On This Page
REST API
Storing Payer Authentication Data
Payment card companies permit only a certain number of days between the payer
authentication and the authorization requests. If you settle transactions older than the
pre-determined number of days, payment card companies might require that you send them
the AAV, CAVV, or the XID if a chargeback occurs. The requirements depend on the card
type and the region. For more information, refer to your agreement with your payment
card company. After your transactions are settled, you can also use this data to update
the statistics of your business.
You may be required to show the values that you receive in the PARes, the proof
XML, and the PAReq fields as proof of enrollment checking for any payer authentication
transaction that you present again because of a chargeback. Your account provider may
require that you provide all data in human-readable format, so be sure that you can
decode the PAReq and PARes. For enrollment response examples, refer to the section for
the implementation method you are using. The responses are similar for all card types.
Payment card companies have implemented the 3-D Secure protocol in different
ways throughout the world. It is recommended that you contact your merchant account
provider to find out what is required. For more information on decrypting and providing
the PARes, contact your account manager.