Authentication with TMS Tokens

Setting Up Device Data Collection with a TMS Token

Running the Setup service identifies the customer's bank and prepares for collecting data about the device that the customer is using to place the order. In this scenario, a TMS token is used instead of the card.

Card-Specific Requirements

Some payment cards require specific information to be collected during a transaction.

paymentInformation.card.type: This field is required when the card type is Cartes Bancaires, JCB, UnionPay International, or Meeza.

Country-Specific Requirements

These fields are required for transactions in specific countries.

consumerAuthenticationInformation. overrideCountryCode: For Meeza transactions, this value must be set to
EG
if Egypt was not set as the country in merchant configuration during merchant onboarding.; This field is required for transactions in the US and Canada.
orderInformation.billTo.postalCode: This field is required when the
orderInformation.billTo.country
field value is
US
or
CA
.

merchantInformation.merchantDescriptor. country: For Meeza transactions, this value must be set to
EG
if Egypt was not set as the country in merchant configuration during merchant onboarding.

Endpoint

Production:

POST https://api.cybersource.com/risk/v1/authentication-setups

Test:

POST https://apitest.cybersource.com/risk/v1/authentication-setups

Authentication with TMS Tokens

Checking Enrollment When Using a TMS Token

Running the Check Enrollment service identifies the customer's bank and collects data about the device that the customer is using to place the order. This use case demostrates this process while using a TMS token.

Card-Specific Requirements

Some payment cards require additional information to be collected during a transaction.

consumerAuthenticationInformation. defaultCard: This field is recommended for Discover ProtectBuy.
consumerAuthenticationInformation.mcc: This field is required when the card type is Cartes Bancaires.
consumerAuthenticationInformation. productCode: This field is required for American Express SafeKey (US) when the product code is
AIR
for an airline purchase.
merchantInformation.merchantDescriptor. name: This field is required for Visa Secure travel.
orderInformation.shipTo.addess1: This field is required only for American Express SafeKey (US).

orderInformation.shipTo.address2: This field is required only for American Express SafeKey (US.)
orderInformation.shipTo.administrativeArea: This field is required only for American Express SafeKey (US).
orderInformation.shipTo.country: This field is required only for American Express SafeKey (US).
orderInformation.shipTo.postalCode: This field is required for American Express SafeKey (US).

paymentInformation.card.type: This field is required when the card type is Cartes Bancaires, JCB, UnionPay International, or Meeza.

Country-Specific Requirements

These fields are required for transactions in specific countries.

consumerAuthenticationInformation. merchantScore: This field is required for transactions processed in France.
consumerAuthenticationInformation. overrideCountryCode: For Meeza transactions, this value must be set to
EG
when Egypt is not set as the country in the merchant configuration during merchant onboarding.
merchantInformation.merchantDescriptor. country: For Meeza transactions, this value must be set to
EG
when Egypt is not set as the country in the merchant configuration during merchant onboarding.
orderInformation.billTo.administrativeArea: This field is required for transactions in the US and Canada.
orderinformation.billTo.locality: This field is required for transactions in the US and Canada.
orderInformation.billTo.postalCode: This field is required when the
orderInformation.billTo.country
field value is
US
or
CA
.

orderInformation.shipTo.administrativeArea: This field is required when the
orderInformation.shipTo.country
field value is
CA
or
US
.

orderInformation.shipTo.postalCode: This field is required when the
orderInformation.shipTo.country
field value is
US
or
CA
.

Processor-Specific Requirements

These fields are required by specific processors for transactions.

transaction-mode.html processingInformation.authorizationOptions. transactionMode: This field is required only for merchants in Saudi Arabia.

Endpoint

Production:

POST https://api.cybersource.com/risk/v1/authentications

Test:

POST https://apitest.cybersource.com/risk/v1/authentications

Authentication with TMS Tokens

Validating a Challenge When Using a TMS Token

Running the Validation service compares the customer's response to the challenge from the issuing bank to validate the customer identity.

Card-Specific Requirements

Some payment cards require additional information to be collected during a transaction.

consumerAuthenticationInformation. defaultCard: This field is recommended for Discover ProtectBuy.
consumerAuthenticationInformation.mcc: This field is required when the card type is Cartes Bancaires.
consumerAuthenticationInformation. productCode: This field is required for American Express SafeKey (US) when the product code is
AIR
for an airlinepurchase).
merchantInformation.merchantDescriptor. name: This field is required for Visa Secure travel.
orderInformation.shipTo.addess1: This field is required only for American Express SafeKey (US).

orderInformation.shipTo.address2: This field is required only for American Express SafeKey (US)

Country-Specific Requirements

These fields are required for transactions in specific countries.

consumerAuthenticationInformation. merchantScore: This field is required for transactions processed in France.
orderInformation.billTo.administrativeArea: This field is required for transactions in the US and Canada.
orderinformation.billTo.locality: This field is required for transactions in the US and Canada.
orderInformation.billTo.postalCode: This field is required when the
orderInformation.billTo.country
field value is
US
or
CA
.

Endpoint

Production:

POST https://api.cybersource.com/risk/v1/authentication-results

Test:

POST https://apitest.cybersource.com/risk/v1/authentication-results

Authentication with TMS Tokens