Use Case: Checking Enrollment in Payer Authentication While Using a Stored Payment Credential (TMS Token)

Running the Check Enrollment service identifies the customer's bank and collects data about the device that the customer is using to place the order. This example includes using a token during the process.

Card-Specific Requirements

Some payment cards require information to be collected during a transaction.

consumerAuthenticationInformation. defaultCard: This field is recommended for Discover ProtectBuy.
consumerAuthenticationInformation.mcc: This field is required when the card type is Cartes Bancaires.
consumerAuthenticationInformation. productCode: This field is required for American Express SafeKey (US) when the product code is
AIR
for an airline purchase.
merchantInformation.merchantDescriptor. name: This field is required for Visa Secure travel.
orderInformation.shipTo.addess1: This field is required only for American Express SafeKey (US).

orderInformation.shipTo.address2: This field is required only for American Express SafeKey (US.)
orderInformation.shipTo.administrativeArea: This field is required only for American Express SafeKey (US).
orderInformation.shipTo.country: This field is required only for American Express SafeKey (US).
orderInformation.shipTo.postalCode: This field is required for American Express SafeKey (US).

paymentInformation.card.type: This field is required when the card type is Cartes Bancaires, JCB, UPI, or Meeza.

Country-Specific Requirements

These fields are required for transactions in specific countries.

consumerAuthenticationInformation. merchantScore: This field is required for transactions processed in France.
consumerAuthenticationInformation. overrideCountryCode: For Meeza transactions, this value must be set to
EG
if Egypt was not set as the country in the merchant configuration during merchant onboarding.
merchantInformation.merchantDescriptor. country: For Meeza transactions, this value must be set to
EG
if Egypt was not set as the country in the merchant configuration during merchant onboarding.
orderInformation.billTo.administrativeArea: This field is required for transactions in the US, Canada, and Mainland China.
orderinformation.billTo.locality: This field is required for transactions in the US, Canada, and Mainland China.
orderInformation.billTo.postalCode: This field is required when the
orderInformation.billTo.country
field value is
US
or
CA
.

orderInformation.shipTo.administrativeArea: This field is required when the
orderInformation.shipTo.country
field value is
CA
,
US
, or
China
.

orderInformation.shipTo.postalCode: This field is required when the
orderInformation.shipTo.country
field value is
US
or
CA
.

Processor-Specific Requirements

These fields are required by specific processors for transactions.

processingInformation.authorizationOptions. transactionMode: This field is required only for merchants in Saudi Arabia.

Endpoint

Production:

POST https://api.cybersource.com/risk/v1/authentications

Test:

POST https://apitest.cybersource.com/risk/v1/authentications

Required Fields for Checking Enrollment in Payer Authentication While Using a Stored Payment Credential (TMS Token)

These fields are the minimum fields required for verifying that a customer is enrolled in a payer authentation program. Under certain circumstances, a field that normally is optional might be required. The circumstance that makes an optional field required is noted.

clientReferenceInformation.code
> consumerAuthenticationInformation. overrideCountryCode: For Meeza transactions, this value must be set to
EG
if Egypt was not set as the country in the merchant configuration during the merchant onboarding.
consumerAuthenticationInformation.referenceId
consumerAuthenticationInformation.returnUrl
merchantInformation.merchantDescriptor. country: For Meeza transactions, this value must be set to
EG
if Egypt was not set as the country in the merchant configuration during merchant onboarding.
orderInformation.amountDetails.currency
orderInformation.amountDetails.totalAmount: This field is required when the
orderInformation.lineItems.unitPrice
field is not used.
orderInformation.billTo.address1
orderInformation.billTo.administrativeArea: This field is required for the US, Canada, and Mainland China.
orderInformation.billTo.country: This field is required for the US, Canada, and Mainland China. For Mainland China, use the ISO 3166-2 format.
orderInformation.billTo.email
orderInformation.billTo.firstName
orderInformation.billTo.lastName
orderInformation.billTo.postalCode
paymentInformation.card.expirationYear: This field is required when the
paymentInformation.card.number
field is included.
paymentInformation.card.expirationMonth: This field is required when the
paymentInformation.card.number
field is included.
paymentInformation.card.type
paymentInformation.tokenizedCard. cryptogram: This field is strongly recommended.
paymentInformation.tokenizedCard. expirationMonth: This field is used with network tokens.
paymentInformation.tokenizedCard. expirationYear: This field is used with network tokens.
paymentInformation.tokenizedCard.number: This field is carries the network token information.
paymentInformation.tokenizedCard. transactionType: This field is used with network tokens.
paymentInformation.tokenizedCard.type: This field is used with network tokens.

Optional Fields for Checking Enrollment in Payer Authentication

These fields are usually optional when verifying enrollment for a Payer Authentication transaction. In certain circumstances, the information provided by an optional field might be required before a transaction can proceed. Those optional fields that are sometimes required are also listed as required fields with the circumstance described.

IMPORTANT

The fields that are marked with a single asterisk (*) in front are browser-related fields. The information collected by these browser-related fields, while not required, is highly recommended for all EMV 3-D Secure transactions.

IMPORTANT

The fields that are marked with a double asterisk (**) at the end will be required as part of the EMV 3-D Secure 2.x minimum data requirements for Visa Secure. These conditionally optional fields will be removed from the optional fields list and moved to the required list on August 12, 2024.

acquirerInformation.bin
acquirerInformation.country
acquirerInformation.merchantId
buyerInformation.mobilePhone**: Required (when available) unless market or regional mandate restricts sending this information.
buyerInformation.workPhone**: Required (when available) unless market or regional mandate restricts sending this information.
consumerAuthenticationInformation.acsWindowSize
consumerAuthenticationInformation.alternateAuthenticationData
consumerAuthenticationInformation.alter nateAuthenticationDate
consumerAuthenticationInformation.alternateAuthenticationMethod
consumerAuthenticationInformation.auth enticationTransactionId
consumerAuthenticationInformation.chal lengeCode: WARNING

Modifying this field could affect liability shifts down the payment chain. Unless you are very familiar with the various types of authentication, do not change the default settings before consulting with customer support.
consumerAuthenticationInformation.creden tialEncrypted
consumerAuthenticationInformation.cus tomerCardAlias
consumerAuthenticationInformation.sdkMax Timeout
consumerAuthenticationInformation.decoup ledAuthenticationIndicator
consumerAuthenticationInformation.decoup ledAuthenticationMaxTime
consumerAuthenticationInformation.default Card: Recommended for Discover ProtectBuy.
*consumerAuthenticationInformation.device Channel
consumerAuthenticationInformation.market ingOptIn: Recommended for Discover ProtectBuy.
consumerAuthenticationInformation.market ingSource: Recommended for Discover ProtectBuy.
consumerAuthenticationInformation.mcc
consumerAuthenticationInformation.merch antFraudRate
consumerAuthenticationInformation.merch antScore
consumerAuthenticationInformation.mess ageCategory
consumerAuthenticationInformation.otpTo ken
consumerAuthenticationInformation.over rideCountryCode
consumerAuthenticationInformation.over ridePaymentMethod
consumerAuthenticationInformation.prior AuthenticationData
consumerAuthenticationInformation.prior AuthenticationMethod
consumerAuthenticationInformation.prior AuthenticationReferenceId
consumerAuthenticationInformation.prior AuthenticationTime
consumerAuthenticationInformation.prod uctCode
consumerAuthenticationInformation.reque storName
consumerAuthenticationInformation.refer enceID
consumerAuthenticationInformation.request orInitiatedAuthenticationIndicator
consumerAuthenticationInformation.returnURL
consumerAuthenticationInformation.score Request
consumerAuthenticationInformation.sdkMax Timeout
consumerAuthenticationInformation.strong Authentication.authenticationIndicator
consumerAuthenticationInformation.strong Authentication.secureCorporate PaymentIndicator
consumerAuthenticationInformation.strong Authentication.transactionMode
consumerAuthenticationInformation.whiteListStatus
*deviceInformation.httpAcceptBrowserValue
*deviceInformation.httpAcceptContent
*deviceInformation.httpBrowserColorDepth
*deviceInformation.httpBrowserJavaEnabled
*deviceInformation.httpBrowserJavaScript Enabled
*deviceInformation.httpBrowserLanguage
*deviceInformation.httpBrowserScreenHeight**
*deviceInformation.httpBrowserScreenWidth**
*deviceInformation.httpBrowserTimeDif ference
*deviceInformation.ipAddress**
*deviceInformation.userAgentBrowserValue: When the customer’s browser provides a value, you must include that value in your request.
merchantInformation.merchantDescriptor. name
merchantInformation.merchantDescriptor.url
orderInformation.amountDetails.currency
orderInformation.billTo.address2
orderInformation.billTo.country**
orderInformation.billTo.email**
orderInformation.billTo.firstName**
orderInformation.billTo.lastName**
orderinformation.billTo.locality**
orderInformation.billTo.phoneNumber**: Required (when available) unless market or regional mandate restricts sending this information.
orderInformation.billTo.postalCode**
orderInformation.lineItems.passenger.first Name
orderInformation.lineItems.passenger.last Name
orderInformation.lineItems.product Description
orderInformation.lineItems.productName
orderInformation.lineItems.productSku
orderInformation.lineItems.quantity
orderInformation.lineItems.shippingAddress1
orderInformation.lineItems.shippingAddress2
orderInformation.lineItems.shippingCity
orderInformation.lineItems.shippingCountry Code
orderInformation.lineItems.shippingDestina tionTypes
orderInformation.lineItems.shippingLast Name
orderInformation.lineItems.shippingMiddle Name
orderInformation.lineItems.shippingPhone
orderInformation.lineItems.shippingPostal Code
orderInformation.lineItems.shippingState
orderInformation.lineItems.unitPrice
orderInformation.lineItems[].quantity
orderInformation.lineItems[].totalAmount
orderInformation.lineItems.shippingDestina tionTypes
orderInformation.reordered
orderInformation.shippingDetails.shippingMethod
orderInformation.shipTo.addess1
orderInformation.shipTo.address2
orderInformation.shipTo.address3
orderInformation.shipTo.administrativeArea
orderInformation.shipTo.country
orderInformation.shipTo.destinationCode
orderInformation.shipTo.email
orderInformation.shipTo.firstName
orderInformation.shipTo.lastName
orderInformation.shipTo.middleName
orderInformation.shipTo.locality
orderInformation.shipTo.phoneNumber
orderInformation.shipTo.postalCode
orderInformation.totalOffersCount
paymentInformation.card.type: Strongly recommended.
paymentInformation.card.securityCode
paymentInformation.fluidData.value
paymentInformation.tokenizedCard. cryptogram: Strongly recommended.
paymentInformation.tokenizedcard.expirationMonth
paymentInformation.tokenizedCard.expirationYear
paymentInformation.tokenizedcard.number
paymentInformation.tokenizedCard.transactionType
paymentInformation.tokenizedCard.type
recurringPaymentsInformation.original PurchaseDate: When this field is empty, the current date is used.
riskInformation.buyerHistory.transaction CountDay: Recommended for Discover ProtectBuy. Contact customer support for more information about this field.
riskInformation.buyerHistory.transaction CountYear: Recommended for Discover ProtectBuy. Contact customer support for more information about this field.
riskInformation.buyerHistory.accountPur chases: Contact customer support for more information about this field.
riskInformation.buyerHistory.addCard Attempts: Recommended for Discover ProtectBuy. Contact customer support for more information about this field.
riskInformation.buyerHistory.customer Account.createDate: Recommended for Discover ProtectBuy. Contact customer support for more information about this field.
riskInformation.buyerHistory.customerAc count.lastChangeDate: Recommended for Discover ProtectBuy. Contact customer support for more information about this field.
riskInformation.buyerHistory.customerAc count.passwordChangeDate: Recommended for Discover ProtectBuy. Contact customer support for more information about this field.
riskInformation.buyerHistory.customerAc count.shipAddressUsageDate: Contact customer support for more information about this field.
riskInformation.buyerHistory.paymentAc countDate: Contact customer support for more information about this field.
riskInformation.buyerHistory.priorSuspic iousActivity: Contact customer support for more information about this field.
riskInformation.buyerHistory.transaction CountDay: Contact customer support for more information about this field.
riskInformation.buyerHistory.transaction CountYear: Contact customer support for more information about this field.
travelInformation.legs.carrierCode
travelInformation.legs.departureDate
travelInformation.legs.origination
travelInformation.numberOfPassengers
java.io.PrintWriter@1e5c4291 travelInformation.passengers.firstName
travelInformation.passengers.lastName

REST Example: Checking Enrollment While Using a Token

Endpoint

Production:

POST https://api.cybersource.com/risk/v1/authentication

Test:

POST https://apitest.cybersource.com/risk/v1/authentication

Request

    {
    "orderInformation": {
        "amountDetails": {
            "currency": "USD",
            "totalAmount": "10.99"
        },
        "billTo": {
            "address1": "901 metro center blvd",
            "address2": "metro 3",
            "administrativeArea": "CA",
            "country": "US",
            "locality": "san francisco",
            "firstName": "John",
            "lastName": "Doe",
            "phoneNumber": "4158880000",
            "postalCode": "94404",
            "email": "test@email.com"
        }
    },
    "paymentInformation": {
        "card": {
            "expirationMonth": "05",(Required)
            "expirationYear": "2029" (Required)
        }
    },
    "customer": {
      "customerId": "1108590036500854"
    }
  },
  "deviceInformation": {
    "httpAcceptBrowserValue": "data",
    "httpAcceptContent": "pa_http_user_accept_value",
    "httpBrowserLanguage": "en_us",
    "httpBrowserJavaEnabled": "false",
    "httpBrowserJavaScriptEnabled": "false",
    "httpBrowserColorDepth": "24",
    "httpBrowserScreenHeight": "864",
    "httpBrowserScreenWidth": "1536",
    "httpBrowserTimeDifference": "300",
    "userAgentBrowserValue": "123"
  },

      "consumerAuthenticationInformation": {
        "deviceChannel": "Browser"
    }
}

Response to a Successful Request

    {
    "consumerAuthenticationInformation": {
        "eciRaw": "05",
        "authenticationTransactionId": "1uYPvYpKtpKafAp05J10",
        "strongAuthentication": {
           "OutageExemptionIndicator": "0"
        },
        "eci": "05",
        "token": "AxjzbwSThBz8GGbMi0LEAG8BT34OR7yfSBcS0CqGTSTL0Yvue1AHgAAAWRZ8",
        "cavv": "AJkBBkhgQQAAAE4gSEJydQAAAAA=",
        "paresStatus": "Y",
        "acsReferenceNumber": "Cardinal ACS",
        "xid": "AJkBBkhgQQAAAE4gSEJydQAAAAA=",
        "directoryServerTransactionId": "2e098b7f-a71a-4108-be81-a0b7ea640068",
        "veresEnrolled": "Y",
        "threeDSServerTransactionId": "6f3bf625-4643-4952-a654-2c73d75e2a2f",
        "acsOperatorID": "MerchantACS",
        "ecommerceIndicator": "vbv",
        "specificationVersion": "2.1.0",
        "acsTransactionId": "5333668d-a07c-49df-9e9a-3f2d8e08cefe"
        },
        "id": "7159425271756296504004",
        "paymentInformation": {
           "card": {
           "bin": "400009",
           "type": "VISA"
        }
   },
   "status": "AUTHENTICATION_SUCCESSFUL",
   "submitTimeUtc": "2024-05-17T10:42:07Z"
}

Simple Order Example: Checking Enrollment Using a Token

Request

    billTo_city=Mountain View
billTo_country=US
billTo_email=test@yahoo.com
billTo_firstName=Tanya
billTo_lastName=Lee
billTo_postalCode=94043
billTo_state=CA
billTo_street1=1234 Gold Ave
card_cardType=001
card_cvNumber=111
card_expirationMonth=12
card_expirationYear=2030
ccAuthService_run=true
merchantID=patest
merchantReferenceCode=0001
payerAuthEnrollService_referenceID=f13fe5e0-9b47-4ea1-a03a-ec360f4d0f9f
payerAuthEnrollService_returnURL=https://example.com/step-up-return-url.jsp
payerAuthEnrollService_run=true
purchaseTotals_currency=USD
purchaseTotals_grandTotalAmount=30.00
recurringSubscriptionInfo_subscriptionID=uff9-hb498gu498

Response to a Successful Request

    decision=REJECT
merchantReferenceCode=0001
payerAuthEnrollReply_accessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiI1MDc4OTI0Mi0z YmEzLTRhZTItYWQwOS1kZjZkODk2NWQ5MjciLCJpYXQiOjE1OTgyOTk1MjQsImlzcyI6IjVkZDgzYmYwMGU0MjNk MTQ5OGRjYmFjYSIsImV4cCI6MTU5ODMwMzEyNCwiT3JnVW5pdElkIjoiNTVlZjNmMTBmNzIzYWE0MzFjOTliNWViIi wiUGF5bG9hZCI6eyJBQ1NVcmwiOiJodHRwczovLzBtZXJjaGFudGFjc3N0YWcuY2FyZGluYWxjb21tZXJjZS5jb20 vTWVyY2hhbnRBQ1NXZWIvY3JlcS5qc3AiLCJQYXlsb2FkIjoiZXlKdFpYTnpZV2RsVkhsd1pTSTZJa05TWlhFaUxDS nRaWE56WVdkbFZtVnljMmx2YmlJNklqSXVNaTR3SWl3aWRHaHlaV1ZFVTFObGNuWmxjbFJ5WVc1elNVUWlPaUkzT kRNeVlUWXdNQzA0TXpNMkxUUm1PRGN0WVdKbE9TMDJObVkzTkRFM01EaGhNV1FpTENKaFkzTlVjbUZ1YzBsRUlqb 2lPR0U1TkRkaU9ETXRNRFJpTkMwMFltVmlMV0V5WWpNdFpHTmpNV0UxWmprMFlURXlJaXdpWTJoaGJHeGxibWRsVj JsdVpHOTNVMmw2WlNJNklqQXlJbjAiLCJUcmFuc2FjdGlvbklkIjoiVEQ1b1MwbzFGQzY1cWF2MHhzeDAifS wiT2JqZWN0aWZ5UGF5bG9hZCI6dHJ1ZSwiUmV0dXJuVXJsIjoiaHR0cHM6Ly9leGFtcGxlLmNvbS9zdGVwLXV wLXJldHVybi11cmwuanNwIn0.8wZ8XhLgOIIRvgEUugvYrRAi-efavZTNM0tWInYLTfE
payerAuthEnrollReply_acsTransactionID=8a947b83-04b4-4beb-a2b3-dcc1a5f94a12
payerAuthEnrollReply_acsURL=https://0merchantacsstag.cardinalcommerce.com/MerchantACSWeb/creq.jsp
payerAuthEnrollReply_authenticationTransactionID=TD5oS0o1FC65qav0xsx0
payerAuthEnrollReply_cardBin=40000000
payerAuthEnrollReply_cardTypeName=VISA
payerAuthEnrollReply_challengeRequired=false
payerAuthEnrollReply_directoryServerTransactionID=395fb036-cfc6-462b-b28d-d6ed7c970cdd
payerAuthEnrollReply_paReq=eyJtZXNzYWdlVHlwZSI6IkNSZXEiLCJtZXNzYWdlVmVyc2lvbiI6IjIuMi4wIiwidGhy ZWVEU1NlcnZlclRyYW5zSUQiOiI3NDMyYTYwMC04MzM2LTRmODctYWJlOS02NmY3NDE3MDhhMWQiLCJhY3NU cmFuc0lEIjoiOGE5NDdiODMtMDRiNC00YmViLWEyYjMtZGNjMWE1Zjk0YTEyIiwiY2hhbGxlbmdlV2luZG93U2l 6ZSI6IjAyIn0
payerAuthEnrollReply_reasonCode=475
payerAuthEnrollReply_specificationVersion=2.2.0
payerAuthEnrollReply_stepUpUrl=https://centinelapistag.cardinalcommerce.com/V2/Cruise/StepUp
payerAuthEnrollReply_threeDSServerTransactionID=7432a600-8336-4f87-abe9-66f741708a1d
payerAuthEnrollReply_veresEnrolled=Y
reasonCode=475
requestID=5982995245816268803007
requestToken=AxjzbwSTRFa9DM1xnUu/ABEBURwlqsQ5pAy7gDtXb0kyro9JLIYA8AAA2wK2