Other payment.
EMV 3-D Secure version 2.1.0 supports values
01
-
05
. Version 2.2.0 supports values
01
-
11
.

Specifications

  • Data Type:
    String
  • Data Length:
    2

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. requestorInitiatedAuthenticationIndicator
  • SCMP API Field:
    pa_requestor_initiated_authentication_indicator
  • Simple Order API Field:
    payerAuthEnrollService_ requestorInitiatedAuthenticationIndicator
consumerAuthenticationInformation

consumerAuthenticationInformation. requestorName

The 3-D Secure requestor name value assigned by the directory server.

Specifications

  • Data Type:
    String
  • Data Length:
    40

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. requestorName
  • SCMP API Field:
    pa_requestor_name
  • Simple Order API Field:
    payerAuthEnrollService_requestorName
consumerAuthenticationInformation

consumerAuthenticationInformation. responseAccessToken

JSON Web Token (JWT) returned by the 3-D Secure provider when the authentication is complete.

Specifications

  • Data Type:
    String
  • Data Length:
    2048

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation.responseAccessToken
  • SCMP API Field:
    pa_response_access_token
  • Simple Order API Field:
    payerAuthValidateService_responseAccessToken
consumerAuthenticationInformation

consumerAuthenticationInformation. returnUrl

URL of your return page.
This return URL is added to the step-up JWT and returned in the response of the Payer Authentication enrollment call. Your return URL page serves as a listening URL. Cardinal sends a POST response to your return URL when the bank session completes that contains the completed bank session’s transaction ID. Your return page should capture the transaction ID and send it in the Payer Authentication validation call.

Specifications

  • Data Type:
    String
  • Data Length:
    2048

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. returnUrl
  • SCMP API Field:
    pa_return_url
  • Simple Order API Field:
    payerAuthEnrollService_returnURL
consumerAuthenticationInformation

consumerAuthenticationInformation. scoreRequest

Indicates that you are requesting the Identity Check Insights (IDCI) score details of a transaction.
Possible values:
  • Yes
  • No
If set to
yes
, you receive the values of these fields in the response:
  • consumerAuthenticationInformation. idciScore
  • consumerAuthenticationInformation. idciDecision
  • consumerAuthenticationInformation. idciReasonCode1
  • consumerAuthenticationInformation. idciReasonCode2
This field is used only with Mastercard transactions.

Specifications

  • Data Type:
    Boolean
  • Data Length:
    1

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. scoreRequest
  • SCMP API Field:
    pa_score_request
  • Simple Order API Field:
    payerAuthEnrollService_scoreRequest
consumerAuthenticationInformation

consumerAuthenticationInformation. sdkFlowType

Type of SDK flow used for the transaction.
Possible values:
  • Virtual SDK
  • Cardinal

Specifications

  • Data Type:
    String
  • Data Length:
    100

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. sdkFlowType
  • SCMP API Field:
    pa_sdk_flow_type
  • Simple Order API Field:
    payerAuthEnrollService_sdkFlowType
consumerAuthenticationInformation

consumerAuthenticationInformation. sdkMaxTimeout

This field indicates the maximum amount of time for all 3-D Secure 2.x messages to be communicated between all components (in minutes).
Possible Values:
  • Greater than or equal to
    05
    (05 is the minimum timeout to set)
  • Default is set to
    15

Specifications

  • Data Type:
    String
  • Data Length:
    2

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. sdkMaxTimeout
  • SCMP API Field:
    pa_sdk_max_timeout
  • Simple Order API Field:
    payerAuthEnrollService_sdkMaxTimeout
consumerAuthenticationInformation

consumerAuthenticationInformation. sdkTransactionId

SDK unique transaction identifier that is generated on each new transaction.

Specifications

  • Data Type:
    String
  • Data Length:
    36

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. sdkTransactionId
  • SCMP API Field:
    pa_sdk_transaction_id
  • Simple Order API Fields:
    • payerAuthEnrollReply_sdkTransactionID
    • payerAuthEnrollService_sdkTransactionID
    • payerAuthValidateReply_sdkTransactionID
consumerAuthenticationInformation

consumerAuthenticationInformation. signedPares

Payer authentication result (PARes) message returned by the card-issuing bank.
If you need to show proof of enrollment checking, you might need to decrypt and parse the string for the information required by the payment card company.
IMPORTANT
The value is in Base64. You must remove all carriage returns and line feeds before adding the PARes to the request.

Specifications

  • Data Type:
    String

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation.signedPares
  • SCMP API Field:
    pa_signedpares
  • Simple Order API Field:
    payerAuthValidateService_signedPARes
consumerAuthenticationInformation

consumerAuthenticationInformation. signedParesStatusReason

Reason for payer authentication response status.
This field is available only for the
Banque de France et Tresor Public
,
BNP Paribas France
, and
Credit Mutuel-CIC
processors and is used to process secure transactions in France.
Possible values:
  • 01
    : Card authentication failed.
  • 02
    : Unknown device. Example: Device fingerprint not recognised because the device is an old mobile phone.
  • 03
    : Unsupported device.
  • 04
    : Exceeds authentication frequency limit. Strong customer authentication is required every six transactions or when the cumulative amount for the payment card during the preceding week exceeds 100 EUR.
  • 05
    : Expired card.
  • 06
    : Invalid card number.
  • 07
    : Invalid transaction.
  • 08
    : No card record. The card was not found in the 3-D Secure server database.
  • 09
    : Security failure as determined by 3-D Secure server.
  • 10
    : Stolen card.
  • 11
    : Suspected fraud.
  • 12
    : Cardholder is not permitted to perform this transaction.
  • 13
    : Cardholder is not enrolled in 3-D Secure service.
  • 14
    : Transaction timed out at the access control server (ACS), which is a server on the issuer side of the 3-D Secure protocol.
  • 15
    : Low confidence as determined by 3-D Secure server.
  • 16
    : Medium confidence.
  • 17
    : High confidence.
  • 18
    : Very high confidence.
  • 19
    : Exceeds the maximum number of challenges permitted by the ACS.
  • 20
    : Non-payment transaction is not supported.
  • 21
    : 3-D Secure request for information, such as BIN lookup, is not supported.
  • 22
    : ACS technical problem.
  • 23
    : Decoupled authentication is required by the ACS but you did not request it.
  • 24
    : Your maximum expiration time was exceeded.
  • 25
    : There was not enough time for decoupled authentication to authenticate the cardholder.
  • 26
    : Authentication was attempted but the cardholder was not authenticated.
When you request the payer authentication and authorization services separately, get the value for this field from the
consumerAuthenticationInformation. signedParesStatusReason
response field.

Specifications

  • Data Type:
    Integer
  • Data Length:
    2

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. signedParesStatusReason
  • SCMP API Field:
    pares_status_reason
  • Simple Order API Field:
    ccAuthService_paresStatusReason
consumerAuthenticationInformation

consumerAuthenticationInformation. specificationVersion

This field contains the 3-D Secure version that was used to process the transaction. For example, 1.0.2 or 2.0.0.

Specifications

  • Data Type:
    String
  • Data Length:
    8

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. specificationVersion
  • SCMP API Fields:
    • pa_enroll_specification_version
    • pa_validate_specification_version
  • Simple Order API Fields:
    • payerAuthEnrollReply_specificationVersion
    • payerAuthValidateReply_specificationVersion
consumerAuthenticationInformation

consumerAuthenticationInformation. stepUpUrl

The fully qualified URL that the merchant uses to post a form to the cardholder in order to complete the consumer authentication transaction for the Cardinal Cruise Direct Connection API integration.

Specifications

  • Data Type:
    String
  • Data Length:
    2048

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. stepUpUrl
  • SCMP API Field:
    pa_step_up_url
  • Simple Order API Field:
    payerAuthEnrollReply_stepUpURL
consumerAuthenticationInformation

consumerAuthenticationInformation. strongAuthentication. authenticationIndicator

Indicates the type of authentication request.
Possible values:
  • 01
    : Payment transaction.
  • 02
    : Recurring transaction.
  • 03
    : Installment transaction.
  • 04
    : Add card.
  • 05
    : Maintain card.
  • 06
    : Cardholder verification as part of EMV token ID&V (identity and verification).

Specifications

  • Data Type:
    String
  • Data Length:
    2

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. strongAuthentication. authenticationIndicator
  • SCMP API Field:
    pa_authentication_indicator
  • Simple Order API Field:
    payerAuthEnrollService_authenticationIndicator
consumerAuthenticationInformation

consumerAuthenticationInformation. strongAuthentication. authenticationOutageExemptionIndicator

This field is an exemption indicator for payer authentication outage.
This flag indicates whether the transaction is exempt from strong customer authentication (SCA) requirements in Europe because Payer Authentication is not available.
Possible values:
  • 0
    (default): Not exempt.
  • 1
    : Exempt from SCA requirements because payer authentication is not available.
This field is supported on these payment gateways: Barclays, Streamline, HSBC, Omnipay Direct Platform (opdfde, opdcardnet, omnipaydirect), Credit Mutuel CIC, BNP Paribas France, Banque de France et Tresor Public, Lloyds TSB Cardnet, HBoS
Visa Platform Connect
, and
GPX
.
Countries in CEMEA must now support Field 34 DSID 02 Tag 87 in the authorization request and response for Visa transactions. The response does not include an Economic Commerce Indicator (ECI) value or the Field F34 DSID 02 Tag 87.
These countries in CEMEA are affected by this requirement:
  • Albania
  • Armenia
  • Azerbaijan
  • Bahrain
  • Belarus
  • Bosnia and Herzegovina
  • Georgia
  • Kazakhstan
  • Kenya
  • Kosovo
  • Kuwait
  • Kyrgyzstan
  • Moldova
  • Montenegro
  • Nigeria
  • North Macedonia
  • Oman
  • Pakistan
  • Qatar
  • Republic of Serbia
  • Saudi Arabia
  • South Africa
  • Tajikistan
  • Turkmenistan
  • United Arab Emeriates (UAE)
  • Ukraine
  • Uzbekistan
For Mastercard transactions, the value for this field corresponds to this data in the TC 33 capture file:
  • Record: CP01 TCR6
  • Position: 145-146
  • Field: Mastercard Low-Risk Merchant Indicator

Specifications

  • Data Type:
    String
  • Data Length:
    1

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation.strongAuthentication. authenticationOutageExemptionIndicator
  • SCMP API Field:
    authentication_outage_exemption_indicator
  • Simple Order API Field:
    ccAuthService_authenticationOutageExemptionIndicator
consumerAuthenticationInformation

consumerAuthenticationInformation. strongAuthentication. delegatedAuthenticationExemptionIndicator

Exemption indicator for delegated authentication.
This flag specifies whether the transaction is exempt from strong customer authentication (SCA) requirements in Europe because the authentication was delegated to a different provider, such as an acquirer or payment technology provider (PTP).
Possible values:
  • 0
    (default): Not exempt.
  • 1
    : Exempt from SCA requirements because the authentication was delegated to a different provider
Visa Platform Connect
For Mastercard transactions, the value for this field corresponds to the following data in the TC 33 capture file:
  • Record: CP01 TCR6
  • Position: 145-146
  • Field: Mastercard Low-Risk Merchant Indicator

Specifications

  • Data Type:
    String
  • Data Length:
    1

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. strongAuthentication.delegatedAuthenticationExemptionIndicator
  • SCMP API Field:
    delegated_authentication_exemption_indicator
  • Simple Order API Field:
    ccAuthService_delegatedAuthenticationExemptionIndicator
consumerAuthenticationInformation

consumerAuthenticationInformation. strongAuthentication. issuerInformation. trustedMerchantExemptionResult

Code that indicates whether the issuer honored or denied the customer's request for trusted merchant exemption.
This field is supported only on 
Visa Platform Connect
.
Possible values:
  • 1
    : Trusted merchant exemption validated.
  • 2
    : Trusted merchant exemption failed validation.

Specifications

  • Data Type:
    String
  • Data Length:
    1

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. strongAuthentication.issuerInformation.trustedMerchantExemptionResult
  • SCMP API Field:
    trusted_merchant_exemption_response_indicator
  • Simple Order API Field:
    issuer_trustedMerchantExemptionResult
consumerAuthenticationInformation

consumerAuthenticationInformation. strongAuthentication. issuerInformation.delegatedAuthenticationResult

Code that indicates whether the issuer validated your request for a delegated authentication exemption.
This field is available only on the
Visa Platform Connect
processor.
Possible values:
  • 2
    : Request for a delegated authentication exemption was validated.
  • 3
    : Request for a delegated authentication exemption was not validated.
When this field returns a value of
3
, the reason is returned in the
consumerAuthenticationInformation. strongAuthentication.issuerInformation.riskAnalysisExemptionResult
response field.

Specifications

  • Data Type:
    String
  • Length:
    1

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. strongAuthentication.issuerInformation.delegatedAuthenticationResult
  • SCMP API Field:
    delegated_authentication_result
  • Simple Order API Field:
    ccAuthService_delegatedAuthenticationResult
consumerAuthenticationInformation

consumerAuthenticationInformation. strongAuthentication. issuerInformation. exemptionDataRaw

Payer authentication exemption indicator for delegated authentication.
Raw payer authentication exemption data field that is used for Carte Bancaire exemptions. For example, "low fraud merchant program." Used with authorization service requests.

Specifications

  • Data Type:
    String
  • Data Length:
    4

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. strongAuthentication.issuerInformation. exemptionDataRaw
  • SCMP API Field:
    exemption_data
  • Simple Order API Field:
    ccAuthService_exemptionDataRaw
consumerAuthenticationInformation

consumerAuthenticationInformation. strongAuthentication. issuerInformation. lowValueExemptionResult

Code that indicates whether the issuer validated your request for a low-value amount exemption.
This field is available only on the
Visa Platform Connect
processor.
Possible values:
  • 0
    : Low value exemption does not apply to the transaction.
  • 1
    : Transaction exempt from SCA as the merchant/acquirer has determined it to be a low value payment.

Specifications

  • Data Type:
    String
  • Length:
    1

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. strongAuthentication.issuerInformation.lowValueExemptionResult
  • SCMP API Field:
    issuer_low_value_exemption_result
  • Simple Order API Field:
    issuer_lowValueExemptionResult
consumerAuthenticationInformation

consumerAuthenticationInformation. strongAuthentication. issuerInformation. riskAnalysisExemptionResult

Reason that the issuer declined your request for a strong customer authentication exemption.
This field is avaukabke only on the 
Visa Platform Connect
processor.
This value is a series of a maximum of 20 four-digit codes and no delimiters. Possible codes:
  • 8401
    : You are not participating in the Visa Trusted Listing program.
  • 8402
    : Issuer is not participating in the Visa Trusted Listing program.
  • 8403
    : Your business is not included on the cardholder's list of trusted merchants.
  • 8404
    : Issuer response is unclear or invalid.
  • 8473
    : Your business is not included on the cardholder's list of trusted merchants.
  • 8474
    : Transaction information does not meet the exemption criteria.
  • 8904
    : Issuer response is unclear or invalid (Visa).
  • 8905
    : No entry found in the supplemental database (Visa).
  • 8906
    : Did not meet exemption criteria (Visa).
  • 8A01
    : Merchant not participating in Visa Delegated Authentication Program.
  • 8A02
    : Issuer not participating in Visa Delegated Authentication Program.
  • 8A04
    : Issuer response is unclear or invalid.
  • 8A06
    : Did not meet the exemption criteria (Visa).
  • 8A07
    : Visa merchant ID invalid for service.
  • 8A08
    : CAVV invalid value.
  • 8A76
    : Did not meet the exemption criteria (Issuer).
Visa Platform Connect
The value for this field corresponds to the following data in the TC 33 capture file:
  • Record: CP07 TCR9
  • Position: 61-140
  • Field: Reasons for Not Honoring SCA Exemptions

Specifications

  • Data Type:
    String
  • Data Length:
    80

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. strongAuthentication.issuerInformation.riskAnalysisExemptionResult
  • SCMP API Field:
    issuer_risk_analysis_exemption_result
  • Simple Order API Field:
    issuer_riskAnalysisExemptionResult
consumerAuthenticationInformation

consumerAuthenticationInformation. strongAuthentication. issuerInformation. secureCorporatePaymentResult

Code that indicates whether the issuer validated your request for a secure corporate payment exemption.
This field is available only on the
Visa Platform Connect
processor.
Possible values:
  • 2
    : Request for a secure corporate payment exemption was validated.
  • 3
    : Request for a secure corporate payment exemption was not validated.

Specifications

  • Data Type:
    String
  • Length:
    1

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. strongAuthentication.issuerInformation.secureCorporatePaymentResult
  • SCMP API Field:
    issuer_secure_corporate_payment_result
  • Simple Order API Field:
    issuer_secureCorporatePaymentResult
consumerAuthenticationInformation

consumerAuthenticationInformation. strongAuthentication. issuerInformation. transactionRiskAnalysisExemptionResult

Code that indicates whether the issuer validated your request for a transaction risk analysis exemption.
This field is available only on the
Visa Platform Connect
processor.
Possible values:
  • 2
    : Request for a transaction risk analysis exemption was validated.
  • 3
    : Request for a transaction risk analysis exemption was not validated.

Specifications

  • Data Type:
    String
  • Length:
    1

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. strongAuthentication.issuerInformation.transactionRiskAnalysisExemptionResult
  • SCMP API Field:
    issuer_transaction_risk_analysis_exemption_result
  • Simple Order API Field:
    issuer_transactionRiskAnalysisExemptionResult
consumerAuthenticationInformation

consumerAuthenticationInformation. strongAuthentication. issuerInformation. trustedMerchantExemptionResult

Code that indicates whether the issuer validated your request for a trusted merchant exemption.
This field is available only on the
Visa Platform Connect
processor.
Possible values:
  • 2
    : Request for a trusted merchant exemption was validated.
  • 3
    : Request for a trusted merchant exemption was not validated.

Specifications

  • Data Type:
    String
  • Length:
    1

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. strongAuthentication.issuerInformation.trustedMerchantExemptionResult
  • SCMP API Field:
    issuer_trusted_merchant_exemption_result
  • Simple Order API Field:
    issuer_trustedMerchantExemptionResult
consumerAuthenticationInformation

consumerAuthenticationInformation. strongAuthentication. lowValueExemptionIndicator

Exemption indicator for a low payment amount.
This flag specifies whether the transaction is exempt from strong customer authentication (SCA) requirements in Europe because the payment amount is low.
Possible values:
  • 0
    (default): Not exempt.
  • 1
    : Exempt from SCA requirements because the payment amount is low.
Visa Platform Connect
For Mastercard transactions, the value for this field corresponds to the following data in the TC 33 capture file:
  • Record: CP01 TCR6
  • Position: 145-146
  • Field: Mastercard Low-Risk Merchant Indicator
For transactions with other card types, the value for this field corresponds to the following data in the TC 33 capture file:
  • Record: CP01 TCR8
  • Position: 126
  • Field: Low Value Exemption Indicator

Specifications

  • Data Type:
    String
  • Data Length:
    1

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. strongAuthentication.lowValueExemptionIndicator
  • SCMP API Field:
    low_value_exemption_indicator
  • Simple Order API Fields:
    ccAuthService_lowValueExemptionIndicator
consumerAuthenticationInformation

consumerAuthenticationInformation. strongAuthentication. riskAnalysisExemptionIndicator

Exemption indicator for a low-risk transaction.
This flag specifies whether the transaction is exempt from strong customer authentication (SCA) requirements in Europe because it is a low-risk transaction.
Low-risk transactions are described by the Payments Service Directive 2/Regulatory Technical Standards (PSD2/RTS) regulations.
Possible values:
  • 0
    (default): Not exempt.
  • 1
    : Exempt from SCA requirements because the transaction is low risk.
Visa Platform Connect
To set the default for this field, contact customer support.
For Mastercard transactions, the value for this field corresponds to the following data in the TC 33 capture file:
  • Record: CP01 TCR6
  • Position: 145-146
  • Field: Mastercard Low-Risk Merchant Indicator
For transactions with other card types, the value for this field corresponds to the following data in the TC 33 capture file:
  • Record: CP01 TCR8
  • Position: 127
  • Field: Transaction Risk Analysis Exemption Indicator

Specifications

  • Data Type:
    String
  • Data Length:
    1

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. strongAuthentication.riskAnalysisExemptionIndicator
  • SCMP API Field:
    risk_analysis_exemption_indicator
  • Simple Order API Field:
    ccAuthService_riskAnalysisExemptionIndicator
consumerAuthenticationInformation

consumerAuthenticationInformation. strongAuthentication. secureCorporatePaymentIndicator

Exemption indicator for a secure corporate payment.
This field is available only for the
FDC Compass
and
Visa Platform Connect
processors.
This flag specifies whether the transaction is exempt from strong customer authentication (SCA) requirements in Europe because the payment is a secure corporate payment. Indicates that dedicated payment processes and procedures were used.
Possible values:
  • 0
    (default): Not exempt.
  • 1
    : Exempt from SCA requirements because the payment is a secure corporate payment.
Visa Platform Connect
:
For Mastercard transactions, the value for this field corresponds to the following data in the TC 33 capture file:
  • Record: CP01 TCR6
  • Position: 145-146
  • Field: Mastercard Low-Risk Merchant Indicator
For transactions with other card types, the value for this field corresponds to the following data in the TC 33 capture file:
  • Record: CP01 TCR8
  • Position: 129
  • Field: Secure Corporate Payment Indicator

Specifications

  • Data Type:
    String
  • Dats Length:
    1

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. strongAuthentication. secureCorporatePaymentIndicator
  • SCMP API Field:
    secure_corporate_payment_indicator
  • Simple Order API Fields:
    • ccAuthService_secureCorporatePaymentIndicator
    • payerAuthEnrollService_secureCorporatePaymentIndicator
consumerAuthenticationInformation

consumerAuthenticationInformation. strongAuthentication. trustedMerchantExemptionIndicator

Exemption indicator for a trusted merchant.
This flag specifies whether the transaction is exempt from strong customer authentication (SCA) requirements in Europe because the customer trusts you.
This field is available only for the
FDC Compass
and
Visa Platform Connect
processors.
Possible values:
  • 0
    (default): Not exempt.
  • 1
    : Exempt from SCA requirements because the customer trusts the merchant.
Visa Platform Connect
For Mastercard transactions, the value for this field corresponds to the following data in the TC 33 capture file:
  • Record: CP01 TCR6
  • Position: 145-146
  • Field: Mastercard Low-Risk Merchant Indicator
For transactions with other card types, the value for this field corresponds to the following data in the TC 33 capture file:
  • Record: CP07 TCR9
  • Position: 8
  • Field: Trusted Merchant Exemption Indicator

Specifications

  • Data Type:
    String
  • Data Length:
    1

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. strongAuthentication.trustedMerchantExemptionIndicator
  • SCMP API Field:
    trusted_merchant_exemption_indicator
  • Simple Order API Field:
    ccAuthService_trustedMerchantExemptionIndicator
consumerAuthenticationInformation

consumerAuthenticationInformation. strongAuthentication.transactionMode

Transaction mode identifier. Identifies the channel from which the transaction originates.
Possible values:
  • M
    : MOTO (Mail Order Telephone Order)
  • R
    : Retail
  • S
    : E-commerce
  • P
    : Mobile Device
  • T
    : Tablet

Specifications

  • Data Type:
    String
  • Data Length:
    1

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation.strongAuthentication.transactionMode
  • SCMP API Field:
    pa_transaction_mode
  • Simple Order API Field:
    payerAuthEnrollService_transactionMode
consumerAuthenticationInformation

consumerAuthenticationInformation. threeDSServerOperatorId

The Directory Server-assigned 3-D Secure server identifier.
When checking enrollment and during validation for payer authentication, each Directory Server can provide a unique ID to each 3-D Secure server on an individual basis in the response.
Required for mada transactions.

Specifications

  • Data Type:
    String
  • Data Length:
    32

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation.threeDSServerOperatorId
  • SCMP API Field:
    • pa_enroll_pa_three_ds_server_operator_id
    • pa_validate_pa_three_ds_server_operator_id
  • Simple Order API Field:
    • payerAuthEnrollReply_threeDSServerOperatorId
    • payerAuthValidateReply_threeDSServerOperatorId
consumerAuthenticationInformation

consumerAuthenticationInformation. threeDSServerTransactionId

Unique transaction identifier assigned by the 3-D Secure server to identify a single transaction.

Specifications

  • Data Type:
    String
  • Data Length:
    36

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. threeDSServerTransactionId
  • SCMP API Field:
    pa_three_ds_server_transaction_id
  • Simple Order API Fields:
    • ccAuthService_threeDSServerTransactionID
    • payerAuthEnrollReply_threeDSServerTransactionID
    • payerAuthValidateReply_threeDSServerTransactionID
consumerAuthenticationInformation

consumerAuthenticationInformation. transactionFlowIndicator

Indicates the RuPay seamless flow.
This field is supported only for
RuPay
.
Possible Values:
  • 01
    : Transaction performed by domestic merchant for authentication and authorization or authorization only.
  • 02
    : Transaction performed by domestic merchant with token provisioning.
  • 03
    : Transaction performed by international merchant.
  • 04
    : Authentication transaction.
  • 05
    : Authentication transaction for provisioning.
  • 06
    : Domestic in-app transaction.
  • 07
    : International in-app transaction.

Specifications

  • Data Type:
    String
  • Data Length:
    2

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. transactionFlowIndicator
  • SCMP API Field:
    No corresponding field.
  • Simple Order API Field:
    No corresponding field.
consumerAuthenticationInformation

consumerAuthenticationInformation. transactionToken

Token used to authenticate the customer.
This field is supported only on
RuPay
for the payer authentication seamless flow.

Specifications

  • Data Type:
    String
  • Data Length:
    256

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. transactionToken
  • SCMP API Field:
    No corresponding field.
  • Simple Order API Field:
    No corresponding field.
consumerAuthenticationInformation

consumerAuthenticationInformation. ucafAuthenticationData

Universal cardholder authentication field (UCAF) data.
This field is available only on the
FDC Compass
and
Visa Platform Connect
processors.
IMPORTANT
Mastercard has indicated that an issuing bank can downgrade an authorization request to a non-secure transaction when the UCAF collection indicator is
1
and UCAF authentication data is not present. An issuing bank can choose not to settle a downgraded Mastercard Identity Check transaction. When UCAF authentication data is not present, set the UCAF collection indicator to
0
.
The value for this field corresponds to the following data in the TC 33 capture file:
  • Record: CP01 TCR8
  • Position: 126-157
  • Field: Mastercard UCAF Data

Specifications

  • Data Type:
    String
  • Data Length (request):
    32
  • Data Length (response):
    255

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation.ucafAuthenticationData
  • SCMP API Fields:
    • pa_enroll_ucaf_authentication_data
    • pa_validate_ucaf_authentication_data
    • ucaf_authentication_data
  • Simple Order API Fields:
    • payerAuthEnrollReply_ucafAuthenticationData
    • payerAuthValidateReply_ucafAuthenticationData
    • ucaf_authenticationData
consumerAuthenticationInformation

consumerAuthenticationInformation. ucafCollectionIndicator

Universal cardholder authentication field (UCAF) collection indicator used for Mastercard Identity Check.
Cielo
,
Getnet
, and
Rede
For data only authorizations in Brazil, set this field to
4
.
When you request the payer authentication and authorization services separately, get the value for this field from the
consumerAuthenticationInformation.ucafCollectionIndicator
response field.
Possible values:
  • 0
    : UCAF collection is not supported on your web site.
  • 1
    : UCAF collection is supported on your web site, and the UCAF was populated.
  • 2
    : UCAF collection is supported on your web site and the UCAF was populated. This value indicates a successful Mastercard Identity Check transaction. Use this value for Apple Pay and Samsung Pay transactions.
  • 5
    : UCAF collection is supported at your web site, and the UCAF was populated based on the risk assessment that the issuer performed. This value is supported only for Masterpass transactions.
  • 6
    : UCAF collection is supported at your web site, and the UCAF was populated based on the risk assessment that you performed. This value is supported only for Masterpass transactions.
When this value is returned, the field value indicates transaction was downgraded.
Possible values:
  • 0
    : The transaction was downgraded.
  • 1
    : The transaction was not downgraded.
IMPORTANT
A value of
0
for the UCAF collection indicator response field for a Mastercard transaction indicates that Mastercard downgraded the transaction. When Mastercard approves an authorization and downgrades the transaction, you are responsible for the transaction. To confirm the downgrade, look at the e-commerce indicator for the transaction in the Business Center. You can proceed with the transaction if you want to accept responsibility. If you do not want to accept responsibility, reverse the authorization, attempt to authenticate the customer again, and request another authorization.
Visa Platform Connect
The value for this field corresponds to the following data in the TC 33 capture file.
  • Record: CP01 TCR7
  • Position: 5
  • Field: Mastercard Electronic Commerce Indicators—UCAF Collection Indicator

Specifications

  • Data Type:
    String
  • Data Length:
    1

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation.ucafCollectionIndicator
  • SCMP API Fields:
    • pa_enroll_ucaf_collection_indicator
    • pa_validate_ucaf_collection_indicator
    • ucaf_collection_indicator
  • Simple Order API Fields:
    • payerAuthEnrollReply_ucafCollectionIndicator
    • payerAuthValidateReply_ucafCollectionIndicator
    • ucaf_collectionIndicator
consumerAuthenticationInformation

consumerAuthenticationInformation. validityPeriod

Number of minutes that the one-time password is valid for the incoming transaction.
This field is supported only for
RuPay
payer authentication seamless flow.
Possible values:
00
-
30
.

Specifications

  • Data Type:
    Integer
  • Data Length:
    5

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. validityPeriod
  • SCMP API Field:
    No corresponding field.
  • Simple Order API Field:
    No corresponding field.
consumerAuthenticationInformation

consumerAuthenticationInformation. veresEnrolled

Verification response enrollment status.
This field is available only on the
Asia, Middle East, and Africa Gateway
processor.
Possible values:
  • Y
    : Authentication available.
  • N
    : Customer not participating.
  • U
    : Unable to authenticate regardless of the reason.

Specifications

  • Data Type:
    String
  • Data Length:
    1

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. veresEnrolled
  • SCMP API Field:
    veres_enrolled
  • Simple Order API Field:
    ccAuthService_veresEnrolled
consumerAuthenticationInformation

consumerAuthenticationInformation. whiteListStatus

Enables the communication of trusted beneficiary and whitelist status among the ACS, the directory server, and the 3-D Secure requester.
Possible values:
  • Y
    : 3-D Secure requester is whitelisted by cardholder.
  • N
    : 3-D Secure requester is not whitelisted by cardholder.

Specifications

  • Data Type:
    String
  • Data Length:
    1

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. whiteListStatus
  • SCMP API Field:
    pa_white_list_status
  • Simple Order API Fields:
    • payerAuthEnrollReply_whiteListStatus
    • payerAuthValidateReply_whiteListStatus
consumerAuthenticationInformation

consumerAuthenticationInformation. whiteListStatusSource

This field is populated by the system setting Whitelist Status.
Possible values:
  • 1
    : 3-D Secure server.
  • 2
    : Directory server.
  • 3
    : ACS.

Specifications

  • Data Type:
    String
  • Data Length:
    2

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation. whiteListStatusSource
  • SCMP API Field:
    pa_white_list_status_source
  • Simple Order API Fields:
    • payerAuthEnrollReply_whiteListStatusSource
    • payerAuthValidateReply_whiteListStatusSource
consumerAuthenticationInformation

consumerAuthenticationInformation. xid

Transaction identifier.
This value must be 28-character Base64 or 40-character hex binary.
For Visa Secure on
FDC Nashville Global
, the value for this field is set to the XID value when the XID is present in the authorization request and the CAVV is not present.
Apple Pay and Samsung Pay Transactions
  • American Express: For a 20-byte cryptogram, set this field to the cryptogram for authorizations with payment network tokens. For a 40-byte cryptogram, set this field to block A of the cryptogram for authorizations with payment network tokens. All cryptograms use one of these formats.
  • Visa: The value for this field must be 28-character base64 or 40-character hex binary. All cryptograms use one of these formats.

Specifications

  • Data Type:
    String
  • Data Length (request):
    40
  • Data Length (response):
    255

Mapping Information

  • REST API Field:
    consumerAuthenticationInformation.xid
  • SCMP API Fields:
    • pa_enroll_xid
    • pa_validate_xid
    • xid
  • Simple Order API Fields:
    • ccAuthService_xid
    • payerAuthEnrollReply_xid
    • payerAuthValidateReply_xid
consumerAuthenticationInformation