Use Case: Non-Payment Authentication

Non-Payment Authentication (NPA) requests enable a merchant to authenticate a customer without a transaction. A non-payment use case can be used for such tasks as adding a card to a merchant website, updating cardholder information on file, or to verify a cardholder's identity when creating a token for future use. The same authentication used during the checking enrollment process is used for NPA except the

consumerAuthenticationInformation.messageCategory

value must be set to

to specify that the authentication is not for a transaction.

Card-Specific Requirements

Some payment cards require information to be collected during a transaction.

consumerAuthenticationInformation. defaultCard: This field is recommended for Discover ProtectBuy.
consumerAuthenticationInformation.mcc: This field is required when the card type is Cartes Bancaires.
consumerAuthenticationInformation. productCode: This field is required for American Express SafeKey (U.S.) when the product code is
AIR
for an airline purchase.
merchantInformation.merchantDescriptor. name: This field is required for Visa Secure travel.
orderInformation.shipTo.addess1: This field is required only for American Express SafeKey (US).

orderInformation.shipTo.address2: This field is required only for American Express SafeKey (US.)
orderInformation.shipTo.administrativeArea: This field is required only for American Express SafeKey (US).
orderInformation.shipTo.country: This field is required only for American Express SafeKey (US).
orderInformation.shipTo.postalCode: This field is required for American Express SafeKey (US).

paymentInformation.card.type: This field is required when the card type is Cartes Bancaires, JCB, UPI, or Meeza.

Country-Specific Requirements

These fields are required for transactions in specific countries.

consumerAuthenticationInformation. merchantScore: This field is required for transactions processed in France.
consumerAuthenticationInformation. overrideCountryCode: For Meeza transactions, this value must be set to
EG
when Egypt is not set as the country in the merchant configuration during merchant onboarding.
merchantInformation.merchantDescriptor. country: For Meeza transactions, this value must be set to
EG
when Egypt is not set as the country in the merchant configuration during merchant onboarding.
orderInformation.billTo.administrativeArea: This field is required for transactions in the US and Canada.
orderinformation.billTo.locality: This field is required for transactions in the US and Canada.
orderInformation.billTo.postalCode: This field is required when the
orderInformation.billTo.country
field value is
US
or
CA
.

orderInformation.shipTo.administrativeArea: This field is required when the
orderInformation.shipTo.country
field value is
CA
,
US
, or
China
.

orderInformation.shipTo.postalCode: This field is required when the
orderInformation.shipTo.country
field value is
US
or
CA
.

Processor-Specific Requirements

These fields are required by specific processors for transactions.

processingInformation.authorizationOptions. transactionMode: This field is required only for merchants in Saudi Arabia.

Endpoint

Production:

POST https://api.cybersource.com/risk/v1/authentications

Test:

POST https://apitest.cybersource.com/risk/v1/authentications