|
Field Name |
Description |
Returned By |
Data Type & Length |
|
The Base64-encoded JSON Payload of Authorization Values returned in the challenge flow. |
ics_pa_enroll ics_pa_validate |
String (255) |
|
|
card_bin |
Six-digit card issuer bank identification number. |
ics_pa_enroll ics_pa_validate |
String (6) |
|
card_type_name |
The card brand name associated with the cardholder’s card number. |
ics_pa_enroll ics_pa_validate |
String (25) |
|
Indicates why the transaction was canceled. Possible Values: n01: Cardholder selected Cancel n02: Reserved for future EMVCo use (values invalid until defined by EMVCo). n03: Transaction timed out—Decoupled Authentication n04: Transaction timed out at ACS—other timeouts n05: Transaction timed out at ACS—First CReq not received by ACS n06: Transaction Error n07: Unknown n08: Transaction timed out at SDK |
ics_pa_enroll ics_pa_validate |
String (2) |
|
|
challenge_required |
Indicates whether a challenge is required in order to complete authentication. Note Regional mandates might determine that a challenge is required. Possible values: nY: Challenge required nN: Challenge not required Note Used by the Hybrid integration. |
ics_pa_enroll |
String (1) |
|
client_lib_version |
Information about the client library used to request the transaction. |
ics_pa_enroll ics_pa_setup ics_pa_validate |
String (255) |
|
Currency used for the order. Use the standard ISO codes located in the Support Center. |
ics_pa_enroll ics_pa_validate |
String (255) |
|
|
The type of 3D Secure transaction flow that occurred. It can be one of the following: nCH: Challenge nFR: Frictionless nFD: Frictionless with delegation, (challenge not generated by the issuer but by the scheme on behalf of the issuer). Required for transactions processed in France. |
ics_pa_enroll ics_pa_validate |
String (2) |
|
|
ics_rcode |
One-digit code that indicates whether the entire request was successful. The field contains one of these values: n-1: An error occurred. n0: The request was declined. n1: The request was successful. |
ics_pa_enroll ics_pa_setup ics_pa_validate |
Integer (1) |
|
ics_rflag |
One-word description of the result of the entire request. |
ics_pa_enroll ics_pa_setup ics_pa_validate |
String (255) |
|
ics_rmsg |
Message that explains the response flag ics_rflag. |
ics_pa_enroll ics_pa_setup ics_pa_validate |
String (255) |
|
merchant_ref_number |
Merchant-generated order or tracking number. |
ics_pa_enroll ics_pa_setup ics_pa_validate |
String (255) |
|
JSON Web Token (JWT) used to authenticate the customer with the authentication provider (for example, CardinalCommerce or RuPay). |
ics_pa_enroll ics_pa_setup |
String (2048) |
|
|
pa_acs_rendering_type |
Identifies the UI type that the ACS will use to complete the challenge. Note Available only for mobile application transactions using the Cardinal Mobile SDK. This field is a JSON object that comprises the following two fields, each 2 characters in length. nACS Interface Field Name: acsInterface This is the ACS interface the challenge presents to the cardholder. Possible values: l01: Native UI l02: HTML UI nACS UI Template Field Name: acsUiTemplate Identifies the UI template format that the ACS first presents to the consumer. Possible values: l01: Text l02: Single select l03: Multi select l04: OOB (Out of Band) l05: HTML other Valid values for each interface: nNative UI: 01-04 nHTML UI: 01-05 HTML other is valid only when combined with HTML UI. If used with Native UI, it results in error=203. JSON Object Example: { "acsRenderingType":{ "acsInterface";"02", "acsUiTemplate":03" } } |
ics_pa_enroll ics_pa_validate |
String |
|
pa_acs_transaction_id |
Unique transaction identifier assigned by the ACS to identify a single transaction. |
ics_pa_enroll ics_pa_validate |
String (36) |
|
pa_authentication_type |
Indicates the type of authentication that is used to challenge the card holder. Possible Values: n01: Static n02: Dynamic n03: OOB (Out of Band) Note EMV 3D Secure version 2.1.0 supports values 01-03. Version 2.2.0 supports values 01-03. |
ics_pa_enroll ics_pa_validate |
Integer (2) |
|
pa_cardholder_message |
Text provided by the AC or issuer or both to the cardholder during a frictionless or decoupled transaction. The issuer can provide information to the cardholder. For example, “Additional authentication is needed for this transaction. Please contact (Issuer Name) at xxx-xxx-xxxx.”. The issuing bank can choose to support this value. |
ics_pa_enroll |
String (128) |
|
pa_directory_server_error_code |
The directory server error code indicating a problem with the transaction. |
ics_pa_enroll ics_pa_validate |
Integer (3) |
|
pa_directory_server_error_description |
Directory server text and additional detail about the error for the transaction. |
ics_pa_enroll ics_pa_validate |
String (4096) |
|
URL for the card-issuing bank’s authentication form that you receive when the card is enrolled. The value can be very large. |
ics_pa_enroll |
String (no length limit) |
|
|
Indicates what displays to the customer during the authentication process. This field can contain one of these values: nADS: (Card not enrolled) customer prompted to activate the card during the checkout process. nATTEMPTS: (Attempts processing) Processing... briefly displays before the checkout process is completed. nENROLLED: (Card enrolled) the card issuer’s authentication window displays. nUNKNOWN: Card enrollment status cannot be determined. nNOREDIRECT: (Card not enrolled, authentication unavailable, or error occurred) nothing displays to the customer. The following values can be returned if you are using rules-based payer authentication. See Rules-Based Payer Authentication: nRIBA: The card-issuing bank supports risk-based authentication, but whether the cardholder is likely to be challenged cannot be determined. nRIBA_PASS: The card-issuing bank supports risk-based authentication and it is likely that the cardholder will not be challenged to provide credentials, also known as silent authentication. |
ics_pa_enroll |
String (255) |
|
|
Raw authentication data that comes from the card-issuing bank. Primary authentication field that indicates if authentication was successful and if liability shift occurred. You should examine first the result of this field. This field contains one of these values: n-1: Invalid PARes. n0: Successful validation. n1: Cardholder is not participating, but the attempt to authenticate was recorded. n6: Issuer unable to perform authentication. n9: Cardholder did not complete authentication. |
ics_pa_enroll |
String w/ numbers only (255) |
|
|
Message that explains the pa_enroll_authentication_result response field. |
ics_pa_enroll |
String (255) |
|
|
pa_enroll_authentication_transaction_id |
Payer authentication transaction identifier passed to link the check enrollment and validate authentication messages. |
ics_pa_enroll |
String (20) |
|
Unique identifier generated by the card-issuing bank for Visa, American Express, JCB, Diners Club, Discover, China UnionPay, and Elo transactions after the customer is authenticated. The value is in Base64. When you request the card authorization service, Cybersource automatically converts the value, not the field name, to the format required by your payment processor. |
ics_pa_enroll |
String (255) |
|
|
Field that is returned only when the CAVV is generated, which occurs when pa_enroll_pares_status contains the values Y (successful authentication) or A (attempted authentication). If you use the ATOS processor, send the value of this field in the cavv_algorithm request field of the authorization service. This field contains one of these values: n2: Visa, American Express, JCB, Diners Club, Discover, China UnionPay, and Elo n3: Mastercard |
ics_pa_enroll |
Integer (1) |
|
|
The Directory server transaction ID is generated by the directory server during authentication and returned with the authentication results. Your card brand might require you to send this field in the authorization service request. |
ics_pa_enroll |
String (36) |
|
|
Indicator used to differentiate different types of transactions. This field contains one of these values: naesk: American Express SafeKey authentication verified successfully. naesk_attempted: Card not enrolled in American Express SafeKey, but the attempt to authenticate is recorded. ncs: Elo Compra Segura authentication verified successfully. ncs_attempted: Elo Compra Segura card not enrolled, but attempt to authenticate is recorded. ndipb: Discover ProtectBuy authentication verified successfully. ndipb_attempted: Card not enrolled in Discover ProtectBuy, but the attempt to authenticate is recorded. ninternet: Card not enrolled, or card type not supported by payer authentication. No liability shift. njs: J/Secure authentication verified successfully. njs_attempted: Card not enrolled, but attempt to authenticate is recorded. Liability shift. njs_failure: J/Secure directory service is not available. No liability shift. npb: Diners Club ProtectBuy authentication verified successfully. npb_attempted: Card not enrolled in Diners Club ProtectBuy, but the attempt to authenticate is recorded. nspa: Mastercard card not enrolled in the Identity Check program. No liability shift. nspa_failure: Mastercard Identity Check failed authentication. nup3ds: China UnionPay authentication verified successfully. nup3ds_attempted: China UnionPay card not enrolled, but attempt to authenticate is recorded. nup3ds_failure: China UnionPay authentication unavailable. nvbv: Visa Secure authentication verified successfully. |
ics_pa_enroll |
String (255) |
|
|
pa_enroll_e_commerce_indicator (continued) |
nvbv_attempted: Card not enrolled, but attempt to authenticate is recorded. Liability shift. nvbv_failure: For payment processor Barclays, Streamline, AIBMS, or FDC Germany, you receive this result if Visa’s directory service is not available. No liability shift. |
ics_pa_enroll |
String (255) |
|
Note This field applies only to non-U.S-issued cards. Numeric electronic commerce indicator (ECI) returned only for Visa, American Express, JCB, Diners Club, Discover, China UnionPay, and Elo transactions when the card is not enrolled. If you are not using the Cybersource payment services, you must send this value to your payment processor in the subsequent request for card authorization. This field contains one of these values: n06: The card can be enrolled. Liability shift. n07: The card cannot be enrolled. No liability shift. |
ics_pa_enroll |
String (255) |
|
|
ECI value that can be returned for Visa, Mastercard, American Express, JCB, Diners Club, Discover, China UnionPay, and Elo. The field is absent when authentication fails. If your payment processor is Streamline, you must pass the value of this field instead of the value of pa_enroll_eci or pa_enroll_ucaf_collection_indicator. This field can contain one of these values: n01: Authentication attempted (Mastercard) n02: Successful authentication (Mastercard) n05: Successful authentication (Visa, American Express, JCB, Diners Club, Discover, China UnionPay, and Elo) n06: Authentication attempted (Visa, American Express, JCB, Diners Club, Discover, China UnionPay, and Elo) |
ics_pa_enroll |
String (255) |
|
|
Payer authentication request (PAReq) message that you need to forward to the ACS. The value can be very large. The value is in Base64. |
ics_pa_enroll |
String (No length limit) |
|
|
Raw result of the authentication check. This field can contain one of these values: nA: Proof of authentication attempt was generated. nC: Card challenged.This status is a temporary status for an in-flight transaction and can result in other authentication statuses after transaction is completed. nN: Customer failed or canceled authentication. Transaction denied. nR: Authentication rejected (used for 3D Secure 2.x transactions only) nU: Authentication not completed regardless of the reason. nY: Customer was successfully authenticated. Note If you are configured for Asia, Middle East, and Africa Gateway Processing, you must send the value of this field in your authorization request. |
ics_pa_enroll |
String (255) |
|
|
Date and time of the enrollment check combined with the VEReq and VERes elements. If you ever need to show proof of enrollment checking, you may need to parse the string for the information required by the payment card company. The value can be very large. For more information, see Storing Payer Authentication Data. nFor cards issued in the U.S. or Canada, Visa may require this data for specific merchant category codes. nFor cards not issued in the U.S. or Canada, your bank may require this data as proof of enrollment checking for any payer authentication transaction that you re-present because of a chargeback. |
ics_pa_enroll |
String (no length limit) |
|
|
Encrypted version of the card number used in the payer authentication request message. |
ics_pa_enroll |
String (255) |
|
|
pa_enroll_rcode |
Code that indicates whether the ics_pa_enroll request was successful. The field will contain one of these values: n-1: An error occurred. n0: The request was declined. n1: The request was successful. |
ics_pa_enroll |
Integer (1) |
|
pa_enroll_rflag |
One-word description of the result of the ics_pa_enroll request. |
ics_pa_enroll |
String (255) |
|
pa_enroll_rmsg |
Message that explains the response flag pa_enroll_rflag. |
ics_pa_enroll |
String (255) |
|
This field contains the 3D Secure version that was used to process the transaction. For example, 1.0.2 or 2.0.0. |
ics_pa_enroll |
String (8) |
|
|
AAV is a unique identifier generated by the card-issuing bank for Mastercard Identity Check transactions after the customer is authenticated. The value is in Base64. Include the data in the card authorization request. |
ics_pa_enroll |
String (255) |
|
|
Returned only for Mastercard transactions. Indicates that authentication is not required because the customer is not enrolled. Add the value of this field to the authorization field ucaf_collection_indicator. This field can contain these values: 0, 1. |
ics_pa_enroll |
String (255) |
|
|
Result of the enrollment check. This field can contain one of these values: nN: Card not enrolled; proceed with authorization. nU: Unable to authenticate regardless of the reason. No liability shift. nY: Card enrolled or can be enrolled; you must authenticate. Liability shift. The following value can be returned if you are using rules-based Payer Authentication. See Rules-Based Payer Authentication: nB: Indicates that authentication was bypassed. Note If you are configured for Asia, Middle East, and Africa Gateway Processing, you must send the value of this field in your authorization request. |
ics_pa_enroll |
String (255) |
|
|
Transaction identifier generated by Cybersource for successful enrollment checks. Use this value to match an outgoing PAReq with an incoming PARes. If your payment processor is Barclays, Cybersource forwards the XID with your card authorization service request. The value is in Base64. |
ics_pa_enroll |
String (255) |
|
|
pa_interaction_counter |
Indicates the number of authentication cycles that the cardholder attempted. It is tracked by the issuing bank’s ACS. Example When the customer receives the challenge window, enters their one-time password, and clicks submit, the interaction counter equals 1. When the customer receives the challenge window, receives the bank message asking if they want the one-time password sent to their phone or email, and they choose before going to the next screen to enter their one-time password, the interaction count equals 2. One count is to choose how to have their one-time password delivered. The second count is for entering the one-time password and clicking Submit. |
ics_pa_validate |
Integer (2) |
|
pa_ivr_enabled_message |
Indicates whether a valid Interactive Voice Response (IVR) transaction was detected. |
ics_pa_enroll |
String (5) |
|
pa_ivr_encryption_key |
Encryption key to be used in the event the ACS requires encryption of the credential field. |
ics_pa_enroll |
String (16) |
|
pa_ivr_encryption_mandatory |
Indicates whether the ACS requires the credential to be encrypted. |
ics_pa_enroll |
String (5) |
|
pa_ivr_encryption_type |
An indicator from the ACS to inform the type of encryption that should be used in the event the ACS requires encryption of the credential field. |
ics_pa_enroll |
String (20) |
|
pa_ivr_label |
An ACS-provided label that can be presented to the cardholder. Recommended use with an application. |
ics_pa_enroll |
String (20) |
|
pa_ivr_prompt |
An ACS-provided string that can be presented to the cardholder. Recommended use with an application. |
ics_pa_enroll |
String (80) |
|
pa_ivr_status_message |
An ACS-provided message that can provide additional information. |
ics_pa_enroll |
String (80) |
|
The global score calculated by the Cartes Bancaires scoring platform and returned to the merchant. |
ics_pa_enroll |
String (2) |
|
|
pa_sdk_transaction_id |
SDK unique transaction identifier that is generated on each new transaction. |
ics_pa_enroll ics_pa_validate |
String (36) |
|
Location to send the authentication JWT when you invoke device data collection. |
ics_pa_setup |
String (100) |
|
|
This identifier indicates that the device data collection session has started. The value must be passed in the authentication JWT when you invoke device data collection. |
ics_pa_setup |
String (50) |
|
|
Indicates whether the service request was successful. Possible values: n-1: An error occurred. n0: The request was declined. n1: The request was successful. |
ics_pa_setup |
Integer (1) |
|
|
If the service request is unsuccessful, this field contains a one-word description of the error. |
ics_pa_setup |
String (50) |
|
|
Message that explains the response flag. |
ics_pa_setup |
String (255) |
|
|
pa_step_up_url |
The fully qualified URL that the merchant uses to post a form to the cardholder in order to complete the Consumer Authentication transaction for the Cardinal Cruise Direct Connection API integration. Note Used by the Cardinal Cruise Direct Connection API integration. |
ics_pa_enroll |
String (2048) |
|
pa_three_ds_server_transaction_id |
Unique transaction identifier assigned by the 3D Secure Server to identify a single transaction. |
ics_pa_enroll ics_pa_validate |
String (36) |
|
pa_validate_authentication_result |
Raw authentication data that comes from the card-issuing bank. Primary authentication field that indicates if authentication was successful and if liability shift occurred. You should examine first the result of this field. This field contains one of these values: n-1: Invalid PARes. n0: Successful validation. n1: Cardholder is not participating, but the attempt to authenticate was recorded. n6: Issuer unable to perform authentication. n9: Cardholder did not complete authentication. |
ics_pa_validate |
String w/ numbers only (255) |
|
Message that explains the pa_validate_authentication_result response field. |
ics_pa_validate |
String (255) |
|
|
Unique identifier generated by the card-issuing bank for Visa, American Express, JCB, Diners Club, Discover, China UnionPay, and Elo transactions after the customer is authenticated. The value is in Base64. When you request the card authorization service, Cybersource automatically converts the value, not the field name, to the format required by your payment processor. |
ics_pa_validate |
String (255) |
|
|
Field that is returned only when the CAVV is generated, which occurs when pa_validate_pares_status contains the values Y (successful authentication) or A (attempted authentication). If you use the ATOS processor, send the value of this field in the cavv_algorithm request field of the authorization service. This field contains one of these values: n2: Visa, American Express, JCB, Diners Club, Discover, China UnionPay, and Elo n3: Mastercard |
ics_pa_validate |
Integer (1) |
|
|
The Directory server transaction ID is generated by the directory server during authentication and returned with the authentication results. Your card brand might require you to send this field in the authorization service request. |
ics_pa_validate |
String (36) |
|
|
pa_validate_e_commerce_indicator |
Indicator used to differentiate different types of transactions. The authentication failed if this field is not returned. For Visa, if your payment processor is Streamline, Barclays, AIBMS, or FDC Germany, you receive the value vbv_failure instead of internet when pa_validate_eci is 07. The value of this field is passed automatically to the authorization service if you request the services together. This field contains one of these values: naesk: American Express SafeKey authentication verified successfully. naesk_attempted: Card not enrolled in American Express SafeKey, but the attempt to authenticate is recorded. ncs: Elo Compra Segura authentication verified successfully. ncs_attempted: Elo Compra Segura card not enrolled, but attempt to authenticate is recorded. . ndipb: Discover ProtectBuy authentication verified successfully. ndipb_attempted: Card not enrolled in Discover ProtectBuy, but the attempt to authenticate is recorded. ninternet: Authentication was not verified successfully. njs: J/Secure authentication verified successfully. njs_attempted: Card not enrolled in J/Secure, but the attempt to authenticate is recorded. njs_failure: You receive this result if JCB’s directory service is not available. No liability shift. npb: Diners Club ProtectBuy authentication verified successfully. npb_attempted: Card not enrolled in Diners Club ProtectBuy, but the attempt to authenticate is recorded. nspa: Mastercard Identity Check authentication verified successfully. nspa_failure: Mastercard Identity Check failed authentication. |
ics_pa_validate |
String (255) |
|
pa_validate_e_commerce_indicator (continued) |
nup3ds: China UnionPay authentication verified successfully. nup3ds_attempted: China UnionPay card not enrolled, but attempt to authenticate is recorded. nup3ds_failure: China UnionPay authentication unavailable. nvbv: Visa Secure authentication verified successfully. nvbv_attempted: Card not enrolled in Visa Secure, but the attempt to authenticate is recorded. nvbv_failure: Visa Secure authentication unavailable. |
ics_pa_validate |
String (255) |
|
Numeric electronic commerce indicator (ECI) returned only for Visa, American Express, JCB, Diners Club, Discover, China UnionPay, and Elo transactions. The field is absent when authentication fails. You must send this value to your payment processor in the subsequent request for card authorization. This field contains one of these values: n05: Successful authentication n06: Authentication attempted n07: Failed authentication (No response from the merchant because of a problem.) |
ics_pa_validate |
String (255) |
|
|
pa_validate_eci_raw |
ECI value that can be returned for Visa, Mastercard, American Express, JCB, Diners Club, Discover, China UnionPay, and Elo. The field is absent when authentication fails. If your payment processor is Streamline, you must pass the value of this field instead of the value of pa_validate_eci or pa_validate_ucaf_collection_indicator. This field can contain one of these values: n01: Authentication attempted (Mastercard) n02: Successful authentication (Mastercard) n05: Successful authentication (Visa, American Express, JCB, Diners Club, Discover, China UnionPay, and Elo) n06: Authentication attempted (Visa, American Express, JCB, Diners Club, Discover, China UnionPay, and Elo) |
ics_pa_validate |
String (255) |
|
Raw result of the authentication check. This field can contain one of these values: nA: Proof of authentication attempt was generated. nN: Customer failed or canceled authentication. Transaction denied. nU: Authentication not completed regardless of the reason. nY: Customer was successfully authenticated. Note If you are configured for Asia, Middle East, and Africa Gateway Processing, you must send the value of this field in your authorization request. |
ics_pa_validate |
String (255) |
|
|
pa_validate_rcode |
One-digit code that indicates whether the ics_pa_validate request was successful. The field will contain one of these values: n-1: An error occurred n0: The request was declined n1: The request was successful |
ics_pa_validate |
Integer (1) |
|
pa_validate_rflag |
One-word description of the result of the ics_pa_validate request. |
ics_pa_validate |
String (255) |
|
pa_validate_rmsg |
Message that explains the response flag pa_validate_rflag. |
ics_pa_validate |
String (255) |
|
This field contains the 3D Secure version that was used to process the transaction. For example, 1.0.2 or 2.0.0. |
ics_pa_validate |
String (8) |
|
|
AAV is a unique identifier generated by the card-issuing bank for Mastercard Identity Check transactions after the customer is authenticated. The value is in Base64. Include the data in the card authorization request. |
ics_pa_validate |
String (255) |
|
|
Numeric electronic commerce indicator (ECI) returned only for Mastercard Identity Check transactions. The field is absent when authentication fails. You must send this value to your payment processor in the request for card authorization. This field contain one of these values: n0: UCAF collection is not supported at your web site. Customer authentication was not completed. n1: UCAF collection is supported at your web site, and UCAF was populated. Customer authentication was not completed. n2: UCAF collection is supported at your web site, and UCAF was populated. Customer completed authentication. |
ics_pa_validate |
Non-negative integer (1) |
|
|
Transaction identifier generated by Cybersource for validation checks. Use this value, which is in Base64, to match an outgoing PAReq with an incoming PARes. Cybersource forwards the XID with the card authorization service to these payment processors in these cases: nStreamline when the commerce indicator is spa |
ics_pa_validate |
String (255) |
|
|
pa_white_list_status |
Enables the communication of trusted beneficiary and whitelist status among the ACS, the directory server, and the 3D Secure requester. Possible Values: nY: 3D Secure requester is whitelisted by cardholder nN: 3D Secure requester is not whitelisted by cardholder |
ics_pa_enroll ics_pa_validate |
String (1) |
|
pa_white_list_status_source |
This field is populated by the system setting Whitelist Status. Possible Values: n01: 3D Secure Server n02: Directory server n03: ACS |
ics_pa_enroll ics_pa_validate |
Integer (2) |
|
Provides additional information about the PARes status value. |
ics_pa_enroll ics_pa_validate |
String (2) |
|
|
Identifier for the request generated by the client. |
ics_pa_enroll ics_pa_validate |
String (255) |
|
|
Identifier for the request generated by Cybersource. Request token data created by Cybersource for each reply. The field is an encoded string that contains no confidential information such as an account or card verification number. The string can contain a maximum of 256 characters.
|
ics_pa_enroll ics_pa_setup ics_pa_validate |
String (256) |