Result

Field Status Definitions
Required Required fields must be sent. If the data is not sent Ravelin will return an error.
Important Important fields are crucial for performance.
Optional Optional fields are additional data points that can be shared with the card schemes, issuers, and Ravelin. These fields may impact performance or dashboard usability.
Conditional Fields that may be required under certain conditions.

Jump to Response

POST 3ds.live.pci.ravelin.com/3ds/result

Call this endpoint after you have been notified that a 3DS challenge has completed.

The way you are notified depends on the device channel being used:

  • Browser device channel - when you receive a request to your Challenge Notification URL.
  • App device channel - when your mobile app receives a call to the completed() callback method, and notifies your back-end.

If the challenge was successful, the response will contain an authenticationValue which can be used to authorise the transaction with your payment gateway.

For PCI compliance reasons, we delete the 3DS result details shortly after this endpoint is called.

Result Request

Show all
threeDSServerTransID string
2.1.0 2.2.0 2.3.1
APP BRW 3RI
required

The unique identifier (UUID) for tracking the transaction throughout the 3DS process.

Example: "c5584543-b67e-5117-bb34-3567ac6a1123"

Result Response

Show all
timestamp integer

A Unix timestamp indicating when we finished handling the request.

status integer

The HTTP response status code.

cardScheme string
2.1.0 2.2.0 2.3.1

The card scheme which the card uses.

Example: "Visa"
liabilityShifted boolean

Whether liability for this transaction was shifted to the issuer. See Liability Shift.

Example: true
data object

The Result Response details.

Hide definition
messageVersion string
2.1.0 2.2.0 2.3.1
APP BRW 3RI

3DS protocol version identifier.

messageCategory string
2.1.0 2.2.0 2.3.1
APP BRW 3RI

Identifies whether this is a payment or non-payment 3DS authentication. For example, a non-payment 3DS authentication may be used when a customer adds a card to their account, but does not make a purchase.

Options:
01Payment authentication (PA)
02Non-payment authentication (NPA)
threeDSServerTransID string
2.1.0 2.2.0 2.3.1
APP BRW 3RI

The unique identifier (UUID) for tracking the transaction throughout the 3DS process.

Example: "c5584543-b67e-5117-bb34-3567ac6a1123"
sdkTransID string
2.1.0 2.2.0 2.3.1
APP

Universally unique transaction identifier assigned by the 3DS SDK to identify a single transaction.

Example: "a3384543-b67e-5117-bb34-4567ac6a1123"
acsTransID string
2.3.1
APP BRW 3RI

The unique identifier (UUID) used by the ACS for tracking the transaction throughout the 3DS process.

Must be provided in the Challenge Request.

May be provided in the threeDSReqPriorRef field in order to identify a prior authentication.

Example: "214a549e-2310-4359-b590-c53a20adcc78"
dsTransID string
2.3.1
APP BRW 3RI

The unique identifier (UUID) used by the directory server for tracking the transaction throughout the 3DS process. Provided for information only.

Example: "a3384543-b67e-5117-bb34-4567ac6a1123"
acsRenderingType object
2.3.1
APP

Indicates whether the ACS will use decoupled authentication.

Show definition
cardholderInfo object
2.3.1
APP BRW 3RI

Information about the cardholder.

Show definition
authenticationType string
2.1.0 2.2.0 2.3.1
APP BRW
DEPRECATED

Deprecated in favour of authenticationMethod. For 2.3.1 requests, the first authenticationMethod is values are mapped an equivalent value in this field.

Options:
01Static, for example, a password or passcode
02Dynamic, for example, a one time password (OTP)
03Out-of-Band (OOB), for example, using the issuing bank's mobile app
04Decoupled Authentication
authenticationMethod array
2.3.1

Indicates the list of authentication types used by the ACS to challenge the Cardholder, when in what was used by the ACS.

Options:
01Static Passcode
02SMS OTP
03Key fob or EMV card reader OTP
04App OTP
05OTP Other
06KBA
07OOB Biometrics
08OOB Login
09OOB Other
10Other
11Push Confirmation
12Decoupled
13WebAuthn
14SPC
15Behavioural biometrics
16Electronic ID
authenticationValue string
2.1.0 2.2.0 2.3.1
APP BRW 3RI

The card scheme specific value to be used for authorising the transaction. Also referred to as "CAVV" (Cardholder Authentication Verification Value) by Visa, AAV (Accountholder Authentication Value) by Mastercard and AEVV (American Express Verification Value) by American Express.

There are limitations on when and for how long the authenticationValue can be stored.

Please refer to the Payment Card Industry 3-D Secure (PCI 3DS) guide for further details.

transStatus string
2.1.0 2.2.0 2.3.1
APP BRW 3RI

Indicates the outcome of the authenticate request, and how to proceed.

Options:
YAuthentication Successful

The authentication was successful, continue to authorisation using the authenticationValue from the Result Response.

2.1.0 2.2.0 2.3.1
AAuthentication Attempted

3DS was attempted but was not possible. However the card scheme granted a successful authentication on the issuer's behalf.

2.1.0 2.2.0 2.3.1
NAuthentication Failed

The authentication failed, stop processing the transaction.

2.1.0 2.2.0 2.3.1
UAuthentication Unavailable

Authentication could not be performed. You may attempt to proceed to authorisation without an authenticationValue.

2.1.0 2.2.0 2.3.1
RAuthentication Rejected

The issuer rejected the authentication attempt and requests that authorisation is not attempted.

2.1.0 2.2.0 2.3.1
SChallenge using SPC

Challenge using SPC

2.3.1
transStatusReason string
2.1.0 2.2.0 2.3.1
APP BRW 3RI

Provides information on the transStatus value.

Options:
01Card authentication failed2.1.0 2.2.0 2.3.1
02Unknown device2.1.0 2.2.0 2.3.1
03Unsupported device2.1.0 2.2.0 2.3.1
04Exceeds authentication frequency limit2.1.0 2.2.0 2.3.1
05Expired card2.1.0 2.2.0 2.3.1
06Invalid card number2.1.0 2.2.0 2.3.1
07Invalid transaction2.1.0 2.2.0 2.3.1
08No card record2.1.0 2.2.0 2.3.1
09Security failure2.1.0 2.2.0 2.3.1
10Stolen card2.1.0 2.2.0 2.3.1
11Suspected fraud2.1.0 2.2.0 2.3.1
12Transaction not permitted to cardholder2.1.0 2.2.0 2.3.1
13Cardholder not enrolled in service2.1.0 2.2.0 2.3.1
14Transaction timed out at the ACS2.1.0 2.2.0 2.3.1
15Low confidence2.1.0 2.2.0 2.3.1
16Medium confidence2.1.0 2.2.0 2.3.1
17High confidence2.1.0 2.2.0 2.3.1
18Very high confidence2.1.0 2.2.0 2.3.1
19Exceeds ACS maximum challenges2.1.0 2.2.0 2.3.1
20Non-payment (NPA) transaction not supported2.1.0 2.2.0 2.3.1
213RI transaction not supported2.1.0 2.2.0 2.3.1
22ACS technical issue2.1.0 2.2.0 2.3.1
23Decoupled authentication required by ACS but not requested by 3DS Requestor2.1.0 2.2.0 2.3.1
243DS Requestor decoupled authentication max expiry time exceeded2.1.0 2.2.0 2.3.1
25Insufficient time provided for decoupled authentication to authenticate cardholder. ACS will not attempt authentication2.1.0 2.2.0 2.3.1
26Authentication attempted but not performed by the cardholder2.1.0 2.2.0 2.3.1
27Preferred Authentication Method not supported2.3.1
28Validation of content security policy failed2.3.1
29Authentication attempted but not completed by the Cardholder. Fall back to Decoupled Authentication2.3.1
30Authentication completed successfully but additional authentication of the Cardholder required. Reinitiate as Decoupled Authentication2.3.1
80Identity Check Insights

Mastercard

2.1.0 2.2.0 2.3.1
80Error connecting to ACS

Visa

2.1.0 2.2.0 2.3.1
81ACS Timed Out

Visa

2.1.0 2.2.0 2.3.1
82Invalid Response from ACS

Visa

2.1.0 2.2.0 2.3.1
83System Error Response from ACS

Visa

2.1.0 2.2.0 2.3.1
84Transaction not processed by Smart Authentication Stand-In due to challenge cancellation

Mastercard

2.1.0 2.2.0 2.3.1
84Internal Error While Generating CAVV

Visa

2.1.0 2.2.0 2.3.1
85VMID not eligible for requested program

Visa

2.1.0 2.2.0 2.3.1
86Protocol Version Not Supported by ACS

Visa

2.1.0 2.2.0 2.3.1
87Device Channel is 3RI therefore did not route to Smart Authentication Stand-In

Mastercard

2.1.0 2.2.0 2.3.1
87Transaction is excluded from Attempts Processing which includes non-reloadable pre-paid cards and non-payment authentications

Visa

2.1.0 2.2.0 2.3.1
883DS Requestor Prior Transaction Authentication Data was provided but not found by the ACS or it was expired

Mastercard

2.1.0 2.2.0 2.3.1
88Requested program not supported by the ACS

Visa

2.1.0 2.2.0 2.3.1
transStatusReasonInfo string
2.3.1

Transaction Status Reason Information

eci string
2.1.0 2.2.0 2.3.1
APP BRW 3RI

Electronic Commerce Indicator - a payment system specific value which indicates the result of the attempt to authenticate the cardholder.

Options:
00Authentication Failed

Mastercard

01Authentication attempted, but not completed

Mastercard

02Authentication Successful

Mastercard

05Authentication Successful

Visa, American Express, Discover, JCB, UnionPay

06Authentication attempted, but not completed

Visa, American Express, Discover, JCB, UnionPay

07Authentication Failed

Visa, American Express, Discover, JCB, UnionPay

interactionCounter string
2.1.0 2.2.0 2.3.1
APP BRW

The number of authentication attempts by the cardholder, for example, they may attempt a second time if they enter their password incorrectly.

challengeCancel string
2.1.0 2.2.0 2.3.1
APP BRW

Indicates that the authentication was cancelled

Options:
01Cardholder selected "Cancel"2.1.0 2.2.0 2.3.1
023DS Requestor cancelled authentication2.1.0 2.2.0 2.3.1
03Transaction abandoned2.1.0 2.2.0 2.3.1
04Transaction timed out at ACS2.1.0 2.2.0 2.3.1
05Transaction timed out at ACS - First Challenge Request (CReq) not received by the ACS2.1.0 2.2.0 2.3.1
06Transaction error2.1.0 2.2.0 2.3.1
07Unknown2.1.0 2.2.0 2.3.1
08Transaction Timed Out 3DS SDK2.3.1
09Error Message in response to the CRes message sent by the ACS2.3.1
10Error Message in response to the CReq message received by the ACS2.3.1
challengeErrorReporting object
2.3.1
APP BRW

Copy of the Error Message sent or received by the ACS in case of error in the CReq/CRes messages.

Show definition
whiteListStatus string
2.2.0 2.3.1
APP BRW 3RI
DEPRECATED

Deprecated in favour of trustListStatus.

Options:
YMerchant is trusted by cardholder
NMerchant has not yet been trusted by cardholder
ENot eligible as determined by issuer
PPending confirmation by cardholder
RCardholder rejected the request to trust the merchant
UTrusted status unknown, unavailable, or does not apply
trustListStatus string
2.2.0 2.3.1
APP BRW 3RI

Indicates whether the cardholder has added the merchant to their list of trusted merchants. A cardholder can typically only choose to trust a merchant after successfully completing a challenge. A cardholder may not be required to complete a challenge with a merchant they have previously trusted.

Options:
YMerchant is trusted by cardholder
NMerchant has not yet been trusted by cardholder
ENot eligible as determined by issuer
PPending confirmation by cardholder
RCardholder rejected the request to trust the merchant
UTrusted status unknown, unavailable, or does not apply
whiteListStatusSource string
2.2.0 2.3.1
APP BRW 3RI
DEPRECATED

Deprecated in favour of trustListStatusSource.

Options:
013DS Server
02Directory Server (DS)
03Access Control Server (ACS)
trustListStatusSource string
2.2.0 2.3.1
APP BRW 3RI

Identifies the system which set the whiteListStatus value.

Options:
013DS Server
02Directory Server (DS)
03Access Control Server (ACS)
deviceBindingStatus string
2.3.1
APP BRW 3RI

Enables the communication of Device Binding Status between the ACS, the DS and the 3DS Requestor. For bound devices (value = 11–14), Device Binding Status also conveys the type of binding that was performed.

Options:
01Device is not bound by Cardholder
02Not eligible as determined by Issuer
03Pending confirmation by Cardholder
04Cardholder rejected the request
05Device Binding Status unknown, unavailable, or does not apply
11= Device is bound by Cardholder (device is bound using hardware / SIM internal to the Consumer Device. For instance, keys stored in a secure element on the device)
12Device is bound by Cardholder (device is bound using hardware external to the Consumer Device. For example, an external FIDO Authenticator)
13Device is bound by Cardholder (Device is bound using data that includes dynamically generated data and could include a unique device ID)
14Device is bound by Cardholder (Device is bound using static device data that has been obtained from the Consumer Device)
15Device is bound by Cardholder (Other method)
deviceBindingStatusSource string
2.3.1
APP BRW 3RI

This data element will be populated by the system setting Device Binding Status.

Options:
013DS Server
02DS
03ACS

Feedback