6.2. Specification 2.1.0

The scenario selector below can be used to narrow down the required fields for a selected authentication scenario. Please note the following:

  1. When All is selected in both dropdowns, no type filters are applied. I.e. both sdkTransID and browserUserAgent is marked as required, even though they will never appear in the same message.

  2. When a Message Category or a Device Channel is selected, messages will be filtered if they are not relevant for the selection. The inclusion might change from e.g. required to optional

Message Category:
Device Channel:

/preauth endpoint

For usage, refer to /preauth endpoint.

Input

acctNumber
string
Regexp: ^[0-9]{13,19}$
Required
Categories: PA NPA
Channels: APP BRW 3RI
Account number that will be used in the authorisation request for payment transactions. May be represented by PAN, token.

Output

acsEndProtocolVersion
string
Required
The most recent active protocol version that is supported for the ACS URL.
acsInfoInd
Array of string
Regexp: ^(0[1-4]|[89][0-9])$
Optional
Provides additional information to the 3DS Server. The element lists all applicable values for the card range.

Meaning of values:

01 Authentication Available at ACS
02 Attempts Supported by ACS or DS
03 Decoupled Authentication Supported
04 Whitelisting Supported
80-99 Reserved for DS use
acsStartProtocolVersion
string
Required
The earliest (i.e. oldest) active protocol version that is supported by the ACS.
dsEndProtocolVersion
string
Optional
The most recent active protocol version that is supported for the DS.
dsStartProtocolVersion
string
Optional
The earliest (i.e. oldest) active protocol version that is supported by the DS.
messageType
string
Must be: CRD
Required
Categories: PA NPA
Channels: APP BRW 3RI
Identifies the type of message that is passed.
threeDSMethodURL
string
Format: url
Max length: 256
Optional
The ACS URL that will be used by the 3DS Method. Note: The 3DSMethodURL data element may be omitted if not supported by the ACS for this specific card range.
threeDSServerTransID
string
Format: uuid
Required
Categories: PA NPA
Channels: APP BRW 3RI
Universally unique transaction identifier assigned by the 3DS Server to identify a single transaction.
scheme
string
One of: standin visa mastercard amex discover
Required
Account number Card Scheme

Meaning of values:

standin 3dsecure.io standin scheme (only in sandbox)
visa Visa
mastercard Mastercard
amex American Express
discover Discover

/auth endpoint

For usage, refer to /auth endpoint.

Input

acctID
string
Max length: 64
Optional
Categories: PA NPA
Channels: APP BRW 3RI
Additional information about the account optionally provided by the 3DS Requestor.

Scheme specific rules:

Visa
Field is required if available
acctInfo
Optional
Categories: PA NPA
Channels: APP BRW 3RI
Additional information about the Cardholder’s account provided by the 3DS Requestor.
acctNumber
string
Regexp: ^[0-9]{13,19}$
Required
Categories: PA NPA
Channels: APP BRW 3RI
Account number that will be used in the authorisation request for payment transactions. May be represented by PAN, token.
acctType
string
Regexp: ^(0[1-3]|[89][0-9])$
Optional
Categories: PA NPA
Channels: APP BRW 3RI
Indicates the type of account. For example, for a multi-account card product.

Meaning of values:

01 Not applicable
02 Credit
03 Debit
80-99 Usable by card schemes

Scheme specific rules:

Visa
Field is required if available
acquirerBIN
string
Max length: 11
Conditional
Categories: PA NPA
Channels: APP BRW 3RI
Acquiring institution identification code as assigned by the DS receiving the AReq message.
Required if messageCategory is "01"

Scheme specific rules:

Visa
Field is required
acquirerMerchantID
string
Max length: 35
Conditional
Categories: PA NPA
Channels: APP BRW 3RI
Acquirer-assigned Merchant identifier. This may be the same value that is used in authorisation requests sent on behalf of the 3DS Requestor and is represented in ISO 8583 formatting requirements.
Required if messageCategory is "01"

Scheme specific rules:

Visa
Field is required
addrMatch
string
One of: Y N
Optional
Categories: PA NPA
Channels: APP BRW
Indicates whether the Cardholder Shipping Address and Cardholder Billing Address are the same.

Scheme specific rules:

Visa
Field is required if available
billAddrCity
string
Max length: 50
Optional
Categories: PA NPA
Channels: APP BRW 3RI
The city of the Cardholder billing address associated with the card used for this purchase.

Scheme specific rules:

Visa
Field is required
Mastercard
Field is required unless market restrictions prevent it
billAddrCountry
string
Regexp: ^\d{3}$
Optional
Categories: PA NPA
Channels: APP BRW 3RI
The ISO 3166-1 numeric three-digit country code of the Cardholder billing address associated with the card used for this purchase.

Scheme specific rules:

Visa
Field is required
Mastercard
Field is required unless market restrictions prevent it
billAddrLine1
string
Max length: 50
Optional
Categories: PA NPA
Channels: APP BRW 3RI
First line of the street address or equivalent local portion of the Cardholder billing address associated with the card used for this purchase.

Scheme specific rules:

Visa
Field is required
Mastercard
Field is required unless market restrictions prevent it
billAddrLine2
string
Max length: 50
Optional
Categories: PA NPA
Channels: APP BRW 3RI
Second line of the street address or equivalent local portion of the Cardholder billing address associated with the card used for this purchase.

Scheme specific rules:

Visa
Field is required
Mastercard
Field is required unless market restrictions prevent it
billAddrLine3
string
Max length: 50
Optional
Categories: PA NPA
Channels: APP BRW 3RI
Third line of the street address or equivalent local portion of the Cardholder billing address associated with the card used for this purchase.

Scheme specific rules:

Visa
Field is required
Mastercard
Field is required unless market restrictions prevent it
billAddrPostCode
string
Max length: 16
Optional
Categories: PA NPA
Channels: APP BRW 3RI
ZIP or other postal code of the Cardholder billing address associated with the card used for this purchase.

Scheme specific rules:

Visa
Field is required
Mastercard
Field is required unless market restrictions prevent it
billAddrState
string
Max length: 3
Optional
Categories: PA NPA
Channels: APP BRW 3RI
The ISO 3166-2 state or province of the Cardholder billing address associated with the card used for this purchase.

Scheme specific rules:

Visa
Field is required
Mastercard
Field is required unless market restrictions prevent it
browserAcceptHeader
string
Max length: 2048
Required
Categories: PA NPA
Channels: BRW
Exact content of the HTTP accept headers as sent to the 3DS Requestor from the Cardholder’s browser.
browserColorDepth
string
One of: 1 4 8 15 16 24 32 48
Required
Categories: PA NPA
Channels: BRW
Value representing the bit depth of the colour palette for displaying images, in bits per pixel. Obtained from Cardholder browser using the screen.colorDepth property.
browserIP
string
Format: ip
Max length: 45
Optional
Categories: PA NPA
Channels: BRW
IP address the browser is connecting from.

Scheme specific rules:

Visa
Field is required if available
Mastercard
Field is required unless market restrictions prevent it
browserJavaEnabled
bool
Required
Categories: PA NPA
Channels: BRW
Boolean that represents the ability of the cardholder browser to execute Java. Value is returned from the navigator.javaEnabled property.
browserLanguage
string
Min length: 1
Max length: 8
Required
Categories: PA NPA
Channels: BRW
Value representing the browser language as defined in IETF BCP47. Returned from navigator.language property.
browserScreenHeight
string
Regexp: ^[0-9]{1,6}$
Required
Categories: PA NPA
Channels: BRW
Total height of the Cardholder’s screen in pixels. Value is returned from the screen.height property.
browserScreenWidth
string
Regexp: ^[0-9]{1,6}$
Required
Categories: PA NPA
Channels: BRW
Total width of the cardholder’s screen in pixels. Value is returned from the screen.width property.
browserTZ
string
Regexp: ^[+-]?[0-9]{1,4}$
Required
Categories: PA NPA
Channels: BRW
Time-zone offset in minutes between UTC and the Cardholder browser local time. Note that the offset is positive if the local time zone is behind UTC and negative if it is ahead.
browserUserAgent
string
Max length: 2048
Required
Categories: PA NPA
Channels: BRW
Exact content of the HTTP user-agent header. Note: If the total length of the User-Agent sent by the browser exceeds 2048 characters, truncate the excess portion.
cardExpiryDate
string
Format: yymm
Optional
Categories: PA NPA
Channels: APP BRW 3RI
Expiry Date of the PAN or token supplied to the 3DS Requestor by the Cardholder.

Scheme specific rules:

Visa
Field is required
Mastercard
Field is required
cardholderName
string
Min length: 2
Max length: 45
Optional
Categories: PA NPA
Channels: APP BRW 3RI
Name of the Cardholder.

Scheme specific rules:

Visa
Field is required
Mastercard
Field is required unless market restrictions prevent it
deviceChannel
string
Regexp: ^(0[1-3]|[89][0-9])$
Required
Categories: PA NPA
Channels: APP BRW 3RI
Indicates the type of channel interface being used to initiate the transaction.

Meaning of values:

01 App-based (APP)
02 Browser (BRW)
03 3DS Requestor Initiated (3RI)
80-99 Reserved for DS use
deviceRenderOptions
Required
Categories: PA NPA
Channels: APP
Defines the SDK UI types that the device supports for displaying specific challenge user interfaces within the SDK.
email
string
Format: email
Max length: 254
Optional
Categories: PA NPA
Channels: APP BRW 3RI
The email address associated with the account that is either entered by the Cardholder, or is on file with the 3DS Requestor.

Scheme specific rules:

Visa
Field is required
Mastercard
Field is required unless market restrictions prevent it
homePhone
Optional
Categories: PA NPA
Channels: APP BRW 3RI
The home phone number provided by the Cardholder.

Scheme specific rules:

Visa
Field is required if available
Mastercard
Field is required unless market restrictions prevent it
mcc
string
Length: 4
Conditional
Categories: PA NPA
Channels: APP BRW 3RI
DS-specific code describing the Merchant's type of business, product or service.
Required if messageCategory is "01"

Scheme specific rules:

Visa
Field is required
merchantCountryCode
string
Regexp: ^\d{3}$
Format: country
Conditional
Categories: PA NPA
Channels: APP BRW 3RI
The ISO 3166-1 numeric three-digit country code of the Merchant.
Required if messageCategory is "01"

Scheme specific rules:

Visa
Field is required
merchantName
string
Max length: 40
Conditional
Categories: PA NPA
Channels: APP BRW 3RI
Merchant name assigned by the Acquirer or Payment System.
Required if messageCategory is "01"

Scheme specific rules:

Visa
Field is required
merchantRiskIndicator
Optional
Categories: PA NPA
Channels: APP BRW 3RI
Merchant's assessment of the level of fraud risk for the specific authentication for both the cardholder and the authentication being conducted.
messageCategory
string
Regexp: ^(0[1-2]|[89][0-9])$
Required
Categories: PA NPA
Channels: APP BRW 3RI
Identifies the category of the message for a specific use case.

Meaning of values:

01 PA - Payment
02 NPA - Non-Payment
80-99 Reserved for DS use
messageExtension
Max length: 10
Optional
Categories: PA NPA
Channels: APP BRW 3RI
Data necessary to support requirements not otherwise defined in the 3-D Secure message are carried in a Message Extension.
messageType
string
Must be: AReq
Required
Categories: PA NPA
Channels: APP BRW 3RI
Identifies the type of message that is passed.
messageVersion
string
Must be: 2.1.0
Required
Categories: PA NPA
Channels: APP BRW 3RI
Protocol version identifier This shall be the Protocol Version Number of the specification utilised by the system creating this message.
mobilePhone
Optional
Categories: PA NPA
Channels: APP BRW 3RI
The mobile phone number provided by the Cardholder.

Scheme specific rules:

Visa
Field is required if available
Mastercard
Field is required unless market restrictions prevent it
notificationURL
string
Format: url
Max length: 256
Required
Categories: PA NPA
Channels: BRW
Fully qualified URL of the system that receives the CRes message or Error Message. The CRes message is posted by the ACS through the Cardholder browser at the end of the challenge and receipt of the RRes message.
purchaseAmount
string
Regexp: ^\d{0,48}$
Conditional
Categories: PA NPA
Channels: APP BRW
Purchase amount in minor units of currency with all punctuation removed.
Required if messageCategory is "01"
Required if messageCategory is "02" and threeDSRequestorAuthenticationInd is one of [02, 03]

Scheme specific rules:

Visa
Field is required
purchaseCurrency
string
Format: currency
Conditional
Categories: PA NPA
Channels: APP BRW
Currency in which purchase amount is expressed.
Required if messageCategory is "01"
Required if messageCategory is "02" and threeDSRequestorAuthenticationInd is one of [02, 03]

Scheme specific rules:

Visa
Field is required
purchaseDate
string
Conditional
Categories: PA NPA
Channels: APP BRW
Date and time of the purchase expressed in UTC.
Required if messageCategory is "01"
Required if messageCategory is "02" and threeDSRequestorAuthenticationInd is one of [02, 03]

Scheme specific rules:

Visa
Field is required
purchaseExponent
string
Regexp: ^\d$
Conditional
Categories: PA NPA
Channels: APP BRW
Minor units of currency as specified in the ISO 4217 currency exponent. This data should be available from your acquirer or card scheme. The standard is maintained at currency-iso.org.
Required if messageCategory is "01"
Required if messageCategory is "02" and threeDSRequestorAuthenticationInd is one of [02, 03]

Scheme specific rules:

Visa
Field is required
purchaseInstalData
string
Max length: 3
From 2 To 999
Conditional
Categories: PA NPA
Channels: APP BRW
Indicates the maximum number of authorisations permitted for instalment payments.
Required if threeDSRequestorAuthenticationInd is "03"

Scheme specific rules:

Visa
Field is required if available
payTokenInd
bool
Must be: true
Optional
Categories: PA NPA
Channels: APP BRW 3RI
A value of True indicates that the transaction was de-tokenised prior to being received by the ACS. This data element will be populated by the system residing in the 3-D Secure domain where the de-tokenisation occurs (i.e., the 3DS Server or the DS). Note: The Boolean value of true is the only valid response for this field when it is present.

Scheme specific rules:

Visa
Field is required if available
recurringExpiry
string
Format: yyyymmdd
Conditional
Categories: PA NPA
Channels: APP BRW
Date after which no further authorisations shall be performed.
Required if threeDSRequestorAuthenticationInd is one of [02, 03]

Scheme specific rules:

Visa
Field is required if available
recurringFrequency
string
Regexp: ^\d{0,4}$
Conditional
Categories: PA NPA
Channels: APP BRW
Indicates the minimum number of days between authorisations.
Required if threeDSRequestorAuthenticationInd is one of [02, 03]

Scheme specific rules:

Visa
Field is required if available
sdkAppID
string
Format: uuid
Required
Categories: PA NPA
Channels: APP
Universally unique ID created upon all installations of the 3DS Requestor App on a Consumer Device. This will be newly generated and stored by the 3DS SDK for each installation.
sdkEncData
string
Max length: 64000
Required
Categories: PA NPA
Channels: APP
JWE Object (represented as a string) as defined in Section 6.2.2.1 containing data encrypted by the SDK for the DS to decrypt.
sdkEphemPubKey
json
Max length: 256
Required
Categories: PA NPA
Channels: APP
Public key component of the ephemeral key pair generated by the 3DS SDK and used to establish session keys between the 3DS SDK and ACS.
sdkMaxTimeout
string
Length: 2
Value: 05 99
Required
Categories: PA NPA
Channels: APP
Indicates maximum amount of time (in minutes) for all exchanges.
sdkReferenceNumber
string
Max length: 32
Required
Categories: PA NPA
Channels: APP
Identifies the vendor and version for the 3DS SDK that is integrated in a 3DS Requestor App, assigned by EMVCo when the 3DS SDK is approved.
sdkTransID
string
Format: uuid
Required
Categories: PA NPA
Channels: APP
Universally unique transaction identifier assigned by the 3DS SDK to identify a single transaction.
shipAddrCity
string
Max length: 50
Optional
Categories: PA NPA
Channels: APP BRW 3RI
City portion of the shipping address requested by the Cardholder.

Scheme specific rules:

Visa
Field is required if available
Mastercard
Field is required unless market restrictions prevent it
shipAddrCountry
string
Regexp: ^\d{3}$
Conditional
Categories: PA NPA
Channels: APP BRW 3RI
The ISO 3166-1 numeric three-digit country code of the shipping address requested by the Cardholder.
Required if shipAddrState is not empty

Scheme specific rules:

Visa
Field is required if available
Mastercard
Field is required unless market restrictions prevent it
shipAddrLine1
string
Max length: 50
Optional
Categories: PA NPA
Channels: APP BRW 3RI
First line of the street address or equivalent local portion of the shipping address requested by the Cardholder.

Scheme specific rules:

Visa
Field is required if available
Mastercard
Field is required unless market restrictions prevent it
shipAddrLine2
string
Max length: 50
Optional
Categories: PA NPA
Channels: APP BRW 3RI
The second line of the street address or equivalent local portion of the shipping address requested by the Cardholder.

Scheme specific rules:

Visa
Field is required if available
Mastercard
Field is required unless market restrictions prevent it
shipAddrLine3
string
Max length: 50
Optional
Categories: PA NPA
Channels: APP BRW 3RI
The third line of the street address or equivalent local portion of the shipping address requested by the Cardholder.

Scheme specific rules:

Visa
Field is required if available
Mastercard
Field is required unless market restrictions prevent it
shipAddrPostCode
string
Max length: 16
Optional
Categories: PA NPA
Channels: APP BRW 3RI
The ZIP or other postal code of the shipping address requested by the Cardholder.

Scheme specific rules:

Visa
Field is required if available
Mastercard
Field is required unless market restrictions prevent it
shipAddrState
string
Max length: 3
Optional
Categories: PA NPA
Channels: APP BRW 3RI
The ISO 3166-2 state or province of the shipping address associated with the card being used for this purchase.

Scheme specific rules:

Visa
Field is required if available
Mastercard
Field is required unless market restrictions prevent it
threeDSCompInd
string
One of: Y N U
Required
Categories: PA NPA
Channels: BRW
Indicates whether the 3DS Method successfully completed.

Meaning of values:

Y Successfully completed
N Did not successfully complete
U Unavailable— 3DS Method URL was not present in the PRes message data for the card range associated with the Cardholder Account Number.
threeDSRequestorAuthenticationInd
string
Regexp: ^(0[1-6]|[89][0-9])$
Required
Categories: PA NPA
Channels: APP BRW
Indicates the type of Authentication request. This data element provides additional information to the ACS to determine the best approach for handing an authentication request.

Meaning of values:

01 Payment transaction
02 Recurring transaction
03 Instalment transaction
04 Add card
05 Maintain card
06 Cardholder verification as part of EMV token ID&V
80-99 Reserved for DS use
threeDSRequestorAuthenticationInfo
Optional
Information about how the 3DS Requestor authenticated the cardholder before or during the transaction.
threeDSRequestorChallengeInd
string
Regexp: ^(0[1-4]|[89][0-9])$
Optional
Categories: PA NPA
Channels: APP BRW
Indicates whether a challenge is requested for this transaction. For example: For 01-PA, a 3DS Requestor may have concerns about the transaction, and request a challenge. For 02-NPA, a challenge may be necessary when adding a new card to a wallet. For local/regional mandates or other variables.

Meaning of values:

01 No preference
02 No challenge requested
03 Challenge requested: 3DS Requestor Preference
04 Challenge requested: Mandate
80-99 Reserved for DS use

Scheme specific rules:

Visa
Field is required if available
threeDSRequestorPriorAuthenticationInfo
Optional
Categories: PA NPA
Channels: APP BRW 3RI
Information about how the 3DS Requestor authenticated the cardholder as part of a previous 3DS transaction.
threeDSRequestorURL
string
Format: url
Max length: 2048
Required
Categories: PA NPA
Channels: APP BRW 3RI
Fully qualified URL of 3DS Requestor website or customer care site. This data element provides additional information to the receiving 3-D Secure system if a problem arises and should provide contact information.

Scheme specific rules:

Visa
Field is required
threeDSServerTransID
string
Format: uuid
Required
Categories: PA NPA
Channels: APP BRW 3RI
Universally unique transaction identifier assigned by the 3DS Server to identify a single transaction.
threeRIInd
string
Regexp: ^(0[1-5]|[89][0-9])$
Required
Categories: PA NPA
Channels: 3RI
Indicates the type of 3RI request. This data element provides additional information to the ACS to determine the best approach for handing a 3RI request.

Meaning of values:

01 Recurring transaction
02 Instalment transaction
03 Add card
04 Maintain card information
05 Account verification
80-99 Reserved for DS use

Scheme specific rules:

Visa
Field is required if available
transType
string
One of: 01 03 10 11 28
Optional
Categories: PA
Channels: APP BRW
Identifies the type of transaction being authenticated.

Meaning of values:

01 Goods/ Service Purchase
03 Check Acceptance
10 Account Funding
11 Quasi-Cash Transaction
28 Prepaid Activation and Load

Scheme specific rules:

Visa
Field is required
workPhone
Optional
Categories: PA NPA
Channels: APP BRW 3RI
The work phone number provided by the Cardholder.

Scheme specific rules:

Visa
Field is required if available

Output

acsChallengeMandated
string
One of: Y N
Conditional
Categories: PA NPA
Channels: APP BRW
Indication of whether a challenge is required for the transaction to be authorised due to local/regional mandates or other variable.
Required if transStatus is "C"
acsOperatorID
string
Max length: 32
Optional
Categories: PA NPA
Channels: APP BRW 3RI
DS assigned ACS identifier. Each DS can provide a unique ID to each ACS on an individual basis.
acsReferenceNumber
string
Max length: 32
Required
Categories: PA NPA
Channels: APP BRW 3RI
Unique identifier assigned by the EMVCo Secretariat upon Testing and Approval.
acsRenderingType
Conditional
Categories: PA NPA
Channels: APP
Identifies the ACS UI Template that the ACS will first present to the consumer.
Required if deviceChannel is "01" and transStatus is "C"
acsSignedContent
string
Conditional
Categories: PA NPA
Channels: APP
Contains the JWS object (represented as a string) created by the ACS for the ARes message.
Required if transStatus is "C"
Required if deviceChannel is "01"
acsTransID
string
Format: uuid
Required
Categories: PA NPA
Channels: APP BRW 3RI
Universally unique transaction identifier assigned by the ACS to identify a single transaction.
acsURL
string
Format: url
Max length: 2048
Conditional
Categories: PA NPA
Channels: BRW
Fully qualified URL of the ACS to be used for the challenge. 02-BRW—3DS Requestor will post the CReq to this URL via the challenge window
Required if deviceChannel is "02"
Required if transStatus is "C"
authenticationType
string
Regexp: ^(0[1-3]|[89][0-9])$
Conditional
Categories: PA NPA
Channels: APP BRW 3RI
Indicates the type of authentication method the Issuer will use to challenge the Cardholder, whether in the ARes message or what was used by the ACS when in the RReq message.

Meaning of values:

01 Static
02 Dynamic
03 OOB
80-99 Reserved for DS use
Required if transStatus is "C"
authenticationValue
string
Regexp: ^[a-zA-Z0-9+/]{26,28}={0,2}$
Length: 28
Conditional
Categories: PA NPA
Channels: APP BRW 3RI
Payment System-specific value provided by the ACS or the DS using an algorithm defined by Payment System. Authentication Value may be used to provide proof of authentication.
Required if messageCategory is "01"
Required if transStatus is one of [Y, A]
cardholderInfo
string
Max length: 128
Optional
Categories: PA NPA
Channels: APP BRW
Text provided by the ACS/Issuer to Cardholder during a Frictionless or Decoupled transaction. The Issuer can provide information to Cardholder. For example, “Additional authentication is needed for this transaction, please contact (Issuer Name) at xxx-xxx-xxxx.”
dsReferenceNumber
string
Max length: 32
Required
Categories: PA NPA
Channels: APP BRW 3RI
EMVCo-assigned unique identifier to track approved DS.
dsTransID
string
Format: uuid
Max length: 36
Required
Categories: PA NPA
Channels: APP BRW 3RI
Universally unique transaction identifier assigned by the DS to identify a single transaction.
eci
string
Max length: 2
Optional
Categories: PA NPA
Channels: APP BRW 3RI
Payment System-specific value provided by the ACS or DS to indicate the results of the attempt to authenticate the Cardholder.
messageExtension
Max length: 10
Optional
Categories: PA NPA
Channels: APP BRW 3RI
Data necessary to support requirements not otherwise defined in the 3-D Secure message are carried in a Message Extension.
messageType
string
Must be: ARes
Required
Categories: PA NPA
Channels: APP BRW 3RI
Identifies the type of message that is passed.
messageVersion
string
Must be: 2.1.0
Required
Categories: PA NPA
Channels: APP BRW 3RI
Protocol version identifier This shall be the Protocol Version Number of the specification utilised by the system creating this message.
sdkTransID
string
Format: uuid
Required
Categories: PA NPA
Channels: APP
Universally unique transaction identifier assigned by the 3DS SDK to identify a single transaction.
threeDSServerTransID
string
Format: uuid
Required
Categories: PA NPA
Channels: APP BRW 3RI
Universally unique transaction identifier assigned by the 3DS Server to identify a single transaction.
transStatus
string
One of: Y N U A C R
Conditional
Categories: PA NPA
Channels: APP BRW 3RI
Indicates whether a transaction qualifies as an authenticated transaction or account verification.

Meaning of values:

Y Authentication/ Account Verification Successful
N Not Authenticated /Account Not Verified; Transaction denied
U Authentication/ Account Verification Could Not Be Performed; Technical or other problem, as indicated in ARes or RReq
A Attempts Processing Performed; Not Authenticated/Verified , but a proof of attempted authentication/verification is provided
C Challenge Required; Additional authentication is required using the CReq/CRes
R Authentication/ Account Verification Rejected; Issuer is rejecting authentication/verification and request that authorisation not be attempted.
Required if messageCategory is "01"
transStatusReason
string
Regexp: ^(0[1-9]|1[0-9]|2[0-1]|[89][0-9])$
Conditional
Categories: PA NPA
Channels: APP BRW 3RI
Provides information on why the Transaction Status field has the specified value.

Meaning of values:

01 Card authentication failed
02 Unknown Device
03 Unsupported Device
04 Exceeds authentication frequency limit
05 Expired card
06 Invalid card number
07 Invalid transaction
08 No Card record
09 Security failure
10 Stolen card
11 Suspected fraud
12 Transaction not permitted to cardholder
13 Cardholder not enrolled in service
14 Transaction timed out at the ACS
15 Low confidence
16 Medium confidence
17 High confidence
18 Very High confidence
19 Exceeds ACS maximum challenges
20 Non-Payment transaction not supported
21 3RI transaction not supported
Required if transStatus is one of [N, U, R]

Challenge flow

For usage, refer to Challenge flow.

Challenge request (CReq)

messageType
string
Must be: CReq
Required
Categories: PA NPA
Channels: APP BRW 3RI
Identifies the type of message that is passed.
messageVersion
string
One of: 2.1.0 2.2.0
Required
Categories: PA NPA
Channels: APP BRW 3RI
Protocol version identifier This shall be the Protocol Version Number of the specification utilised by the system creating this message.
messageExtension
Max length: 10
Optional
Categories: PA NPA
Channels: APP BRW 3RI
Data necessary to support requirements not otherwise defined in the 3-D Secure message are carried in a Message Extension.
acsTransID
string
Format: uuid
Required
Categories: PA NPA
Channels: APP BRW 3RI
Universally unique transaction identifier assigned by the ACS to identify a single transaction.
threeDSServerTransID
string
Format: uuid
Required
Categories: PA NPA
Channels: APP BRW 3RI
Universally unique transaction identifier assigned by the 3DS Server to identify a single transaction.
challengeWindowSize
string
One of: 01 02 03 04 05
Required
Dimensions of the challenge window that has been displayed to the Cardholder. The ACS shall reply with content that is formatted to appropriately render in this window to provide the best possible user experience. Preconfigured sizes are width x height in pixels of the window displayed in the Cardholder browser window.

Meaning of values:

01 250 x 400
02 390 x 400
03 500 x 600
04 600 x 400
05 Full screen

Challenge response (CRes)

acsCounterAtoS
string
Required
Categories: PA NPA
Channels: APP
Counter used as a security measure in the ACS to 3DS SDK secure channel.
acsTransID
string
Format: uuid
Required
Categories: PA NPA
Channels: APP BRW 3RI
Universally unique transaction identifier assigned by the ACS to identify a single transaction.
challengeCompletionInd
string
One of: Y N
Required
Categories: PA NPA
Channels: APP
Indicator of the state of the ACS challenge cycle and whether the challenge has completed or will require additional messages. Shall be populated in all CRes messages to convey the current state of the transaction.
messageExtension
Max length: 10
Optional
Categories: PA NPA
Channels: APP BRW 3RI
Data necessary to support requirements not otherwise defined in the 3-D Secure message are carried in a Message Extension.
messageType
string
Must be: CRes
Required
Categories: PA NPA
Channels: APP BRW 3RI
Identifies the type of message that is passed.
messageVersion
string
Must be: 2.1.0
Required
Categories: PA NPA
Channels: APP BRW 3RI
Protocol version identifier This shall be the Protocol Version Number of the specification utilised by the system creating this message.
sdkTransID
string
Format: uuid
Required
Categories: PA NPA
Channels: APP
Universally unique transaction identifier assigned by the 3DS SDK to identify a single transaction.
threeDSServerTransID
string
Format: uuid
Required
Categories: PA NPA
Channels: APP BRW 3RI
Universally unique transaction identifier assigned by the 3DS Server to identify a single transaction.
transStatus
string
One of: Y N
Conditional
Categories: PA NPA
Channels: APP BRW 3RI
Indicates whether a transaction qualifies as an authenticated transaction or account verification.

Meaning of values:

Y Authentication/ Account Verification Successful
N Not Authenticated /Account Not Verified; Transaction denied
Required if messageCategory is "01"

/postauth endpoint

For usage, refer to /postauth endpoint.

Input

threeDSServerTransID
string
Format: uuid
Required
Categories: PA NPA
Channels: APP BRW 3RI
Universally unique transaction identifier assigned by the 3DS Server to identify a single transaction.

Output

acsRenderingType
Required
Categories: PA NPA
Channels: APP
Identifies the ACS UI Template that the ACS will first present to the consumer.
acsTransID
string
Format: uuid
Required
Categories: PA NPA
Channels: APP BRW 3RI
Universally unique transaction identifier assigned by the ACS to identify a single transaction.
authenticationType
string
Regexp: ^(0[1-3]|[89][0-9])$
Conditional
Categories: PA NPA
Channels: APP BRW 3RI
Indicates the type of authentication method the Issuer will use to challenge the Cardholder, whether in the ARes message or what was used by the ACS when in the RReq message.

Meaning of values:

01 Static
02 Dynamic
03 OOB
80-99 Reserved for DS use
Required if transStatus is one of [Y, N]
authenticationValue
string
Regexp: ^[a-zA-Z0-9+/]{26,28}={0,2}$
Length: 28
Conditional
Categories: PA NPA
Channels: APP BRW 3RI
Payment System-specific value provided by the ACS or the DS using an algorithm defined by Payment System. Authentication Value may be used to provide proof of authentication.
Required if messageCategory is "01"
Required if transStatus is one of [Y, A]
challengeCancel
string
Regexp: ^(0[14-8]|[89][0-9])$
Optional
Categories: PA NPA
Channels: APP BRW
Indicator informing the ACS and the DS that the authentication has been canceled.

Meaning of values:

01 Cardholder selected "Cancel"
04 Transaction Timed Out at ACS— other timeouts
05 Transaction Timed Out at ACS— First CReq not received by ACS
06 Transaction Error
07 Unknown
08 Transaction Timed Out at SDK
80-99 Reserved for DS use
dsTransID
string
Format: uuid
Max length: 36
Required
Categories: PA NPA
Channels: APP BRW 3RI
Universally unique transaction identifier assigned by the DS to identify a single transaction.
eci
string
Max length: 2
Optional
Categories: PA NPA
Channels: APP BRW 3RI
Payment System-specific value provided by the ACS or DS to indicate the results of the attempt to authenticate the Cardholder.
interactionCounter
string
Length: 2
Value: 00 99
Required
Categories: PA NPA
Channels: APP BRW
Indicates the number of authentication cycles attempted by the Cardholder.
messageCategory
string
Regexp: ^(0[1-2]|[89][0-9])$
Required
Categories: PA NPA
Channels: APP BRW 3RI
Identifies the category of the message for a specific use case.

Meaning of values:

01 PA - Payment
02 NPA - Non-Payment
80-99 Reserved for DS use
messageExtension
Max length: 10
Optional
Categories: PA NPA
Channels: APP BRW 3RI
Data necessary to support requirements not otherwise defined in the 3-D Secure message are carried in a Message Extension.
messageType
string
Must be: RReq
Required
Categories: PA NPA
Channels: APP BRW 3RI
Identifies the type of message that is passed.
messageVersion
string
Must be: 2.1.0
Required
Categories: PA NPA
Channels: APP BRW 3RI
Protocol version identifier This shall be the Protocol Version Number of the specification utilised by the system creating this message.
threeDSServerTransID
string
Format: uuid
Required
Categories: PA NPA
Channels: APP BRW 3RI
Universally unique transaction identifier assigned by the 3DS Server to identify a single transaction.
transStatus
string
One of: Y N U A R
Conditional
Categories: PA NPA
Channels: APP BRW 3RI
Indicates whether a transaction qualifies as an authenticated transaction or account verification.

Meaning of values:

Y Authentication/ Account Verification Successful
N Not Authenticated /Account Not Verified; Transaction denied
U Authentication/ Account Verification Could Not Be Performed; Technical or other problem, as indicated in ARes or RReq
A Attempts Processing Performed; Not Authenticated/Verified , but a proof of attempted authentication/verification is provided
R Authentication/ Account Verification Rejected; Issuer is rejecting authentication/verification and request that authorisation not be attempted.
Required if messageCategory is "01"
transStatusReason
string
Regexp: ^(0[1-9]|1[0-9]|2[0-1]|[89][0-9])$
Conditional
Categories: PA NPA
Channels: APP BRW 3RI
Provides information on why the Transaction Status field has the specified value.

Meaning of values:

01 Card authentication failed
02 Unknown Device
03 Unsupported Device
04 Exceeds authentication frequency limit
05 Expired card
06 Invalid card number
07 Invalid transaction
08 No Card record
09 Security failure
10 Stolen card
11 Suspected fraud
12 Transaction not permitted to cardholder
13 Cardholder not enrolled in service
14 Transaction timed out at the ACS
15 Low confidence
16 Medium confidence
17 High confidence
18 Very High confidence
19 Exceeds ACS maximum challenges
20 Non-Payment transaction not supported
21 3RI transaction not supported
Required if transStatus is one of [N, U, R]

Error object

acsTransID
string
Format: uuid
Optional
Categories: PA NPA
Channels: APP BRW 3RI
Universally unique transaction identifier assigned by the ACS to identify a single transaction.
dsTransID
string
Format: uuid
Max length: 36
Optional
Categories: PA NPA
Channels: APP BRW 3RI
Universally unique transaction identifier assigned by the DS to identify a single transaction.
errorCode
string
One of: 101 102 103 201 202 203 204 301 302 303 304 305 306 307 402 403 404 405
Required
Code indicating the type of problem identified in the message.

Meaning of values:

101 Message Received Invalid
102 Message Version Number Not Supported
103 Sent Messages Limit Exceeded
201 Required Data Element Missing
202 Critical Message Extension Not Recognised
203 Format of one or more Data Elements is Invalid according to the Specification
204 Duplicate Data Element
301 Transaction ID Not Recognised
302 Data Decryption Failure
303 Access Denied, Invalid Endpoint
304 ISO Code Invalid
305 Transaction data not valid
306 Merchant Category Code (MCC) Not Valid for Payment System
307 Serial Number not Valid
402 Transaction Timed Out
403 Transient System Failure
404 Permanent System Failure
405 System Connection Failure
errorComponent
string
One of: C S D A
Required
Code indicating the 3-D Secure component that identified the error.

Meaning of values:

C 3DS SDK
S 3DS Server
D Directory Server
A ACS
errorDescription
string
Max length: 2048
Required
Text describing the problem identified in the message.
errorDetail
string
Max length: 2048
Required
Additional detail regarding the problem identified in the message.
errorMessageType
string
One of: ARes AReq PRes PReq CRes CReq RReq RRes Erro
Optional
Identifies the Message Type that was identified as erroneous.
messageType
string
Must be: Erro
Required
Categories: PA NPA
Channels: APP BRW 3RI
Identifies the type of message that is passed.
messageVersion
string
Must be: 2.1.0
Required
Categories: PA NPA
Channels: APP BRW 3RI
Protocol version identifier This shall be the Protocol Version Number of the specification utilised by the system creating this message.
sdkTransID
string
Format: uuid
Optional
Categories: PA NPA
Channels: APP
Universally unique transaction identifier assigned by the 3DS SDK to identify a single transaction.
threeDSServerTransID
string
Format: uuid
Required
Categories: PA NPA
Channels: APP BRW 3RI
Universally unique transaction identifier assigned by the 3DS Server to identify a single transaction.

Nested objects

ThreeDSRequestorAuthenticationInfo

threeDSReqAuthData
string
Max length: 2048
Optional
Data that documents and supports a specific authentication process. In the current version of the specification, this data element is not defined in detail, however the intention is that for each 3DS Requestor Authentication Method, this field carry data that the ACS can use to verify the authentication process. For example, for method: 02—field can carry generic 3DS Requestor authentication information 03—data element can carry information about the provider of the federated ID and related information 04—data element can carry the FIDO attestation data (including the signature) In future versions of the specification, these details are expected to be included

Scheme specific rules:

Visa
Field is required if available
threeDSReqAuthMethod
string
Regexp: ^(0[1-6]|[89][0-9])$
Optional
Mechanism used by the Cardholder to authenticate to the 3DS Requestor.

Meaning of values:

01 No 3DS Requestor authentication occurred (i.e. cardholder “logged in” as guest)
02 Login to the cardholder account at the 3DS Requestor system using 3DS Requestor’s own credentials
03 Login to the cardholder account at the 3DS Requestor system using federated ID
04 Login to the cardholder account at the 3DS Requestor system using issuer credentials
05 Login to the cardholder account at the 3DS Requestor system using third-party authentication
06 Login to the cardholder account at the 3DS Requestor system using FIDO Authenticator

Scheme specific rules:

Visa
Field is required
threeDSReqAuthTimestamp
string
Optional
Date and time in UTC of the cardholder authentication.

Scheme specific rules:

Visa
Field is required if available

DeviceRenderOptions

sdkInterface
string
One of: 01 02 03
Optional
Lists all of the SDK Interface types that the device supports for displaying specific challenge user interfaces within the SDK.

Meaning of values:

01 Native
02 HTML
03 Both
sdkUiType
Array of string
One of: 01 02 03 04 05
Optional
Lists all UI types that the device supports for displaying specific challenge user interfaces within the SDK.

Meaning of values:

01 Text
02 Single Select
03 Multi Select
04 OOB
05 HTML Other (valid only for HTML UI)

AcctInfo

chAccAgeInd
string
One of: 01 02 03 04 05
Optional
Length of time that the cardholder has had the account with the 3DS Requestor.

Meaning of values:

01 No account (guest check-out)
02 Created during this transaction
03 Less than 30 days
04 30−60 days
05 More than 60 days

Scheme specific rules:

Visa
Field is required if available
chAccChange
string
Format: yyyymmdd
Optional
Date that the cardholder’s account with the 3DS Requestor was last changed, including Billing or Shipping address, new payment account, or new user(s) added.

Scheme specific rules:

Visa
Field is required if available
chAccChangeInd
string
One of: 01 02 03 04
Optional
Length of time since the cardholder’s account information with the 3DS Requestor was last changed, including Billing or Shipping address, new payment account, or new user(s) added.

Meaning of values:

01 Changed during this transaction
02 Less than 30 days
03 30−60 days
04 More than 60 days

Scheme specific rules:

Visa
Field is required if available
chAccDate
string
Format: yyyymmdd
Optional
Date that the cardholder opened the account with the 3DS Requestor.

Scheme specific rules:

Visa
Field is required if available
chAccPwChange
string
Format: yyyymmdd
Optional
Date that cardholder’s account with the 3DS Requestor had a password change or account reset.

Scheme specific rules:

Visa
Field is required if available
chAccPwChangeInd
string
One of: 01 02 03 04 05
Optional
Indicates the length of time since the cardholder’s account with the 3DS Requestor had a password change or account reset.

Meaning of values:

01 No change
02 Changed during this transaction
03 Less than 30 days
04 30−60 days
05 More than 60 days

Scheme specific rules:

Visa
Field is required if available
nbPurchaseAccount
string
Regexp: ^[0-9]{1,4}$
Max length: 4
Optional
Number of purchases with this cardholder account during the previous six months.

Scheme specific rules:

Visa
Field is required if available
paymentAccAge
string
Format: yyyymmdd
Optional
Date that the payment account was enrolled in the cardholder’s account with the 3DS Requestor.

Scheme specific rules:

Visa
Field is required if available
paymentAccInd
string
One of: 01 02 03 04 05
Optional
Indicates the length of time that the payment account was enrolled in the cardholder’s account with the 3DS Requestor.

Meaning of values:

01 No account (guest check-out)
02 During this transaction
03 Less than 30 days
04 30−60 days
05 More than 60 days

Scheme specific rules:

Visa
Field is required if available
provisionAttemptsDay
string
Regexp: ^[0-9]{1,3}$
Max length: 3
Optional
Number of Add Card attempts in the last 24 hours.

Scheme specific rules:

Visa
Field is required if available
shipAddressUsage
string
Format: yyyymmdd
Optional
Date when the shipping address used for this transaction was first used with the 3DS Requestor.
shipAddressUsageInd
string
One of: 01 02 03 04
Optional
Indicates when the shipping address used for this transaction was first used with the 3DS Requestor.

Meaning of values:

01 This transaction
02 Less than 30 days
03 30−60 days
04 More than 60 days

Scheme specific rules:

Visa
Field is required if available
shipNameIndicator
string
One of: 01 02
Optional
Indicates if the Cardholder Name on the account is identical to the shipping Name used for this transaction.

Meaning of values:

01 Account Name identical to shipping Name
02 Account Name different than shipping Name

Scheme specific rules:

Visa
Field is required if available
suspiciousAccActivity
string
One of: 01 02
Optional
Indicates whether the 3DS Requestor has experienced suspicious activity (including previous fraud) on the cardholder account.

Meaning of values:

01 No suspicious activity has been observed
02 Suspicious activity has been observed

Scheme specific rules:

Visa
Field is required if available
txnActivityDay
string
Regexp: ^[0-9]{1,3}$
Max length: 3
Optional
Number of transactions (successful and abandoned) for this cardholder account with the 3DS Requestor across all payment accounts in the previous 24 hours.

Scheme specific rules:

Visa
Field is required if available
txnActivityYear
string
Regexp: ^[0-9]{1,3}$
Max length: 3
Optional
Number of transactions (successful and abandoned) for this cardholder account with the 3DS Requestor across all payment accounts in the previous year.

Scheme specific rules:

Visa
Field is required if available

PhoneNumber

cc
string
Regexp: ^\d{1,3}$
Required
Country code
subscriber
string
Regexp: ^\d{1,12}$
Required
Subscriber number

MerchantRiskIndicator

deliveryEmailAddress
string
Format: email
Max length: 254
Optional
For Electronic delivery, the email address to which the merchandise was delivered.

Scheme specific rules:

Visa
Field is required if available
deliveryTimeframe
string
One of: 01 02 03 04
Optional
Indicates the merchandise delivery timeframe.

Meaning of values:

01 Electronic Delivery
02 Same day shipping
03 Overnight shipping
04 Two-day or more shipping

Scheme specific rules:

Visa
Field is required if available
giftCardAmount
string
Regexp: ^\d{0,15}$
Optional
For prepaid or gift card purchase, the purchase amount total of prepaid or gift card(s) in major units (for example, USD 123.45 is 123).

Scheme specific rules:

Visa
Field is required if available
giftCardCount
string
Regexp: ^\d{2}$
Optional
For prepaid or gift card purchase, total count of individual prepaid or gift cards/codes purchased.

Scheme specific rules:

Visa
Field is required if available
giftCardCurr
string
Format: currency
Optional
For prepaid or gift card purchase, ISO 4217 three-digit currency code of the gift card, other than those listed in Table A.5.

Scheme specific rules:

Visa
Field is required if available
preOrderDate
string
Format: yyyymmdd
Optional
For a pre-ordered purchase, the expected date that the merchandise will be available.

Scheme specific rules:

Visa
Field is required if available
preOrderPurchaseInd
string
One of: 01 02
Optional
Indicates whether Cardholder is placing an order for merchandise with a future availability or release date.

Meaning of values:

01 Merchandise available
02 Future availability

Scheme specific rules:

Visa
Field is required if available
reorderItemsInd
string
One of: 01 02
Optional
Indicates whether the cardholder is reordering previously purchased merchandise.

Meaning of values:

01 First time ordered
02 Reordered

Scheme specific rules:

Visa
Field is required if available
shipIndicator
string
One of: 01 02 03 04 05 06 07
Optional
Indicates shipping method chosen for the transaction. Merchants must choose the Shipping Indicator code that most accurately describes the cardholder’s specific transaction, not their general business. If one or more items are included in the sale, use the Shipping Indicator code for the physical goods, or if all digital goods, use the Shipping Indicator code that describes the most expensive item.

Meaning of values:

01 Ship to cardholder’s billing address
02 Ship to another verified address on file with merchant
03 Ship to address that is different than the cardholder’s billing address
04 “Ship to Store” / Pick-up at local store (Store address shall be populated in shipping address fields)
05 Digital goods (includes online services, electronic gift cards and redemption codes)
06 Travel and Event tickets, not shipped
07 Other (for example, Gaming, digital services not shipped, emedia subscriptions, etc.)

Scheme specific rules:

Visa
Field is required if available

MessageExtension

criticalityIndicator
bool
Required
A Boolean value indicating whether the recipient must understand the contents of the extension to interpret the entire message.
data
json
Max length: 8059
Required
The data carried in the extension.
id
string
Max length: 64
Required
A unique identifier for the extension. Note: Payment System Registered Application Provider Identifier (RID) is required as prefix of the ID.
name
string
Max length: 64
Required
The name of the extension data set as defined by the extension owner.

ThreeDSRequestorPriorAuthenticationInfo

threeDSReqPriorAuthData
string
Max length: 2048
Optional
Data that documents and supports a specific authentication process. In the current version of the specification this data element is not defined in detail, however the intention is that for each 3DS Requestor Authentication Method, this field carry data that the ACS can use to verify the authentication process. In future versions of the specification, these details are expected to be included.

Scheme specific rules:

Visa
Field is required if available
threeDSReqPriorAuthMethod
string
Regexp: ^(0[1-4])|([89][1-10])$
Optional
Mechanism used by the Cardholder to previously authenticate to the 3DS Requestor.

Meaning of values:

01 Frictionless authentication occurred by ACS
02 Cardholder challenge occurred by ACS
03 AVS verified
04 Other issuer methods

Scheme specific rules:

Visa
Field is required if available
threeDSReqPriorAuthTimestamp
string
Optional
Date and time in UTC of the prior cardholder authentication.

Scheme specific rules:

Visa
Field is required if available
threeDSReqPriorRef
string
Max length: 36
Optional
This data element provides additional information to the ACS to determine the best approach for handing a request.

Scheme specific rules:

Visa
Field is required if available

ACSRenderingType

acsInterface
string
One of: 01 02
Required
This the ACS interface that the challenge will present to the cardholder.

Meaning of values:

01 Native UI
02 HTML UI
acsUiTemplate
string
One of: 01 02 03 04 05
Required
Identifies the UI Template format that the ACS first presents to the consumer.

Meaning of values:

01 Text
02 Single Select
03 Multi Select
04 OOB
05 HTML Other