Payer Authentication Examples

These examples list the API fields that are required or optional for the Setup, Check Enrollment, and Validate Authentication services. An example of a request payload and a successful response that occur with each service are provided. There are three types of examples when working with payer authentication:
  • Primary Account Number (PAN): Illustrates how the payer authentication services work with customer PANs during transactions.
  • Tokens: Illustrates how the payer authentication services work when using different types of tokens.
  • 3RI: Illustrates how the payer authentication services work with merchant initiated transactions.
In certain circumstances, some payment card companies and some countries require that additional information than the normal information be collected when authenticating the customer. These circumstances, and the API fields to use in those circumstances, are noted for each use case.

Setting Up Device Data Collection

Running the Setup service identifies the customer's bank and prepares for collecting data about the device that the customer is using to place the order.

Card-Specific Requirements

Some payment cards require specific information to be collected during a transaction.
This field is required when the card type is Cartes Bancaires, JCB, UnionPay International, or Meeza.

Country-Specific Requirements

These fields are required for transactions in specific countries.
For Meeza transactions, this value must be set to
EG
 when Egypt is not set as the country in merchant configuration during merchant onboarding.
This field is required for transactions in the US and Canada.
This field is required when the
orderInformation.billTo.country
 field value is
US
 or
CA
.
For Meeza transactions, this value must be set to
EG
 when Egypt is not set as the country in merchant configuration during merchant onboarding.

Endpoint

Production:
POST
https://api.cybersource.com
/risk/v1/authentication-setups
Test:
POST
https://apitest.cybersource.com
/risk/v1/authentication-setups
Payer Authentication Examples

Setting Up Device Data Collection Using Digital Payment (Google Pay)

Running the Setup service identifies the customer's bank and prepares for collecting data about the device that the customer is using to place the order. This use case demonstrates how the service works using a digital payment method like Google Pay.

Card-Specific Requirements

Some payment cards require specific information to be collected during a transaction.
This field is required when the card type is Cartes Bancaires, JCB, UnionPay International, or Meeza.

Country-Specific Requirements

These fields are required for transactions in specific countries.
For Meeza transactions, this value must be set to
EG
 when Egypt is not set as the country in merchant configuration during merchant onboarding.
This field is required for transactions in the US and Canada.
This field is required when the
orderInformation.billTo.country
 field value is
US
 or
CA
.
For Meeza transactions, this value must be set to
EG
 when Egypt is not set as the country in merchant configuration during merchant onboarding.

Endpoint

Production:
POST
https://api.cybersource.com
/risk/v1/authentication-setups
Test:
POST
https://apitest.cybersource.com
/risk/v1/authentication-setups
Payer Authentication Examples

Checking Enrollment in Payer Authentication

Running the Check Enrollment service identifies the customer's bank and collects data about the device that the customer is using to place the order.

Card-Specific Requirements

Some payment cards require information to be collected during a transaction.
This field is recommended for Discover ProtectBuy.
This field is required when the card type is Cartes Bancaires.
This field is required for American Express SafeKey (U.S.) when the product code is
AIR
 for an airline purchase.
This field is required for Visa Secure travel.
This field is required only for American Express SafeKey (US).
This field is required only for American Express SafeKey (US.)
This field is required only for American Express SafeKey (US).
This field is required only for American Express SafeKey (US).
This field is required for American Express SafeKey (US).
This field is required when the card type is Cartes Bancaires, JCB, UnionPay International, or Meeza.

Country-Specific Requirements

These fields are required for transactions in specific countries.
This field is required for transactions processed in France.
For Meeza transactions, this value must be set to
EG
 when Egypt is not set as the country in the merchant configuration during merchant onboarding.
For Meeza transactions, this value must be set to
EG
 when Egypt is not set as the country in the merchant configuration during merchant onboarding.
This field is required for transactions in the US and Canada.
This field is required for transactions in the US and Canada.
This field is required when the
orderInformation.billTo.country
 field value is
US
 or
CA
.
This field is required when the
orderInformation.shipTo.country
 field value is
CA
,
US
, or
China
.
This field is required when the
orderInformation.shipTo.country
 field value is
US
 or
CA
.

Processor-Specific Requirements

These fields are required by specific processors for transactions.
This field is required only for merchants in Saudi Arabia.

Endpoint

Production:
POST
https://api.cybersource.com
/risk/v1/authentications
Test:
POST
https://apitest.cybersource.com
/risk/v1/authentications
Payer Authentication Examples

Checking Enrollment in Payer Authentication Using Digital Payment (Google Pay)

Running the Check Enrollment service collects data about the device that the customer is using to place the order and verifies that the customer is enrolled in a payer authentication program. This use case demonstrates how the service works with a digital payment method like Google Pay.

Card-Specific Requirements

Some payment cards require information to be collected during a transaction.
This field is recommended for Discover ProtectBuy.
This field is required when the card type is Cartes Bancaires.
This field is required for American Express SafeKey (U.S.) when the product code is
AIR
 for an airline purchase.
This field is required for Visa Secure travel.
This field is required only for American Express SafeKey (US).
This field is required only for American Express SafeKey (US.)
This field is required only for American Express SafeKey (US).
This field is required only for American Express SafeKey (US).
This field is required for American Express SafeKey (US).
This field is required when the card type is Cartes Bancaires, JCB, UnionPay International, or Meeza.

Country-Specific Requirements

These fields are required for transactions in specific countries.
This field is required for transactions processed in France.
For Meeza transactions, this value must be set to
EG
 when Egypt is not set as the country in the merchant configuration during merchant onboarding.
For Meeza transactions, this value must be set to
EG
 when Egypt is not set as the country in the merchant configuration during merchant onboarding.
This field is required for transactions in the US and Canada.
This field is required for transactions in the US and Canada.
This field is required when the
orderInformation.billTo.country
 field value is
US
 or
CA
.
This field is required when the
orderInformation.shipTo.country
 field value is
CA
,
US
, or
China
.
This field is required when the
orderInformation.shipTo.country
 field value is
US
 or
CA
.

Processor-Specific Requirements

These fields are required by specific processors for transactions.
This field is required only for merchants in Saudi Arabia.

Endpoint

Production:
POST
https://api.cybersource.com
/risk/v1/authentications
Test:
POST
https://apitest.cybersource.com
/risk/v1/authentications
Payer Authentication Examples

Validating a Challenge

Running the Validation service compares the customer's response to the challenge from the issuing bank to validate the customer identity.

Card-Specific Requirements

Some payment cards require additional information to be collected during a transaction.
This field is recommended for Discover ProtectBuy.
This field is required when the card type is Cartes Bancaires.
This field is required for American Express SafeKey (US) when the product code is
AIR
 for an airlinepurchase).
This field is required for Visa Secure travel.
This field is required only for American Express SafeKey (US).
This field is required only for American Express SafeKey (US)

Country-Specific Requirements

These fields are required for transactions in specific countries.
This field is required for transactions processed in France.
This field is required for transactions in the US and Canada.
This field is required for transactions in the US and Canada.
This field is required when the
orderInformation.billTo.country
 field value is
US
 or
CA
.

Endpoint

Production:
POST
https://api.cybersource.com
/risk/v1/authentication-results
Test:
POST
https://apitest.cybersource.com
/risk/v1/authentication-results
Payer Authentication Examples

Validating a Challenge Using Digital Payment (Google Pay)

Running the Validation service compares the customer's response to the challenge from the issuing bank to validate the customer identity.

Card-Specific Requirements

Some payment cards require additional information to be collected during a transaction.
This field is recommended for Discover ProtectBuy.
This field is required when the card type is Cartes Bancaires.
This field is required for American Express SafeKey (US) when the product code is
AIR
 for an airlinepurchase).
This field is required for Visa Secure travel.
This field is required only for American Express SafeKey (US).
This field is required only for American Express SafeKey (US)

Country-Specific Requirements

These fields are required for transactions in specific countries.
This field is required for transactions processed in France.
This field is required for transactions in the US and Canada.
This field is required for transactions in the US and Canada.
This field is required when the
orderInformation.billTo.country
 field value is
US
 or
CA
.

Endpoint

Production:
POST
https://api.cybersource.com
/risk/v1/authentication-results
Test:
POST
https://apitest.cybersource.com
/risk/v1/authentication-results
Payer Authentication Examples

Validating and Authorizing a Transaction

The Validation service can be combined with the Authorization service so that when a customer's authentication is validated, the transaction is automatically submitted for authorization.

Fields Specific to the Visa Secure Use Case

These API fields are required specifically for this use case.
Set this field to
vbv
 for a successful authentication (EMV 3-D Secure value of
05
),
vbv_attempted
 if authentication was attempted but did not succeed (EMV 3-D Secure value of
06
), or
vbv_failure
 if authentication failed (EMV 3-D Secure value of
07
).
This field is required when payer authentication is successful.

Card-Specific Requirements

Some payment cards require information to be collected during a transaction.
This field is recommended for Discover ProtectBuy.
This field is required when the card type is Cartes Bancaires.
This field is required for American Express SafeKey (US) when the product code is
AIR
 for an airline purchase.
This field is required for Visa Secure travel.
This field is required only for American Express SafeKey (US).
This field is required only for American Express SafeKey (US)

Country-Specific Requirements

These fields are required for transactions in specific countries.
This field is required for transactions processed in France.
This field is required for transactions in the US and Canada.
This field is required when the
orderInformation.billTo.country
 field value is
US
 or
CA
.
This field is required for transactions in the US and Canada.

Endpoint

Production:
POST
https://api.cybersource.com
/pts/v2/payments
Test:
POST
https://apitest.cybersource.com
/pts/v2/payments
Payer Authentication Examples

Non-Payment Authentication

Non-Payment Authentication (NPA) requests enable a merchant to authenticate a customer without a transaction. A non-payment use case can be used for such tasks as adding a card to a merchant website, updating cardholder information on file, or to verify a cardholder's identity when creating a token for future use. The same authentication used during the checking enrollment process is used for NPA. Non-payment use cases are enabled using a combination of the
consumerAuthenticationInformation.messageCategory
 and
consumerAuthenticationInformation.strongAuthentication.authenticationIndicator
 values. For example to add a card to a loyalty program, set the Message Category value to
02
 and the Authentication Indicator value to
04
. For other possible NPA use cases, refer to the other possible values for
consumerAuthenticationInformation.messageCategory
 value must be set to
02
 (non-payment authentication) to specify that the authentication is not for a transaction.

Card-Specific Requirements

Some payment cards require information to be collected during a transaction.
This field is recommended for Discover ProtectBuy.
This field is required when the card type is Cartes Bancaires.
This field is required for American Express SafeKey (U.S.) when the product code is
AIR
 for an airline purchase.
This field is required for Visa Secure travel.
This field is required only for American Express SafeKey (US).
This field is required only for American Express SafeKey (US.)
This field is required only for American Express SafeKey (US).
This field is required only for American Express SafeKey (US).
This field is required for American Express SafeKey (US).
This field is required when the card type is Cartes Bancaires, JCB, UnionPay International, or Meeza.

Country-Specific Requirements

These fields are required for transactions in specific countries.
This field is required for transactions processed in France.
For Meeza transactions, this value must be set to
EG
 when Egypt is not set as the country in the merchant configuration during merchant onboarding.
For Meeza transactions, this value must be set to
EG
 when Egypt is not set as the country in the merchant configuration during merchant onboarding.
This field is required for transactions in the US and Canada.
This field is required for transactions in the US and Canada.
This field is required when the
orderInformation.billTo.country
 field value is
US
 or
CA
.
This field is required when the
orderInformation.shipTo.country
 field value is
CA
,
US
, or
China
.
This field is required when the
orderInformation.shipTo.country
 field value is
US
 or
CA
.

Processor-Specific Requirements

These fields are required by specific processors for transactions.
This field is required only for merchants in Saudi Arabia.

Endpoint

Production:
POST
https://api.cybersource.com
/risk/v1/authentications
Test:
POST
https://apitest.cybersource.com
/risk/v1/authentications
Payer Authentication Examples

Authentication with TMS Tokens

Payer Authentication Examples

Authentication with Flex Microform Tokens

A Flex Microform token is valid for 15 minutes. After 15 minutes, a new Flex Microform token is needed.
Payer Authentication Examples

Authentication with Tokenized Cards

Payer Authentication Examples

Merchant-Initiated Transactions

A 3RI transaction is an EMV 3-D Secure transaction that is initiated by the merchant instead of the cardholder. The merchant keeps the payment data from the initial payment so that the cardholder does not have to be present for subsequent 3RI transactions. Having the payment details from a previous transaction enables the merchant to obtain a new Cardholder Authentication Verification Value (CAVV) to authenticate when authorizing future payments.
The authorization request contains the
consumerAuthenticationInformation.deviceChannel
 field. This process can be applied to these types of transactions:
  • Recurring payments: payments occur at regular intervals for an indefinite interval like subscription services.
  • Installment payments: payments occur at regular intervals for a fixed interval.
  • Refunded purchases: the cost of an item is refunded before the item is received. Any charges for damage or missing items can be charged back to the customer using a 3RI transaction.
  • Delayed shipments: an ordered item is out of stock delaying the shipment until the item is back in stock.
  • Split payments: an order is fulfilled in split shipments rather than in a single shipment because one of multiple items in the order is temporarily out of stock.
  • Multiple party commerce: a single entity or party makes multiple transactions with different merchants, for example, a travel agent booking flights, hotels, and tour excursions.
  • Unknown final transaction amount: extra charges are made to the customer for items such as hotel services, driving citations, or tips.
Payer Authentication Examples