AuthRequest

notificationURLstring<uri>

Fully qualified URL of the system that receives the CRes message or Error Message. The CRes message is posted by the ACS through the Cardholder browser at the end of the challenge and receipt of the RRes message. Categories: PA, NPA. Channels: BRW.

Possible values: <= 256 characters

threeDSServerTransIDstring<uuid>required

Universally unique transaction identifier assigned by the 3DS Server to identify a single transaction. Categories: PA, NPA. Channels: APP, BRW, 3RI.

messageTypestringrequired

Identifies the type of message that is passed. Categories: PA, NPA. Channels: APP, BRW, 3RI.

Possible values: [AReq]

messageVersionstringrequired

Protocol version identifier. This shall be the Protocol Version Number of the specification utilised by the system creating this message. Categories: PA, NPA. Channels: APP, BRW, 3RI.

Possible values: [2.2.0]

browserAcceptHeaderstringnullable

Exact content of the HTTP accept headers as sent to the 3DS Requestor from the Cardholder's browser.

Possible values: <= 2048 characters

browserColorDepthstringnullable

Value representing the bit depth of the colour palette for displaying images, in bits per pixel. Obtained from Cardholder browser using the screen.colorDepth property.

Possible values: [1, 4, 8, 15, 16, 24, 32, 48]

browserIPstring<ip>nullable

IP address the browser is connecting from. Scheme specific rules: Visa: Field is required if available. Mastercard: Field is required unless market restrictions prevent it.

Possible values: <= 45 characters

browserJavaEnabledbooleannullable

Boolean that represents the ability of the cardholder browser to execute Java. Value is returned from the navigator.javaEnabled property.

browserJavascriptEnabledbooleannullable

Boolean that represents the ability of the cardholder browser execute JavaScript.

browserLanguagestringnullable

Value representing the browser language as defined in IETF BCP47. Returned from navigator.language property.

Possible values: non-empty and <= 8 characters

browserScreenHeightstringnullable

Total height of the Cardholder's screen in pixels. Value is returned from the screen.height property.

Possible values: Value must match regular expression ^[0-9]{1,6}$

browserScreenWidthstringnullable

Total width of the Cardholder's screen in pixels. Value is returned from the screen.width property.

Possible values: Value must match regular expression ^[0-9]{1,6}$

browserTZstringnullable

Time-zone offset in minutes between UTC and the Cardholder browser local time. The offset is positive if the local time zone is behind UTC and negative if it is ahead.

Possible values: Value must match regular expression ^[+-]?[0-9]{1,4}$

browserUserAgentstringnullable

Exact content of the HTTP user-agent header. Note: If the total length of the User-Agent sent by the browser exceeds 2048 characters, truncate the excess portion.

Possible values: <= 2048 characters

acctIDstringnullable

Additional information about the account optionally provided by the 3DS Requestor. Scheme specific rules: Visa: Field is required if available.

Possible values: <= 64 characters

acctInfo objectnullable

Additional information about the Cardholder's account provided by the 3DS Requestor.

chAccAgeIndstringnullable

Length of time that the cardholder has had the account with the 3DS Requestor. Scheme specific rules: Visa: Field is required if available.

01: No account (guest check-out)
02: Created during this transaction
03: Less than 30 days
04: 30-60 days
05: More than 60 days

Possible values: [01, 02, 03, 04, 05]

chAccChangestring<yyyymmdd>nullable

Date that the cardholder's account with the 3DS Requestor was last changed, including Billing or Shipping address, new payment account, or new user(s) added. Scheme specific rules: Visa: Field is required if available.

Possible values: Value must match regular expression ^[0-9]{8}$

chAccChangeIndstringnullable

Length of time since the cardholder's account information with the 3DS Requestor was last changed, including Billing or Shipping address, new payment account, or new user(s) added. Scheme specific rules: Visa: Field is required if available.

01: Changed during this transaction
02: Less than 30 days
03: 30-60 days
04: More than 60 days

Possible values: [01, 02, 03, 04]

chAccDatestring<yyyymmdd>nullable

Date that the cardholder opened the account with the 3DS Requestor. Scheme specific rules: Visa: Field is required if available.

Possible values: Value must match regular expression ^[0-9]{8}$

chAccPwChangestring<yyyymmdd>nullable

Date that cardholder's account with the 3DS Requestor had a password change or account reset. Scheme specific rules: Visa: Field is required if available.

Possible values: Value must match regular expression ^[0-9]{8}$

chAccPwChangeIndstringnullable

Indicates the length of time since the cardholder's account with the 3DS Requestor had a password change or account reset. Scheme specific rules: Visa: Field is required if available.

01: No change
02: Changed during this transaction
03: Less than 30 days
04: 30-60 days
05: More than 60 days

Possible values: [01, 02, 03, 04, 05]

chAccReqIDstringnullable

The 3DS Requestor assigned account identifier of the transacting Cardholder.

Possible values: <= 64 characters

nbPurchaseAccountstringnullable

Number of purchases with this cardholder account during the previous six months. Scheme specific rules: Visa: Field is required if available.

Possible values: <= 4 characters, Value must match regular expression ^[0-9]{1,4}$

paymentAccAgestring<yyyymmdd>nullable

Date that the payment account was enrolled in the cardholder's account with the 3DS Requestor. Scheme specific rules: Visa: Field is required if available.

Possible values: Value must match regular expression ^[0-9]{8}$

paymentAccIndstringnullable

Indicates the length of time that the payment account was enrolled in the cardholder's account with the 3DS Requestor. Scheme specific rules: Visa: Field is required if available.

01: No account (guest check-out)
02: During this transaction
03: Less than 30 days
04: 30-60 days
05: More than 60 days

Possible values: [01, 02, 03, 04, 05]

provisionAttemptsDaystringnullable

Number of Add Card attempts in the last 24 hours. Scheme specific rules: Visa: Field is required if available.

Possible values: <= 3 characters, Value must match regular expression ^[0-9]{1,3}$

shipAddressUsagestring<yyyymmdd>nullable

Date when the shipping address used for this transaction was first used with the 3DS Requestor.

Possible values: Value must match regular expression ^[0-9]{8}$

shipAddressUsageIndstringnullable

Indicates when the shipping address used for this transaction was first used with the 3DS Requestor. Scheme specific rules: Visa: Field is required if available.

01: This transaction
02: Less than 30 days
03: 30-60 days
04: More than 60 days

Possible values: [01, 02, 03, 04]

shipNameIndicatorstringnullable

Indicates if the Cardholder Name on the account is identical to the shipping Name used for this transaction. Scheme specific rules: Visa: Field is required if available.

01: Account Name identical to shipping Name
02: Account Name different than shipping Name

Possible values: [01, 02]

suspiciousAccActivitystringnullable

Indicates whether the 3DS Requestor has experienced suspicious activity (including previous fraud) on the cardholder account. Scheme specific rules: Visa: Field is required if available.

01: No suspicious activity has been observed
02: Suspicious activity has been observed

Possible values: [01, 02]

txnActivityDaystringnullable

Number of transactions (successful and abandoned) for this cardholder account with the 3DS Requestor across all payment accounts in the previous 24 hours. Scheme specific rules: Visa: Field is required if available.

Possible values: <= 3 characters, Value must match regular expression ^[0-9]{1,3}$

txnActivityYearstringnullable

Number of transactions (successful and abandoned) for this cardholder account with the 3DS Requestor across all payment accounts in the previous year. Scheme specific rules: Visa: Field is required if available.

Possible values: <= 3 characters, Value must match regular expression ^[0-9]{1,3}$

acctNumberstringrequired

Account number that will be used in the authorisation request for payment transactions. May be represented by PAN, token.

Possible values: Value must match regular expression ^[0-9]{13,19}$

acctTypestringnullable

Indicates the type of account. For example, for a multi-account card product.

01: Not applicable
02: Credit
03: Debit
80-99: Usable by card schemes

Scheme specific rules: Visa: Field is required if available.

Possible values: Value must match regular expression ^(0[1-3]|[89][0-9])$

acquirerBINstringnullable

Acquiring institution identification code as assigned by the DS receiving the AReq message. Required if messageCategory is "01". Scheme specific rules: Visa: Field is required.

Possible values: <= 11 characters

acquirerMerchantIDstringnullable

Acquirer-assigned Merchant identifier. This may be the same value that is used in authorisation requests sent on behalf of the 3DS Requestor and is represented in ISO 8583 formatting requirements. Required if messageCategory is "01". Scheme specific rules: Visa: Field is required.

Possible values: <= 35 characters

addrMatchstringnullable

Indicates whether the Cardholder Shipping Address and Cardholder Billing Address are the same. Scheme specific rules: Visa: Field is required if available.

Possible values: [Y, N]

billAddrCitystringnullable

The city of the Cardholder billing address associated with the card used for this purchase. Scheme specific rules: Visa: Field is required. Mastercard: Field is required unless market restrictions prevent it.

Possible values: <= 50 characters

billAddrCountrystringnullable

The ISO 3166-1 numeric three-digit country code of the Cardholder billing address associated with the card used for this purchase. Scheme specific rules: Visa: Field is required. Mastercard: Field is required unless market restrictions prevent it.

Possible values: Value must match regular expression ^\d{3}$

billAddrLine1stringnullable

First line of the street address or equivalent local portion of the Cardholder billing address associated with the card used for this purchase. Scheme specific rules: Visa: Field is required. Mastercard: Field is required unless market restrictions prevent it.

Possible values: <= 50 characters

billAddrLine2stringnullable

Second line of the street address or equivalent local portion of the Cardholder billing address associated with the card used for this purchase. Scheme specific rules: Visa: Field is required. Mastercard: Field is required unless market restrictions prevent it.

Possible values: <= 50 characters

billAddrLine3stringnullable

Third line of the street address or equivalent local portion of the Cardholder billing address associated with the card used for this purchase. Scheme specific rules: Visa: Field is required. Mastercard: Field is required unless market restrictions prevent it.

Possible values: <= 50 characters

billAddrPostCodestringnullable

ZIP or other postal code of the Cardholder billing address associated with the card used for this purchase. Scheme specific rules: Visa: Field is required. Mastercard: Field is required unless market restrictions prevent it.

Possible values: <= 16 characters

billAddrStatestringnullable

The ISO 3166-2 state or province of the Cardholder billing address associated with the card used for this purchase. Scheme specific rules: Visa: Field is required. Mastercard: Field is required unless market restrictions prevent it.

Possible values: <= 3 characters

cardExpiryDatestring<yymm>nullable

Expiry Date of the PAN or token supplied to the 3DS Requestor by the Cardholder. Scheme specific rules: Visa: Field is required. Mastercard: Field is required.

cardholderNamestringnullable

Name of the Cardholder. Scheme specific rules: Visa: Field is required. Mastercard: Field is required unless market restrictions prevent it.

Possible values: >= 2 characters and <= 45 characters

deviceChannelstringrequired

Indicates the type of channel interface being used to initiate the transaction.

01: App-based (APP)
02: Browser (BRW)
03: 3DS Requestor Initiated (3RI)
80-99: Reserved for DS use

Possible values: Value must match regular expression ^(0[1-3]|[89][0-9])$

deviceRenderOptions objectnullable

Defines the SDK UI types that the device supports for displaying specific challenge user interfaces within the SDK.

sdkInterfacestringnullable

Lists all of the SDK Interface types that the device supports for displaying specific challenge user interfaces within the SDK.

01: Native
02: HTML
03: Both

Possible values: [01, 02, 03]

sdkUiTypestring[]nullable

Lists all UI types that the device supports for displaying specific challenge user interfaces within the SDK.

01: Text
02: Single Select
03: Multi Select
04: OOB
05: HTML Other (valid only for HTML UI)
06: HTML OOB (valid only for HTML UI)
07: Information

Possible values: [01, 02, 03, 04, 05, 06, 07]

sdkAuthenticationType object[]nullable

Lists all UI types that the device supports for displaying specific challenge user interfaces within the SDK.

01: Static Passcode
02: SMS OTP
03: Key fob or EMV card reader OTP
04: App OTP
05: OTP Other
06: KBA
07: OOB Biometrics
08: OOB Login
09: OOB Other
10: Other
11: Push Confirmation
12-79: Reserved for EMVCo future use (values invalid until defined by EMVCo)
80-99: Reserved for DS use

Array [

oneOf

0-item-properties
1-item-properties

]

dsstringnullable

Directory Server used in 3DS payment flow. This field is used to signal which DS to use on co-branded cards. Required for using the Dankort side on a Visa/Dankort.

standin: payonic.com standin directory server and scheme (only in sandbox)
visa: Visa
mastercard: Mastercard
jcb: JCB
amex: American Express
protectbuy: ProtectBuy (Discover/Diners)
sbn: Secured by Nets (Dankort/Forbrugsforeningen)

Possible values: [standin, visa, mastercard, jcb, amex, protectbuy, sbn]

emailstring<email>nullable

The email address associated with the account that is either entered by the Cardholder, or is on file with the 3DS Requestor. Scheme specific rules: Visa: Field is required. Mastercard: Field is required unless market restrictions prevent it.

Possible values: <= 254 characters

homePhone objectnullable

The home phone number provided by the Cardholder. Scheme specific rules: Visa: Field is required if available. Mastercard: Field is required unless market restrictions prevent it.

ccstringrequired

Country code

Possible values: Value must match regular expression ^\d{1,3}$

Example: 44

subscriberstringrequired

Subscriber number

Possible values: Value must match regular expression ^\d{1,12}$

Example: 2079460123

mccstringnullable

DS-specific code describing the Merchant's type of business, product or service. Categories: PA, NPA. Channels: APP, BRW, 3RI. Required if messageCategory is "01". Scheme specific rules: Visa - Field is required.

Possible values: >= 4 characters and <= 4 characters

merchantCountryCodestringnullable

The ISO 3166-1 numeric three-digit country code of the Merchant. Categories: PA, NPA. Channels: APP, BRW, 3RI. Required if messageCategory is "01". Scheme specific rules: Visa - Field is required.

Possible values: Value must match regular expression ^\d{3}$

merchantNamestringnullable

Merchant name assigned by the Acquirer or Payment System. Categories: PA, NPA. Channels: APP, BRW, 3RI. Required if messageCategory is "01". Scheme specific rules: Visa - Field is required.

Possible values: <= 40 characters

merchantRiskIndicator objectnullable

Merchant's assessment of the level of fraud risk for the specific authentication for both the cardholder and the authentication being conducted. Categories: PA, NPA. Channels: APP, BRW, 3RI.

deliveryEmailAddressstring<email>nullable

For Electronic delivery, the email address to which the merchandise was delivered. Scheme specific rules: Visa: Field is required if available.

Possible values: <= 254 characters

deliveryTimeframestringnullable

Indicates the merchandise delivery timeframe.

01: Electronic Delivery
02: Same day shipping
03: Overnight shipping
04: Two-day or more shipping

Scheme specific rules: Visa: Field is required if available.

Possible values: [01, 02, 03, 04]

giftCardAmountstringnullable

For prepaid or gift card purchase, the purchase amount total of prepaid or gift card(s) in major units (for example, USD 123.45 is 123). Scheme specific rules: Visa: Field is required if available.

Possible values: Value must match regular expression ^\d{0,15}$

giftCardCountstringnullable

For prepaid or gift card purchase, total count of individual prepaid or gift cards/codes purchased. Scheme specific rules: Visa: Field is required if available.

Possible values: Value must match regular expression ^\d{2}$

giftCardCurrstring<currency>nullable

For prepaid or gift card purchase, ISO 4217 three-digit currency code of the gift card, other than those listed in Table A.5. Scheme specific rules: Visa: Field is required if available.

preOrderDatestring<yyyymmdd>nullable

For a pre-ordered purchase, the expected date that the merchandise will be available. Scheme specific rules: Visa: Field is required if available.

preOrderPurchaseIndstringnullable

Indicates whether Cardholder is placing an order for merchandise with a future availability or release date.

01: Merchandise available
02: Future availability

Scheme specific rules: Visa: Field is required if available.

Possible values: [01, 02]

reorderItemsIndstringnullable

Indicates whether the cardholder is reordering previously purchased merchandise.

01: First time ordered
02: Reordered

Scheme specific rules: Visa: Field is required if available.

Possible values: [01, 02]

shipIndicatorstringnullable

Indicates shipping method chosen for the transaction. Merchants must choose the Shipping Indicator code that most accurately describes the cardholder’s specific transaction, not their general business. If one or more items are included in the sale, use the Shipping Indicator code for the physical goods, or if all digital goods, use the Shipping Indicator code that describes the most expensive item.

01: Ship to cardholder’s billing address
02: Ship to another verified address on file with merchant
03: Ship to address that is different than the cardholder’s billing address
04: "Ship to Store" / Pick-up at local store (Store address shall be populated in shipping address fields)
05: Digital goods (includes online services, electronic gift cards and redemption codes)
06: Travel and Event tickets, not shipped
07: Other (for example, Gaming, digital services not shipped, emedia subscriptions, etc.)
08: Pick-up and go delivery
09: Locker delivery (or other automated pick-up)

Scheme specific rules: Visa: Field is required if available.

Possible values: [01, 02, 03, 04, 05, 06, 07, 08, 09]

transCharstring[]nullable

Indicates to the ACS specific transactions identified by the Merchant.

01: Cryptocurrency transaction
02: NFT transaction

Possible values: [01, 02]

messageCategory objectrequired

Identifies the category of the message for a specific use case. Categories: PA, NPA. Channels: APP, BRW, 3RI.

01: PA - Payment
02: NPA - Non-Payment
80: Identity Check Insights (without authentication) - MasterCard
80-99: Reserved for DS use

Possible values: Value must match regular expression ^(0[1-2]|[89][0-9])$

oneOf

0-item-properties
1-item-properties

messageExtension object[]nullable

Data necessary to support requirements not otherwise defined in the 3-D Secure message are carried in a Message Extension. Categories: PA, NPA. Channels: APP, BRW, 3RI.

Possible values: <= 10

Array [

criticalityIndicatorbooleanrequired

A Boolean value indicating whether the recipient must understand the contents of the extension to interpret the entire message.

data objectrequired

The data carried in the extension. Max length: 8059.

property name*any

The data carried in the extension. Max length: 8059.

idstringrequired

A unique identifier for the extension. Note: Payment System Registered Application Provider Identifier (RID) is required as prefix of the ID.

Possible values: <= 64 characters

namestringrequired

The name of the extension data set as defined by the extension owner.

Possible values: <= 64 characters

]

mobilePhone objectnullable

The mobile phone number provided by the Cardholder. Categories: PA, NPA. Channels: APP, BRW, 3RI. Scheme specific rules: - Visa: Field is required if available - Mastercard: Field is required unless market restrictions prevent it

ccstringrequired

Country code

Possible values: Value must match regular expression ^\d{1,3}$

Example: 44

subscriberstringrequired

Subscriber number

Possible values: Value must match regular expression ^\d{1,12}$

Example: 2079460123

purchaseAmountstringnullable

Purchase amount in minor units of currency with all punctuation removed. Categories: PA, NPA. Channels: APP, BRW, 3RI. Required if messageCategory is "01". Required if messageCategory is "02" and (threeDSRequestorAuthenticationInd is one of [02, 03] or threeRIInd is one of [01, 02, 06, 07, 08, 09, 11]). Scheme specific rules: Visa - Field is required.

Possible values: Value must match regular expression ^\d{0,48}$

purchaseCurrencystringnullable

3-digit ISO 4217 currency code string, in which purchase amount is expressed. Categories: PA, NPA. Channels: APP, BRW, 3RI. Required if messageCategory is "01". Required if messageCategory is "02" and (threeDSRequestorAuthenticationInd is one of [02, 03] or threeRIInd is one of [01, 02, 06, 07, 08, 09, 11]). Scheme specific rules: Visa - Field is required.

Possible values: Value must match regular expression ^\d{3}$

purchaseDatestring<yyyymmddhhmmss>

Date and time of the purchase expressed in UTC. Conditions: Required if "messageCategory" is "01". Required if "messageCategory" is "02" and ("threeDSRequestorAuthenticationInd" is one of [02, 03] or "threeRIInd" is one of [01, 02, 06, 07, 08, 09, 11]). Scheme specific rules:

Visa: Field is required

purchaseExponentstringnullable

Minor units of currency as specified in the ISO 4217 currency exponent. This data should be available from your acquirer or card scheme. The standard is maintained at currency-iso.org. Conditions: Required if "messageCategory" is "01". Required if "messageCategory" is "02" and ("threeDSRequestorAuthenticationInd" is one of [02, 03] or "threeRIInd" is one of [01, 02, 06, 07, 08, 09, 11]). Scheme specific rules:

Visa: Field is required

Possible values: Value must match regular expression ^\d$

purchaseInstalDatastringnullable

Indicates the maximum number of authorisations permitted for instalment payments. Conditions: Required if "threeDSRequestorAuthenticationInd" is "03". Required if "threeRIInd" is "02". Scheme specific rules:

Visa: Field is required if available

Possible values: <= 3 characters, Value must match regular expression ^(?:[2-9]\d?|[1-9]\d{2})$

payTokenIndbooleannullable

A value of True indicates that the transaction was de-tokenised prior to being received by the ACS. This data element will be populated by the system residing in the 3-D Secure domain where the de-tokenisation occurs (i.e., the 3DS Server or the DS). Note: The Boolean value of true is the only valid response for this field when it is present. Scheme specific rules:

Visa: Field is required if available

Possible values: [true]

payTokenSourcestringnullable

This data element will be populated by the system residing in the 3-D Secure domain where the de-tokenisation occurs. Meaning of values:

01: 3-D Secure Server
02: Directory Server
80-99: Reserved for DS use

Conditions: Required if "payTokenInd" is true.

Possible values: Value must match regular expression ^(0[1-2]|[89][0-9])$

recurringExpirystring<yyyymmdd>nullable

Date after which no further authorisations shall be performed. Conditions: Required if "threeDSRequestorAuthenticationInd" is one of [02, 03]. Required if "threeRIInd" is one of [01, 02]. Scheme specific rules:

Visa: Field is required if available

recurringFrequencystringnullable

Indicates the minimum number of days between authorisations. Conditions: Required if "threeDSRequestorAuthenticationInd" is one of [02, 03]. Required if "threeRIInd" is one of [01, 02]. Scheme specific rules:

Visa: Field is required if available

Possible values: Value must match regular expression ^\d{0,4}$

sdkAppIDstring<uuid>nullable

Universally unique ID created upon all installations of the 3DS Requestor App on a Consumer Device. This will be newly generated and stored by the 3DS SDK for each installation. Required for APP channel.

sdkEncDatastringnullable

JWE Object (represented as a string) as defined in Section 6.2.2.1 containing data encrypted by the SDK for the DS to decrypt. Required for APP channel.

Possible values: <= 64000 characters

sdkEphemPubKeyobjectnullable

Public key component of the ephemeral key pair generated by the 3DS SDK and used to establish session keys between the 3DS SDK and ACS. Required for APP channel. Max length (JSON serialization): 256.

sdkMaxTimeoutstringnullable

Indicates maximum amount of time (in minutes) for all exchanges. Required for APP channel.

Possible values: >= 2 characters and <= 2 characters, Value must match regular expression ^(0[5-9]|[1-9][0-9])$

sdkReferenceNumberstringnullable

Identifies the vendor and version for the 3DS SDK that is integrated in a 3DS Requestor App, assigned by EMVCo when the 3DS SDK is approved. Required for APP channel.

Possible values: <= 32 characters

sdkTransIDstring<uuid>nullable

Universally unique transaction identifier assigned by the 3DS SDK to identify a single transaction. Conditions: Required if "deviceChannel" is "01" (APP).

shipAddrCitystringnullable

City portion of the shipping address requested by the Cardholder. Scheme specific rules:

Visa: Field is required if available
Mastercard: Field is required unless market restrictions prevent it

Possible values: <= 50 characters

shipAddrCountrystringnullable

The ISO 3166-1 numeric three-digit country code of the shipping address requested by the Cardholder. Conditions: Required if "shipAddrState" is not empty. Scheme specific rules:

Visa: Field is required if available
Mastercard: Field is required unless market restrictions prevent it

Possible values: Value must match regular expression ^\d{3}$

shipAddrLine1stringnullable

First line of the street address or equivalent local portion of the shipping address requested by the Cardholder. Scheme specific rules:

Visa: Field is required if available
Mastercard: Field is required unless market restrictions prevent it

Possible values: <= 50 characters

shipAddrLine2stringnullable

The second line of the street address or equivalent local portion of the shipping address requested by the Cardholder. Scheme specific rules:

Visa: Field is required if available
Mastercard: Field is required unless market restrictions prevent it

Possible values: <= 50 characters

shipAddrLine3stringnullable

The third line of the street address or equivalent local portion of the shipping address requested by the Cardholder. Scheme specific rules:

Visa: Field is required if available
Mastercard: Field is required unless market restrictions prevent it

Possible values: <= 50 characters

shipAddrPostCodestringnullable

The ZIP or other postal code of the shipping address requested by the Cardholder. Scheme specific rules:

Visa: Field is required if available
Mastercard: Field is required unless market restrictions prevent it

Possible values: <= 16 characters

shipAddrStatestringnullable

The ISO 3166-2 state or province of the shipping address associated with the card being used for this purchase. Scheme specific rules:

Visa: Field is required if available
Mastercard: Field is required unless market restrictions prevent it

Possible values: <= 3 characters

threeDSCompIndstringnullable

Indicates whether the 3DS Method successfully completed. Meaning of values:

Y: Successfully completed
N: Did not successfully complete
U: Unavailable — 3DS Method URL was not present in the PRes message data for the card range associated with the Cardholder Account Number.

Possible values: [Y, N, U]

threeDSReqAuthMethodIndstringnullable

Value that represents the signature verification performed by the DS on the mechanism (e.g., FIDO) used by the cardholder to authenticate to the 3DS Requestor. Meaning of values:

01: Verified
02: Failed
03: Not Performed
80-99: Reserved for DS use

Possible values: Value must match regular expression ^(0[123]|[89][0-9])$

threeDSRequestorAuthenticationIndstringnullable

Indicates the type of Authentication request. This data element provides additional information to the ACS to determine the best approach for handing an authentication request. Categories: PA, NPA. Channels: APP, BRW.

01: Payment transaction
02: Recurring transaction
03: Instalment transaction
04: Add card
05: Maintain card
06: Cardholder verification as part of EMV token ID&V
80-99: Reserved for DS use

Possible values: Value must match regular expression ^(0[1-7]|[89][0-9])$

threeDSRequestorAuthenticationInfo objectnullable

Information about how the 3DS Requestor authenticated the cardholder before or during the transaction. Categories: PA, NPA. Channels: APP, BRW.

threeDSReqAuthDatastringnullable

Data that documents and supports a specific authentication process. In the current version of the specification, this data element is not defined in detail; however, the intention is that for each 3DS Requestor Authentication Method, this field carries data that the ACS can use to verify the authentication process. For example: - If the 3DS Requestor Authentication Method is 03, this element can carry information about the provider of the federated ID and related information.

If the method is 06, this element can carry the FIDO attestation data (including the signature). - If the method is 07, this element can carry FIDO Attestation data with the FIDO assurance data signed. - If the method is 08, this element can carry the SRC assurance data. Scheme specific rules: Visa: Field is required if available.

Possible values: <= 20000 characters

threeDSReqAuthMethodstringnullable

Mechanism used by the Cardholder to authenticate to the 3DS Requestor.

01: No 3DS Requestor authentication occurred (i.e. cardholder logged in as guest)
02: Login to the cardholder account at the 3DS Requestor system using 3DS Requestor’s own credentials
03: Login to the cardholder account at the 3DS Requestor system using federated ID
04: Login to the cardholder account at the 3DS Requestor system using issuer credentials
05: Login to the cardholder account at the 3DS Requestor system using third-party authentication
06: Login to the cardholder account at the 3DS Requestor system using FIDO Authenticator
07: Login to the cardholder account at the 3DS Requestor system using FIDO Authenticator (FIDO assurance data signed)
08: SRC Assurance Data

Scheme specific rules: Visa: Field is required.

Possible values: Value must match regular expression ^(0[1-8]|[89][0-9])$, [01, 02, 03, 04, 05, 06, 07, 08]

threeDSReqAuthTimestampstring<yyyymmddhhmm>nullable

Date and time in UTC of the cardholder authentication. Scheme specific rules: Visa: Field is required if available.

threeDSRequestorChallengeIndstringnullable

Indicates whether a challenge is requested for this transaction. For example: For 01-PA, a 3DS Requestor may have concerns about the transaction, and request a challenge. For 02-NPA, a challenge may be necessary when adding a new card to a wallet. For local/regional mandates or other variables. Categories: PA, NPA. Channels: APP, BRW.

01: No preference
02: No challenge requested
03: Challenge requested (3DS Requestor preference)
04: Challenge requested (Mandate)
05: No challenge requested (transactional risk analysis is already performed)
06: No challenge requested (Data share only)
07: No challenge requested (strong consumer authentication is already performed)
08: No challenge requested (utilise whitelist exemption if no challenge required)
09: Challenge requested (whitelist prompt requested if challenge required)
80-99: Reserved for DS use

Scheme specific rules:

Visa: Field is required if available

Possible values: Value must match regular expression ^(0[1-9]|[89][0-9])$

threeDSRequestorDecMaxTimestringnullable

Indicates the maximum amount of time that the 3DS Requestor will wait for an ACS to provide the results of a Decoupled Authentication transaction (in minutes). Value is a 5-digit integer string in the range 00001 to 10080. Categories: PA, NPA. Channels: APP, BRW, 3RI. Required if threeDSRequestorDecReqInd is "Y".

Possible values: >= 5 characters and <= 5 characters, Value must match regular expression ^[0-9]{5}$

threeDSRequestorDecReqIndstringnullable

Indicates whether the 3DS Requestor requests the ACS to utilise Decoupled Authentication and agrees to utilise Decoupled Authentication if the ACS confirms its use. Categories: PA, NPA. Channels: APP, BRW, 3RI.

Possible values: [Y, N]

threeDSRequestorPriorAuthenticationInfo objectnullable

Information about how the 3DS Requestor authenticated the cardholder as part of a previous 3DS transaction. Categories: PA, NPA. Channels: APP, BRW, 3RI.

threeDSReqPriorAuthDatastringnullable

Data that documents and supports a specific authentication process. In the current version of the specification this data element is not defined in detail, however the intention is that for each 3DS Requestor Authentication Method, this field carry data that the ACS can use to verify the authentication process. In future versions of the specification, these details are expected to be included. Scheme specific rules: Visa: Field is required if available.

Possible values: <= 2048 characters

threeDSReqPriorAuthMethodstringnullable

Mechanism used by the Cardholder to previously authenticate to the 3DS Requestor. Meaning of values:

01: Frictionless authentication occurred by ACS
02: Cardholder challenge occurred by ACS
03: AVS verified
04: Other issuer methods

Scheme specific rules: Visa: Field is required if available.

Possible values: Value must match regular expression ^(0[1-4])|([89][1-10])$, [01, 02, 03, 04]

threeDSReqPriorAuthTimestampstringnullable

Date and time in UTC of the prior cardholder authentication. Format: yyyymmddhhmm. Scheme specific rules: Visa: Field is required if available.

Possible values: Value must match regular expression ^\d{12}$

threeDSReqPriorRefstringnullable

This data element provides additional information to the ACS to determine the best approach for handing a request. Scheme specific rules: Visa: Field is required if available.

Possible values: <= 36 characters

threeDSRequestorURLstring<uri>required

Fully qualified URL of 3DS Requestor website or customer care site. This data element provides additional information to the receiving 3-D Secure system if a problem arises and should provide contact information. Categories: PA, NPA. Channels: APP, BRW, 3RI. Scheme specific rules:

Visa: Field is required

Possible values: <= 2048 characters

threeRIIndstringnullable

Indicates the type of 3RI request. This data element provides additional information to the ACS to determine the best approach for handing a 3RI request. Categories: PA, NPA. Channels: 3RI.

01: Recurring transaction
02: Instalment transaction
03: Add card
04: Maintain card information
05: Account verification
06: Split/delayed shipment
07: Top-up
08: Mail Order
09: Telephone Order
10: Whitelist status check
11: Other payment
80-99: Reserved for DS use

Scheme specific rules:

Visa: Field is required if available

Possible values: Value must match regular expression ^(0[1-9]|1[0-2]|[89][0-9])$

transTypestringnullable

Identifies the type of transaction being authenticated. Categories: PA. Channels: APP, BRW, 3RI.

01: Goods/ Service Purchase
03: Check Acceptance
10: Account Funding
11: Quasi-Cash Transaction
28: Prepaid Activation and Load

Scheme specific rules:

Visa: Field is required

Possible values: [01, 03, 10, 11, 28]

whiteListStatusstringnullable

Enables the communication of trusted beneficiary/whitelist status between the ACS, the DS and the 3DS Requestor. Note: Valid values in the AReq message are Y or N. Categories: PA, NPA. Channels: APP, BRW, 3RI.

Y: 3DS Requestor is whitelisted by cardholder
N: 3DS Requestor is not whitelisted by cardholder
E: Not eligible as determined by issuer
P: Pending confirmation by cardholder
R: Cardholder rejected
U: Whitelist status unknown, unavailable, or does not apply

Possible values: [Y, N, E, P, R, U]

whiteListStatusSourcestringnullable

This data element will be populated by the system setting Whitelist Status. Categories: PA, NPA. Channels: APP, BRW, 3RI. Required if whiteListStatus is not empty.

01: 3DS Server
02: DS
03: ACS
80-99: Reserved for DS use

Possible values: Value must match regular expression ^(0[123]|[89][0-9])$

workPhone objectnullable

The work phone number provided by the Cardholder. Categories: PA, NPA. Channels: APP, BRW, 3RI. Scheme specific rules:

Visa: Field is required if available

ccstringrequired

Country code

Possible values: Value must match regular expression ^\d{1,3}$

Example: 44

subscriberstringrequired

Subscriber number

Possible values: Value must match regular expression ^\d{1,12}$

Example: 2079460123

AuthRequest
{
  "notificationURL": "string",
  "threeDSServerTransID": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "messageType": "AReq",
  "messageVersion": "2.2.0",
  "browserAcceptHeader": "string",
  "browserColorDepth": "1",
  "browserIP": "string",
  "browserJavaEnabled": true,
  "browserJavascriptEnabled": true,
  "browserLanguage": "string",
  "browserScreenHeight": "string",
  "browserScreenWidth": "string",
  "browserTZ": "string",
  "browserUserAgent": "string",
  "acctID": "string",
  "acctInfo": {
    "chAccAgeInd": "01",
    "chAccChange": "string",
    "chAccChangeInd": "01",
    "chAccDate": "string",
    "chAccPwChange": "string",
    "chAccPwChangeInd": "01",
    "chAccReqID": "string",
    "nbPurchaseAccount": "string",
    "paymentAccAge": "string",
    "paymentAccInd": "01",
    "provisionAttemptsDay": "string",
    "shipAddressUsage": "string",
    "shipAddressUsageInd": "01",
    "shipNameIndicator": "01",
    "suspiciousAccActivity": "01",
    "txnActivityDay": "string",
    "txnActivityYear": "string"
  },
  "acctNumber": "string",
  "acctType": "string",
  "acquirerBIN": "string",
  "acquirerMerchantID": "string",
  "addrMatch": "Y",
  "billAddrCity": "string",
  "billAddrCountry": "string",
  "billAddrLine1": "string",
  "billAddrLine2": "string",
  "billAddrLine3": "string",
  "billAddrPostCode": "string",
  "billAddrState": "string",
  "cardExpiryDate": "string",
  "cardholderName": "string",
  "deviceChannel": "string",
  "deviceRenderOptions": {
    "sdkInterface": "01",
    "sdkUiType": [
      "01"
    ],
    "sdkAuthenticationType": [
      null,
      null
    ]
  },
  "ds": "standin",
  "email": "user@example.com",
  "homePhone": {
    "cc": "44",
    "subscriber": "2079460123"
  },
  "mcc": "string",
  "merchantCountryCode": "string",
  "merchantName": "string",
  "merchantRiskIndicator": {
    "deliveryEmailAddress": "user@example.com",
    "deliveryTimeframe": "01",
    "giftCardAmount": "string",
    "giftCardCount": "string",
    "giftCardCurr": "string",
    "preOrderDate": "string",
    "preOrderPurchaseInd": "01",
    "reorderItemsInd": "01",
    "shipIndicator": "01",
    "transChar": [
      "01"
    ]
  },
  "messageExtension": [
    {
      "criticalityIndicator": true,
      "data": {},
      "id": "string",
      "name": "string"
    }
  ],
  "mobilePhone": {
    "cc": "44",
    "subscriber": "2079460123"
  },
  "purchaseAmount": "string",
  "purchaseCurrency": "string",
  "purchaseDate": "string",
  "purchaseExponent": "string",
  "purchaseInstalData": "string",
  "payTokenInd": true,
  "payTokenSource": "string",
  "recurringExpiry": "string",
  "recurringFrequency": "string",
  "sdkAppID": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "sdkEncData": "string",
  "sdkEphemPubKey": {},
  "sdkMaxTimeout": "string",
  "sdkReferenceNumber": "string",
  "sdkTransID": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "shipAddrCity": "string",
  "shipAddrCountry": "string",
  "shipAddrLine1": "string",
  "shipAddrLine2": "string",
  "shipAddrLine3": "string",
  "shipAddrPostCode": "string",
  "shipAddrState": "string",
  "threeDSCompInd": "Y",
  "threeDSReqAuthMethodInd": "string",
  "threeDSRequestorAuthenticationInd": "string",
  "threeDSRequestorAuthenticationInfo": {
    "threeDSReqAuthData": "string",
    "threeDSReqAuthMethod": "01",
    "threeDSReqAuthTimestamp": "string"
  },
  "threeDSRequestorChallengeInd": "string",
  "threeDSRequestorDecMaxTime": "string",
  "threeDSRequestorDecReqInd": "Y",
  "threeDSRequestorPriorAuthenticationInfo": {
    "threeDSReqPriorAuthData": "string",
    "threeDSReqPriorAuthMethod": "01",
    "threeDSReqPriorAuthTimestamp": "string",
    "threeDSReqPriorRef": "string"
  },
  "threeDSRequestorURL": "string",
  "threeRIInd": "string",
  "transType": "01",
  "whiteListStatus": "Y",
  "whiteListStatusSource": "string",
  "workPhone": {
    "cc": "44",
    "subscriber": "2079460123"
  }
}