REST API

Which Device Data is Collected

One of the key components to authenticating a cardholder during an online transaction is to compare information about the device that the buyer is currently using to information in the bank database about devices the buyer used in past transactions. This information is maintained in the acess control server (ACS) at the issuing bank. This device information focuses on the web browser and includes these types of data:
  • IP address
  • Browser language
  • Browser type
  • Browser version
  • Computer operating system
  • System time zone
  • Screen dimensions
  • Color depth
A successful device data collection process that includes the 11 browser fields listed in the check enrollment step increases the chances of a frictionless authentication. Business rules evaluate whether a transaction is risky enough to require the buyer to authenticate their identity. These business rules are configured in the issuer's risk analysis software that evaluates each transaction.