6.4. Specification 2.3.1

The scenario selector below can be used to narrow down the required fields for a selected authentication scenario. Please note the following:

  1. When All is selected in both dropdowns, no type filters are applied. I.e. both sdkTransID and browserUserAgent is marked as required, even though they will never appear in the same message.

  2. When a Message Category or a Device Channel is selected, messages will be filtered if they are not relevant for the selection. The inclusion might change from e.g. required to optional.

Message Category:
Device Channel:

/preauth endpoint

For usage, refer to /preauth endpoint.

Input

acctNumber
string
Required
Regexp: ^[0-9]{13,19}$
Categories: PA NPA
Channels: BRW
Account number that will be used in the authorisation request for payment transactions. May be represented by PAN, token.
ds
string
Optional
One of:
standin visa mastercard jcb upi amex protectbuy sbn
Directory Server used in 3DS payment flow. This field is used to signal which DS to use on co-branded cards. Required for using the Dankort side on a Visa/Dankort

Meaning of values:

standin 3dsecure.io standin directory server and scheme (only in sandbox)
visa Visa
mastercard Mastercard
jcb JCB
upi UnionPay International
amex American Express
protectbuy ProtectBuy (Discover/Diners)
sbn Secured by Nets (Dankort/Forbrugsforeningen)

Output (CRD)

acsEndProtocolVersion
string
Required
Format: validVersion
The most recent active protocol version that is supported for the ACS URL.
acsInfoInd
Array of string
Optional
Regexp: ^(0[1-9]|1[01]|[89][0-9])$
Provides additional information to the 3DS Server. The element lists all applicable values for the card range.

Meaning of values:

01 Authentication Available at ACS
02 Attempts Supported by ACS or DS
03 Decoupled Authentication Supported
04 Whitelisting Supported
80-99 Reserved for DS use
acsStartProtocolVersion
string
Required
Format: validVersion
The earliest (i.e. oldest) active protocol version that is supported by the ACS.
dsEndProtocolVersion
string
Optional
Format: validVersion
The most recent active protocol version that is supported for the DS.
dsStartProtocolVersion
string
Optional
Format: validVersion
The earliest (i.e. oldest) active protocol version that is supported by the DS.
messageType
string
Required
Must be: CRD
Categories: PA NPA
Channels: APP BRW 3RI
Identifies the type of message that is passed.
threeDSMethodURL
string
Optional
Format: url
Max length: 256
The ACS URL that will be used by the 3DS Method. Note: The 3DSMethodURL data element may be omitted if not supported by the ACS for this specific card range.
threeDSServerTransID
string
Required
Format: uuid
Categories: PA NPA
Channels: APP BRW 3RI
Universally unique transaction identifier assigned by the 3DS Server to identify a single transaction.
scheme
string
Required
One of:
standin visa mastercard amex discover
Account number Card Scheme

Meaning of values:

standin 3dsecure.io standin scheme (only in sandbox)
visa Visa
mastercard Mastercard
amex American Express
discover Discover

/auth endpoint

For usage, refer to /auth endpoint.

Input (AReq)

acctID
string
Optional
Max length: 64
Categories: PA NPA
Channels: APP BRW 3RI
Additional information about the account optionally provided by the 3DS Requestor.

Scheme specific rules:

Visa
Field is required if available
Optional
Categories: PA NPA
Channels: APP BRW 3RI
Additional information about the Cardholder's account provided by the 3DS Requestor.
acctNumber
string
Required
Regexp: ^[0-9]{13,19}$
Categories: PA NPA
Channels: APP BRW 3RI
Account number that will be used in the authorisation request for payment transactions. May be represented by PAN, token.
acctType
string
Optional
Regexp: ^(0[1-3]|[89][0-9])$
Categories: PA NPA
Channels: APP BRW 3RI
Indicates the type of account. For example, for a multi-account card product.

Meaning of values:

01 Not applicable
02 Credit
03 Debit
80-99 Usable by card schemes

Scheme specific rules:

Visa
Field is required if available
acquirerBIN
string
Conditional
Max length: 11
Categories: PA NPA
Channels: APP BRW 3RI
Acquiring institution identification code as assigned by the DS receiving the AReq message.
Required if messageCategory is "01"

Scheme specific rules:

Visa
Field is required
acquirerMerchantID
string
Conditional
Max length: 35
Categories: PA NPA
Channels: APP BRW 3RI
Acquirer-assigned Merchant identifier. This may be the same value that is used in authorisation requests sent on behalf of the 3DS Requestor and is represented in ISO 8583 formatting requirements.
Required if messageCategory is "01"

Scheme specific rules:

Visa
Field is required
addrMatch
string
Optional
One of:
Y N
Categories: PA NPA
Channels: APP BRW
Indicates whether the Cardholder Shipping Address and Cardholder Billing Address are the same.

Scheme specific rules:

Visa
Field is required if available
appIp
string
Optional
Format: ip
Max length: 45
Categories: PA NPA
Channels: APP
External IP address (i.e., the device public IP address) used by the 3DS Requestor App when it connects to the 3DS Requestor environment.
billAddrCity
string
Optional
Max length: 50
Categories: PA NPA
Channels: APP BRW 3RI
The city of the Cardholder billing address associated with the card used for this purchase.

Scheme specific rules:

Visa
Field is required
Mastercard
Field is required unless market restrictions prevent it
billAddrCountry
string
Optional
Regexp: ^\d{3}$
Categories: PA NPA
Channels: APP BRW 3RI
The ISO 3166-1 numeric three-digit country code of the Cardholder billing address associated with the card used for this purchase.

Scheme specific rules:

Visa
Field is required
Mastercard
Field is required unless market restrictions prevent it
billAddrLine1
string
Optional
Max length: 50
Categories: PA NPA
Channels: APP BRW 3RI
First line of the street address or equivalent local portion of the Cardholder billing address associated with the card used for this purchase.

Scheme specific rules:

Visa
Field is required
Mastercard
Field is required unless market restrictions prevent it
billAddrLine2
string
Optional
Max length: 50
Categories: PA NPA
Channels: APP BRW 3RI
Second line of the street address or equivalent local portion of the Cardholder billing address associated with the card used for this purchase.

Scheme specific rules:

Visa
Field is required
Mastercard
Field is required unless market restrictions prevent it
billAddrLine3
string
Optional
Max length: 50
Categories: PA NPA
Channels: APP BRW 3RI
Third line of the street address or equivalent local portion of the Cardholder billing address associated with the card used for this purchase.

Scheme specific rules:

Visa
Field is required
Mastercard
Field is required unless market restrictions prevent it
billAddrPostCode
string
Optional
Max length: 16
Categories: PA NPA
Channels: APP BRW 3RI
ZIP or other postal code of the Cardholder billing address associated with the card used for this purchase.

Scheme specific rules:

Visa
Field is required
Mastercard
Field is required unless market restrictions prevent it
billAddrState
string
Optional
Max length: 3
Categories: PA NPA
Channels: APP BRW 3RI
The ISO 3166-2 state or province of the Cardholder billing address associated with the card used for this purchase.

Scheme specific rules:

Visa
Field is required
Mastercard
Field is required unless market restrictions prevent it
Optional
Categories: PA NPA
Channels: APP BRW 3RI
Unstructured information sent between the 3DS Server, the DS and the ACS.

Scheme specific rules:

Visa
Field is required if available
browserAcceptHeader
string
Required
Max length: 2048
Categories: PA NPA
Channels: BRW
Exact content of the HTTP accept headers as sent to the 3DS Requestor from the Cardholder's browser.
browserColorDepth
string
Conditional
One of:
1 4 8 15 16 24 32 48
Categories: PA NPA
Channels: BRW
Value representing the bit depth of the colour palette for displaying images, in bits per pixel. Obtained from Cardholder browser using the screen.colorDepth property.
Required if browserJavascriptEnabled is true
browserIP
string
Optional
Format: ip
Max length: 45
Categories: PA NPA
Channels: BRW
IP address the browser is connecting from.

Scheme specific rules:

Visa
Field is required if available
Mastercard
Field is required unless market restrictions prevent it
browserJavaEnabled
bool
Conditional
Categories: PA NPA
Channels: BRW
Boolean that represents the ability of the cardholder browser to execute Java. Value is returned from the navigator.javaEnabled property.
Required if browserJavascriptEnabled is true
browserJavascriptEnabled
bool
Required
Categories: PA NPA
Channels: BRW
Boolean that represents the ability of the cardholder browser execute JavaScript.
browserLanguage
string
Conditional
Min length: 1
Max length: 8
Categories: PA NPA
Channels: BRW
Value representing the browser language as defined in IETF BCP47. Returned from navigator.language property.
Required if browserJavascriptEnabled is true
browserScreenHeight
string
Conditional
Regexp: ^[0-9]{1,6}$
Categories: PA NPA
Channels: BRW
Total height of the Cardholder's screen in pixels. Value is returned from the screen.height property.
Required if browserJavascriptEnabled is true
browserScreenWidth
string
Conditional
Regexp: ^[0-9]{1,6}$
Categories: PA NPA
Channels: BRW
Total width of the cardholder's screen in pixels. Value is returned from the screen.width property.
Required if browserJavascriptEnabled is true
browserTZ
string
Conditional
Regexp: ^[+-]?[0-9]{1,4}$
Categories: PA NPA
Channels: BRW
Time-zone offset in minutes between UTC and the Cardholder browser local time. Note that the offset is positive if the local time zone is behind UTC and negative if it is ahead.
Required if browserJavascriptEnabled is true
browserUserAgent
string
Required
Max length: 2048
Categories: PA NPA
Channels: BRW
Exact content of the HTTP user-agent header. Note: If the total length of the User-Agent sent by the browser exceeds 2048 characters, truncate the excess portion.
cardExpiryDate
string
Optional
Format: yymm
Categories: PA NPA
Channels: APP BRW 3RI
Expiry Date of the PAN or token supplied to the 3DS Requestor by the Cardholder.

Scheme specific rules:

Visa
Field is required
Mastercard
Field is required
cardholderName
string
Optional
Min length: 2
Max length: 45
Categories: PA NPA
Channels: APP BRW 3RI
Name of the Cardholder.

Scheme specific rules:

Visa
Field is required
Mastercard
Field is required unless market restrictions prevent it
deviceChannel
string
Required
Regexp: ^(0[1-3]|[89][0-9])$
Categories: PA NPA
Channels: APP BRW 3RI
Indicates the type of channel interface being used to initiate the transaction.

Meaning of values:

01 App-based (APP)
02 Browser (BRW)
03 3DS Requestor Initiated (3RI)
80-99 Reserved for DS use
deviceRenderOptions
DeviceRenderOptions object
Required
Categories: PA NPA
Channels: APP
Defines the SDK UI types that the device supports for displaying specific challenge user interfaces within the SDK.
ds
string
Optional
One of:
standin visa mastercard jcb amex protectbuy sbn
Directory Server used in 3DS payment flow. This field is used to signal which DS to use on co-branded cards. Required for using the Dankort side on a Visa/Dankort

Meaning of values:

standin 3dsecure.io standin directory server and scheme (only in sandbox)
visa Visa
mastercard Mastercard
jcb JCB
amex American Express
protectbuy ProtectBuy (Discover/Diners)
sbn Secured by Nets (Dankort/Forbrugsforeningen)
email
string
Optional
Format: email
Max length: 254
Categories: PA NPA
Channels: APP BRW 3RI
The email address associated with the account that is either entered by the Cardholder, or is on file with the 3DS Requestor.

Scheme specific rules:

Visa
Field is required
Mastercard
Field is required unless market restrictions prevent it
Optional
Categories: PA NPA
Channels: APP BRW 3RI
The home phone number provided by the Cardholder.

Scheme specific rules:

Visa
Field is required if available
Mastercard
Field is required unless market restrictions prevent it
mcc
string
Conditional
Length: 4
Categories: PA NPA
Channels: APP BRW 3RI
DS-specific code describing the Merchant's type of business, product or service.
Required if messageCategory is "01"

Scheme specific rules:

Visa
Field is required
merchantCountryCode
string
Conditional
Format: countryCode
Regexp: ^\d{3}$
Categories: PA NPA
Channels: APP BRW 3RI
The ISO 3166-1 numeric three-digit country code of the Merchant.
Required if messageCategory is "01"

Scheme specific rules:

Visa
Field is required
merchantName
string
Conditional
Max length: 40
Categories: PA NPA
Channels: APP BRW 3RI
Merchant name assigned by the Acquirer or Payment System.
Required if messageCategory is "01"

Scheme specific rules:

Visa
Field is required
merchantRiskIndicator
MerchantRiskIndicator object
Optional
Categories: PA NPA
Channels: APP BRW 3RI
Merchant's assessment of the level of fraud risk for the specific authentication for both the cardholder and the authentication being conducted.
messageCategory
string
Required
Regexp: ^(0[1-2]|[89][0-9])$
Categories: PA NPA
Channels: APP BRW 3RI
Identifies the category of the message for a specific use case.

Meaning of values:

01 PA - Payment
02 NPA - Non-Payment
80 Identity Check Insights (without authentication) - MasterCard
80-99 Reserved for DS use
messageExtension
Array of MessageExtension object
Optional
Max length: 15
Categories: PA NPA
Channels: APP BRW 3RI
Data necessary to support requirements not otherwise defined in the 3-D Secure message are carried in a Message Extension.
messageType
string
Required
Must be: AReq
Categories: PA NPA
Channels: APP BRW 3RI
Identifies the type of message that is passed.
messageVersion
string
Required
Must be: 2.3.1
Categories: PA NPA
Channels: APP BRW 3RI
Protocol version identifier This shall be the Protocol Version Number of the specification utilised by the system creating this message.
mobilePhone
PhoneNumber object
Optional
Categories: PA NPA
Channels: APP BRW 3RI
The mobile phone number provided by the Cardholder.

Scheme specific rules:

Visa
Field is required if available
Mastercard
Field is required unless market restrictions prevent it
notificationURL
string
Required
Format: urlHttps
Max length: 256
Categories: PA NPA
Channels: BRW
Fully qualified URL of the system that receives the CRes message or Error Message. The CRes message is posted by the ACS through the Cardholder browser at the end of the challenge and receipt of the RRes message.
purchaseAmount
string
Conditional
Regexp: ^\d{0,48}$
Categories: PA NPA
Channels: APP BRW 3RI
Purchase amount in minor units of currency with all punctuation removed.
Required if messageCategory is "01"
Required if messageCategory is "02" and (threeDSRequestorAuthenticationInd is one of [02, 03, 07, 08, 09] or threeRIInd is one of [01, 02, 06, 07, 08, 09, 11, 15])

Scheme specific rules:

Visa
Field is required
purchaseCurrency
string
Conditional
Format: currency
Categories: PA NPA
Channels: APP BRW 3RI
3-digit ISO 4217 currency code string, in which purchase amount is expressed.
Required if messageCategory is "01"
Required if messageCategory is "02" and (threeDSRequestorAuthenticationInd is one of [02, 03, 07, 08, 09] or threeRIInd is one of [01, 02, 06, 07, 08, 09, 11, 15])

Scheme specific rules:

Visa
Field is required
purchaseDate
string
Conditional
Format: yyyymmddhhmmss
Categories: PA NPA
Channels: APP BRW 3RI
Date and time of the purchase expressed in UTC.
Required if messageCategory is "01"
Required if messageCategory is "02" and (threeDSRequestorAuthenticationInd is one of [02, 03, 07, 08, 09] or threeRIInd is one of [01, 02, 06, 07, 08, 09, 11, 15])

Scheme specific rules:

Visa
Field is required
purchaseExponent
string
Conditional
Regexp: ^\d$
Categories: PA NPA
Channels: APP BRW 3RI
Minor units of currency as specified in the ISO 4217 currency exponent. This data should be available from your acquirer or card scheme. The standard is maintained at currency-iso.org.
Required if messageCategory is "01"
Required if messageCategory is "02" and (threeDSRequestorAuthenticationInd is one of [02, 03, 07, 08, 09] or threeRIInd is one of [01, 02, 06, 07, 08, 09, 11, 15])

Scheme specific rules:

Visa
Field is required
purchaseInstalData
string
Conditional
Max length: 3
From 2 To 999
Categories: PA NPA
Channels: APP BRW 3RI
Indicates the maximum number of authorisations permitted for instalment payments.
Required if threeDSRequestorAuthenticationInd is "03"
Required if threeRIInd is "02"

Scheme specific rules:

Visa
Field is required if available
payTokenInd
bool
Optional
Must be: true
Categories: PA NPA
Channels: APP BRW 3RI
A value of True indicates that the transaction was de-tokenised prior to being received by the ACS. This data element will be populated by the system residing in the 3-D Secure domain where the de-tokenisation occurs (i.e., the 3DS Server or the DS). Note: The Boolean value of true is the only valid response for this field when it is present.

Scheme specific rules:

Visa
Field is required if available
payTokenSource
string
Conditional
Regexp: ^(0[1-2]|[89][0-9])$
Categories: PA NPA
Channels: APP BRW 3RI
This data element will be populated by the system residing in the 3-D Secure domain where the de-tokenisation occurs.

Meaning of values:

01 3-D Secure Server
02 Directory Server
80-99 Reserved for DS use
Required if payTokenInd is true
recurringExpiry
string
Optional
Format: yyyymmdd
Categories: PA NPA
Channels: APP BRW 3RI
Date after which no further authorisations shall be performed.

Scheme specific rules:

Visa
Field is required if available
recurringFrequency
string
Conditional
Regexp: ^\d{0,4}$
Categories: PA NPA
Channels: APP BRW 3RI
Indicates the minimum number of days between authorisations for a recurring or instalment transaction.
Required if frequencyInd is "01"

Scheme specific rules:

Visa
Field is required if available
sdkAppID
string
Required
Format: uuid
Categories: PA NPA
Channels: APP
Universally unique ID created upon all installations of the 3DS Requestor App on a Consumer Device. This will be newly generated and stored by the 3DS SDK for each installation.
sdkEncData
string
Required
Max length: 64000
Categories: PA NPA
Channels: APP
JWE Object (represented as a string) as defined in Section 6.2.2.1 containing data encrypted by the SDK for the DS to decrypt.
sdkEphemPubKey
json
Required
Max length: 256
Categories: PA NPA
Channels: APP
Public key component of the ephemeral key pair generated by the 3DS SDK and used to establish session keys between the 3DS SDK and ACS.
sdkMaxTimeout
string
Required
Length: 2
Value: 05 99
Categories: PA NPA
Channels: APP
Indicates maximum amount of time (in minutes) for all exchanges.
sdkReferenceNumber
string
Required
Max length: 32
Categories: PA NPA
Channels: APP
Identifies the vendor and version for the 3DS SDK that is integrated in a 3DS Requestor App, assigned by EMVCo when the 3DS SDK is approved.
sdkTransID
string
Conditional
Format: uuid
Categories: PA NPA
Channels: APP
Universally unique transaction identifier assigned by the 3DS SDK to identify a single transaction.
Required if deviceChannel is "01"
shipAddrCity
string
Optional
Max length: 50
Categories: PA NPA
Channels: APP BRW 3RI
City portion of the shipping address requested by the Cardholder.

Scheme specific rules:

Visa
Field is required if available
Mastercard
Field is required unless market restrictions prevent it
shipAddrCountry
string
Conditional
Regexp: ^\d{3}$
Categories: PA NPA
Channels: APP BRW 3RI
The ISO 3166-1 numeric three-digit country code of the shipping address requested by the Cardholder.
Required if shipAddrState is not empty

Scheme specific rules:

Visa
Field is required if available
Mastercard
Field is required unless market restrictions prevent it
shipAddrLine1
string
Optional
Max length: 50
Categories: PA NPA
Channels: APP BRW 3RI
First line of the street address or equivalent local portion of the shipping address requested by the Cardholder.

Scheme specific rules:

Visa
Field is required if available
Mastercard
Field is required unless market restrictions prevent it
shipAddrLine2
string
Optional
Max length: 50
Categories: PA NPA
Channels: APP BRW 3RI
The second line of the street address or equivalent local portion of the shipping address requested by the Cardholder.

Scheme specific rules:

Visa
Field is required if available
Mastercard
Field is required unless market restrictions prevent it
shipAddrLine3
string
Optional
Max length: 50
Categories: PA NPA
Channels: APP BRW 3RI
The third line of the street address or equivalent local portion of the shipping address requested by the Cardholder.

Scheme specific rules:

Visa
Field is required if available
Mastercard
Field is required unless market restrictions prevent it
shipAddrPostCode
string
Optional
Max length: 16
Categories: PA NPA
Channels: APP BRW 3RI
The ZIP or other postal code of the shipping address requested by the Cardholder.

Scheme specific rules:

Visa
Field is required if available
Mastercard
Field is required unless market restrictions prevent it
shipAddrState
string
Optional
Max length: 3
Categories: PA NPA
Channels: APP BRW 3RI
The ISO 3166-2 state or province of the shipping address associated with the card being used for this purchase.

Scheme specific rules:

Visa
Field is required if available
Mastercard
Field is required unless market restrictions prevent it
threeDSCompInd
string
Required
One of:
Y N U
Categories: PA NPA
Channels: BRW
Indicates whether the 3DS Method successfully completed.

Meaning of values:

Y Successfully completed
N Did not successfully complete
U Unavailable— 3DS Method URL was not present in the PRes message data for the card range associated with the Cardholder Account Number.
threeDSReqAuthMethodInd
string
Optional
Regexp: ^(0[123]|[89][0-9])$
One of:
01 02 03 04 05 06 07 08 09 10
Categories: PA NPA
Channels: APP BRW
Value that represents the signature verification performed by the DS on the mechanism (e.g., FIDO) used by the cardholder to authenticate to the 3DS Requestor.

Meaning of values:

01 No 3DS Requestor authentication occurred (i.e., Cardholder “logged in” as guest)
02 Login to the Cardholder account at the 3DS Requestor system using 3DS Requestor's own credentials
03 Login to the Cardholder account at the 3DS Requestor system using federated ID
04 Login to the Cardholder account at the 3DS Requestor system using Issuer credentials
05 Login to the Cardholder account at the 3DS Requestor system using third-party authentication
06 Login to the Cardholder account at the 3DS Requestor system using FIDO Authenticator
07 Login to the Cardholder account at the 3DS Requestor system using FIDO Authenticator (FIDO Assertion or Attestation data signed)
08 SRC Assurance Data
09 SPC Authentication
10 Electronic ID Authentication Data
11-79 Reserved for EMVCo future use (values invalid until defined by EMVCo)
80-99 Reserved for DS use
threeDSRequestorAuthenticationInd
string
Required
Regexp: ^\d{2}$
One of:
01 02 03 04 05 06 07 08 09 10 80-99
Categories: PA NPA
Channels: APP BRW
Indicates the type of Authentication request. This data element provides additional information to the ACS to determine the best approach for handling an authentication request.

Meaning of values:

01 Payment transaction
02 Recurring transaction
03 Instalment transaction
04 Add card
05 Maintain card
06 Cardholder verification as part of EMV token ID&V
07 Billing Agreement
08 Split shipment
09 Delayed shipment
10 Split payment
11-79 Reserved for EMVCo future use (values invalid until defined by EMVCo)
80-99 Reserved for DS use
threeDSRequestorAuthenticationInfo
Array of ThreeDSRequestorAuthenticationInfo object
Optional
Categories: PA NPA
Channels: APP BRW 3RI
Information about how the 3DS Requestor authenticated the cardholder before or during the transaction.
threeDSRequestorChallengeInd
Array of string
Optional
Regexp: ^(0[1-9]|1[0-5]|[89][0-9])$
One of:
01 02 03 04 05 06 07 08 09 10 11 12 13 14
Categories: PA NPA
Channels: APP BRW 3RI
Indicates whether a challenge is requested for this transaction. For example: For 01-PA, a 3DS Requestor may have concerns about the transaction, and request a challenge. For 02-NPA, a challenge may be necessary when adding a new card to a wallet. For local/regional mandates or other variables.

Meaning of values:

01 No preference
02 No challenge requested
03 Challenge requested (3DS Requestor preference)
04 Challenge requested (Mandate)
05 No challenge requested (transactional risk analysis is already performed)
06 No challenge requested (Data share only)
07 No challenge requested (strong consumer authentication is already performed)
08 No challenge requested (use Trust List exemption if no challenge required)
09 Challenge requested (Trust List prompt requested if challenge required)
10 No challenge requested (use low value exemption)
11 No challenge requested (Secure corporate payment exemption)
12 Challenge requested (Device Binding prompt requested if challenge required)
13 Challenge requested (Issuer requested)
14 Challenge requested (Merchant-initiated transactions)
15-79 Reserved for EMVCo future use (values invalid until defined by EMVCo)
80-99 Reserved for DS use

Scheme specific rules:

Visa
Field is required if available
threeDSRequestorDecMaxTime
string
Conditional
Length: 5
Value: 00001 10080
Categories: PA NPA
Channels: APP BRW 3RI
Indicates the maximum amount of time that the 3DS Requestor will wait for an ACS to provide the results of a Decoupled Authentication transaction (in minutes).
Required if threeDSRequestorDecReqInd is one of [Y, F, B]
threeDSRequestorDecReqInd
string
Optional
One of:
Y N F B
Categories: PA NPA
Channels: APP BRW 3RI
Indicates whether the 3DS Requestor requests the ACS to utilise Decoupled Authentication and agrees to utilise Decoupled Authentication if the ACS confirms its use.
threeDSRequestorPriorAuthenticationInfo
Array of ThreeDSRequestorPriorAuthenticationInfo object
Optional
Categories: PA NPA
Channels: APP BRW 3RI
Information about how the 3DS Requestor authenticated the cardholder as part of a previous 3DS transaction.
threeDSRequestorURL
string
Required
Format: urlHttps
Max length: 2048
Categories: PA NPA
Channels: APP BRW 3RI
Fully qualified URL of 3DS Requestor website or customer care site. This data element provides additional information to the receiving 3-D Secure system if a problem arises and should provide contact information.

Scheme specific rules:

Visa
Field is required
threeDSServerTransID
string
Required
Format: uuid
Categories: PA NPA
Channels: APP BRW 3RI
Universally unique transaction identifier assigned by the 3DS Server to identify a single transaction.
threeRIInd
string
Required
Regexp: ^\d{2}$
One of:
01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 80-99
Categories: PA NPA
Channels: 3RI
Indicates the type of 3RI request. This data element provides additional information to the ACS to determine the best approach for handing a 3RI request.

Meaning of values:

01 Recurring transaction
02 Instalment transaction
03 Add card
04 Maintain card information
05 Account verification
06 Split shipment
07 Top-up
08 Mail Order
09 Telephone Order
10 Trust List status check
11 Other payment
12 Billing Agreement
13 Device Binding status check
14 Card Security Code status check
15 Delayed shipment
16 Split payment
17 FIDO credential deletion
18 FIDO credential registration
19 Decoupled Authentication Fallback

Scheme specific rules:

Visa
Field is required if available
transType
string
Optional
One of:
01 03 10 11 28
Categories: PA
Channels: APP BRW 3RI
Identifies the type of transaction being authenticated.

Meaning of values:

01 Goods/ Service Purchase
03 Check Acceptance
10 Account Funding
11 Quasi-Cash Transaction
28 Prepaid Activation and Load

Scheme specific rules:

Visa
Field is required
trustListStatus
string
Optional
One of:
Y N E P R U
Categories: PA NPA
Channels: APP BRW 3RI
Enables the communication of trusted beneficiary/trustlist status between the ACS, the DS and the 3DS Requestor. Note: Valid values in the AReq message are Y or N

Meaning of values:

Y 3DS Requestor is Trust Listed by Cardholder
N 3DS Requestor is not Trust Listed by Cardholder
E Not eligible as determined by issuer
P Pending confirmation by Cardholder
R Cardholder rejected
U Trust List status unknown, unavailable, or does not apply
trustListStatusSource
string
Conditional
Regexp: ^(0[123]|[89][0-9])$
One of:
01 02 03
Categories: PA NPA
Channels: APP BRW 3RI
This data element will be populated by the system setting Trust List Status.

Meaning of values:

01 3DS Server
02 DS
03 ACS
04-79 Reserved for EMVCo future use (values invalid until defined by EMVCo)
80-99 Reserved for DS use
Required if trustListStatus is not empty
Optional
Categories: PA NPA
Channels: APP BRW 3RI
The work phone number provided by the Cardholder.

Scheme specific rules:

Visa
Field is required if available
threeDSMethodId
string
Optional
Format: uuid
Categories: PA NPA
Channels: BRW
Contains the 3DS Server Transaction ID used during the previous execution of the 3DS Method.
threeDSRequestorSpcSupport
string
Optional
Must be: Y
Categories: PA NPA
Channels: BRW
Indicate if the 3DS Requestor supports the SPC authentication. Note: If present, this field contains the value Y.
acceptLanguage
Array of string
Optional
Categories: PA NPA
Channels: BRW
Value representing the Browser language preference present in the HTTP header, as defined in IETF BCP 47.
acquirerCountryCode
string
Optional
Regexp: ^[0-9]{3}$
Categories: PA NPA
Channels: APP BRW 3RI
The code of the country where the acquiring institution is located (in accordance with ISO 3166-1). The DS may edit the value provided by the 3DS Server.
acquirerCountryCodeSource
string
Optional
Regexp: ^[0-9]{2}$
Categories: PA NPA
Channels: APP BRW 3RI
This data element is populated by the system setting the Acquirer Country Code. The DS may edit the value provided by the 3DS Server.
deviceId
string
Optional
Max length: 64
Categories: PA NPA
Channels: BRW
Unique and immutable identifier linked to a device that is consistent across 3DS transactions for the specific user device.
userId
string
Optional
Max length: 64
Categories: PA NPA
Channels: BRW
Identifier of the transacting user's Browser Account ID.
cardSecurityCode
string
Optional
Regexp: ^[0-9]{3,4}$
Categories: PA NPA
Channels: APP BRW 3RI
Three- or four-digit security code printed on the card.
cardSecurityCodeStatus
string
Optional
One of:
Y N U
Categories: PA NPA
Channels: APP BRW 3RI
Enables the communication of Card Security Code Status between the ACS, the DS and the 3DS Requestor.
cardSecurityCodeStatusSource
string
Conditional
Regexp: ^[0-9]{2}$
One of:
01 02
Categories: PA NPA
Channels: APP BRW 3RI
This data element will be populated by the system setting Card Security Code Status.

Meaning of values:

01 DS
02 ACS
03-79 Reserved for EMVCo future use (values invalid until defined by EMVCo)
80-99 Reserved for DS use
Required if cardSecurityCodeStatus is not empty
splitSdkType
SplitSdkType object
Conditional
Categories: PA NPA
Channels: APP
Indicates the characteristics of a Split-SDK.
Required if sdkType is "02"
defaultSdkType
DefaultSdkType object
Conditional
Categories: PA NPA
Channels: APP
Indicates the characteristics of a Default-SDK.
Required if sdkType is "01"
deviceBindingStatus
string
Optional
Regexp: ^[0-9]{2}$
One of:
01 02 03 04 05 06-10 11 12 13 14 15
Categories: PA NPA
Channels: APP BRW 3RI
Enables the communication of Device Binding Status between the ACS, the DS and the 3DS Requestor. For bound devices (value = 11–14), Device Binding Status also conveys the type of binding that was performed.

Meaning of values:

01 Device is not bound by Cardholder
02 Not eligible as determined by issuer
03 Pending confirmation by Cardholder
04 Cardholder reject
05 Device Binding Status unknown, unavailable, or does not apply
06-10 Reserved for EMVCo future use (values invalid until defined by EMVCo)
11 Device is bound by Cardholder (device is bound using hardware / SIM internal to the consumer device. For instance, keys stored in a secure element on the device)
12 Device is bound by Cardholder (device is bound using hardware external to the consumers device. For example, a external FIDO authenticator)
13 Device is bound by Cardholder (Device is bound using data that includes dynamically)
14 Device is bound by Cardholder (Device is bound using static device data that has been obtained from the consumers device)
15 Device is bound by Cardholder (Other method)
16-79 Reserved for EMVCo future use (values invalid until defined by EMVCo)
80-99 Reserved for DS use
deviceBindingStatusSource
string
Conditional
Regexp: ^[0-9]{2}$
One of:
01 02 03
Categories: PA NPA
Channels: APP BRW 3RI
This data element will be populated by the system setting Device Binding Status.

Meaning of values:

01 3DS Server
02 DS
03 ACS
04-79 Reserved for EMVCo future use (values invalid until defined by EMVCo)
80-99 Reserved for DS use
Required if deviceBindingStatus is not empty
payTokenInfo
json
Optional
Max length: 10000
Categories: PA NPA
Channels: APP BRW 3RI
Information about detokenised Payment Token.
multiTransaction
json
Optional
Max length: 10000
Categories: PA NPA
Channels: APP BRW 3RI
Additional transaction information in case of multiple transactions or Merchants.
payeeOrigin
string
Conditional
Format: urlHttps
Max length: 2048
The origin of the payee that will be provided in the SPC Transaction Data.
Required if threeDSRequestorSpcSupport is "Y"
recurringAmount
string
Conditional
Max length: 48
Categories: PA NPA
Channels: APP BRW 3RI
Recurring amount in minor units of currency with all punctuation removed.
Required if (threeDSRequestorAuthenticationInd is one of [02, 03] or threeRIInd is one of [01, 02])
Required if amountInd is "01"
recurringCurrency
string
Conditional
Regexp: ^[0-9]{3}$
Categories: PA NPA
Channels: APP BRW 3RI
Currency in which the Recurring Amount is expressed.
Required if recurringAmount is not empty
recurringExponent
string
Conditional
Regexp: ^[0-9]{1}$
Categories: PA NPA
Channels: APP BRW 3RI
Minor units of currency as specified in the ISO 4217 currency exponent.
Required if recurringAmount is not empty
recurringDate
string
Conditional
Format: yyyymmdd
Categories: PA NPA
Channels: APP BRW 3RI
Effective date of the new authorised amount following the first/promotional payment in a recurring or instalment transaction.
Required if frequencyInd is "01"
recurringInd
RecurringInd object
Conditional
Categories: PA NPA
Channels: APP BRW 3RI
Indicates whether the recurring or instalment payment has a fixed or variable amount and frequency.
Required if threeDSRequestorAuthenticationInd is one of [02, 03]
Required if threeRIInd is one of [01, 02]
sdkServerSignedContent
string
Conditional
Max length: 4000
Categories: PA NPA
Channels: APP
Contains the JWS object (represented as a string) created by the Split-SDK Server for the AReq message.
Required if sdkType is "02"
sdkSignatureTimestamp
string
Optional
Format: yyyymmddhhmmss
Categories: PA NPA
Channels: APP
Date and time indicating when the 3DS SDK generated the Split-SDK Server Signed Content converted into UTC.
sdkType
string
Required
Regexp: ^[0-9]{2}$
Categories: PA NPA
Channels: APP
Indicates the type of 3DS SDK.

Meaning of values:

01 Default SDK
02 Split-SDK
03-79 Reserved for EMVCo future use (values invalid until defined by EMVCo)
80-99 Reserved for DS use
sellerInfo
Array of SellerInfo object
Optional
Min length: 1
Max length: 50
Categories: PA NPA
Channels: APP BRW 3RI
Additional transaction information for transactions where Merchants submit transaction details on behalf of another entity, i.e., individual sellers in a marketplace or drivers in a ridesharing platform.
spcIncompInd
string
Optional
Regexp: ^[0-9]{2}$
Categories: PA NPA
Channels: BRW
Reason that the SPC authentication was not completed.

Meaning of values:

01 SPC did not run or did not successfully complete
02 Cardholder cancelled the SPC authentication
03 SPC timed out
04-99 Reserved for EMVCo future use (values invalid until defined by EMVCo)
taxId
string
Optional
Max length: 45
Categories: PA NPA
Channels: APP BRW 3RI
Cardholder's tax identification.

Output (ARes)

acsChallengeMandated
string
Conditional
One of:
Y N
Categories: PA NPA
Channels: APP BRW 3RI
Indication of whether a challenge is required for the transaction to be authorised due to local/regional mandates or other variable.
Required if transStatus is one of [C, D]
acsDecConInd
string
Conditional
One of:
Y N
Categories: PA NPA
Channels: APP BRW 3RI
Indicates whether the ACS confirms utilisation of Decoupled Authentication and agrees to utilise Decoupled Authentication to authenticate the Cardholder.
Required if transStatus is "D"
acsOperatorID
string
Optional
Max length: 32
Categories: PA NPA
Channels: APP BRW 3RI
DS assigned ACS identifier. Each DS can provide a unique ID to each ACS on an individual basis.
acsReferenceNumber
string
Required
Max length: 32
Categories: PA NPA
Channels: APP BRW 3RI
Unique identifier assigned by the EMVCo Secretariat upon Testing and Approval.
acsRenderingType
AcsRenderingType object
Conditional
Categories: PA NPA
Channels: APP
Identifies the ACS UI Template that the ACS will first present to the consumer.
Required if deviceChannel is "01" and transStatus is "C"
acsSignedContent
string
Conditional
Max length: 16000
Regexp: ^[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+$
Categories: PA NPA
Channels: APP
Contains the JWS object (represented as a string) created by the ACS for the ARes message.
Required if transStatus is "C"
Required if deviceChannel is "01"
acsTransID
string
Required
Format: uuid
Categories: PA NPA
Channels: APP BRW 3RI
Universally unique transaction identifier assigned by the ACS to identify a single transaction.
acsURL
string
Conditional
Format: urlHttps
Max length: 2048
Categories: PA NPA
Channels: BRW
Fully qualified URL of the ACS to be used for the challenge. 02-BRW—3DS Requestor will post the CReq to this URL via the challenge window
Required if deviceChannel is "02"
Required if transStatus is "C"
authenticationMethod
Array of string
Conditional
Min length: 1
Max length: 99
Regexp: ^[0-9]{2}$
One of:
01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16
Categories: PA NPA
Channels: APP BRW 3RI
Authentication approach that the ACS used to authenticate the Cardholder for this specific transaction.

Meaning of values:

01 Static Passcode
02 SMS OTP
03 Key fob or EMV card reader OTP
04 App OTP
05 OTP Other
06 KBA
07 OOB Biometrics
08 OOB Login
09 OOB Other
10 Other
11 Push Confirmation
12 Decoupled
13 WebAuthn
14 SPC
15 Behavioural biometrics
16 Electronic ID
12-79 Reserved for future EMVCo use (values invalid until defined by EMVCo)
80-99 Reserved for DS use
Required if transStatus is one of [C, D]
Required if transStatus is one of [Y, N]
authenticationValue
string
Conditional
Max length: 4000
Categories: PA NPA
Channels: APP BRW 3RI
Payment System-specific value provided by the ACS or the DS using an algorithm defined by Payment System. Authentication Value may be used to provide proof of authentication.
Required if messageCategory is "01"
Required if transStatus is one of [Y, A]
Optional
Categories: PA NPA
Channels: APP BRW 3RI
Unstructured information sent between the 3DS Server, the DS and the ACS.

Scheme specific rules:

Visa
Field is required if available
cardholderInfo
CardholderInfo object
Conditional
Categories: PA NPA
Channels: APP BRW 3RI
Text provided by the ACS/Issuer to Cardholder during a Frictionless or Decoupled transaction. The Issuer can provide information to Cardholder. For example, “Additional authentication is needed for this transaction, please contact (Issuer Name) at xxx-xxx-xxxx.”
Required if acsDecConInd is "Y"
dsReferenceNumber
string
Required
Max length: 32
Categories: PA NPA
Channels: APP BRW 3RI
EMVCo-assigned unique identifier to track approved DS.
dsTransID
string
Required
Format: uuid
Max length: 36
Categories: PA NPA
Channels: APP BRW 3RI
Universally unique transaction identifier assigned by the DS to identify a single transaction.
eci
string
Optional
Max length: 2
Categories: PA NPA
Channels: APP BRW 3RI
Payment System-specific value provided by the ACS or DS to indicate the results of the attempt to authenticate the Cardholder.
messageExtension
Array of MessageExtension object
Optional
Max length: 15
Categories: PA NPA
Channels: APP BRW 3RI
Data necessary to support requirements not otherwise defined in the 3-D Secure message are carried in a Message Extension.
messageType
string
Required
Must be: ARes
Categories: PA NPA
Channels: APP BRW 3RI
Identifies the type of message that is passed.
messageVersion
string
Required
Must be: 2.3.1
Categories: PA NPA
Channels: APP BRW 3RI
Protocol version identifier This shall be the Protocol Version Number of the specification utilised by the system creating this message.
sdkTransID
string
Conditional
Format: uuid
Categories: PA NPA
Channels: APP
Universally unique transaction identifier assigned by the 3DS SDK to identify a single transaction.
Required if deviceChannel is "01"
threeDSServerTransID
string
Required
Format: uuid
Categories: PA NPA
Channels: APP BRW 3RI
Universally unique transaction identifier assigned by the 3DS Server to identify a single transaction.
transStatus
string
Conditional
One of:
Y N U A C D R I S
Categories: PA NPA
Channels: APP BRW 3RI
Indicates whether a transaction qualifies as an authenticated transaction or account verification.

Meaning of values:

Y Authentication/ Account Verification Successful
N Not Authenticated /Account Not Verified; Transaction denied
U Authentication/ Account Verification Could Not Be Performed; Technical or other problem, as indicated in ARes or RReq
A Attempts Processing Performed; Not Authenticated/Verified , but a proof of attempted authentication/verification is provided
C Challenge Required; Additional authentication is required using the CReq/CRes
D Challenge Required; Decoupled Authentication confirmed.
R Authentication/ Account Verification Rejected; Issuer is rejecting authentication/verification and request that authorisation not be attempted.
I Informational Only; 3DS Requestor challenge preference acknowledged.
S Challenge using SPC
Required if messageCategory is "01"
transStatusReason
string
Conditional
Regexp: ^\d{2}$
One of:
01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 80-99
Categories: PA NPA
Channels: APP BRW 3RI
Provides information on why the Transaction Status field has the specified value.

Meaning of values:

01 Card authentication failed
02 Unknown device
03 Unsupported device
04 Exceeds authentication frequency limit
05 Expired card
06 Invalid card number
07 Invalid transaction
08 No card record
09 Security failure
10 Stolen card
11 Suspected fraud
12 Transaction not permitted to Cardholder
13 Cardholder not enrolled in service
14 Transaction timed out at the ACS
15 Low confidence
16 Medium confidence
17 High confidence
18 Very high confidence
19 Exceeds ACS maximum challenges
20 Non-Payment transaction not supported
21 3RI transaction not supported
22 ACS technical issue
23 Decoupled Authentication required by ACS but not requested by 3DS Requestor
24 3DS Requestor Decoupled Max Expiry Time exceeded
25 Decoupled Authentication was provided insufficient time to authenticate Cardholder. ACS will not make attempt
26 Authentication attempted but not performed by the Cardholder
27 Preferred Authentication Method not supported
28 Validation of content security policy failed
29 Authentication attempted but not completed by the Cardholder. Fall back to Decoupled Authentication
30 Authentication completed successfully but additional authentication of the Cardholder required. Reinitiate as Decoupled Authentication
31-79 Reserved for EMVCo future use (values invalid until defined by EMVCo)
80-99 Reserved for DS use
Required if messageCategory is "01"
Required if transStatus is one of [N, U, R]
trustListStatus
string
Optional
One of:
Y N E P R U
Categories: PA NPA
Channels: APP BRW 3RI
Enables the communication of trusted beneficiary/trustlist status between the ACS, the DS and the 3DS Requestor. Note: Valid values in the AReq message are Y or N

Meaning of values:

Y 3DS Requestor is Trust Listed by Cardholder
N 3DS Requestor is not Trust Listed by Cardholder
E Not eligible as determined by issuer
P Pending confirmation by Cardholder
R Cardholder rejected
U Trust List status unknown, unavailable, or does not apply
trustListStatusSource
string
Conditional
Regexp: ^(0[123]|[89][0-9])$
One of:
01 02 03
Categories: PA NPA
Channels: APP BRW 3RI
This data element will be populated by the system setting Trust List Status.

Meaning of values:

01 3DS Server
02 DS
03 ACS
04-79 Reserved for EMVCo future use (values invalid until defined by EMVCo)
80-99 Reserved for DS use
Required if trustListStatus is not empty
threeDSRequestorAppURLInd
string
Required
One of:
Y N
Categories: PA NPA
Channels: APP
Indicates whether the OOB Authentication App used by the ACS during a challenge supports the 3DS Requestor App URL.
cardSecurityCodeStatus
string
Optional
One of:
Y N U
Categories: PA NPA
Channels: APP BRW 3RI
Enables the communication of Card Security Code Status between the ACS, the DS and the 3DS Requestor.
cardSecurityCodeStatusSource
string
Conditional
Regexp: ^[0-9]{2}$
One of:
01 02
Categories: PA NPA
Channels: APP BRW 3RI
This data element will be populated by the system setting Card Security Code Status.

Meaning of values:

01 DS
02 ACS
03-79 Reserved for EMVCo future use (values invalid until defined by EMVCo)
80-99 Reserved for DS use
Required if cardSecurityCodeStatus is not empty
deviceBindingStatus
string
Optional
Regexp: ^[0-9]{2}$
One of:
01 02 03 04 05 06-10 11 12 13 14 15
Categories: PA NPA
Channels: APP BRW 3RI
Enables the communication of Device Binding Status between the ACS, the DS and the 3DS Requestor. For bound devices (value = 11–14), Device Binding Status also conveys the type of binding that was performed.

Meaning of values:

01 Device is not bound by Cardholder
02 Not eligible as determined by issuer
03 Pending confirmation by Cardholder
04 Cardholder reject
05 Device Binding Status unknown, unavailable, or does not apply
06-10 Reserved for EMVCo future use (values invalid until defined by EMVCo)
11 Device is bound by Cardholder (device is bound using hardware / SIM internal to the consumer device. For instance, keys stored in a secure element on the device)
12 Device is bound by Cardholder (device is bound using hardware external to the consumers device. For example, a external FIDO authenticator)
13 Device is bound by Cardholder (Device is bound using data that includes dynamically)
14 Device is bound by Cardholder (Device is bound using static device data that has been obtained from the consumers device)
15 Device is bound by Cardholder (Other method)
16-79 Reserved for EMVCo future use (values invalid until defined by EMVCo)
80-99 Reserved for DS use
deviceBindingStatusSource
string
Conditional
Regexp: ^[0-9]{2}$
One of:
01 02 03
Categories: PA NPA
Channels: APP BRW 3RI
This data element will be populated by the system setting Device Binding Status.

Meaning of values:

01 3DS Server
02 DS
03 ACS
04-79 Reserved for EMVCo future use (values invalid until defined by EMVCo)
80-99 Reserved for DS use
Required if deviceBindingStatus is not empty
deviceInfoRecognisedVersion
string
Required
Min length: 3
Categories: PA NPA
Channels: APP
Indicates the highest Data Version of the Device Information supported by the ACS.
spcTransData
SpcTransData object
Conditional
Categories: PA NPA
Channels: BRW
Information that the 3DS Requestor passes in the SPC API for display in the Smart Modal Window.
Required if transStatus is "S"
transChallengeExemption
string
Optional
Regexp: ^[0-9]{2}$
One of:
05 08 10 11 79 80-99
Categories: PA NPA
Channels: APP BRW 3RI
Exemption applied by the ACS to authenticate the transaction without requesting a challenge.

Meaning of values:

05 Transaction Risk Analysis exemption
08 Trust List exemption
10 Low Value exemption
11 Secure Corporate Payments exemption
79 No exemption applied
01-04 Reserved for EMVCo future use (values invalid until defined by EMVCo)
06 Reserved for EMVCo future use (values invalid until defined by EMVCo)
07 Reserved for EMVCo future use (values invalid until defined by EMVCo)
09 Reserved for EMVCo future use (values invalid until defined by EMVCo)
12-79 Reserved for EMVCo future use (values invalid until defined by EMVCo)
80-99 Reserved for DS use
transStatusReasonInfo
string
Optional
Max length: 256
Categories: PA NPA
Channels: APP BRW 3RI
Provides additional information on the Transaction Status Reason.
webAuthnCredList
Array of webAuthnCred object
Conditional
Min length: 1
Max length: 10
Categories: PA NPA
Channels: BRW
List of credential IDs registered for the Cardholder Account Number.
Required if transStatus is "S"

Challenge flow

For usage, refer to Challenge flow.

Challenge request (CReq)

messageType
string
Required
Must be: CReq
Categories: PA NPA
Channels: APP BRW 3RI
Identifies the type of message that is passed.
messageVersion
string
Required
One of:
2.0.1 2.1.1 2.1.0 2.2.0 2.3.0 2.3.1
Categories: PA NPA
Channels: APP BRW 3RI
Protocol version identifier. This shall be the Protocol Version Number of the specification utilised by the system creating this message.
messageExtension
Array of MessageExtension object
Optional
Max length: 10
Categories: PA NPA
Channels: APP BRW 3RI
Data necessary to support requirements not otherwise defined in the 3-D Secure message are carried in a Message Extension.
acsTransID
string
Required
Format: uuid
Categories: PA NPA
Channels: APP BRW 3RI
Universally unique transaction identifier assigned by the ACS to identify a single transaction.
threeDSServerTransID
string
Required
Format: uuid
Categories: PA NPA
Channels: APP BRW 3RI
Universally unique transaction identifier assigned by the 3DS Server to identify a single transaction.
challengeWindowSize
string
Required
One of:
01 02 03 04 05
Dimensions of the challenge window that has been displayed to the Cardholder. The ACS shall reply with content that is formatted to appropriately render in this window to provide the best possible user experience. Preconfigured sizes are width x height in pixels of the window displayed in the Cardholder browser window.

Meaning of values:

01 250 x 400
02 390 x 400
03 500 x 600
04 600 x 400
05 Full screen

Challenge response (CRes)

acsCounterAtoS
string
Required
Categories: PA NPA
Channels: APP
Counter used as a security measure in the ACS to 3DS SDK secure channel.
acsTransID
string
Required
Format: uuid
Categories: PA NPA
Channels: APP BRW 3RI
Universally unique transaction identifier assigned by the ACS to identify a single transaction.
challengeCompletionInd
string
Required
One of:
Y N
Categories: PA NPA
Channels: APP
Indicator of the state of the ACS challenge cycle and whether the challenge has completed or will require additional messages. Shall be populated in all CRes messages to convey the current state of the transaction.
messageExtension
Array of MessageExtension object
Optional
Max length: 15
Categories: PA NPA
Channels: APP BRW 3RI
Data necessary to support requirements not otherwise defined in the 3-D Secure message are carried in a Message Extension.
messageType
string
Required
Must be: CRes
Categories: PA NPA
Channels: APP BRW 3RI
Identifies the type of message that is passed.
messageVersion
string
Required
Must be: 2.3.1
Categories: PA NPA
Channels: APP BRW 3RI
Protocol version identifier This shall be the Protocol Version Number of the specification utilised by the system creating this message.
sdkTransID
string
Conditional
Format: uuid
Categories: PA NPA
Channels: APP
Universally unique transaction identifier assigned by the 3DS SDK to identify a single transaction.
Required if deviceChannel is "01"
threeDSServerTransID
string
Required
Format: uuid
Categories: PA NPA
Channels: APP BRW 3RI
Universally unique transaction identifier assigned by the 3DS Server to identify a single transaction.
transStatus
string
Conditional
One of:
Y N
Categories: PA NPA
Channels: APP BRW 3RI
Indicates whether a transaction qualifies as an authenticated transaction or account verification.

Meaning of values:

Y Authentication/ Account Verification Successful
N Not Authenticated /Account Not Verified; Transaction denied
Required if messageCategory is "01"

/postauth endpoint

For usage, refer to /postauth endpoint.

Input

threeDSServerTransID
string
Required
Format: uuid
Categories: PA NPA
Channels: APP BRW 3RI
Universally unique transaction identifier assigned by the 3DS Server to identify a single transaction.

Output (RReq)

acsRenderingType
AcsRenderingType object
Conditional
Categories: PA NPA
Channels: APP
Identifies the ACS UI Template that the ACS will first present to the consumer.
Required if acsDecConInd is not "Y"
acsTransID
string
Required
Format: uuid
Categories: PA NPA
Channels: APP BRW 3RI
Universally unique transaction identifier assigned by the ACS to identify a single transaction.
authenticationMethod
Array of string
Conditional
Min length: 1
Max length: 99
Regexp: ^[0-9]{2}$
One of:
01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16
Categories: PA NPA
Channels: APP BRW 3RI
Authentication approach that the ACS used to authenticate the Cardholder for this specific transaction.

Meaning of values:

01 Static Passcode
02 SMS OTP
03 Key fob or EMV card reader OTP
04 App OTP
05 OTP Other
06 KBA
07 OOB Biometrics
08 OOB Login
09 OOB Other
10 Other
11 Push Confirmation
12 Decoupled
13 WebAuthn
14 SPC
15 Behavioural biometrics
16 Electronic ID
12-79 Reserved for future EMVCo use (values invalid until defined by EMVCo)
80-99 Reserved for DS use
Required if transStatus is one of [C, D]
Required if transStatus is one of [Y, N]
authenticationValue
string
Conditional
Max length: 4000
Categories: PA NPA
Channels: APP BRW 3RI
Payment System-specific value provided by the ACS or the DS using an algorithm defined by Payment System. Authentication Value may be used to provide proof of authentication.
Required if messageCategory is "01"
Required if transStatus is one of [Y, A]
cardholderInfo
CardholderInfo object
Optional
Categories: PA NPA
Channels: APP BRW 3RI
Text provided by the ACS/Issuer to Cardholder during a Frictionless or Decoupled transaction. The Issuer can provide information to Cardholder. For example, “Additional authentication is needed for this transaction, please contact (Issuer Name) at xxx-xxx-xxxx.”
challengeCancel
string
Optional
Regexp: ^\d{2}$
One of:
01 03 04 05 06 07 08 09 10
Categories: PA NPA
Channels: APP BRW 3RI
Indicator informing the ACS and the DS that the authentication has been canceled.

Meaning of values:

01 Cardholder selected "Cancel"
03 Transaction Timed Out— Decoupled Authentication
04 Transaction Timed Out at ACS— other timeouts
05 Transaction Timed Out at ACS— First CReq not received by ACS
06 Transaction Error
07 Unknown
08 Transaction Timed Out at SDK
09 Error Message in response to the CRes message sent by the ACS
10 Error Message in response to the CReq message received by the ACS
80-99 Reserved for DS use
dsTransID
string
Required
Format: uuid
Max length: 36
Categories: PA NPA
Channels: APP BRW 3RI
Universally unique transaction identifier assigned by the DS to identify a single transaction.
eci
string
Optional
Max length: 2
Categories: PA NPA
Channels: APP BRW 3RI
Payment System-specific value provided by the ACS or DS to indicate the results of the attempt to authenticate the Cardholder.
interactionCounter
string
Conditional
Length: 2
Value: 00 99
Categories: PA NPA
Channels: APP BRW
Indicates the number of authentication cycles attempted by the Cardholder.
Required if acsDecConInd is not "Y"
messageCategory
string
Required
Regexp: ^(0[1-2]|[89][0-9])$
Categories: PA NPA
Channels: APP BRW 3RI
Identifies the category of the message for a specific use case.

Meaning of values:

01 PA - Payment
02 NPA - Non-Payment
80 Identity Check Insights (without authentication) - MasterCard
80-99 Reserved for DS use
messageExtension
Array of MessageExtension object
Optional
Max length: 15
Categories: PA NPA
Channels: APP BRW 3RI
Data necessary to support requirements not otherwise defined in the 3-D Secure message are carried in a Message Extension.
messageType
string
Required
Must be: RReq
Categories: PA NPA
Channels: APP BRW 3RI
Identifies the type of message that is passed.
messageVersion
string
Required
Must be: 2.3.1
Categories: PA NPA
Channels: APP BRW 3RI
Protocol version identifier This shall be the Protocol Version Number of the specification utilised by the system creating this message.
sdkTransID
string
Conditional
Format: uuid
Categories: PA NPA
Channels: APP
Universally unique transaction identifier assigned by the 3DS SDK to identify a single transaction.
Required if deviceChannel is "01"
threeDSServerTransID
string
Required
Format: uuid
Categories: PA NPA
Channels: APP BRW 3RI
Universally unique transaction identifier assigned by the 3DS Server to identify a single transaction.
transStatus
string
Conditional
One of:
Y N U A R
Categories: PA NPA
Channels: APP BRW 3RI
Indicates whether a transaction qualifies as an authenticated transaction or account verification.

Meaning of values:

Y Authentication/ Account Verification Successful
N Not Authenticated /Account Not Verified; Transaction denied
U Authentication/ Account Verification Could Not Be Performed; Technical or other problem, as indicated in ARes or RReq
A Attempts Processing Performed; Not Authenticated/Verified , but a proof of attempted authentication/verification is provided
R Authentication/ Account Verification Rejected; Issuer is rejecting authentication/verification and request that authorisation not be attempted.
Required if messageCategory is "01"
transStatusReason
string
Conditional
Regexp: ^\d{2}$
One of:
01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 80-99
Categories: PA NPA
Channels: APP BRW 3RI
Provides information on why the Transaction Status field has the specified value.

Meaning of values:

01 Card authentication failed
02 Unknown device
03 Unsupported device
04 Exceeds authentication frequency limit
05 Expired card
06 Invalid card number
07 Invalid transaction
08 No card record
09 Security failure
10 Stolen card
11 Suspected fraud
12 Transaction not permitted to Cardholder
13 Cardholder not enrolled in service
14 Transaction timed out at the ACS
15 Low confidence
16 Medium confidence
17 High confidence
18 Very high confidence
19 Exceeds ACS maximum challenges
20 Non-Payment transaction not supported
21 3RI transaction not supported
22 ACS technical issue
23 Decoupled Authentication required by ACS but not requested by 3DS Requestor
24 3DS Requestor Decoupled Max Expiry Time exceeded
25 Decoupled Authentication was provided insufficient time to authenticate Cardholder. ACS will not make attempt
26 Authentication attempted but not performed by the Cardholder
27 Preferred Authentication Method not supported
28 Validation of content security policy failed
29 Authentication attempted but not completed by the Cardholder. Fall back to Decoupled Authentication
30 Authentication completed successfully but additional authentication of the Cardholder required. Reinitiate as Decoupled Authentication
31-79 Reserved for EMVCo future use (values invalid until defined by EMVCo)
80-99 Reserved for DS use
Required if messageCategory is "01"
Required if transStatus is one of [N, U, R]
trustListStatus
string
Optional
One of:
Y N E P R U
Categories: PA NPA
Channels: APP BRW 3RI
Enables the communication of trusted beneficiary/trustlist status between the ACS, the DS and the 3DS Requestor. Note: Valid values in the AReq message are Y or N

Meaning of values:

Y 3DS Requestor is Trust Listed by Cardholder
N 3DS Requestor is not Trust Listed by Cardholder
E Not eligible as determined by issuer
P Pending confirmation by Cardholder
R Cardholder rejected
U Trust List status unknown, unavailable, or does not apply
trustListStatusSource
string
Conditional
Regexp: ^(0[123]|[89][0-9])$
One of:
01 02 03
Categories: PA NPA
Channels: APP BRW 3RI
This data element will be populated by the system setting Trust List Status.

Meaning of values:

01 3DS Server
02 DS
03 ACS
04-79 Reserved for EMVCo future use (values invalid until defined by EMVCo)
80-99 Reserved for DS use
Required if trustListStatus is not empty
challengeErrorReporting
Error object
Conditional
Categories: PA NPA
Channels: APP BRW
Required if challengeCancel is one of [09, 10]
deviceBindingStatus
string
Optional
Regexp: ^[0-9]{2}$
One of:
01 02 03 04 05 06-10 11 12 13 14 15
Categories: PA NPA
Channels: APP BRW 3RI
Enables the communication of Device Binding Status between the ACS, the DS and the 3DS Requestor. For bound devices (value = 11–14), Device Binding Status also conveys the type of binding that was performed.

Meaning of values:

01 Device is not bound by Cardholder
02 Not eligible as determined by issuer
03 Pending confirmation by Cardholder
04 Cardholder reject
05 Device Binding Status unknown, unavailable, or does not apply
06-10 Reserved for EMVCo future use (values invalid until defined by EMVCo)
11 Device is bound by Cardholder (device is bound using hardware / SIM internal to the consumer device. For instance, keys stored in a secure element on the device)
12 Device is bound by Cardholder (device is bound using hardware external to the consumers device. For example, a external FIDO authenticator)
13 Device is bound by Cardholder (Device is bound using data that includes dynamically)
14 Device is bound by Cardholder (Device is bound using static device data that has been obtained from the consumers device)
15 Device is bound by Cardholder (Other method)
16-79 Reserved for EMVCo future use (values invalid until defined by EMVCo)
80-99 Reserved for DS use
deviceBindingStatusSource
string
Conditional
Regexp: ^[0-9]{2}$
One of:
01 02 03
Categories: PA NPA
Channels: APP BRW 3RI
This data element will be populated by the system setting Device Binding Status.

Meaning of values:

01 3DS Server
02 DS
03 ACS
04-79 Reserved for EMVCo future use (values invalid until defined by EMVCo)
80-99 Reserved for DS use
Required if deviceBindingStatus is not empty
transStatusReasonInfo
string
Optional
Max length: 256
Categories: PA NPA
Channels: APP BRW 3RI
Provides additional information on the Transaction Status Reason.

Error object

acsTransID
string
Optional
Format: uuid
Categories: PA NPA
Channels: APP BRW 3RI
Universally unique transaction identifier assigned by the ACS to identify a single transaction.
dsTransID
string
Optional
Format: uuid
Max length: 36
Categories: PA NPA
Channels: APP BRW 3RI
Universally unique transaction identifier assigned by the DS to identify a single transaction.
errorCode
string
Required
One of:
101 102 103 201 202 203 204 205 206 207 301 302 303 304 305 306 307 402 403 404 405
Code indicating the type of problem identified in the message.

Meaning of values:

101 Message Received Invalid
102 Message Version Number Not Supported
103 Sent Messages Limit Exceeded
201 Required Data Element Missing
202 Critical Message Extension Not Recognised
203 Format of one or more Data Elements is Invalid according to the Specification
204 Duplicate Data Element
205 Overlap in the card ranges provided by the DS in the PRes message
206 Action is not possible for the card range
207 Data Element value is in the range of 'Reserved for DS use' or 'Reserved for EMVCo future use' and is not recognised
301 Transaction ID Not Recognised
302 Data Decryption Failure
303 Access Denied, Invalid Endpoint
304 ISO Code Invalid
305 Transaction data not valid
306 Merchant Category Code (MCC) Not Valid for Payment System
307 Serial Number not Valid
402 Transaction Timed Out
403 Transient System Failure
404 Permanent System Failure
405 System Connection Failure
errorComponent
string
Required
One of:
C S D A
Code indicating the 3-D Secure component that identified the error.

Meaning of values:

C 3DS SDK
S 3DS Server
D Directory Server
A ACS
errorDescription
string
Required
Max length: 2048
Text describing the problem identified in the message.
errorDetail
string
Required
Max length: 2048
Additional detail regarding the problem identified in the message.
errorMessageType
string
Required
One of:
ARes AReq PRes PReq CRes CReq RReq RRes Erro
Identifies the Message Type that was identified as erroneous.
messageType
string
Required
Must be: Erro
Categories: PA NPA
Channels: APP BRW 3RI
Identifies the type of message that is passed.
messageVersion
string
Required
Must be: 2.3.1
Categories: PA NPA
Channels: APP BRW 3RI
Protocol version identifier This shall be the Protocol Version Number of the specification utilised by the system creating this message.
sdkTransID
string
Optional
Format: uuid
Categories: PA NPA
Channels: APP
Universally unique transaction identifier assigned by the 3DS SDK to identify a single transaction.
threeDSServerTransID
string
Optional
Format: uuid
Categories: PA NPA
Channels: APP BRW 3RI
Universally unique transaction identifier assigned by the 3DS Server to identify a single transaction.

Nested objects

ThreeDSRequestorAuthenticationInfo

threeDSReqAuthData
json
Optional
Max length: 20000
Data that documents and supports a specific authentication process. In the current version of the specification, this data element is not defined in detail, however the intention is that for each 3DS Requestor Authentication Method, this field carry data that the ACS can use to verify the authentication process. For example, if the 3DS Requestor Authentication Method is: 03, then this element can carry information about the provider of the federated ID and related information. 06, then this element can carry the FIDO attestation data (including the signature). 07, then this element can carry FIDO Attestation data with the FIDO assurance data signed. 08, then this element can carry the SRC assurance data.

Scheme specific rules:

Visa
Field is required if available
threeDSReqAuthMethod
string
Optional
One of:
01 02 03 04 05 06 07 08 09 10
Mechanism used by the Cardholder to authenticate to the 3DS Requestor.

Meaning of values:

01 No 3DS Requestor authentication occurred (i.e., Cardholder “logged in” as guest)
02 Login to the Cardholder account at the 3DS Requestor system using 3DS Requestor's own credentials
03 Login to the Cardholder account at the 3DS Requestor system using federated ID
04 Login to the Cardholder account at the 3DS Requestor system using Issuer credentials
05 Login to the Cardholder account at the 3DS Requestor system using third-party authentication
06 Login to the Cardholder account at the 3DS Requestor system using FIDO Authenticator
07 Login to the Cardholder account at the 3DS Requestor system using FIDO Authenticator (FIDO Assertion or Attestation data signed)
08 SRC Assurance Data
09 SPC Authentication
10 Electronic ID Authentication Data
11-79 Reserved for EMVCo future use (values invalid until defined by EMVCo)
80-99 Reserved for DS use

Scheme specific rules:

Visa
Field is required
threeDSReqAuthTimestamp
string
Optional
Format: yyyymmddhhmm
Date and time in UTC of the cardholder authentication.

Scheme specific rules:

Visa
Field is required if available

DeviceRenderOptions

sdkInterface
string
Optional
One of:
01 02 03
Lists all of the SDK Interface types that the device supports for displaying specific challenge user interfaces within the SDK.

Meaning of values:

01 Native
02 HTML
03 Both
sdkUiType
Array of string
Optional
One of:
01 02 03 04 05 06 07
Lists all UI types that the device supports for displaying specific challenge user interfaces within the SDK.

Meaning of values:

01 Text
02 Single Select
03 Multi Select
04 OOB
05 HTML Other (valid only for HTML UI)
06 HTML OOB (valid only for HTML UI)
07 Information
sdkAuthenticationType
Array of string
Optional
One of:
01 02 03 04 05 06 07 08 09 10 11 12-79 80-99
Lists all UI types that the device supports for displaying specific challenge user interfaces within the SDK.

Meaning of values:

01 Static Passcode
02 SMS OTP
03 Key fob or EMV card reader OTP
04 App OTP
05 OTP Other
06 KBA
07 OOB Biometrics
08 OOB Login
09 OOB Other
10 Other
11 Push Confirmation
12-79 Reserved for EMVCo future use (values invalid until defined by EMVCo)
80-99 Reserved for DS use

AcctInfo

chAccAgeInd
string
Optional
One of:
01 02 03 04 05
Length of time that the cardholder has had the account with the 3DS Requestor.

Meaning of values:

01 No account (guest check-out)
02 Created during this transaction
03 Less than 30 days
04 30−60 days
05 More than 60 days

Scheme specific rules:

Visa
Field is required if available
chAccChange
string
Optional
Format: yyyymmdd
Date that the cardholder’s account with the 3DS Requestor was last changed, including Billing or Shipping address, new payment account, or new user(s) added.

Scheme specific rules:

Visa
Field is required if available
chAccChangeInd
string
Optional
One of:
01 02 03 04
Length of time since the cardholder’s account information with the 3DS Requestor was last changed, including Billing or Shipping address, new payment account, or new user(s) added.

Meaning of values:

01 Changed during this transaction
02 Less than 30 days
03 30−60 days
04 More than 60 days

Scheme specific rules:

Visa
Field is required if available
chAccDate
string
Optional
Format: yyyymmdd
Date that the cardholder opened the account with the 3DS Requestor.

Scheme specific rules:

Visa
Field is required if available
chAccPwChange
string
Optional
Format: yyyymmdd
Date that cardholder’s account with the 3DS Requestor had a password change or account reset.

Scheme specific rules:

Visa
Field is required if available
chAccPwChangeInd
string
Optional
One of:
01 02 03 04 05
Indicates the length of time since the cardholder’s account with the 3DS Requestor had a password change or account reset.

Meaning of values:

01 No change
02 Changed during this transaction
03 Less than 30 days
04 30−60 days
05 More than 60 days

Scheme specific rules:

Visa
Field is required if available
chAccReqID
string
Optional
Max length: 64
The 3DS Requestor assigned account identifier of the transacting Cardholder.
nbPurchaseAccount
string
Optional
Max length: 4
Regexp: ^[0-9]{1,4}$
Number of purchases with this cardholder account during the previous six months.

Scheme specific rules:

Visa
Field is required if available
paymentAccAge
string
Optional
Format: yyyymmdd
Date that the payment account was enrolled in the cardholder’s account with the 3DS Requestor.

Scheme specific rules:

Visa
Field is required if available
paymentAccInd
string
Optional
One of:
01 02 03 04 05
Indicates the length of time that the payment account was enrolled in the cardholder’s account with the 3DS Requestor.

Meaning of values:

01 No account (guest check-out)
02 During this transaction
03 Less than 30 days
04 30−60 days
05 More than 60 days

Scheme specific rules:

Visa
Field is required if available
provisionAttemptsDay
string
Optional
Max length: 3
Regexp: ^[0-9]{1,3}$
Number of Add Card attempts in the last 24 hours.

Scheme specific rules:

Visa
Field is required if available
shipAddressUsage
string
Optional
Format: yyyymmdd
Date when the shipping address used for this transaction was first used with the 3DS Requestor.
shipAddressUsageInd
string
Optional
One of:
01 02 03 04
Indicates when the shipping address used for this transaction was first used with the 3DS Requestor.

Meaning of values:

01 This transaction
02 Less than 30 days
03 30−60 days
04 More than 60 days

Scheme specific rules:

Visa
Field is required if available
shipNameIndicator
string
Optional
One of:
01 02
Indicates if the Cardholder Name on the account is identical to the shipping Name used for this transaction.

Meaning of values:

01 Account Name identical to shipping Name
02 Account Name different than shipping Name

Scheme specific rules:

Visa
Field is required if available
suspiciousAccActivity
string
Optional
One of:
01 02
Indicates whether the 3DS Requestor has experienced suspicious activity (including previous fraud) on the cardholder account.

Meaning of values:

01 No suspicious activity has been observed
02 Suspicious activity has been observed

Scheme specific rules:

Visa
Field is required if available
txnActivityDay
string
Optional
Max length: 3
Regexp: ^[0-9]{1,3}$
Number of transactions (successful and abandoned) for this cardholder account with the 3DS Requestor across all payment accounts in the previous 24 hours.

Scheme specific rules:

Visa
Field is required if available
txnActivityYear
string
Optional
Max length: 3
Regexp: ^[0-9]{1,3}$
Number of transactions (successful and abandoned) for this cardholder account with the 3DS Requestor across all payment accounts in the previous year.

Scheme specific rules:

Visa
Field is required if available

PhoneNumber

cc
string
Required
Regexp: ^\d{1,3}$
Country code
subscriber
string
Required
Regexp: ^\d{1,12}$
Subscriber number

MerchantRiskIndicator

deliveryEmailAddress
string
Optional
Format: email
Max length: 254
For Electronic delivery, the email address to which the merchandise was delivered.

Scheme specific rules:

Visa
Field is required if available
deliveryTimeframe
string
Optional
One of:
01 02 03 04
Indicates the merchandise delivery timeframe.

Meaning of values:

01 Electronic Delivery
02 Same day shipping
03 Overnight shipping
04 Two-day or more shipping

Scheme specific rules:

Visa
Field is required if available
giftCardAmount
string
Optional
Regexp: ^\d{0,15}$
For prepaid or gift card purchase, the purchase amount total of prepaid or gift card(s) in major units (for example, USD 123.45 is 123).

Scheme specific rules:

Visa
Field is required if available
giftCardCount
string
Optional
Regexp: ^\d{2}$
For prepaid or gift card purchase, total count of individual prepaid or gift cards/codes purchased.

Scheme specific rules:

Visa
Field is required if available
giftCardCurr
string
Optional
Format: currency
For prepaid or gift card purchase, ISO 4217 three-digit currency code of the gift card, other than those listed in Table A.5.

Scheme specific rules:

Visa
Field is required if available
preOrderDate
string
Optional
Format: yyyymmdd
For a pre-ordered purchase, the expected date that the merchandise will be available.

Scheme specific rules:

Visa
Field is required if available
preOrderPurchaseInd
string
Optional
One of:
01 02
Indicates whether Cardholder is placing an order for merchandise with a future availability or release date.

Meaning of values:

01 Merchandise available
02 Future availability

Scheme specific rules:

Visa
Field is required if available
reorderItemsInd
string
Optional
One of:
01 02
Indicates whether the cardholder is reordering previously purchased merchandise.

Meaning of values:

01 First time ordered
02 Reordered

Scheme specific rules:

Visa
Field is required if available
shipIndicator
string
Optional
One of:
01 02 03 04 05 06 07 08 09
Indicates shipping method chosen for the transaction. Merchants must choose the Shipping Indicator code that most accurately describes the cardholder’s specific transaction, not their general business. If one or more items are included in the sale, use the Shipping Indicator code for the physical goods, or if all digital goods, use the Shipping Indicator code that describes the most expensive item.

Meaning of values:

01 Ship to cardholder’s billing address
02 Ship to another verified address on file with merchant
03 Ship to address that is different than the cardholder’s billing address
04 “Ship to Store” / Pick-up at local store (Store address shall be populated in shipping address fields)
05 Digital goods (includes online services, electronic gift cards and redemption codes)
06 Travel and Event tickets, not shipped
07 Other (for example, Gaming, digital services not shipped, emedia subscriptions, etc.)
08 Pick-up and go delivery
09 Locker delivery (or other automated pick-up)

Scheme specific rules:

Visa
Field is required if available
transChar
Array of string
Optional
One of:
01 02
Indicates to the ACS specific transactions identified by the Merchant.

Meaning of values:

01 Cryptocurrency transaction
02 NFT transaction

MessageExtension

criticalityIndicator
bool
Required
A Boolean value indicating whether the recipient must understand the contents of the extension to interpret the entire message.
data
json
Required
Max length: 8059
The data carried in the extension.
id
string
Required
Max length: 64
A unique identifier for the extension. Note: Payment System Registered Application Provider Identifier (RID) is required as prefix of the ID.
name
string
Required
Max length: 64
The name of the extension data set as defined by the extension owner.

ThreeDSRequestorPriorAuthenticationInfo

threeDSReqPriorAuthData
string
Optional
Max length: 20000
Data that documents and supports a specific authentication process. In the current version of the specification this data element is not defined in detail, however the intention is that for each 3DS Requestor Authentication Method, this field carry data that the ACS can use to verify the authentication process. In future versions of the specification, these details are expected to be included.

Scheme specific rules:

Visa
Field is required if available
threeDSReqPriorAuthMethod
string
Optional
Regexp: ^(0[1-5])|([89][0-9])$
Mechanism used by the Cardholder to previously authenticate to the 3DS Requestor.

Meaning of values:

01 Frictionless authentication occurred by ACS
02 Cardholder challenge occurred by ACS
03 AVS verified
04 Other issuer methods
05 SPC authentication

Scheme specific rules:

Visa
Field is required if available
threeDSReqPriorAuthTimestamp
string
Optional
Format: yyyymmddhhmm
Date and time in UTC of the prior cardholder authentication.

Scheme specific rules:

Visa
Field is required if available
threeDSReqPriorRef
string
Optional
Max length: 36
This data element provides additional information to the ACS to determine the best approach for handing a request.

Scheme specific rules:

Visa
Field is required if available

ACSRenderingType

acsInterface
string
Required
One of:
01 02
This the ACS interface that the challenge will present to the cardholder.

Meaning of values:

01 Native UI
02 HTML UI
acsUiTemplate
string
Required
One of:
01 02 03 04 05
Identifies the UI Template format that the ACS first presents to the consumer.

Meaning of values:

01 Text
02 Single Select
03 Multi Select
04 OOB
05 HTML Other

RecurringInd

amountInd
string
Optional
Regexp: ^[0-9]{2}$

Meaning of values:

01 Fixed Purchase Amount
02 Variable Purchase Amount
03-79 Reserved for EMVCo future use (values invalid until defined by EMVCo)
80-99 Reserved for DS
frequencyInd
string
Optional
Regexp: ^[0-9]{2}$

Meaning of values:

01 Fixed Frequency
02 Variable or Unknown Frequency
03-79 Reserved for EMVCo future use (values invalid until defined by EMVCo)
80-99 Reserved for DS

SellerInfo

sellerName
string
Required
Max length: 100
Name of the seller
sellerId
string
Optional
Max length: 50
Merchant-assigned Seller identifier.
sellerBusinessName
string
Optional
Max length: 100
Business name of the seller.
sellerAccDate
string
Optional
Format: yyyymmdd
Date converted into UTC that the Seller started using the Merchant’s services.
sellerAddrLine1
string
Optional
Max length: 50
First line of the business or contact street address of the Seller.
sellerAddrLine2
string
Optional
Max length: 50
Second line of the business or contact street address of the Seller.
sellerAddrLine3
string
Optional
Max length: 50
Third line of the business or contact street address of the Seller.
sellerAddrCity
string
Optional
Max length: 50
Business or contact city of the Seller.
sellerAddrState
string
Optional
Format: iso3166-2
Max length: 3
Regexp: ^\d{1-3}$
Business or contact state or province of the Seller.
sellerAddrPostCode
string
Optional
Max length: 16
Business or contact ZIP or other postal code of the Seller.
sellerAddrCountry
string
Optional
Format: countryCode
Max length: 3
Regexp: ^\d{3}$
Business or contact country of the Seller.
sellerEmail
string
Optional
Format: email
Max length: 254
Business or contact email address of the Seller
sellerPhone
PhoneNumber object
Optional
Business or contact phone number of the Seller.