Storing Payer Authentication Data

Payment card companies allow a certain number of days between the payer authentication and the authorization requests. If you settle transactions older than the pre-determined number of days, payment card companies may require that you send them the AAV, CAVV, or the XID if a chargeback occurs. The requirements depend on the card type and the region. For more information, see your agreement with your payment card company. After your transactions are settled, you can also use this data to update the statistics of your business.

You may be required to show the values that you receive in the PARes, the proof XML, and the PAReq fields as proof of enrollment checking for any payer authentication transaction that you present again because of a chargeback. Your account provider may require that you provide all data in human-readable format, so make sure that you can decode the PAReq and PARes. For enrollment response examples, see Request and Response Examples. The responses are similar for all card types.

Payment card companies have implemented the 3D Secure protocol in different ways throughout the world. Cybersource recommends that you contact your merchant account provider to find out what is required. For more information on decrypting and providing the PARes contact your account manager.