consumerAuthenticationInformation
The following fields provide consumer authentification information.
consumerAuthenticationInformation. accessToken
JSON Web Token (JWT) used to authenticate the
customer with the authentication provider (for
example, CardinalCommerce or RuPay).
Specifications
- Data Type:String
- Data Length:2048
Mapping Information
- REST API Field:consumerAuthenticationInformation. accessToken
- SCMP API Field:pa_access_token
- Simple Order API Fields:
- payerAuthEnrollReply_accessToken
- payerAuthSetupReply_accessToken
consumerAuthenticationInformation. acsOperatorID
Access Control Server (ACS) identifier assigned by the directory
service.
Each directory service can assign a unique ID to each ACS. This field is used with 3-D
Secure 2.0. Required in mada transaction responses.
Specifications
- Data Type:String
- Data Length:32
Mapping Information
- REST API Field:consumerAuthenticationInformation. acsOperatorID
- SCMP API Field:pa_acs_operator_id
- Simple Order API Field:payerAuthEnrollReply_acsOperatorId
consumerAuthenticationInformation. acsReferenceNumber
Unique identifier assigned by EMVCo upon testing and approval.
This field is used with 3-D Secure 2.0.
Specifications
- Data Type:String
- Data Length:32
Mapping Information
- REST API Field:consumerAuthenticationInformation.acsReferenceNumber
- SCMP API Fields:
- acs_reference_number
- pa_acs_reference_number
- Simple Order API Fields:
- ccAuthService_acsReferenceNumber
- payerAuthEnrollReply_acsReferenceNumber
consumerAuthenticationInformation. acsRenderingType
Identifies the UI type that the ACS will use to
complete the challenge.
Available only for mobile application
transactions using the Cardinal Mobile SDK.
This field is a JSON object that comprises the following two fields, each two characters long.
- ACS Interface Field Name:acsInterfaceis the ACS interface the challenge presents to the cardholder. Possible values:
- 01: Native UI.
- 02: HTML UI.
- ACS UI Template Field Name:acsUiTemplateidentifies the UI template format that the ACS first presents to the consumer. Possible values:
- 01: Text.
- 02: Single select.
- 03: Multi select.
- 04: OOB (Out of Band).
- 05: HTML other.
Valid values for each interface:
- Native UI:01-04.
- HTML UI:01-05.
JSON Object Example:
{
"acsRenderingType":{
"acsInterface";"02",
"acsUiTemplate":03" }
}
Specifications
- Data Type:String
- Data Length:See description.
Mapping Information
- REST API Field:consumerAuthenticationInformation. acsRenderingType
- SCMP API Field:pa_acs_rendering_type
- Simple Order API Fields:
- payerAuthEnrollReply_acsRenderingType
- payerAuthValidateReply_acsRenderingType
consumerAuthenticationInformation. acsTransactionId
Unique transaction identifier assigned by the access control server (ACS) to identify a single transaction.
When you request the payer authentication and authorization services separately, get the value for this field from the
consumerAuthenticationInformation. acsTransactionId
response field.Specifications
- Data Type:String
- Data Length:36
Mapping Information
- REST API Field:consumerAuthenticationInformation. acsTransactionId
- SCMP API Fields:
- acs_server_transaction_id
- pa_acs_transaction_id
- Simple Order API Fields:
- ccAuthService_acsServerTransactionID
- payerAuthEnrollReply_acsTransactionID
- payerAuthValidateReply_acsTransactionID
consumerAuthenticationInformation. acsUrl
URL for the card-issuing bank’s authentication form
that you receive when the card is enrolled.
The value can be very large.
Specifications
- Data Type:String
- Data Length:2048
Mapping Information
- REST API Field:consumerAuthenticationInformation. acsUrl
- SCMP API Field:pa_enroll_acs_url
- Simple Order API Field:payerAuthEnrollReply_acsURL
consumerAuthenticationInformation. acsWindowSize
You can send this override field to set the challenge
window size to display to the cardholder. The Access
Control Server (ACS) replies with content that is
formatted appropriately for this window size to allow
for the best user experience.
The sizes are width x
height in pixels of the window displayed in the
cardholder browser. Possible values:
- 01: 250x400
- 02: 390x400
- 03: 500x600
- 04: 600x400
- 05: Full page
Specifications
- Data Type:String
- Data Length:2
Mapping Information
- REST API Field:consumerAuthenticationInformation. acsWindowSize
- SCMP API Field:pa_acs_window_size
- Simple Order API Field:payerAuthEnrollService_acsWindowSize
consumerAuthenticationInformation. alternateAuthenticationData
Data that documents and supports a specific
authentication process.
Specifications
- Data Type:String
- Data Length:2048
Mapping Information
- REST API Field:consumerAuthenticationInformation. alternateAuthenticationData
- SCMP API Field:pa_alternate_authentication_data
- Simple Order API Field:payerAuthEnrollService_alternateAuthenticationData
consumerAuthenticationInformation. alternateAuthenticationDate
Date and time in UTC of the cardholder authentication.
Format:
yyyyMMDDHHMM
Specifications
- Data Type:String
- Data Length:14
Mapping Information
- REST API Field:consumerAuthenticationInformation. alternateAuthenticationDate
- SCMP API Field:pa_alternate_authentication_date
- Simple Order API Fields:
- payerAuthEnrollReply_alternateAuthenticationDate
- payerAuthEnrollService_alternateAuthenticationDate
consumerAuthenticationInformation. alternateAuthenticationMethod
Mechanism used by the cardholder to authenticate
to the 3-D Secure requestor.
Possible values:
- 01: No authentication occurred.
- 02: Login using merchant system credentials.
- 03: Login using Federated ID.
- 04: Login using issuer credentials.
- 05: Login using third-party authenticator.
- 06: Login using FIDO Authenticator.
Specifications
- Data Type:String
- Data Length:2
Mapping Information
- REST API Field:consumerAuthenticationInformation. alternateAuthenticationMethod
- SCMP API Field:pa_alternate_authentication_method
- Simple Order API Fields:
- payerAuthEnrollReply_alternateAuthenticationMethod
- payerAuthEnrollService_alternateAuthenticationMethod
consumerAuthenticationInformation.
authenticationBrand
This response field indicates which directory server was used during the authentication
process. This field is returned for the mada card scheme when fallback occurs.
This data is useful when the domestic scheme directory server is not present and
authentication falls back to the global scheme directory server.
This field is implemented only for the Saudi Arabia region.
Possible values:
- 1: Visa—Returned for mada VISA co-badged cards, when authentication falls back to the VISA directory server.
- 2: Mastercard—Returned for mada Mastercard co-badged cards, when authentication falls back to the Mastercard directory server.
- 3: Unknown—Returned for mada-only cards, when the mada directory server returns an error code.
Specifications
- Data Type:String
- Data Length:16
Mapping Information
- REST API Field:consumerAuthenticationInformation.authenticationBrand
- SCMP API Field:
- pa_enroll_pa_authentication_brand
- pa_validate_pa_authentication_brand
- Simple Order API Fields:
- payerAuthEnrollReply_authenticationBrand
- payerAuthValidateReply_authenticationBrand
consumerAuthenticationInformation.
authenticationDate
Date and time that the 3D Secure server authenticated the
cardholder.
This field is available only for secure transactions in France on the
Banque de France et Tresor Public
, BNP Paribas France
, and Credit Mutuel-CIC
processors.Format:
yyyyMMDDHHMMSSSpecifications
- Data Type:String
- Data Length:14
Mapping Information
- REST API Field:consumerAuthenticationInformation.authenticationDate
- SCMP API Field:pa_authentication_date
- Simple Order API Field:ccAuthService_paAuthenticationDate
consumerAuthenticationInformation. authenticationPath
Indicates what displays to the customer during the
authentication process.
This field can contain one of
these values:
- ADS: Card not enrolled. Customer prompted to activate the card during the checkout process.
- ATTEMPTS: Attempts processing.Processing...briefly appears before the checkout process is completed.
- ENROLLED: Card enrolled. The card issuer’s authentication window opens.
- UNKNOWN: Card enrollment status cannot be determined.
- NOREDIRECT: Card not enrolled, authentication unavailable, or error occurred. Nothing displays to the customer.
The following values can be returned if you are using
rules-based payer authentication:
- RIBA: The card-issuing bank supports risk-based authentication, but whether the cardholder is likely to be challenged cannot be determined.
- RIBA_PASS: The card-issuing bank supports risk-based authentication, and it is likely that the cardholder will not be challenged to provide credentials, also known assilent authentication.
Specifications
- Data Type:String
- Data Length:255
Mapping Information
- REST API Field:consumerAuthenticationInformation. authenticationPath
- SCMP API Field:pa_enroll_authentication_path
- Simple Order API Field:payerAuthEnrollReply_authenticationPath
consumerAuthenticationInformation. authenticationResult
Raw authentication data that comes from the card-issuing bank.
Primary authentication field that indicates whether authentication was successful and
the liability shift occurred. Examine the result of this field first.
This field contains one of these
values:
- -1: Invalid PARes.
- 0: Successful validation.
- 1: Cardholder is not participating, but the attempt to authenticate was recorded.
- 6: Issuer unable to perform authentication.
- 9: Cardholder did not complete authentication.
Specifications
- Data Type:String with numbers only
- Data Length:255
Mapping Information
- REST API Field:consumerAuthenticationInformation. authenticationResult
- SCMP API Field:pa_validate_authentication_result
- Simple Order API Fields:
- payerAuthEnrollReply_authenticationResult
- payerAuthValidateReply_authenticationResult
consumerAuthenticationInformation. authenticationStatusMsg
Message that explains the
consumerAuthenticationInformation. authenticationResult
response field. Specifications
- Data Type:String
- Data Length:255
Mapping Information
- REST API Field:consumerAuthenticationInformation. authenticationStatusMsg
- SCMP API Field:pa_validate_authentication_status_msg
- Simple Order API Fields:
- payerAuthEnrollReply_authenticationStatusMessage
- payerAuthValidateReply_authenticationStatusMessage
consumerAuthenticationInformation.
authenticationTransactionContext
Payer authentication transaction context identifier.
It links the check enrollment authentication and the validate authentication transactions.
This field is supported only for
RuPay
for the payer
authentication seamless flow.Get the value for this field from the
consumerAuthenticationInformation. authenticationTransactionContext
field in the check enrollment response.Specifications
- Data Type:String
- Data Length:256
Mapping Information
- REST API Field:consumerAuthenticationInformation. authenticationTransactionContext
- SCMP API Field:No corresponding field.
- Simple Order API Field:No corresponding field.
consumerAuthenticationInformation. authenticationTransactionContextId
Payer authentication transaction context identifier. It links the
validate authentication transaction and payment authorization transaction.
This field is supported only for
RuPay
for the payer
authentication seamless flow.Specifications
- Data Type:String
- Data Length:256
Mapping Information
- REST API Field:consumerAuthenticationInformation. authenticationTransactionContextId
- SCMP API Field:No corresponding field.
- Simple Order API Field:No corresponding field.
consumerAuthenticationInformation. authenticationTransactionId
Payer authentication transaction identifier that links the check
enrollment and validates authentication transactions.
Use this field to resend the one-time password.
This field is available only for the
RuPay
processor for the payer
authentication seamless flow. Get the value for this field from the
consumerAuthenticationInformation. authenticationTransactionId
field in
the check enrollment response.Specifications
- Data Type:String
- Data Length:26
Mapping Information
- REST API Field:consumerAuthenticationInformation.authenticationTransactionId
- SCMP API Fields:
- pa_authentication_transaction_id
- pa_enroll_authentication_transaction_id
- Simple Order API Fields:
- payerAuthEnrollReply_authenticationTransactionID
- payerAuthEnrollService_authenticationTransactionID
- payerAuthValidateService_authenticationTransactionID
consumerAuthenticationInformation. authenticationType
Indicates the type of authentication that is used to challenge the
cardholder.
This field is available only on the
RuPay
processor.Possible Values:
- 01: Static.
- 02: Dynamic.
- 03: OOB (Out of Band).
- 20: Merchant hosted.For payer authentication seamless flow.RuPay:
IMPORTANT
EMV 3-D Secure 2.1.0 supports values
01-03
. Version
2.2.0 supports values 01-03
.Specifications
- Data Type:Integer
- Data Length:2
Mapping Information
- REST API Field:consumerAuthenticationInformation.authenticationType
- SCMP API Field:pa_authentication_type
- Simple Order API Fields:
- payerAuthEnrollReply_authenticationType
- payerAuthValidateReply_authenticationType
consumerAuthenticationInformation. authenticationValue
Authentication transaction token.
This field is supported only for
RuPay
. Include this field in authorizations that do not use a payment network token for the payer authentication seamless flow.Get the value for this field from the
consumerAuthenticationInformation. transactionToken
field in the
validate authentication response.Specifications
- Data Type:String
- Data Length:256
Mapping Information
- REST API Field:consumerAuthenticationInformation. authenticationValue
- SCMP API Field:No corresponding field.
- Simple Order API Field:No corresponding field.
consumerAuthenticationInformation. authorizationPayload
consumerAuthenticationInformation. cardholderMessage
Text provided by the AC or issuer or both to the
cardholder during a frictionless or decoupled
transaction.
The issuer can provide information to the cardholder. For example, “Additional
authentication is needed for this transaction. Please contact (Issuer Name) at
xxx-xxx-xxxx.” The issuing bank can choose to support this value.
Specifications
- Data Type:String
- Data Length:128
Mapping Information
- REST API Field:consumerAuthenticationInformation. cardholderMessage
- SCMP API Field:pa_cardholder_message
- Simple Order API Field:payerAuthEnrollReply_cardholderMessage
consumerAuthenticationInformation. cavv
Cardholder authentication verification value (CAVV).
This value is a transaction identifier generated by the issuing bank during payer
authentication.
This value must be 28-character Base64 or 40-character hex binary.
When you request the payer authentication and authorization services separately, get the value for this field from the
consumerAuthenticationInformation. cavv
response field.Apple Pay and Samsung Pay Transactions
- American Express: for a 20-byte cryptogram, set this field to the cryptogram for authorizations with payment network tokens. For a 40-byte cryptogram, set this field to block A of the cryptogram for authorizations with payment network tokens.
- Discover: the value for this field can be a 20 or 40-character hex binary. All cryptograms use one of these formats.
- Visa: the value for this field must be 28-character base 64 or 40-character hex binary. All cryptograms use one of these formats.
- China UnionPay
- This field andprocessingInformation.commerceIndicatorfield are required for authorizations for China UnionPay domestic debit cards.
- FDC Nashville Global
- For Visa Secure, this field is set to the value for the transaction identifier (XID) when the XID is present in the authorization request and the CAVV is not present.
- Visa Platform Connect
- The value for this field corresponds to this data in the TC 33 capture file:
- Record: CP01 TCR8
- Position: 77-78
- Field: CAVV version and authentication action
Specifications
- Data Type:String
- Data Length (request):40
- Data Length (response):255
Mapping Information
- REST API Field:consumerAuthenticationInformation.cavv
- SCMP API Fields:
- cavv
- pa_enroll_cavv
- pa_validate_cavv
- Simple Order API Fields:
- ccAuthService_cavv
- payerAuthEnrollReply_cavv
- payerAuthValidateReply_cavv
consumerAuthenticationInformation. cavvAlgorithm
Algorithm for generating a cardholder authentication verification value (CAVV) or universal cardholder authentication field (UCAF) data.
This field is available only on
Credit Mutuel-CIC
for Visa Secure.Possible values:
- 0: Hash-based message authentication code (HMAC)
- 1: Card verification value (CVV)
- 2: CVV with authentication transaction number (ATN)
Specifications
- Data Type:String
- Data Length:1
Mapping Information
- REST API Field:consumerAuthenticationInformation.cavvAlgorithm
- SCMP API Fields:
- cavv_algorithm
- pa_enroll_cavv_algorithm
- pa_validate_cavv_algorithm
- Simple Order API Fields:
- ccAuthService_cavvAlgorithm
- payerAuthEnrollReply_cavvAlgorithm
- payerAuthValidateReply_cavvAlgorithm
consumerAuthenticationInformation. challengeCancelCode
Indicates why a transaction was canceled.
Possible values:
- 01: Cardholder selected Cancel.
- 02: Reserved for future EMVCo use (values invalid until defined by EMVCo).
- 03: Transaction timed out—Decoupled Authentication.
- 04: Transaction timed out at ACS—other timeouts.
- 05: Transaction timed out at ACS—First CReq not received by ACS.
- 06: Transaction Error.
- 07: Unknown.
- 08: Transaction timed out at SDK.
- France Country Specific Information
- In France, this field is available only for secure transactions.The transaction was not cancelled. It was sent to the payment card company and the issuer who can reject it with a soft decline by requesting additional cardholder authentication.Possible values:
- 01: Cardholder selectedCancel.
- 03: Decoupled authentication caused the transaction to time out.
- 04: Transaction timed out at the access control server (ACS), which is a server on the issuer side of the 3-D Secure protocol. This value includes all ACS timeouts not covered by the value05.
- 05: Transaction timed out at the ACS because the first challenge request was not received by the ACS.
- 06: Transaction error as determined by the 3-D Secure server.
- 07: Unknown.
- 08:Cybersourcesoftware timed out.
When you request the payer authentication and authorization services separately, get the value for this field from theconsumerAuthenticationInformation. challengeCancelCoderesponse field.
Specifications
- Data Type:String
- Data Length:2
Mapping Information
- REST API Field:consumerAuthenticationInformation.challengeCancelCode
- SCMP API Field:challenge_cancel_code
- Simple Order API Fields:
- ccAuthService_challengeCancelCode
- challenge_cancel_code(France only)
- payerAuthEnrollReply_challengeCancelCode
- payerAuthValidateReply_challengeCancelCode
consumerAuthenticationInformation. challengeCode
Authentication type or challenge presented to the cardholder at
checkout.
This field is available only for the
Banque de France et Tresor Public
, BNP Paribas France
, and Credit Mutuel-CIC
processors.The challenge is issued after requesting secure transactions through the
Cybersource
payer authentication services.A
challenge
means that strong customer authentication is required. The challenge
status does the following: - Informs the issuer about the alternative authentication methods that the cardholder used.
- Enables you to override default values for one transaction at a time and increase the authorization acceptance rate at the risk of accepting a liability shift for the transaction.
Possible values:
- 01: No preference.
- 02: No challenge requested, but the reason is unknown.
- 03: You requested the challenge. You can default to this value for every transaction when you see an increase in fraud rates.
- 04: Challenge mandated. Strong customer authentication is required when one of the following is true:
- Transaction amount exceeds 30 EUR and there have been at least five transactions on the payment card during the preceding week.
- Cumulative amount for the payment card during the preceding week exceeds 100 EUR.
- 05: No challenge requested because transactional risk analysis has already been performed.
- 06: No challenge requested because the purpose of this transaction is to share data, not to move money.
- 07: No challenge requested because strong consumer authentication has already been performed.
- 08: No challenge requested because the cardholder is on a white list of exempt cardholders.
- 09: Challenge requested by issuer. Determine whether the cardholder is on a white list of exempt cardholders.
This field defaults to
01
on merchant configuration and can be overridden
by the merchant. EMV 3-D Secure version 2.1.0 supports values
01
-04
. Version 2.2.0 supports values
01
-09
.Specifications
- Data Type:Integer
- Data Length:2
Mapping Information
- REST API Field:consumerAuthenticationInformation. challengeCode
- SCMP API Field:pa_challenge_code
- Simple Order API Fields:
- ccAuthService_paChallengeCode
- payerAuthEnrollService_challengeCode
consumerAuthenticationInformation. challengeRequired
Indicates whether a challenge is required in order to
complete authentication.
Regional mandates might determine that a
challenge is required. Used by the Hybrid integration.
Possible values:
- Y: Challenge required.
- N: Challenge not required.
Specifications
- Data Type:String
- Data Length:1
Mapping Information
- REST API Field:consumerAuthenticationInformation.challengeRequired
- SCMP API Field:challenge_required
- Simple Order API Field:payerAuthEnrollReply_challengeRequired
consumerAuthenticationInformation. credentialEncrypted
Indicates that you encrypted the passed credential.
This field is only used for IVR extension transactions in India.
Specifications
- Data Type:Boolean
- Data Length:1
Mapping Information
- REST API Field:consumerAuthenticationInformation. credentialEncrypted
- SCMP API Field:pa_credential_encrypted
- Simple Order API Field:payerAuthValidateService_credentialEncrypted
consumerAuthenticationInformation. customerCardAlias
An alias that uniquely identifies the customer's account and credit card on file.
This field is required if Tokenization is enabled in the merchant profile settings.
Specifications
- Data Type:String
- Data Length:128
Mapping Information
- REST API Field:consumerAuthenticationInformation. customerCardAlias
- SCMP API Field:pa_customer_cc_alias
- Simple Order API Field:payerAuthEnrollService_customerCCAlias
consumerAuthenticationInformation. dataQualityIndicator
This value indicates whether
a payment authorization request or capture authorization request
meets the Visa Secure data quality requirements.
The authorization response returns the authentication indicator in
Field 34 (acceptance environment data in TLV format),
Dataset ID 01 (authentication data),
Tag C1.
IMPORTANT
This indicator does not appear
in responses to authorization follow-on transactions.
Possible values for tag C1:
- 0: The authorization request meets the Visa Secure data quality requirements.
- 1: The authorization request does not meet the Visa Secure data quality requirements.
Specifications
- Data Type: String
- Data Length 10
Mapping Information
- REST API Field:consumerAuthenticationInformation.dataQualityIndicator
- SCMP API Field:authentication_data_quality_indicator
- Simple Order API Field:authenticationData_qualityIndicator
consumerAuthenticationInformation.
decoupledAuthenticationIndicator
Indicates whether the 3-D Secure requester agrees to use decoupled authentication if
the ACS confirms its use.
Possible Values:
Y
: Decoupled Authentication is supported and preferred if a
challenge is necessary.N
: Do not use Decoupled Authentication (default).Specifications
- Data Type:String
- Data Length:1
Mapping Information
- REST API Field:consumerAuthenticationInformation. decoupledAuthenticationIndicator
- SCMP API Field:pa_decoupled_authentication_indicator
- Simple Order API Field:payerAuthEnrollService_decoupledAuthenticationIndicator
consumerAuthenticationInformation.
decoupledAuthenticationMaxTime
The maximum interval of time (in minutes) that the 3-D Secure requester waits for an
Active Control Server (ACS) to return the result of a decoupled authentication
transaction.
Possible Values: Numeric values between
1
and 10080
are accepted.Specifications
- Data Type:String
- Data Length:5
Mapping Information
- REST API Field:consumerAuthenticationInformation. decoupledAuthenticationMaxTime
- SCMP API Field:pa_decoupled_authentication_max_time
- Simple Order API Field:payerAuthEnrollService_decoupled_AuthenticationMaxTime
consumerAuthenticationInformation. defaultCard
Indicates that the card being used is the one
designated as the primary payment card for
purchase.
This field can contain one of these values:
- true
- false
Recommended for Discover ProtectBuy.
Specifications
- Data Type:Boolean
- Data Length:1
Mapping Information
- REST API Field:consumerAuthenticationInformation. defaultCard
- SCMP API Field:pa_default_card
- Simple Order API Field:payerAuthEnrollService_defaultCard
consumerAuthenticationInformation. deviceChannel
Indicates the channel used for the transaction.
Required for SDK integration. Possible Values:
- SDK
- Browser
- 3RI (3-D Secure Integrator Request)
IMPORTANT
If you use the SDK integration, this field is
dynamically set to
SDK
. If you use the JavaScript
code, this field is dynamically set to Browser
. For
merchant-initiated or 3RI transactions, you must set
the field to 3RI
. If you use this field in addition to
JavaScript code, you must set the field to Browser
.
Specifications
- Data Type:String
- Data Length:10
Mapping Information
- REST API Field:consumerAuthenticationInformation. deviceChannel
- SCMP API Field:pa_device_channel
- Simple Order API Field:payerAuthEnrollService_deviceChannel
consumerAuthenticationInformation. deviceDataCollectionURL
Location to send the authentication JSON Web Token (JWT) when you
invoke device data collection.
Specifications
- Data Type:String
- Data Length:100
Mapping Information
- REST API Field:consumerAuthenticationInformation. deviceDataCollectionURL
- SCMP API Field:pa_setup_pa_device_data_collection_url
- Simple Order API Field:payerAuthSetupReply_deviceDataCollectionURL
consumerAuthenticationInformation.
directoryServerErrorCode
The directory server error code indicating a problem
with the transaction.
Specifications
- Data Type:String
- Data Length:3
Mapping Information
- REST API Field:consumerAuthenticationInformation.directoryServerErrorCode
- SCMP API Field:pa_directory_server_error_code
- Simple Order API Fields:
- payerAuthEnrollReply_directoryServerErrorCode
- payerAuthValidateReply_directoryServerErrorCode
consumerAuthenticationInformation. directoryServerErrorDescription
Directory server text and additional detail about the
error for the transaction.
Specifications
- Data Type:String
- Data Length:4096
Mapping Information
- REST API Field:consumerAuthenticationInformation. directoryServerErrorDescription
- SCMP API Field:pa_directory_server_error_description
- Simple Order API Fields:
- payerAuthEnrollReply_directoryServerErrorDescription
- payerAuthValidateReply_directoryServerErrorDescription
consumerAuthenticationInformation. directoryServerTransactionId
Transaction ID that the directory server generates during
authentication.
When you request the payer authentication and authorization services separately, get the
value for this field from the
consumerAuthenticationInformation. threeDSServerTransactionId
response field.Mastercard Identity Check on
Visa Platform Connect
The value for this field corresponds to the following data in the TC 33
capture file:
- Record: CP01 TCR7
- Position: 114-149
- Field: MC AVV Verification—Directory Server Transaction ID
The TC 33 capture file contains information
about the payments and credits that a merchant submits to
Cybersource
. The processor creates the TC 33 capture file at the end of the day and sends it
to the merchant’s acquirer. The acquirer uses this information to facilitate
end-of-day clearing processing with payment networks.Specifications
- Data Type:String
- Data Length:36
Mapping Information
- REST API Field:consumerAuthenticationInformation.directoryServerTransactionId
- SCMP API Fields:
- directory_server_transaction_id
- pa_enroll_directory_server_transaction_id
- pa_validate_directory_server_transaction_id
- Simple Order API Fields:
- ccAuthService_directoryServerTransactionID
- payerAuthEnrollReply_directoryServerTransactionID
- payerAuthValidateReply_directoryServerTransactionID
consumerAuthenticationInformation. dsReferenceNumber
Unique identifier assigned by the EMVCo.
This field is required in cardholder-initiated 3-D Secure fully-authenticated mada card
transactions.
When you request the payer authentication and authorization services
separately, get the value for this field from the response messages.
Specifications
- Data Type:String
- Data Length:23
Mapping Information
- REST API Field:consumerAuthenticationInformation. dsReferenceNumber
- SCMP API Field:ds_reference_number
- Simple Order API Field:ccAuthService_dsReferenceNumber
consumerAuthenticationInformation. eci
Numeric electronic commerce indicator (ECI)
returned only for Visa, American Express, JCB,
Diners Club, Discover, China UnionPay, and Elo
transactions when the card is not enrolled.
IMPORTANT
This field applies only to cards that are not issued in the U.S.
If you are not using
Cybersource
payment
services, you must send this value to your payment
processor in the next request for card
authorization.This field contains one of these values:
- 06: The card can be enrolled. Liability shift.
- 07: The card cannot be enrolled. No liability shift.
Specifications
- Data Type:String
- Data Length:255
Mapping Information
- REST API Field:consumerAuthenticationInformation. eci
- SCMP API Fields:
- pa_enroll_eci
- pa_validate_eci
- Simple Order API Fields:
- payerAuthEnrollReply_eci
- payerAuthValidateReply_eci
consumerAuthenticationInformation. eciRaw
Raw electronic commerce indicator (ECI).
The field is absent if authentication fails.
This field can contain one of these values:
- 01: Authentication attempted (Mastercard).
- 02: Successful authentication (Mastercard).
- 05: Successful authentication (Visa, American Express, JCB, Diners Club, Discover, China UnionPay, and Elo).
- 06: Authentication attempted (Visa, American Express, JCB, Diners Club, Discover, China UnionPay, and Elo).
Specifications
- Data Type:String
- Data Length:255
Mapping Information
- REST API Field:consumerAuthenticationInformation.eciRaw
- SCMP API Fields:
- eci_raw
- pa_enroll_eci_raw
- pa_validate_eci_raw
- Simple Order API Fields:
- ccAuthService_eciRaw
- payerAuthEnrollReply_eciRaw
- payerAuthValidateReply_eciRaw
consumerAuthenticationInformation. ecommerceIndicator
Indicator used to distinguish types of transactions.
This field contains one of these values:
- aesk: American Express SafeKey authentication verified successfully.
- aesk_attempted: Card not enrolled in American Express SafeKey, but the attempt to authenticate is recorded.
- cs: Elo Compra Segura authentication verified successfully.
- cs_attempted: Elo Compra Segura card not enrolled, but the attempt to authenticate is recorded.
- dipb: Discover ProtectBuy authentication verified successfully.
- dipb_attempted: Card not enrolled in Discover ProtectBuy, but the attempt to authenticate is recorded.
- internet: Card not enrolled, or card type not supported by payer authentication. No liability shift.
- js: J/Secure authentication verified successfully.
- js_attempted: Card not enrolled, but the attempt to authenticate is recorded. Liability shift.
- js_failure: J/Secure directory service is not available. No liability shift.
- pb: Diners Club ProtectBuy authentication verified successfully.
- pb_attempted: Card not enrolled in Diners Club ProtectBuy, but the attempt to authenticate is recorded.
- spa: Mastercard Identity Check authentication verified successfully.
- spa_failure: Mastercard Identity Check failed authentication.
- up3ds: China UnionPay authentication verified successfully.
- up3ds_attempted: China UnionPay card not enrolled, but the attempt to authenticate is recorded.
- up3ds_failure: China UnionPay authentication unavailable.
- vbv: Visa Secure authentication verified successfully.
- vbv_attempted: Visa card not enrolled, but the attempt to authenticate is recorded. Liability shift.
- vbv_failure: For the payment processors Barclays, Streamline, AIBMS, or FDC Germany, you receive this result if Visa’s directory service is not available. No liability shift.
Specifications
- Data Type:String
- Data Length:255
Mapping Information
- REST API Field:consumerAuthenticationInformation. ecommerceIndicator
- SCMP API Fields:
- pa_enroll_e_commerce_indicator
- pa_validate_e_commerce_indicator
- Simple Order API Fields:
- payerAuthEnrollReply_commerceIndicator
- payerAuthValidateReply_commerceIndicator
consumerAuthenticationInformation. effectiveAuthenticationType
The type of 3-D Secure transaction flow.
When you request the payer authentication and authorization services separately, get the value for this field from the response field.
consumerAuthenticationInformation. effectiveAuthenticationType
Possible Values:
- CH: Challenge.Strong customer authentication is required. The cardholder must prove that they are present and enter the payment details by providing two of the following elements:
- Something on the cardholder's body. Example: fingerprint.
- Something the cardholder has. Examples: plastic card, mobile device, token generator.
- Something the cardholder knows. Examples: PIN, password.
- FR: Frictionless.The transaction can proceed without cardholder authentication.
- FD: Frictionless with delegation (challenge not generated by the issuer but by the scheme on behalf of the issuer).The issuer does not require cardholder authentication, but the payment card company might require it.
Specifications
- Data Type:String
- Data Length:2
Mapping Information
- REST API Field:consumerAuthenticationInformation. effectiveAuthenticationType
- SCMP API Field:effective_authentication_type
- Simple Order API Fields:
- ccAuthService_effectiveAuthenticationType
- payerAuthEnrollReply_effectiveAuthenticationType
- payerAuthValidateReply_effectiveAuthenticationType
consumerAuthenticationInformation. exemptionDataRaw
Payer authentication exemption data field.
Raw exemption data field that is used for Carte Bancaire exemptions. For example,"low fraud
merchant program." Used with payer authentication service response.
Specifications
- Data Type:String
- Data Length:4
Mapping Information
- REST API Field:consumerAuthenticationInformation.exemptionDataRaw
- Simple Order API Field:payerAuthEnrollReply_exemptionDataRaw
consumerAuthenticationInformation. idciDecision
Decision on the risk assessment from Mastercard.
This field is used only with Mastercard. It is required when the merchant requests the Identity Check Insights
(IDCI) score.
Specifications
- Data Type:String
- Data Length:12
Mapping Information
- REST API Field:consumerAuthenticationInformation. idciDecision
- SCMP API Field:pa_idci_decision
- Simple Order API Field:payerAuthEnrollReply_idciDecision
consumerAuthenticationInformation. idciReasonCode1
Reason code from Mastercard.
This field is only used with Mastercard.
It is required when the merchant requests the Identity Check Insights (IDCI) score.
The reason code values range from
A
through Z
.
For a description of the reason codes values, see the appendix of the Mastercard Identity Check Program Guide.Specifications
- Data Type:String
- Data Length:1
Mapping Information
- REST API Field:consumerAuthenticationInformation. idciReasonCode1
- SCMP API Field:pa_idci_reason_code1
- Simple Order API Field:payerAuthEnrollReply_idciReasonCode1
consumerAuthenticationInformation. idciReasonCode2
Reason code from Mastercard.
This field is only used with Mastercard.
It is required when the merchant requests the Identity Check Insights (IDCI) score.
The reason code values range from
A
through Z
.
For a description of the reason codes values, see the appendix of the Mastercard Identity Check Program Guide.Specifications
- Data Type:String
- Data Length:2
Mapping Information
- REST API Field:consumerAuthenticationInformation. idciReasonCode2
- SCMP API Field:pa_idci_reason_code2
- Simple Order API Field:payerAuthEnrollReply_idciReasonCode2
consumerAuthenticationInformation. idciScore
Risk assessment from Mastercard.
Only for Mastercard. Required when the merchant requests the Identity Check Insights (IDCI)
score. The risk score values range from
0
- 9
(low to
high). Refer to the Appendix C in the Mastercard Identity Check Program Guide for
additional information about the score values.Specifications
- Data Type:Integer
- Data Length:1
Mapping Information
- REST API Field:consumerAuthenticationInformation.idciScore
- SCMP API Field:pa_idci_score
- Simple Order API Field:payerAuthEnrollReply_idciScore
consumerAuthenticationInformation. interactionCounter
Indicates the number of authentication cycles that the cardholder
attempted. The cycles are tracked by the issuing bank’s ACS.
Example
: The customer receives the challenge window, enters the one-time password,
and clicks Submit
. This sequence counts as one interaction.Example:
The customer receives the challenge window, receives the bank message
asking if the one-time password should be sent to their phone or email. The customer makes
a selection before going to the next screen to enter the one-time password. This sequence
counts as two interactions. The first interaction occurs when the customer chooses how to
have the one-time password delivered. The second interaction occurs when the customer enters
the one-time password and clicks Submit
.Specifications
- Data Type:Integer
- Data Length:2
Mapping Information
- REST API Field:consumerAuthenticationInformation.interactionCounter
- SCMP API Field:pa_interaction_counter
- Simple Order API Field:payerAuthValidateReply_interactionCounter
consumerAuthenticationInformation. marketingOptIn
Indicates whether the customer has opted in for
marketing offers.
Recommended for Discover ProtectBuy.
Possible values:
- true
- false
Specifications
- Data Type:Boolean
- Data Length:5
Mapping Information
- REST API Field:consumerAuthenticationInformation. marketingOptIn
- SCMP API Field:pa_marketing_optin
- Simple Order API Field:payerAuthEnrollService_marketingOptIn
consumerAuthenticationInformation. marketingSource
Indicates origin of the marketing offer.
Recommended for Discover ProtectBuy.
Specifications
- Data Type:String
- Data Length:40
Mapping Information
- REST API Field:consumerAuthenticationInformation. marketingSource
- SCMP API Field:pa_marketing_source
- Simple Order API Field:payerAuthEnrollService_marketingSource
consumerAuthenticationInformation. mcc
Merchant category code.
Specifications
- Data Length:4
Mapping Information
- REST API Field:consumerAuthenticationInformation. mcc
- SCMP API Field:pa_mcc
- Simple Order API Field:payerAuthEnrollService_MCC
consumerAuthenticationInformation. merchantFraudRate
Calculated by merchants according to Payment
Service Directive 2 (PSD2) and Regulatory Technical
Standards (RTS). European Economic Area (EEA)
card fraud divided by all EEA card volumes.
Possible Values:
- 1: Represents fraud rate <=1.
- 2: Represents fraud rate >1 and <=6.
- 3: Represents fraud rate >6 and <=13.
- 4: Represents fraud rate >13 and <=25.
- 5: Represents fraud rate >25.
Specifications
- Data Type:String
- Data Length:2
Mapping Information
- REST API Field:consumerAuthenticationInformation.merchantFraudRate
- SCMP API Field:pa_merchant_fraud_rate
- Simple Order API Field:payerAuthEnrollService_merchantFraudRate
consumerAuthenticationInformation. merchantScore
Risk score provided by merchants.
Specifications
- Data Type:Integer
- Data Length:2
Mapping Information
- REST API Field:consumerAuthenticationInformation. merchantScore
- SCMP API Field:pa_merchant_score
- Simple Order API Field:payerAuthEnrollService_merchantScore
consumerAuthenticationInformation. messageCategory
Category of the message for a specific use case.
Possible values:
- 01: PA (payment authentication).
- 02: NPA (nonpayment authentication).
- 03-79: Reserved for EMVCo future use (values invalid until defined by EMVCo).
- 80-99: Reserved for directory server use.
Specifications
- Data Type:String
- Data Length:2
Mapping Information
- REST API Field:consumerAuthenticationInformation.messageCategory
- SCMP API Field:pa_message_category
- Simple Order API Field:payerAuthEnrollService_messageCategory
consumerAuthenticationInformation. networkScore
The global score calculated by the 3-D Secure scoring platform and
returned to the merchant.
This field is available only for secure transactions in France on the
Banque de France et Tresor Public
, BNP Paribas France
, and Credit Mutuel-CIC
processors.Possible values:
00
- 99
.When you request the payer authentication and authorization services separately, get the
value for this field from the
consumerAuthenticationInformation. networkScore
response field.Specifications
- Data Type:String
- Data Length:2
Mapping Information
- REST API Field:consumerAuthenticationInformation. networkScore
- SCMP API Field:pa_network_score
- Simple Order API Fields:
- ccAuthService_paNetworkScore
- payerAuthEnrollReply_networkScore
consumerAuthenticationInformation. otpToken
One-time password that the cardholder entered.
RuPay
: Specifications
- Data Type:String
- Data Length:255
Mapping Information
- REST API Field:consumerAuthenticationInformation. otpToken
- SCMP API Field:pa_otp_token
- Simple Order API Field:pa_otpToken
consumerAuthenticationInformation. overrideCountryCode
Two-character ISO standard country code.
Specifications
- Data Type:String
- Data Length:2
Mapping Information
- REST API Field:consumerAuthenticationInformation.overrideCountryCode
- SCMP API Field:pa_merchant_country_code
- Simple Order API Field:payerAuthEnrollService_merchantCountrycode
consumerAuthenticationInformation.
overridePaymentMethod
Specifies the payment account type used for the
transaction.
This field overrides other payment types
that might be specified in the request.
Use one of the following values for this field:
- NA: Does not apply. Do not override other payment types that are specified in the request.
- CR: Credit card.
- DB: Debit card.
- VSAVR: Visa Vale Refeicao.
- VSAVA: Visa Vale Alimentacao.
Specifications
- Data Type:String
- Data Length:10
Mapping Information
- REST API Field:consumerAuthenticationInformation. overridePaymentMethod
- SCMP API Field:pa_override_payment_method
- Simple Order API Field:payerAuthEnrollService_overridePaymentMethod
consumerAuthenticationInformation. pareq
Payer authentication request (PAReq) message that you must forward
to the ACS.
The value can be very large. The value is encoded in Base64.
Specifications
- Data Type:String
- Data Length:No length limit.
Mapping Information
- REST API Field:consumerAuthenticationInformation. pareq
- SCMP API Field:pa_enroll_pareq
- Simple Order API Field:payerAuthEnrollReply_paReq
consumerAuthenticationInformation[]. paresStatus
Raw result of the authentication check.
This field can
contain one of these values:
- A: Proof of authentication attempt was generated.
- C: Card challenged. This status is a temporary status for an in-flight transaction and can result in other authentication statuses after transaction is completed.
- N: Customer failed or canceled authentication. Transaction denied.
- R: Authentication rejected (used for 3-D Secure 2.x transactions only).
- U: Authentication not completed regardless of the reason.
- Y: Customer was successfully authenticated.
Specifications
- Data Type:String
- Data Length:255
Mapping Information
- REST API Field:consumerAuthenticationInformation[].paresStatus
- SCMP API Fields:
- pares_status
- pa_enroll_pares_status
- pa_validate_pares_status
- Simple Order API Fields:
- ccAuthService_paresStatus
- payerAuthEnrollReply_paresStatus
- payerAuthValidateReply_paresStatus
consumerAuthenticationInformation.
signedParesStatusReason
Provides additional information about the PARes status value.
Specifications
- Data Type:String
- Data Length:2
Mapping Information
- REST API Field:consumerAuthenticationInformation. signedParesStatusReason
- SCMP API Field:pares_status_reason
- Simple Order API Fields:
- payerAuthEnrollReply_authenticationStatusReason
- payerAuthValidateReply_authenticationStatusReason
consumerAuthenticationInformation. paSpecificationVersion
The EMV 3-D Secure version that was used to process the transaction.
Example
: 2.3.1This field is available only for the
FDC Compass
and Visa Platform Connect
processors.- Visa Platform Connect
- The value for this field corresponds to this data in the TC 33 capture file:
- Record: CP01 TCR7
- Position: 113
- Field: MC AVV Verification—Program Protocol
- Mastercard Identity Check on Visa Platform ConnectVisa Platform Connect
- Mastercard Identity Check might return one of these values during the authentication process.Possible values:
- 2.1.0: EMV 3-D Secure 2.1.0 (This value cannot be used after September 25, 2024, when EMV 3-D Secure 2.1 is no longer supported. All merchants must begin using EMV 3-D Secure 2.2 or later before that date to avoid any disruption in service.)
- 2.2.0: EMV 3-D Secure 2.2.0
- 2.3.0: EMV 3-D Secure 2.3.0
- 2.4.0: EMV 3-D Secure 2.4.0
- 2.5.0: EMV 3-D Secure 2.5.0
- 2.6.0: EMV 3-D Secure 2.6.0
- 2.7.0: EMV 3-D Secure 2.7.0
- 2.8.0: EMV 3-D Secure 2.8.0
- 2.9.0: EMV 3-D Secure 2.9.0
Specifications
- Data Type:String
- Data Length:20
Mapping Information
- REST API Field:consumerAuthenticationInformation.paSpecificationVersion
- SCMP API Field:pa_specification_version
- Simple Order API Field:ccAuthService_paSpecificationVersion
consumerAuthenticationInformation. priorAuthenticationData
This field contains data that the ACS can use to
verify the authentication process.
Specifications
- Data Type:String
- Data Length:2048
Mapping Information
- REST API Field:consumerAuthenticationInformation. priorAuthenticationData
- SCMP API Field:pa_prior_authentication_data
- Simple Order API Field:payerAuthEnrollService_priorAuthenticationData
consumerAuthenticationInformation. priorAuthenticationMethod
Method the cardholder used previously to
authenticate to the 3-D Secure requester.
Possible values:
- 01: Frictionless authentication occurred by ACS.
- 02: Cardholder challenge occurred by ACS.
- 03: AVS verified.
- 04: Other issuer methods.
- 05-79: Reserved for EMVCo future use (values invalid until defined by EMVCo).
- 80-99: Reserved for directory server use.
Specifications
- Data Type:String
- Data Length:2
Mapping Information
- REST API Field:consumerAuthenticationInformation. priorAuthenticationMethod
- SCMP API Field:pa_prior_authentication_method
- Simple Order API Field:payerAuthEnrollService_priorAuthenticationMethod
consumerAuthenticationInformation.
priorAuthenticationReferenceId
This field contains the ACS transaction ID for a prior
authenticated transaction.
For example, the first recurring transaction that was authenticated with the
cardholder.
Specifications
- Data Type:String
- Data Length:36
Mapping Information
- REST API Field:consumerAuthenticationInformation. priorAuthenticationReferenceId
- SCMP API Field:pa_prior_authentication_reference_id
- Simple Order API Field:payerAuthEnrollService_priorAuthenticationReferenceID
consumerAuthenticationInformation. priorAuthenticationTime
Date and time in UTC of the prior cardholder
authentication.
Format:
yyyyMMDDHHMM
Specifications
- Data Type:String
- Data Length:12
Mapping Information
- REST API Field:consumerAuthenticationInformation. priorAuthenticationTime
- SCMP API Field:pa_prior_authentication_time
- Simple Order API Field:payerAuthEnrollService_priorAuthenticationTime
consumerAuthenticationInformation. productCode
Specifies the product code, which designates the
type of transaction.
Specify one of the following
values for this field:
- AIR: Airline purchase.
- ACC: Accommodation rental.
- ACF: Account funding.
- CHA: Check acceptance.
- DIG: Digital goods.
- DSP: Cash dispensing.
- GAS: Fuel.
- GEN: General retail.
- LUX: Luxury retail.
- PAL: Prepaid activation and load.
- PHY: Goods or services purchase.
- QCT: Quasi-cash transaction.
- REN: Car rental.
- RES: Restaurant.
- SVC: Services.
- TBD: Other.
- TRA: Travel.
Specifications
- Data Type:String
- Data Length:3
Mapping Information
- REST API Field:consumerAuthenticationInformation. productCode
- SCMP API Field:pa_product_code
- Simple Order API Field:payerAuthEnrollService_productCode
consumerAuthenticationInformation. proofXml
Date and time of the enrollment check combined with
the VEReq and VERes elements.
If you ever need to show proof of enrollment checking, you might need to parse the string
for the information required by the payment card company. The value can be very large.
- For cards issued in the US or Canada, Visa might require this data for specific merchant category codes.
- For cards not issued in the US or Canada, your bank might require this data as proof of enrollment checking for any payer authentication transaction that you re-present because of a chargeback.
Specifications
- Data Type:String
- Data Length:No length limit.
Mapping Information
- REST API Field:consumerAuthenticationInformation. proofXml
- SCMP API Field:pa_enroll_proofxml
- Simple Order API Field:payerAuthEnrollReply_proofXML
consumerAuthenticationInformation. proxyPan
Encrypted version of the card number that is used in the payer
authentication request message.
Specifications
- Data Type:String
- Data Length:255
Mapping Information
- REST API Field:consumerAuthenticationInformation. proxyPan
- SCMP API Field:pa_enroll_proxypan
- Simple Order API Field:payerAuthEnrollReply_proxyPAN
consumerAuthenticationInformation. referenceId
Reference ID that corresponds to the device
fingerprinting data that was collected previously.
Specifications
- Data Type:String
- Data Length:50
Mapping Information
- REST API Field:consumerAuthenticationInformation.referenceId
- SCMP API Fields:
- pa_reference_id
- pa_setup_pa_reference_id
- Simple Order API Fields:
- payerAuthEnrollService_referenceID
- payerAuthSetupReply_referenceID
consumerAuthenticationInformation.
requestorInitiatedAuthenticationIndicator
Indicates the type of 3-D Secure Integrator Request (3RI Request).
Possible Values:
- 01: Recurring transaction.
- 02: Installment transaction.
- 03: Add card.
- 04: Maintain card.
- 05: Account verification.
- 06: Split/delayed shipment.
- 07: Top-up.
- 08: Mail order.
- 09: Telephone order.
- 10: Whitelist status check.
- 11: Other payment.
EMV 3-D Secure version 2.1.0 supports values
01
-05
.
Version 2.2.0 supports values 01
- 11
.Specifications
- Data Type:String
- Data Length:2
Mapping Information
- REST API Field:consumerAuthenticationInformation. requestorInitiatedAuthenticationIndicator
- SCMP API Field:pa_requestor_initiated_authentication_indicator
- Simple Order API Field:payerAuthEnrollService_ requestorInitiatedAuthenticationIndicator
consumerAuthenticationInformation. requestorName
The 3-D Secure requestor name value assigned by the directory server.
Specifications
- Data Type:String
- Data Length:40
Mapping Information
- REST API Field:consumerAuthenticationInformation. requestorName
- SCMP API Field:pa_requestor_name
- Simple Order API Field:payerAuthEnrollService_requestorName
consumerAuthenticationInformation. responseAccessToken
JSON Web Token (JWT) returned by the 3-D Secure provider when the
authentication is complete.
Specifications
- Data Type:String
- Data Length:2048
Mapping Information
- REST API Field:consumerAuthenticationInformation.responseAccessToken
- SCMP API Field:pa_response_access_token
- Simple Order API Field:payerAuthValidateService_responseAccessToken
consumerAuthenticationInformation. returnUrl
URL of your return page.
This return URL is added to the step-up JWT and returned in the response of the Payer
Authentication enrollment call. Your return URL page serves as a listening URL. Cardinal
sends a POST response to your return URL when the bank session completes that contains the
completed bank session’s transaction ID. Your return page should capture the transaction ID
and send it in the Payer Authentication validation call.
Specifications
- Data Type:String
- Data Length:2048
Mapping Information
- REST API Field:consumerAuthenticationInformation. returnUrl
- SCMP API Field:pa_return_url
- Simple Order API Field:payerAuthEnrollService_returnURL
consumerAuthenticationInformation. scoreRequest
Indicates that you are requesting the Identity Check Insights (IDCI)
score details of a transaction.
Possible values:
- Yes
- No
If set to
yes
, you receive the values of these fields in the response:- consumerAuthenticationInformation. idciScore
- consumerAuthenticationInformation. idciDecision
- consumerAuthenticationInformation. idciReasonCode1
- consumerAuthenticationInformation. idciReasonCode2
This field is used only with Mastercard transactions.
Specifications
- Data Type:Boolean
- Data Length:1
Mapping Information
- REST API Field:consumerAuthenticationInformation. scoreRequest
- SCMP API Field:pa_score_request
- Simple Order API Field:payerAuthEnrollService_scoreRequest
consumerAuthenticationInformation. sdkFlowType
Type of SDK flow used for the transaction.
Possible values:
- Virtual SDK
- Cardinal
Specifications
- Data Type:String
- Data Length:100
Mapping Information
- REST API Field:consumerAuthenticationInformation. sdkFlowType
- SCMP API Field:pa_sdk_flow_type
- Simple Order API Field:payerAuthEnrollService_sdkFlowType
consumerAuthenticationInformation. sdkMaxTimeout
This field indicates the maximum amount of time for all 3-D Secure
2.x messages to be communicated between all components (in minutes).
Possible Values:
- Greater than or equal to05(05 is the minimum timeout to set)
- Default is set to15
Specifications
- Data Type:String
- Data Length:2
Mapping Information
- REST API Field:consumerAuthenticationInformation. sdkMaxTimeout
- SCMP API Field:pa_sdk_max_timeout
- Simple Order API Field:payerAuthEnrollService_sdkMaxTimeout
consumerAuthenticationInformation. sdkTransactionId
SDK unique transaction identifier that is generated
on each new transaction.
Specifications
- Data Type:String
- Data Length:36
Mapping Information
- REST API Field:consumerAuthenticationInformation. sdkTransactionId
- SCMP API Field:pa_sdk_transaction_id
- Simple Order API Fields:
- payerAuthEnrollReply_sdkTransactionID
- payerAuthEnrollService_sdkTransactionID
- payerAuthValidateReply_sdkTransactionID
consumerAuthenticationInformation. signedPares
Payer authentication result (PARes) message
returned by the card-issuing bank.
If you need to
show proof of enrollment checking, you might need to
decrypt and parse the string for the information
required by the payment card company.
IMPORTANT
The value is in Base64. You must
remove all carriage returns and line feeds before
adding the PARes to the request.
Specifications
- Data Type:String
Mapping Information
- REST API Field:consumerAuthenticationInformation.signedPares
- SCMP API Field:pa_signedpares
- Simple Order API Field:payerAuthValidateService_signedPARes
consumerAuthenticationInformation. signedParesStatusReason
Reason for payer authentication response status.
This field is available only for the
Banque de France et Tresor Public
, BNP Paribas France
, and Credit Mutuel-CIC
processors and is used to process secure
transactions in France.Possible values:
- 01: Card authentication failed.
- 02: Unknown device. Example: Device fingerprint not recognised because the device is an old mobile phone.
- 03: Unsupported device.
- 04: Exceeds authentication frequency limit. Strong customer authentication is required every six transactions or when the cumulative amount for the payment card during the preceding week exceeds 100 EUR.
- 05: Expired card.
- 06: Invalid card number.
- 07: Invalid transaction.
- 08: No card record. The card was not found in the 3-D Secure server database.
- 09: Security failure as determined by 3-D Secure server.
- 10: Stolen card.
- 11: Suspected fraud.
- 12: Cardholder is not permitted to perform this transaction.
- 13: Cardholder is not enrolled in 3-D Secure service.
- 14: Transaction timed out at the access control server (ACS), which is a server on the issuer side of the 3-D Secure protocol.
- 15: Low confidence as determined by 3-D Secure server.
- 16: Medium confidence.
- 17: High confidence.
- 18: Very high confidence.
- 19: Exceeds the maximum number of challenges permitted by the ACS.
- 20: Non-payment transaction is not supported.
- 21: 3-D Secure request for information, such as BIN lookup, is not supported.
- 22: ACS technical problem.
- 23: Decoupled authentication is required by the ACS but you did not request it.
- 24: Your maximum expiration time was exceeded.
- 25: There was not enough time for decoupled authentication to authenticate the cardholder.
- 26: Authentication was attempted but the cardholder was not authenticated.
When you request the payer authentication and authorization services separately, get the
value for this field from the
consumerAuthenticationInformation. signedParesStatusReason
response field.Specifications
- Data Type:Integer
- Data Length:2
Mapping Information
- REST API Field:consumerAuthenticationInformation. signedParesStatusReason
- SCMP API Field:pares_status_reason
- Simple Order API Field:ccAuthService_paresStatusReason
consumerAuthenticationInformation. specificationVersion
This field contains the 3-D Secure version that was
used to process the transaction. For example, 1.0.2 or 2.0.0.
Specifications
- Data Type:String
- Data Length:8
Mapping Information
- REST API Field:consumerAuthenticationInformation. specificationVersion
- SCMP API Fields:
- pa_enroll_specification_version
- pa_validate_specification_version
- Simple Order API Fields:
- payerAuthEnrollReply_specificationVersion
- payerAuthValidateReply_specificationVersion
consumerAuthenticationInformation. stepUpUrl
The fully qualified URL that the merchant uses to
post a form to the cardholder in order to complete the
consumer authentication transaction for the
Cardinal Cruise Direct Connection API integration.
Specifications
- Data Type:String
- Data Length:2048
Mapping Information
- REST API Field:consumerAuthenticationInformation. stepUpUrl
- SCMP API Field:pa_step_up_url
- Simple Order API Field:payerAuthEnrollReply_stepUpURL
consumerAuthenticationInformation. strongAuthentication.
authenticationIndicator
Indicates the type of authentication request.
Possible values:
- 01: Payment transaction.
- 02: Recurring transaction.
- 03: Installment transaction.
- 04: Add card.
- 05: Maintain card.
- 06: Cardholder verification as part of EMV token ID&V (identity and verification).
Specifications
- Data Type:String
- Data Length:2
Mapping Information
- REST API Field:consumerAuthenticationInformation. strongAuthentication. authenticationIndicator
- SCMP API Field:pa_authentication_indicator
- Simple Order API Field:payerAuthEnrollService_authenticationIndicator
consumerAuthenticationInformation. strongAuthentication. authenticationOutageExemptionIndicator
This field is an exemption indicator for payer authentication
outage.
This flag indicates whether the transaction is exempt from strong customer authentication
(SCA) requirements in Europe because Payer Authentication is not available.
Possible values:
- 0(default): Not exempt.
- 1: Exempt from SCA requirements because payer authentication is not available.
This field is supported on these payment gateways: Barclays, Streamline, HSBC, Omnipay
Direct Platform (opdfde, opdcardnet, omnipaydirect), Credit Mutuel CIC, BNP Paribas France,
Banque de France et Tresor Public, Lloyds TSB Cardnet, HBoS
Visa Platform Connect
, and GPX
.Countries in CEMEA must now support Field 34 DSID 02 Tag 87 in the authorization request
and response for Visa transactions. The response does not include an Economic Commerce
Indicator (ECI) value or the Field F34 DSID 02 Tag 87.
These countries in CEMEA are affected by this requirement:
|
|
For Mastercard transactions, the value for this field corresponds to this data in the TC 33
capture file:
- Record: CP01 TCR6
- Position: 145-146
- Field: Mastercard Low-Risk Merchant Indicator
Specifications
- Data Type:String
- Data Length:1
Mapping Information
- REST API Field:consumerAuthenticationInformation.strongAuthentication. authenticationOutageExemptionIndicator
- SCMP API Field:authentication_outage_exemption_indicator
- Simple Order API Field:ccAuthService_authenticationOutageExemptionIndicator
consumerAuthenticationInformation. strongAuthentication. delegatedAuthenticationExemptionIndicator
Exemption indicator for delegated authentication.
This flag specifies whether the transaction is exempt from strong customer authentication (SCA) requirements in Europe because the authentication was delegated to a different provider, such as an acquirer or payment technology provider (PTP).
Possible values:
- 0(default): Not exempt.
- 1: Exempt from SCA requirements because the authentication was delegated to a different provider
Visa Platform Connect
For Mastercard transactions, the value for this field corresponds to the following data in the TC 33 capture file:
- Record: CP01 TCR6
- Position: 145-146
- Field: Mastercard Low-Risk Merchant Indicator
Specifications
- Data Type:String
- Data Length:1
Mapping Information
- REST API Field:consumerAuthenticationInformation. strongAuthentication.delegatedAuthenticationExemptionIndicator
- SCMP API Field:delegated_authentication_exemption_indicator
- Simple Order API Field:ccAuthService_delegatedAuthenticationExemptionIndicator
consumerAuthenticationInformation. strongAuthentication. issuerInformation. trustedMerchantExemptionResult
Code that indicates whether the issuer honored or denied the
customer's request for trusted merchant exemption.
This field is supported only on
Visa Platform Connect
. Possible values:
- 1: Trusted merchant exemption validated.
- 2: Trusted merchant exemption failed validation.
Specifications
- Data Type:String
- Data Length:1
Mapping Information
- REST API Field:consumerAuthenticationInformation. strongAuthentication.issuerInformation.trustedMerchantExemptionResult
- SCMP API Field:trusted_merchant_exemption_response_indicator
- Simple Order API Field:issuer_trustedMerchantExemptionResult
consumerAuthenticationInformation. strongAuthentication. issuerInformation.delegatedAuthenticationResult
Code that indicates whether the issuer validated your request for a delegated authentication exemption.
This field is available only on the
Visa Platform Connect
processor.Possible values:
- 2: Request for a delegated authentication exemption was validated.
- 3: Request for a delegated authentication exemption was not validated.
When this field returns a value of
3
, the reason is returned in the consumerAuthenticationInformation. strongAuthentication.issuerInformation.riskAnalysisExemptionResult
response field.
Specifications
- Data Type:String
- Length:1
Mapping Information
- REST API Field:consumerAuthenticationInformation. strongAuthentication.issuerInformation.delegatedAuthenticationResult
- SCMP API Field:delegated_authentication_result
- Simple Order API Field:ccAuthService_delegatedAuthenticationResult
consumerAuthenticationInformation. strongAuthentication.
issuerInformation. exemptionDataRaw
Payer authentication exemption indicator for delegated
authentication.
Raw payer authentication exemption data field that is used for Carte Bancaire exemptions.
For example, "low fraud merchant program." Used with authorization service requests.
Specifications
- Data Type:String
- Data Length:4
Mapping Information
- REST API Field:consumerAuthenticationInformation. strongAuthentication.issuerInformation. exemptionDataRaw
- SCMP API Field:exemption_data
- Simple Order API Field:ccAuthService_exemptionDataRaw
consumerAuthenticationInformation. strongAuthentication. issuerInformation. lowValueExemptionResult
Code that indicates whether the issuer validated your request for a
low-value amount exemption.
This field is available only on the
Visa Platform Connect
processor.Possible values:
- 0: Low value exemption does not apply to the transaction.
- 1: Transaction exempt from SCA as the merchant/acquirer has determined it to be a low value payment.
Specifications
- Data Type:String
- Length:1
Mapping Information
- REST API Field:consumerAuthenticationInformation. strongAuthentication.issuerInformation.lowValueExemptionResult
- SCMP API Field:issuer_low_value_exemption_result
- Simple Order API Field:issuer_lowValueExemptionResult
consumerAuthenticationInformation. strongAuthentication. issuerInformation. riskAnalysisExemptionResult
Reason that the issuer declined your request for a strong customer authentication exemption.
This field is avaukabke only on the
Visa Platform Connect
processor. This value is a series of a maximum of 20 four-digit codes and no delimiters. Possible codes:
- 8401: You are not participating in the Visa Trusted Listing program.
- 8402: Issuer is not participating in the Visa Trusted Listing program.
- 8403: Your business is not included on the cardholder's list of trusted merchants.
- 8404: Issuer response is unclear or invalid.
- 8473: Your business is not included on the cardholder's list of trusted merchants.
- 8474: Transaction information does not meet the exemption criteria.
- 8904: Issuer response is unclear or invalid (Visa).
- 8905: No entry found in the supplemental database (Visa).
- 8906: Did not meet exemption criteria (Visa).
- 8A01: Merchant not participating in Visa Delegated Authentication Program.
- 8A02: Issuer not participating in Visa Delegated Authentication Program.
- 8A04: Issuer response is unclear or invalid.
- 8A06: Did not meet the exemption criteria (Visa).
- 8A07: Visa merchant ID invalid for service.
- 8A08: CAVV invalid value.
- 8A76: Did not meet the exemption criteria (Issuer).
Visa Platform Connect
The value for this field corresponds to the following data in the TC 33 capture file:
- Record: CP07 TCR9
- Position: 61-140
- Field: Reasons for Not Honoring SCA Exemptions
Specifications
- Data Type:String
- Data Length:80
Mapping Information
- REST API Field:consumerAuthenticationInformation. strongAuthentication.issuerInformation.riskAnalysisExemptionResult
- SCMP API Field:issuer_risk_analysis_exemption_result
- Simple Order API Field:issuer_riskAnalysisExemptionResult
consumerAuthenticationInformation. strongAuthentication. issuerInformation. secureCorporatePaymentResult
Code that indicates whether the issuer validated your request for a
secure corporate payment exemption.
This field is available only on the
Visa Platform Connect
processor.Possible values:
- 2: Request for a secure corporate payment exemption was validated.
- 3: Request for a secure corporate payment exemption was not validated.
Specifications
- Data Type:String
- Length:1
Mapping Information
- REST API Field:consumerAuthenticationInformation. strongAuthentication.issuerInformation.secureCorporatePaymentResult
- SCMP API Field:issuer_secure_corporate_payment_result
- Simple Order API Field:issuer_secureCorporatePaymentResult
consumerAuthenticationInformation. strongAuthentication. issuerInformation. transactionRiskAnalysisExemptionResult
Code that indicates whether the issuer validated your request for a transaction risk analysis exemption.
This field is available only on the
Visa Platform Connect
processor.Possible values:
- 2: Request for a transaction risk analysis exemption was validated.
- 3: Request for a transaction risk analysis exemption was not validated.
Specifications
- Data Type:String
- Length:1
Mapping Information
- REST API Field:consumerAuthenticationInformation. strongAuthentication.issuerInformation.transactionRiskAnalysisExemptionResult
- SCMP API Field:issuer_transaction_risk_analysis_exemption_result
- Simple Order API Field:issuer_transactionRiskAnalysisExemptionResult
consumerAuthenticationInformation. strongAuthentication. issuerInformation. trustedMerchantExemptionResult
Code that indicates whether the issuer validated your request for a
trusted merchant exemption.
This field is available only on the
Visa Platform Connect
processor.Possible values:
- 2: Request for a trusted merchant exemption was validated.
- 3: Request for a trusted merchant exemption was not validated.
Specifications
- Data Type:String
- Length:1
Mapping Information
- REST API Field:consumerAuthenticationInformation. strongAuthentication.issuerInformation.trustedMerchantExemptionResult
- SCMP API Field:issuer_trusted_merchant_exemption_result
- Simple Order API Field:issuer_trustedMerchantExemptionResult
consumerAuthenticationInformation. strongAuthentication. lowValueExemptionIndicator
Exemption indicator for a low payment amount.
This flag specifies whether the transaction is exempt from strong customer authentication (SCA) requirements in Europe because the payment amount is low.
Possible values:
- 0(default): Not exempt.
- 1: Exempt from SCA requirements because the payment amount is low.
- Visa Platform Connect
- For Mastercard transactions, the value for this field corresponds to the following data in the TC 33 capture file:
- Record: CP01 TCR6
- Position: 145-146
- Field: Mastercard Low-Risk Merchant Indicator
For transactions with other card types, the value for this field corresponds to the following data in the TC 33 capture file:- Record: CP01 TCR8
- Position: 126
- Field: Low Value Exemption Indicator
Specifications
- Data Type:String
- Data Length:1
Mapping Information
- REST API Field:consumerAuthenticationInformation. strongAuthentication.lowValueExemptionIndicator
- SCMP API Field:low_value_exemption_indicator
- Simple Order API Fields:ccAuthService_lowValueExemptionIndicator
consumerAuthenticationInformation. strongAuthentication. riskAnalysisExemptionIndicator
Exemption indicator for a low-risk transaction.
This flag specifies whether the transaction is exempt from strong customer authentication (SCA) requirements in Europe because it is a low-risk transaction.
Low-risk transactions are described by the Payments Service Directive 2/Regulatory Technical Standards (PSD2/RTS) regulations.
Possible values:
- 0(default): Not exempt.
- 1: Exempt from SCA requirements because the transaction is low risk.
- Visa Platform Connect
- To set the default for this field, contact customer support.For Mastercard transactions, the value for this field corresponds to the following data in the TC 33 capture file:
- Record: CP01 TCR6
- Position: 145-146
- Field: Mastercard Low-Risk Merchant Indicator
For transactions with other card types, the value for this field corresponds to the following data in the TC 33 capture file:- Record: CP01 TCR8
- Position: 127
- Field: Transaction Risk Analysis Exemption Indicator
Specifications
- Data Type:String
- Data Length:1
Mapping Information
- REST API Field:consumerAuthenticationInformation. strongAuthentication.riskAnalysisExemptionIndicator
- SCMP API Field:risk_analysis_exemption_indicator
- Simple Order API Field:ccAuthService_riskAnalysisExemptionIndicator
consumerAuthenticationInformation. strongAuthentication.
secureCorporatePaymentIndicator
Exemption indicator for a secure corporate payment.
This field is available only for the
FDC Compass
and Visa Platform Connect
processors.This flag specifies whether the transaction is exempt from strong customer authentication
(SCA) requirements in Europe because the payment is a secure corporate payment. Indicates
that dedicated payment processes and procedures were used.
Possible values:
- 0(default): Not exempt.
- 1: Exempt from SCA requirements because the payment is a secure corporate payment.
Visa Platform Connect
: - Record: CP01 TCR6
- Position: 145-146
- Field: Mastercard Low-Risk Merchant Indicator
For transactions with other card types, the value for this field corresponds to the
following data in the TC 33 capture file:
- Record: CP01 TCR8
- Position: 129
- Field: Secure Corporate Payment Indicator
Specifications
- Data Type:String
- Dats Length:1
Mapping Information
- REST API Field:consumerAuthenticationInformation. strongAuthentication. secureCorporatePaymentIndicator
- SCMP API Field:secure_corporate_payment_indicator
- Simple Order API Fields:
- ccAuthService_secureCorporatePaymentIndicator
- payerAuthEnrollService_secureCorporatePaymentIndicator
consumerAuthenticationInformation. strongAuthentication. trustedMerchantExemptionIndicator
Exemption indicator for a trusted merchant.
This flag specifies whether the transaction is exempt from strong customer authentication (SCA) requirements in Europe because the customer trusts you.
This field is available only for the
FDC Compass
and Visa Platform Connect
processors. Possible values:
- 0(default): Not exempt.
- 1: Exempt from SCA requirements because the customer trusts the merchant.
- Visa Platform Connect
- For Mastercard transactions, the value for this field corresponds to the following data in the TC 33 capture file:
- Record: CP01 TCR6
- Position: 145-146
- Field: Mastercard Low-Risk Merchant Indicator
For transactions with other card types, the value for this field corresponds to the following data in the TC 33 capture file:- Record: CP07 TCR9
- Position: 8
- Field: Trusted Merchant Exemption Indicator
Specifications
- Data Type:String
- Data Length:1
Mapping Information
- REST API Field:consumerAuthenticationInformation. strongAuthentication.trustedMerchantExemptionIndicator
- SCMP API Field:trusted_merchant_exemption_indicator
- Simple Order API Field:ccAuthService_trustedMerchantExemptionIndicator
consumerAuthenticationInformation.
strongAuthentication.transactionMode
Transaction mode identifier. Identifies the channel
from which the transaction originates.
Possible values:
- M: MOTO (Mail Order Telephone Order)
- R: Retail
- S: E-commerce
- P: Mobile Device
- T: Tablet
Specifications
- Data Type:String
- Data Length:1
Mapping Information
- REST API Field:consumerAuthenticationInformation.strongAuthentication.transactionMode
- SCMP API Field:pa_transaction_mode
- Simple Order API Field:payerAuthEnrollService_transactionMode
consumerAuthenticationInformation.
threeDSServerOperatorId
The Directory Server-assigned 3-D Secure server identifier.
When checking enrollment and during validation for payer authentication, each Directory Server can provide a unique ID to each 3-D Secure server on an individual basis in the response.
Required for mada transactions.
Specifications
- Data Type:String
- Data Length:32
Mapping Information
- REST API Field:consumerAuthenticationInformation.threeDSServerOperatorId
- SCMP API Field:
- pa_enroll_pa_three_ds_server_operator_id
- pa_validate_pa_three_ds_server_operator_id
- Simple Order API Field:
- payerAuthEnrollReply_threeDSServerOperatorId
- payerAuthValidateReply_threeDSServerOperatorId
consumerAuthenticationInformation. threeDSServerTransactionId
Unique transaction identifier assigned by the 3-D Secure server to
identify a single transaction.
Specifications
- Data Type:String
- Data Length:36
Mapping Information
- REST API Field:consumerAuthenticationInformation. threeDSServerTransactionId
- SCMP API Field:pa_three_ds_server_transaction_id
- Simple Order API Fields:
- ccAuthService_threeDSServerTransactionID
- payerAuthEnrollReply_threeDSServerTransactionID
- payerAuthValidateReply_threeDSServerTransactionID
consumerAuthenticationInformation. transactionFlowIndicator
Indicates the RuPay seamless flow.
This field is supported only for
RuPay
.Possible Values:
- 01: Transaction performed by domestic merchant for authentication and authorization or authorization only.
- 02: Transaction performed by domestic merchant with token provisioning.
- 03: Transaction performed by international merchant.
- 04: Authentication transaction.
- 05: Authentication transaction for provisioning.
- 06: Domestic in-app transaction.
- 07: International in-app transaction.
Specifications
- Data Type:String
- Data Length:2
Mapping Information
- REST API Field:consumerAuthenticationInformation. transactionFlowIndicator
- SCMP API Field:No corresponding field.
- Simple Order API Field:No corresponding field.
consumerAuthenticationInformation. transactionToken
Token used to authenticate the customer.
This field is supported only on
RuPay
for the payer authentication seamless flow.Specifications
- Data Type:String
- Data Length:256
Mapping Information
- REST API Field:consumerAuthenticationInformation. transactionToken
- SCMP API Field:No corresponding field.
- Simple Order API Field:No corresponding field.
consumerAuthenticationInformation.
ucafAuthenticationData
Universal cardholder authentication field (UCAF) data.
This field is available only on the
FDC Compass
and Visa Platform Connect
processors.IMPORTANT
Mastercard has indicated that an issuing bank can downgrade an
authorization request to a non-secure transaction when the UCAF collection indicator is
1
and UCAF authentication data is not present. An issuing bank can choose
not to settle a downgraded Mastercard Identity Check transaction. When UCAF authentication
data is not present, set the UCAF collection indicator to 0
.The value for this field corresponds to the following data in the TC 33 capture file:
- Record: CP01 TCR8
- Position: 126-157
- Field: Mastercard UCAF Data
Specifications
- Data Type:String
- Data Length (request):32
- Data Length (response):255
Mapping Information
- REST API Field:consumerAuthenticationInformation.ucafAuthenticationData
- SCMP API Fields:
- pa_enroll_ucaf_authentication_data
- pa_validate_ucaf_authentication_data
- ucaf_authentication_data
- Simple Order API Fields:
- payerAuthEnrollReply_ucafAuthenticationData
- payerAuthValidateReply_ucafAuthenticationData
- ucaf_authenticationData
consumerAuthenticationInformation.
ucafCollectionIndicator
Universal cardholder authentication field (UCAF) collection
indicator used for Mastercard Identity Check.
- Cielo,Getnet, andRede
- For data only authorizations in Brazil, set this field to4.
When you request the payer authentication and authorization services separately, get the
value for this field from the
consumerAuthenticationInformation.ucafCollectionIndicator
response field.Possible values:
- 0: UCAF collection is not supported on your web site.
- 1: UCAF collection is supported on your web site, and the UCAF was populated.
- 2: UCAF collection is supported on your web site and the UCAF was populated. This value indicates a successful Mastercard Identity Check transaction. Use this value for Apple Pay and Samsung Pay transactions.
- 5: UCAF collection is supported at your web site, and the UCAF was populated based on the risk assessment that the issuer performed. This value is supported only for Masterpass transactions.
- 6: UCAF collection is supported at your web site, and the UCAF was populated based on the risk assessment that you performed. This value is supported only for Masterpass transactions.
When this value is returned, the field value indicates transaction was downgraded.
Possible values:
- 0: The transaction was downgraded.
- 1: The transaction was not downgraded.
IMPORTANT
A value of
0
for the UCAF collection indicator
response field for a Mastercard transaction indicates that Mastercard downgraded the
transaction. When Mastercard approves an authorization and downgrades the transaction, you
are responsible for the transaction. To confirm the downgrade, look at the e-commerce
indicator for the transaction in the Business Center. You can proceed with the transaction
if you want to accept responsibility. If you do not want to accept responsibility, reverse
the authorization, attempt to authenticate the customer again, and request another
authorization.Visa Platform Connect
The value for this field corresponds to the following data in the TC 33 capture file.
- Record: CP01 TCR7
- Position: 5
- Field: Mastercard Electronic Commerce Indicators—UCAF Collection Indicator
Specifications
- Data Type:String
- Data Length:1
Mapping Information
- REST API Field:consumerAuthenticationInformation.ucafCollectionIndicator
- SCMP API Fields:
- pa_enroll_ucaf_collection_indicator
- pa_validate_ucaf_collection_indicator
- ucaf_collection_indicator
- Simple Order API Fields:
- payerAuthEnrollReply_ucafCollectionIndicator
- payerAuthValidateReply_ucafCollectionIndicator
- ucaf_collectionIndicator
consumerAuthenticationInformation. validityPeriod
Number of minutes that the one-time password is valid for the incoming transaction.
This field is supported only for
RuPay
payer authentication seamless flow.Possible values:
00
- 30
.Specifications
- Data Type:Integer
- Data Length:5
Mapping Information
- REST API Field:consumerAuthenticationInformation. validityPeriod
- SCMP API Field:No corresponding field.
- Simple Order API Field:No corresponding field.
consumerAuthenticationInformation. veresEnrolled
Verification response enrollment status.
This field is available only on the
Asia, Middle East, and Africa Gateway
processor.Possible values:
- Y: Authentication available.
- N: Customer not participating.
- U: Unable to authenticate regardless of the reason.
Specifications
- Data Type:String
- Data Length:1
Mapping Information
- REST API Field:consumerAuthenticationInformation. veresEnrolled
- SCMP API Field:veres_enrolled
- Simple Order API Field:ccAuthService_veresEnrolled
consumerAuthenticationInformation. whiteListStatus
Enables the communication of trusted beneficiary and whitelist
status among the ACS, the directory server, and the 3-D Secure requester.
Possible values:
- Y: 3-D Secure requester is whitelisted by cardholder.
- N: 3-D Secure requester is not whitelisted by cardholder.
Specifications
- Data Type:String
- Data Length:1
Mapping Information
- REST API Field:consumerAuthenticationInformation. whiteListStatus
- SCMP API Field:pa_white_list_status
- Simple Order API Fields:
- payerAuthEnrollReply_whiteListStatus
- payerAuthValidateReply_whiteListStatus
consumerAuthenticationInformation. whiteListStatusSource
This field is populated by the system setting Whitelist
Status.
Possible values:
- 1: 3-D Secure server.
- 2: Directory server.
- 3: ACS.
Specifications
- Data Type:String
- Data Length:2
Mapping Information
- REST API Field:consumerAuthenticationInformation. whiteListStatusSource
- SCMP API Field:pa_white_list_status_source
- Simple Order API Fields:
- payerAuthEnrollReply_whiteListStatusSource
- payerAuthValidateReply_whiteListStatusSource
consumerAuthenticationInformation. xid
Transaction identifier.
This value must be 28-character Base64 or 40-character hex binary.
For Visa Secure on
FDC Nashville Global
, the value for this field is set to the
XID value when the XID is present in the authorization request and the CAVV is not
present.- Apple Pay and Samsung Pay Transactions
- American Express: For a 20-byte cryptogram, set this field to the cryptogram for authorizations with payment network tokens. For a 40-byte cryptogram, set this field to block A of the cryptogram for authorizations with payment network tokens. All cryptograms use one of these formats.
- Visa: The value for this field must be 28-character base64 or 40-character hex binary. All cryptograms use one of these formats.
Specifications
- Data Type:String
- Data Length (request):40
- Data Length (response):255
Mapping Information
- REST API Field:consumerAuthenticationInformation.xid
- SCMP API Fields:
- pa_enroll_xid
- pa_validate_xid
- xid
- Simple Order API Fields:
- ccAuthService_xid
- payerAuthEnrollReply_xid
- payerAuthValidateReply_xid