This guide explains how to perform Non-Payment Authentication through 3D Secure.
Non-Payment Authentication (NPA) is when authentication is performed as part of a non-payment event, such as adding a card to a wallet. There is no subsequent authorisation event associated with this type of authentication.
A Non-Payment Authentication flow is the same as a standard browser or app flow, with some changes to the required values or fields:
In the Authenticate Request, specific values or conditions are applicable for some fields.
messageCategory: this must be set to 02 (Non-Payment Authentication)acquirerBIN: this is only required for authentications made with Visa issued cardsthreeDSRequestorAuthenticationInd is set to 02 (recurring transaction) or 03 (instalment transaction):
In the Authenticate and Result Responses, Non-Payment Authentication specific values may be returned or or some values may not be returned at all.
authenticationValue: this value may not be returned by American Express and Mastercard, even if authentication is successful.eci: Mastercard may return specific values of N0 (not authenticated) or N2 (authenticated)Not all card schemes support Non-Payment Authentications.
If authentication is attempted with a card scheme or issuer that does not support Non-Payment Authentications, a transStatusReason of 20 (Non-Payment Authentications not supported) is returned in the Authenticate Response.
Visa, Mastercard, and American Express require all issuers to support Non-Payment Authentications. However, they do not support attempts or stand-in services for this message category.
Mastercard may return a unique value of 85 in the acsInfoInd to confirm whether Non-Payment Authentication is supported or not.
If a card scheme or issuer do not support Non-Payment Authentication, then you could take one of the following options based on regional compliance requirements and risk appetite:
Test your 3DS integration with our test cards
Was this page helpful?