PSPs > API Reference > Endpoints > 3D Secure > Authenticate

Authenticate

Field Status Definitions

Required Required fields must be sent. If the data is not sent Ravelin will return an error.

Important Important fields are crucial for performance.

Optional Optional fields are additional data points that can be shared with the card schemes, issuers, and Ravelin. These fields may impact performance or dashboard usability.

Conditional Fields that may be required under certain conditions.

Jump to Response

POST 3ds.live.pci.ravelin.com/3ds/authenticate

This endpoint allows you to provide customer and transaction data related to the 3DS authentication. Ravelin will use this data to produce the AReq message and initiate 3DS authentication with the customer’s card issuer.

Device Channel: Version:

Authenticate Request

Show all

timestamp integer

required

A Unix timestamp preferably as an integer count of milliseconds since 1970-01-01T00:00 UTC.

Example: 1512828988826

customerId string

optional

Enterprise Merchants: the unique identifier for the customer used on the Checkout endpoint.

PSPs: the unique identifier for the customer used on the Transaction endpoint.

This is required if you want to associate the 3D Secure authentication with the customer.

Example: "123-abc-XYZ"

Minimum length: 1

transactionId string

optional

Enterprise Merchants: the unique identifier for the transaction used on the Checkout endpoint.

PSPs: the unique identifier for the transaction used on the Transaction endpoint.

Required if you want to associate the 3D Secure authentication with the transaction.

Example: "123-abc-XYZ"

Minimum length: 1

transactionStepId string

optional

The unique identifier for the transaction step within the transaction used only for PSP clients on the Transaction endpoint.

Example: "123-abc-XYZ"

Minimum length: 1

cardScheme string

optional

The card scheme to which the authentication will be routed for co-badged cards.

Required if you want to route the authentication to a domestic card scheme (e.g. Cartes Bancaires or eftpos).

Options:

American Express
BOV Cashlink
Cartes Bancaires
eftpos
Discover
JCB
Mastercard
Visa
Ravelin (sandbox only)
Ravelin Domestic (sandbox only)

paymentMethod object

2.1.0 2.2.0 2.3.1

APP BRW 3RI

conditional

The card being used for the transaction, encrypted using the Ravelin card encryption SDK.

See Submission of Encrypted Card Details for more information.

Conditions:

Either paymentMethod or areqData.pan must be provided.

Hide definition

cardCiphertext string required	The card ciphertext produced by the Ravelin card encryption SDK. This field constitutes cardholder data. Submission of this field requires PCI DSS SAQ-A or SAQ-AEP certification. Please see our PCI DSS Compliance Guide for more information.
aesKeyCiphertext string required	The AES key ciphertext produced by the Ravelin card encryption SDK . Minimum length: 1
algorithm string required	The algorithm used to generate the ciphertexts. Example: `"RSA_WITH_AES_256_GCM"` Minimum length: 1
ravelinSDKVersion string optional	The version of the Ravelin mobile or JavaScript SDK that performed the encryption. Example: `"0.0.13-ravelinjs"`
keyIndex integer optional	The index of the public RSA key used to encrypt the card.
keySignature string optional	An identifier for the public RSA key used to encrypt the card.

areqData object

required

Customer and transaction data used to perform the 3DS authentication. Although many of these fields are optional, the more you can provide, the higher the chance of receiving a Frictionless authentication.

Hide definition

messageVersion string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

optional

The 3DS protocol version to be used for the 3DS authentication.

If the version is not provided we default to the versionRecommendation returned in the Version Response. You should populate fields according to the selected messageVersion.

See the guidance here for 3DS protocol versions supported by different card schemes.

Options:

2.1.0

2.2.0

2.3.1

Minimum length: 4

Maximum length: 8

messageCategory string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

required

Identifies whether this is a payment or non-payment 3DS authentication. For example, a non-payment 3DS authentication may be used when a customer adds a card to their account, but does not make a purchase.

Options:

`01`	Payment authentication (PA)
`02`	Non-payment authentication (NPA)

deviceChannel string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

required

Indicates the channel being used to initiate the authentication.

Options:

`01`	App-based (APP)
`02`	Browser (BRW)
`03`	3DS Requestor Initiated (3RI)

threeDSServerTransID string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

conditional

Universally unique transaction identifier assigned by the 3DS Server to identify a single transaction.

Example: "c5584543-b67e-5117-bb34-3567ac6a1123"

Conditions:

Required when deviceChannel is Browser, and a threeDSServerTransID has already been returned in the Version Response. In this case the same threeDSServerTransID should be used.

Length: 36

purchaseAmount string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

conditional

Purchase amount in minor units of currency with all punctuation removed.

Example: "10000"

Conditions:

Required for Payment Authentications (PA). Required for Non-Payment Authentications (NPA) when threeDSRequestorAuthenticationInd is Recurring transaction (02) or Instalment transaction (03).

purchaseCurrency string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

conditional

Currency in which purchaseAmount is expressed (ISO 4217 three-digit numeric currency code).

Must be "036" (AUD) when cardScheme is eftpos.

Example: "826"

Conditions:

Required for Payment Authentications (PA). Required for Non-Payment Authentications (NPA) when threeDSRequestorAuthenticationInd is Recurring transaction (02) or Instalment transaction (03).

purchaseExponent string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

conditional

Minor units of currency as specified in the ISO 4217 currency exponent.

Example: "2"

Conditions:

Required for Payment Authentications (PA). Required for Non-Payment Authentications (NPA) when threeDSRequestorAuthenticationInd is Recurring transaction (02) or Instalment transaction (03).

purchaseDate string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

conditional

Date and time of the purchase expressed in UTC.

Format: YYYYMMDDhhmmss

Conditions:

Required for Payment Authentications (PA). Required for Non-Payment Authentications (NPA) when threeDSRequestorAuthenticationInd is Recurring transaction (02) or Instalment transaction (03).

pan string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

conditional

The Primary Account Number (PAN) of the card being used for the transaction. If EMV Tokenisation is supported, this may be an EMV Payment Token instead of a PAN.

This field is cardholder data. Submission of this field requires PCI DSS SAQ-D certification.

Please see our PCI DSS documentation for more information.

Example: "4900000000001234"

Conditions:

Either a pan or a client side encrypted payment method must be provided

cardExpiryDate string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

optional

Expiry date of the PAN or token.

Format: YYMM

Example: "2105"

Length: 4

threeDSCompInd string

2.1.0 2.2.0 2.3.1

BRW

required

Indicates whether the 3DS Method successfully completed.

This should be set to N if the method request has not completed after 10 seconds.

Options:

`Y`	Successfully completed
`N`	Did not successfully complete
`U`	Unavailable - the 3DS Method URL was not present in the Version Response

threeDSMethodId string

2.3.1

BRW

conditional

Contains the 3DS Server Transaction ID used during the previous execution of the 3DS Method.

Conditions:

Required if 3DS Requestor reuses previous 3DS Method execution.

Maximum length: 36

threeDSRequestorID string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

required

The 3DS requestor identifier assigned by the card scheme. See the guidance here for the requirements of different card schemes.

For testing in sandbox account, send any string up to 26 characters long.

Example: "example-requestor-id"

threeDSRequestorName string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

required

3DS Requestor name assigned by the card scheme. See the guidance here for the requirements of different card schemes.

Example: "Example Requestor Name"

Maximum length: 40

threeDSRequestorURL string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

required

Fully qualified URL of 3DS Requestor website or customer support website.

Example: "https://www.example-requestor.com"

threeDSRequestorAuthenticationInd string

2.1.0 2.2.0 2.3.1

APP BRW

required

Indicates the type of 3DS authentication request.

Options:

`01`	Payment transaction	2.1.0 2.2.0 2.3.1
`02`	Recurring transaction	2.1.0 2.2.0 2.3.1
`03`	Instalment transaction	2.1.0 2.2.0 2.3.1
`04`	Add card	2.1.0 2.2.0 2.3.1
`05`	Maintain card	2.1.0 2.2.0 2.3.1
`06`	Cardholder verification as part of EMV token ID&V	2.1.0 2.2.0 2.3.1
`07`	Billing Agreement	2.1.0 2.2.0 2.3.1
`08`	Split shipment	2.3.1
`09`	Delayed shipment	2.3.1
`10`	Split payment	2.3.1

threeDSRequestorAuthenticationInfo array

2.1.0 2.2.0 2.3.1

APP BRW

optional

Information about how the 3DS Requestor authenticated the cardholder before or during the transaction. For 2.1.0 & 2.2.0 requests only the first element will be accepted. This field is now an array and the single element format is being deprecated.

Show definition

Maximum length: 3

threeDSReqAuthData string

2.3.1

optional

Data that documents and supports a specific authentication process.

Maximum length: 50000

threeDSReqAuthMethod string

optional

Mechanism used by the cardholder to authenticate with the 3DS Requestor.

Options:

`01`	Cardholder did not log in	2.1.0 2.2.0 2.3.1
`02`	Cardholder logged in using a username and password	2.1.0 2.2.0 2.3.1
`03`	Cardholder logged in using using federated ID	2.1.0 2.2.0 2.3.1
`04`	Cardholder logged in using using issuer credentials	2.1.0 2.2.0 2.3.1
`05`	Cardholder logged in using using third-party authentication	2.1.0 2.2.0 2.3.1
`06`	Cardholder logged in using using FIDO Authenticator	2.1.0 2.2.0 2.3.1
`07`	Cardholder logged in using using FIDO Authenticator (FIDO assurance data signed)	2.2.0 2.3.1
`08`	SRC Assurance Data	2.2.0 2.3.1
`09`	SPC Authentication	2.3.1
`10`	Electronic ID Authentication Data	2.3.1

threeDSReqAuthTimestamp string

2.3.1

optional

Date and time in UTC of the cardholder authentication.

Format: YYYYMMDDHHMM

Example: "202004011000"

threeDSRequestorChallengeInd array

2.1.0 2.2.0 2.3.1

APP BRW

optional

Indicates whether a challenge is requested for this transaction. Note When providing two preferences, the 3DS Requestor ensures that they are in preference order and are not conflicting. For example, 02 = No challenge requested and 04 = Challenge requested (Mandate) For 2.1.0 & 2.2.0 requests only the first value will be accepted. This field is now an array and the single value string format is being deprecated.

Options:

`01`	No preference	2.1.0 2.2.0 2.3.1
`02`	No challenge requested	2.1.0 2.2.0 2.3.1
`03`	Challenge requested (3DS Requestor preference)	2.1.0 2.2.0 2.3.1
`04`	Challenge requested (mandate, e.g. required for PSD2 compliance)	2.1.0 2.2.0 2.3.1
`05`	No challenge requested (transactional risk analysis is already performed)	2.2.0 2.3.1
`06`	No challenge requested (data share only)	2.2.0 2.3.1
`07`	No challenge requested (strong consumer authentication is already performed)	2.2.0 2.3.1
`08`	No challenge requested (utilise trustlist exemption if no challenge required)	2.2.0 2.3.1
`09`	Challenge requested (trustlist prompt requested if challenge required)	2.2.0 2.3.1
`10`	No challenge requested (use low value exemption)	2.3.1
`11`	No challenge requested (Secure corporate payment exemption)	2.3.1
`12`	Challenge requested (Device Binding prompt requested if challenge required)	2.3.1
`13`	Challenge requested (Issuer requested)	2.3.1
`14`	Challenge requested (Merchant-initiated transactions)	2.3.1
`80-99`	Reserved for Directory Server use	2.1.0 2.2.0 2.3.1

Maximum length: 2

threeDSRequestorDecMaxTime string

2.2.0 2.3.1

APP BRW 3RI

optional

Indicates the maximum amount of time that the 3DS Requestor will wait for an ACS to provide the results of a Decoupled Authentication transaction (in minutes). Numeric values between 00001 and 10080 are accepted.

Example: "00005"

Length: 5

threeDSRequestorDecReqInd string

2.2.0 2.3.1

APP BRW 3RI

optional

Indicates whether the 3DS Requestor requests the ACS to utilise Decoupled Authentication and agrees to utilise Decoupled Authentication if the ACS confirms its use. If the element is not provided, the expected action is for the ACS to default to a value of N (that is, to not use Decoupled Authentication).

Options:

`Y`	Decoupled Authentication is supported and preferred if challenge is necessary	2.1.0 2.2.0 2.3.1
`N`	Do not use Decoupled Authentication	2.1.0 2.2.0 2.3.1
`F`	Decoupled Authentication is supported and is to be used only as a fallback challenge method if a challenge is necessary (Transaction Status = D in RReq).
`B`	Decoupled Authentication is supported and can be used as a primary or fallback challenge method if a challenge is necessary (Transaction Status = D in either ARes or RReq).

threeDSRequestorPriorAuthenticationInfo array

2.1.0 2.2.0 2.3.1

APP BRW 3RI

optional

Information about how the 3DS Requestor authenticated the cardholder as part of a previous 3DS transaction. For 2.1.0 & 2.2.0 requests only the first element will be accepted. This field is now an array and the single element format is being deprecated.

Show definition

Maximum length: 3

threeDSReqPriorDsTransId string

2.3.1

optional

This data element provides the prior DS Transaction ID to the ACS to determine the best approach for handling a request. This data element contains a DS Transaction ID for a prior authenticated transaction (for example, the first recurring transaction that was authenticated with the Cardholder).

Example: "c5584543-b67e-5117-bb34-3567ac6a1123"

Length: 36

threeDSReqPriorAuthData string

2.3.1

optional

Data that documents and supports a specific authentication process.

Maximum length: 20000

threeDSReqPriorAuthMethod string

optional

Mechanism used by the Cardholder to previously authenticate to the 3DS Requestor.

Options:

`01`	Frictionless authentication occurred by ACS	2.1.0 2.2.0 2.3.1
`02`	Cardholder challenge occurred by ACS	2.1.0 2.2.0 2.3.1
`03`	AVS verified	2.1.0 2.2.0 2.3.1
`04`	Other issuer methods	2.1.0 2.2.0 2.3.1
`05`	SPC authentication	2.3.1

threeDSReqPriorAuthTimestamp string

2.3.1

optional

Date and time in UTC of the cardholder authentication.

Format: YYYYMMDDHHMM

threeDSReqPriorRef string

2.3.1

optional

An ACS Transaction ID for a prior authenticated transaction (for example, the first recurring transaction that was authenticated with the cardholder).

Maximum length: 36

threeDSRequestorSpcSupport string

2.3.1

BRW

optional

Indicates whether the 3DS Requestor supports SPC authentication. If present, this field contains the value Y.

Options:

Y Supported

payeeOrigin string

2.3.1

optional

The origin of the payee that will be provided in the SPC Transaction Data. Fully qualified URL.

Maximum length: 2048

threeRIInd string

2.1.0 2.2.0 2.3.1

3RI

required

Indicates the type of 3DS requestor initiated request.

Options:

`01`	Recurring transaction	2.1.0 2.2.0 2.3.1
`02`	Instalment transaction	2.1.0 2.2.0 2.3.1
`03`	Add card	2.1.0 2.2.0 2.3.1
`04`	Maintain card information	2.1.0 2.2.0 2.3.1
`05`	Account verification	2.1.0 2.2.0 2.3.1
`06`	Split/delayed shipment	2.2.0 2.3.1
`07`	Top-up	2.2.0 2.3.1
`08`	Mail order	2.2.0 2.3.1
`09`	Telephone order	2.2.0 2.3.1
`10`	Whitelist status check	2.2.0 2.3.1
`11`	Other payment	2.2.0 2.3.1
`12`	Billing Agreement	2.2.0 2.3.1
`13`	Device Binding status check	2.3.1
`14`	Card Security Code status check	2.3.1
`15`	Delayed shipment	2.3.1
`16`	Split payment	2.3.1
`17`	FIDO credential deletion	2.3.1
`18`	FIDO credential registration	2.3.1
`19`	Decoupled Authentication Fallback	2.3.1

acctType string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

conditional

Indicates the type of account.

Conditions:

Required in some markets (for example, for merchants in Brazil). Otherwise optional.

Options:

`01`	Not Applicable
`02`	Credit
`03`	Debit

broadInfo object

2.1.0 2.2.0 2.3.1

APP BRW 3RI

optional

Broadcast information - structured information sent between the 3DS Server, the DS, and the ACS.

Show definition

Maximum length: 4096

category string

optional

Indicates the category/type of information.

Options:

`01`	General
`02`	Certificate expiry
`03`	Fraud alert
`04`	Transactional data
`05`	Certificate expiry
`06`	Other

Length: 2

description string

optional

Information to be broadcast to recipients.

Maximum length: 4000

expDate string

optional

The date after which the relevance of the broadcast information expires. Format: YYYYMMDD

Length: 8

severity string

optional

Indicates the importance/severity level of the broadcast information.

Options:

`01`	Critical (Immediate action)
`02`	Major (Major impact)
`03`	Minor (Minor impact)
`04`	Informational (No immediate action)

Length: 2

recipients array

optional

Indicates the intended recipient(s) of the broadcast information.

Options:

`01`	3DS SDK
`02`	3DS Server
`03`	DS
`04`	ACS

Maximum length: 3

source string

optional

Indicates the source of the broadcast information.

Options:

`01`	3DS Server
`02`	DS
`03`	ACS

Length: 2

acquirerMerchantID string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

conditional

Acquirer-assigned merchant identifier.

Conditions:

Required for Payment Authentications (PA).

Maximum length: 35

acquirerBIN string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

conditional

Acquiring institution identification code as assigned by the DS receiving the AReq message.

Example: "535522"

Conditions:

Required for Payment Authentications (PA). Required for Visa Non-Payment Authentications (NPA)

Maximum length: 11

acquirerCountryCode string

2.3.1

APP BRW 3RI

optional

The code of the country where the acquiring institution is located (in accordance with ISO 3166-1).

Example: "826"

acquirerCountryCodeSource string

2.3.1

APP BRW 3RI

optional

This data element is populated by the system setting the Acquirer Country Code.

Options:

`01`	3DS Server
`02`	DS

notificationURL string

2.1.0 2.2.0 2.3.1

BRW

required

The Challenge Notification URL that will receive the Challenge Response.

Example: "https://www.example-merchant.com/challenge-notification"

Maximum length: 256

recurringAmount string

2.3.1

APP BRW 3RI

conditional

Recurring amount in minor units of currency with all punctuation removed.

Example: "10000"

Conditions:

Required when threeDSRequestorAuthenticationInd is Recurring transaction (02) or Instalment transaction (03) Or threeRIInd is Recurring transaction (01)

Maximum length: 48

recurringCurrency string

2.3.1

APP BRW 3RI

conditional

Currency in which recurringAmount is expressed (ISO 4217 three-digit numeric currency code).

Example: "826"

Conditions:

Required when recurringAmount is provided.

recurringExponent string

2.3.1

APP BRW 3RI

conditional

Minor units of currency as specified in the ISO 4217 currency exponent.

Example: "2"

Conditions:

Required when recurringAmount is provided.

recurringDate string

2.3.1

APP BRW 3RI

conditional

Effective date of the new authorised amount following the first/promotional payment in a recurring or instalment transaction.

Format: YYYYMMDDhhmmss

Conditions:

Required if recurringInd ('01') or / recurringFrequency ('01').

recurringExpiry string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

conditional

Date after which no further authorisations shall be performed.

Format: YYYYMMDD

Conditions:

Required when threeDSRequestorAuthenticationInd is Recurring transaction (02) or Instalment transaction (03)

recurringFrequency string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

conditional

Indicates the minimum number of days between authorisations.

Example: "0031"

Conditions:

Required when threeDSRequestorAuthenticationInd is Recurring transaction (02) or Instalment transaction (03)

Maximum length: 4

recurringInd object

2.3.1

APP BRW 3RI

conditional

Indicates whether the recurring or instalment payment has a fixed or variable amount and frequency.

Conditions:

Required when threeDSRequestorAuthenticationInd is Recurring transaction (02) or Instalment transaction (03) or threeRIInd is Recurring transaction (01) or Instalment transaction (02)

Show definition

amountInd string

optional

Amount Indicator.

Options:

`01`	Fixed Purchase Amount
`02`	Variable Purchase Amount

frequencyInd string

optional

Frequency Indicator.

Options:

`01`	Fixed Frequency
`02`	Variable or Unknown Frequency

purchaseInstalData string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

conditional

Indicates the maximum number of authorisations permitted for instalment payments.

Example: "002"

Conditions:

Required if threeDSRequestorAuthenticationInd is Instalment transaction (03).

Maximum length: 3

transType string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

conditional

Identifies the type of transaction being authenticated.

Conditions:

Required in some markets, when the messageCategory is Payment Authentication (PA) (01).

Options:

`01`	Purchase of goods or services
`03`	Check acceptance
`10`	Account funding
`11`	Quasi-cash transaction
`28`	Prepaid activation and load

browserAcceptHeader string

2.1.0 2.2.0 2.3.1

BRW

conditional

Exact content of the HTTP accept headers as sent to the 3DS Requestor from the cardholder’s browser.

Example: "text/html,application/xml"

Conditions:

Required when deviceChannel is Browser.

Maximum length: 2048

browserIP string

2.1.0 2.2.0 2.3.1

BRW

optional

IP address of the browser as returned by the HTTP headers to the 3DS Requestor.

Example: "0.0.0.0"

browserJavascriptEnabled boolean

2.1.0 2.2.0 2.3.1

BRW

required

Boolean that represents the ability of the cardholder browser to execute JavaScript.

Example: true

browserJavaEnabled boolean

2.1.0 2.2.0 2.3.1

BRW

conditional

Boolean that represents the ability of the cardholder browser to execute Java. Value is returned from the navigator.javaEnabled property.

Example: true

Conditions:

Required when browserJavascriptEnabled is true.

browserLanguage string

2.1.0 2.2.0 2.3.1

BRW

conditional

The cardholder browser language as defined in IETF BCP47. Returned from navigator.language property.

Example: "en"

Conditions:

Required when browserJavascriptEnabled is true.

acceptLanguage array

2.3.1

BRW

required

Value representing the Browser language preference present in the HTTP header, as defined in IETF BCP 47.

Maximum length: 99

browserColorDepth string

2.1.0 2.2.0 2.3.1

BRW

conditional

The bit depth of the browser's colour palette for displaying images. Use the closest lower option for color depths that are not in the listed options. For example if the color depth is 30, use 24 instead.

Conditions:

Required when browserJavascriptEnabled is true.

Options:

`1`	1 bit per pixel
`4`	4 bits per pixel
`8`	8 bits per pixel
`15`	15 bits per pixel
`16`	16 bits per pixel
`24`	24 bits per pixel
`32`	32 bits per pixel
`48`	48 bits per pixel

browserScreenHeight string

2.1.0 2.2.0 2.3.1

BRW

conditional

Total height of the cardholder’s screen (not browser window) in pixels.

Example: "1080"

Conditions:

Required when browserJavascriptEnabled is true.

Maximum length: 6

browserScreenWidth string

2.1.0 2.2.0 2.3.1

BRW

conditional

Total width of the cardholder’s screen (not browser window) in pixels.

Example: "1920"

Conditions:

Required when browserJavascriptEnabled is true.

Maximum length: 6

browserTZ string

2.1.0 2.2.0 2.3.1

BRW

conditional

Time-zone offset in minutes between UTC and the cardholder browser local time.

Example: "300"

Conditions:

Required when browserJavascriptEnabled is true.

Maximum length: 5

browserUserAgent string

2.1.0 2.2.0 2.3.1

BRW

conditional

Exact content of the HTTP user-agent header.

Example: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_0_0) AppleWebKit/0.0 (KHTML, like Gecko) Chrome/0.0.0.0 Safari/0.0"

Conditions:

Required when deviceChannel is Browser.

Maximum length: 2048

deviceBindingStatus string

2.3.1

APP BRW 3RI

optional

Enables the communication of Device Binding Status between the ACS, the DS and the 3DS Requestor. For bound devices (value = 11–14), Device Binding Status also conveys the type of binding that was performed.

Options:

`01`	Device is not bound by Cardholder
`02`	Not eligible as determined by Issuer
`03`	Pending confirmation by Cardholder
`04`	Cardholder rejected the request
`05`	Device Binding Status unknown, unavailable, or does not apply
`11`	= Device is bound by Cardholder (device is bound using hardware / SIM internal to the Consumer Device. For instance, keys stored in a secure element on the device)
`12`	Device is bound by Cardholder (device is bound using hardware external to the Consumer Device. For example, an external FIDO Authenticator)
`13`	Device is bound by Cardholder (Device is bound using data that includes dynamically generated data and could include a unique device ID)
`14`	Device is bound by Cardholder (Device is bound using static device data that has been obtained from the Consumer Device)
`15`	Device is bound by Cardholder (Other method)

deviceBindingStatusSource string

2.3.1

APP BRW 3RI

optional

This data element will be populated by the system setting Device Binding Status.

Options:

`01`	3DS Server
`02`	DS
`03`	ACS

deviceId string

2.3.1

BRW

conditional

Unique and immutable identifier linked to a device that is consistent across 3DS transactions for the specific user device. Examples - Hardware Device ID, Platform-calculated device fingerprint.

Conditions:

Required if available.

Maximum length: 64

userId string

2.3.1

BRW

conditional

Identifier of the transacting user’s Browser Account ID. This identifier is a unique immutable hash of the user’s account identifier for the given Browser, provided as a string. Cardholders may have more than one account on a given Browser.

Conditions:

Required if available.

Maximum length: 64

sdkTransID string

2.1.0 2.2.0 2.3.1

APP

required

Universally unique transaction identifier assigned by the 3DS SDK to identify a single transaction. Obtained by calling the getSDKTransactionID() SDK method. See details

Example: "a3384543-b67e-5117-bb34-4567ac6a1123"

Length: 36

sdkAppID string

2.1.0 2.2.0 2.3.1

APP

required

Universally unique ID created upon all installations of the 3DS Requestor App on a consumer device. This will be newly generated and stored by the 3DS SDK for each installation. Obtained by calling the getSDKAppID() SDK method. See details

Example: "c3994512-a99f-ab17-bb66-4566ac6b1334"

Length: 36

sdkEncData string

2.1.0 2.2.0 2.3.1

APP

required

Device data encrypted by the SDK. Obtained by calling the getDeviceData() SDK method. See details

Maximum length: 64000

sdkEphemPubKey object

2.1.0 2.2.0 2.3.1

APP

required

Public key component of the ephemeral key pair generated by the 3DS SDK and used to establish session keys between the 3DS SDK and ACS. Obtained by calling the getSDKEphemeralPublicKey() SDK method. See details

Maximum length: 256

sdkMaxTimeout string

2.1.0 2.2.0 2.3.1

APP

required

Indicates maximum amount of time (in minutes) for all exchanges.

Example: "05"

Length: 2

sdkReferenceNumber string

2.1.0 2.2.0 2.3.1

APP

required

Identifies the vendor and version of the 3DS SDK that is integrated in a 3DS Requestor App.

Example: "3DS_xxx_SDK_xxxx_020200_nnnnn"

Maximum length: 32

sdkType string

optional

Indicates the type of 3DS SDK.

Options:

`01`	Default-SDK
`02`	Split-SDK

defaultSdkType object

2.3.1

APP

optional

Indicates the characteristics of a Default-SDK.

Show definition

sdkVariant string

optional

SDK implementation characteristics

Options:

01 Native

wrappedInd string

optional

If the Default-SDK is embedded as a wrapped component in the 3DS Requestor App.

Options:

Y Wrapped

splitSdkType object

2.3.1

APP

conditional

Indicates the characteristics of a Split-SDK.

Conditions:

Required if sdkType = 02.

Show definition

sdkVariant string

optional

Implementation characteristics of the Split-SDK client.

Options:

`01`	Native Client
`02`	Browser
`03`	Shell

limitedInd string

optional

If the Split-SDK client has limited capabilities.

Options:

Y Wrapped

sdkServerSignedContent string

conditional

Contains the JWS object (represented as a string) created by the Split-SDK Server for the AReq messages.

Conditions:

Required if SDK Type = 02.

sdkSignatureTimestamp string

optional

Date and time indicating when the 3DS SDK generated the Split-SDK Server Signed Content converted into UTC.

Format: YYYYMMDDhhmmss

Minimum length: 12

Maximum length: 14

appIp string

2.3.1

APP

optional

External IP address (i.e., the device public IP address) used by the 3DS Requestor App when it connects to the 3DS Requestor environment

Example: "0.0.0.0"

Maximum length: 45

deviceRenderOptions object

2.1.0 2.2.0 2.3.1

APP

required

Defines the SDK UI types that the device supports for displaying specific challenge user interfaces within the SDK.

Show definition

sdkAuthenticationType array

2.3.1

optional

Authentication methods preferred by the 3DS SDK in order of preference

Options:

`01`	Static Passcode
`02`	SMS OTP
`03`	Key fob or EMV card reader OTP
`04`	App OTP
`05`	OTP Other
`06`	KBA
`07`	OOB Biometrics
`08`	OOB Login
`09`	OTP Other
`10`	Other
`11`	Push Confirmation

Maximum length: 99

sdkInterface string

2.1.0 2.2.0 2.3.1

optional

Lists all of the SDK Interface types that the device supports for displaying specific challenge user interfaces within the SDK.

Options:

`01`	Native
`02`	HTML
`03`	Both

sdkUiType array

2.1.0 2.2.0 2.3.1

optional

Lists all UI types that the device supports for displaying specific challenge user interfaces within the SDK.

Options:

`01`	Text field	2.1.0 2.2.0 2.3.1
`02`	Single select field	2.1.0 2.2.0 2.3.1
`03`	Multi select field	2.1.0 2.2.0 2.3.1
`04`	OOB	2.1.0 2.2.0 2.3.1
`05`	HTML Other (valid only for HTML UI)	2.1.0 2.2.0 2.3.1
`06`	HTML OOB (valid only for HTML UI)	2.3.1
`07`	Information	2.3.1

merchantName string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

conditional

Merchant name assigned by the acquirer.

Conditions:

Required for Payment Authentications (PA)

Maximum length: 40

merchantCountryCode string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

conditional

ISO 3166-1 numeric three-digit country code of the merchant.

Example: "826"

Conditions:

Required for Payment Authentications (PA)

Length: 3

mcc string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

conditional

Merchant category code. A card scheme specific code describing the merchant’s type of business, product or service.

Conditions:

Required for Payment Authentications (PA)

Length: 4

merchantRiskIndicator object

2.1.0 2.2.0 2.3.1

APP BRW 3RI

optional

Optional information about the purchase.

Show definition

deliveryEmailAddress string

2.1.0 2.2.0 2.3.1

optional

For electronic delivery, the email address to which the merchandise was delivered.

Example: "customer@example-merchant.com"

Maximum length: 254

deliveryTimeframe string

2.1.0 2.2.0 2.3.1

optional

Indicates the merchandise delivery timeframe.

Options:

`01`	Electronic Delivery
`02`	Same day shipping
`03`	Overnight shipping
`04`	Two-day or more shipping

giftCardAmount string

2.1.0 2.2.0 2.3.1

optional

For prepaid or gift card purchases, the purchase amount total of prepaid or gift card(s) in major units (for example, USD 123.45 is 123).

Example: "123"

Maximum length: 15

giftCardCount string

2.1.0 2.2.0 2.3.1

optional

For prepaid or gift card purchases, the total count of individual prepaid or gift cards/codes purchased.

Example: "10"

giftCardCurr string

2.1.0 2.2.0 2.3.1

optional

For prepaid or gift card purchases, the ISO 4217 three-digit currency code of the gift card.

Example: "826"

preOrderDate string

2.1.0 2.2.0 2.3.1

optional

For a pre-ordered purchase, the expected date that the merchandise will be available.

Format: YYYYMMDD

preOrderPurchaseInd string

2.1.0 2.2.0 2.3.1

optional

Indicates whether the cardholder is placing an order for merchandise with a future availability or release date.

Options:

`01`	Merchandise available
`02`	Future availability

reorderItemsInd string

2.1.0 2.2.0 2.3.1

optional

Indicates whether the cardholder is reordering previously purchased merchandise.

Options:

`01`	First time ordered
`02`	Reordered

shipIndicator string

2.1.0 2.2.0 2.3.1

optional

Indicates the shipping method chosen for the transaction.

Options:

`01`	Ship to cardholder’s billing address	2.1.0 2.2.0 2.3.1
`02`	Ship to another verified address on file with merchant	2.1.0 2.2.0 2.3.1
`03`	Ship to address that is different than the cardholder’s billing address	2.1.0 2.2.0 2.3.1
`04`	Ship to store / pick-up at local store (store address shall be populated in shipping address fields)	2.1.0 2.2.0 2.3.1
`05`	Digital goods (includes online services, electronic gift cards and redemption codes)	2.1.0 2.2.0 2.3.1
`06`	Travel and event tickets, not shipped	2.1.0 2.2.0 2.3.1
`07`	Other (for example, gaming, digital services not shipped, emedia subscriptions, etc.)	2.1.0 2.2.0 2.3.1
`08`	Pick-up and go delivery	2.3.1
`09`	Locker delivery (or other automated pick-up)	2.3.1

transChar array

2.3.1

optional

Options:

`01`	Cryptocurrency transaction
`02`	NFT transaction

cardholderName string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

conditional

Name of the cardholder.

As per EMV guidelines, only a specific set of common characters are allowed. Please refer to Annex B ('Common Character Set') of EMV's Book 4 for more information.

Example: "John Smith"

Conditions:

Required unless a market or regional mandate restricts sending this information.

Minimum length: 2

Maximum length: 45

cardSecurityCode string

2.3.1

APP BRW 3RI

conditional

Three or four-digit security code printed on the card.

Conditions:

Conditional based on DS rules

cardSecurityCodeStatus string

2.3.1

APP BRW 3RI

optional

Enables the communication of Card Security Code Status between the ACS, the DS and the 3DS Requestor.

Options:

`Y`	Validated
`N`	Failed validation
`U`	Status unknown, unavailable, or does not apply

cardSecurityCodeStatusSource string

2.3.1

APP BRW 3RI

optional

This data element will be populated by the system setting Card Security Code Status.

Options:

`01`	DS
`02`	ACS

acctID string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

optional

Cardholder account identifier. The customerId may be used for this field.

Maximum length: 64

acctInfo object

2.1.0 2.2.0 2.3.1

APP BRW 3RI

optional

Information about the cardholder's account.

Show definition

chAccAgeInd string

2.1.0 2.2.0 2.3.1

optional

Length of time that the cardholder has had the account with the merchant.

Options:

`01`	No account (guest check-out)
`02`	Changed during this transaction
`03`	Less than 30 days
`04`	30−60 days
`05`	More than 60 days

chAccChange string

2.1.0 2.2.0 2.3.1

optional

Date that the cardholder’s account was last changed, including billing or shipping address, new payment account, or new user(s) added.

Format: YYYYMMDD

chAccChangeInd string

2.1.0 2.2.0 2.3.1

optional

Time since the cardholder’s account information was last changed, including billing or shipping address, new payment account, or new user(s) added.

Options:

`01`	Changed during this transaction
`02`	Less than 30 days
`03`	30−60 days
`04`	More than 60 days

chAccDate string

2.1.0 2.2.0 2.3.1

optional

Date that the cardholder opened the account.

Format: YYYYMMDD

chAccPwChange string

optional

Date that cardholder last changed their password or had their account reset.

Format: YYYYMMDD

chAccPwChangeInd string

2.1.0 2.2.0 2.3.1

optional

Time since the cardholder last changed their password or had their account reset.

Options:

`01`	No change
`02`	Changed during this transaction
`03`	Less than 30 days
`04`	30−60 days
`05`	More than 60 days

nbPurchaseAccount string

2.1.0 2.2.0 2.3.1

optional

Number of purchases by this cardholder account during the last six months.

Example: "10"

chAccReqID string

2.3.1

optional

The 3DS Requestor assigned account identifier of the transacting Cardholder. This identifier is coded as the SHA-256 + Base64url of the account identifier for the 3DS Requestor and is provided as a String.

Maximum length: 64

provisionAttemptsDay string

2.1.0 2.2.0 2.3.1

optional

Number of Add Card attempts in the last 24 hours.

Example: "2"

Maximum length: 3

txnActivityDay string

2.1.0 2.2.0 2.3.1

optional

Number of transactions (successful and abandoned) by this cardholder account across all payment methods in the last 24 hours.

Example: "1"

txnActivityYear string

2.1.0 2.2.0 2.3.1

optional

Number of transactions (successful and abandoned) by this cardholder account across all payment methods in the last year.

Example: "5"

paymentAccAge string

2.1.0 2.2.0 2.3.1

optional

Date that the payment method was added to the cardholder’s account.

Format: YYYYMMDD

paymentAccInd string

2.1.0 2.2.0 2.3.1

optional

Indicates the length of time since the payment method was added to the cardholder’s account.

Options:

`01`	No account (guest check-out)
`02`	During this transaction
`03`	Less than 30 days
`04`	30−60 days
`05`	More than 60 days

shipAddressUsage string

2.1.0 2.2.0 2.3.1

optional

Date when the shipping address used for this transaction was first used with the 3DS Requestor.

Format: YYYYMMDD

shipAddressUsageInd string

2.1.0 2.2.0 2.3.1

optional

Indicates when the shipping address used for this transaction was first used with the 3DS Requestor.

Options:

`01`	This transaction
`02`	Less than 30 days
`03`	30−60 days
`04`	More than 60 days

shipNameIndicator string

2.1.0 2.2.0 2.3.1

optional

Indicates if the cardholder name on the account is identical to the shipping name used for this transaction.

Options:

`01`	Account name identical to shipping name
`02`	Account name different than shipping name

suspiciousAccActivity string

2.1.0 2.2.0 2.3.1

optional

Indicates whether the 3DS Requestor has experienced suspicious activity (including previous fraud) on the cardholder account.

Options:

`01`	No suspicious activity has been observed
`02`	Suspicious activity has been observed

email string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

conditional

The email address associated with the account that is either entered by the Cardholder, or is on file with the 3DS Requestor.

Example: "customer@example.com"

Conditions:

Required unless a market or regional mandate restricts sending this information.

Maximum length: 254

homePhone object

2.1.0 2.2.0 2.3.1

APP BRW 3RI

conditional

Home phone number. Refer to ITU-E.164 for additional information on format and length.

Conditions:

Required unless a market or regional mandate restricts sending this information.

Show definition

cc string optional	Country code. Example: `"44"`
subscriber string optional	Subscriber number. Example: `"1234567899"` Maximum length: 15

mobilePhone object

2.1.0 2.2.0 2.3.1

APP BRW 3RI

conditional

Mobile phone number. Refer to ITU-E.164 for additional information on format and length.

Conditions:

Required unless a market or regional mandate restricts sending this information.

Show definition

cc string optional	Country code. Example: `"44"`
subscriber string optional	Subscriber number. Example: `"1234567899"` Maximum length: 15

workPhone object

2.1.0 2.2.0 2.3.1

APP BRW 3RI

conditional

Work phone number. Refer to ITU-E.164 for additional information on format and length.

Conditions:

Required unless a market or regional mandate restricts sending this information.

Show definition

cc string optional	Country code. Example: `"44"`
subscriber string optional	Subscriber number. Example: `"1234567899"` Maximum length: 15

addrMatch string

2.1.0 2.2.0 2.3.1

APP BRW

optional

Indicates whether the billing address and shipping address are the same.

Options:

`Y`	Billing address matches shipping address
`N`	Billing address does not match shipping address

billAddrLine1 string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

conditional

First line of the billing address associated with the card used for this purchase.

Conditions:

Required unless a market or regional mandate restricts sending this information.

Maximum length: 50

billAddrLine2 string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

conditional

Second line of the billing address associated with the card used for this purchase.

Conditions:

Required unless a market or regional mandate restricts sending this information.

Maximum length: 50

billAddrLine3 string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

conditional

Third line of the billing address associated with the card used for this purchase.

Conditions:

Required unless a market or regional mandate restricts sending this information.

Maximum length: 50

billAddrCity string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

conditional

The city of the billing address associated with the card used for this purchase.

Conditions:

Required unless a market or regional mandate restricts sending this information.

Maximum length: 50

billAddrState string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

conditional

ISO 3166-2 country subdivision code for the state or province of the billing address associated with the card used for this purchase. For example, using the ISO entry US-CA (California, United States), the correct value for this field is CA. Note that the country and hyphen are not included in this value.

Conditions:

Required unless a market or regional mandate restricts sending this information.

Maximum length: 3

billAddrPostCode string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

conditional

ZIP or other postal code of the billing address associated with the card used for this purchase.

Example: "EC1V 9BP"

Conditions:

Required unless a market or regional mandate restricts sending this information.

Maximum length: 16

billAddrCountry string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

conditional

The numeric country code of the billing address associated with the card used for this purchase.

Example: "826"

Conditions:

Required unless a market or regional mandate restricts sending this information.

Length: 3

shipAddrLine1 string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

conditional

First line of the shipping address requested by the cardholder.

Conditions:

Required unless a market or regional mandate restricts sending this information.

Maximum length: 50

shipAddrLine2 string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

conditional

Second line of the shipping address requested by the cardholder.

Conditions:

Required unless a market or regional mandate restricts sending this information.

Maximum length: 50

shipAddrLine3 string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

conditional

Third line of the shipping address requested by the cardholder.

Conditions:

Required unless a market or regional mandate restricts sending this information.

Maximum length: 50

shipAddrCity string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

conditional

City of the shipping address requested by the cardholder.

Example: "London"

Conditions:

Required unless a market or regional mandate restricts sending this information.

Maximum length: 50

shipAddrState string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

conditional

ISO 3166-2 country subdivision code for the state or province of the shipping address requested by the cardholder.

Conditions:

Required unless a market or regional mandate restricts sending this information.

Maximum length: 3

shipAddrPostCode string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

conditional

The ZIP or other postal code of the shipping address requested by the cardholder.

Example: "EC1V 9BP"

Conditions:

Required unless a market or regional mandate restricts sending this information.

Maximum length: 16

shipAddrCountry string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

conditional

Numeric country of the shipping address requested by the cardholder.

Example: "826"

Conditions:

Required unless a market or regional mandate restricts sending this information.

Length: 3

taxId string

2.3.1

APP BRW 3RI

optional

Cardholder’s tax identification.

Maximum length: 45

whiteListStatus string

2.2.0 2.3.1

APP BRW 3RI

deprecated

DEPRECATED

Deprecated in favour of trustListStatus.

Options:

`Y`	Merchant is trusted by cardholder
`N`	Merchant has not yet been trusted by cardholder
`E`	Not eligible as determined by issuer
`P`	Pending confirmation by cardholder
`R`	Cardholder rejected the request to trust the merchant
`U`	Trusted status unknown, unavailable, or does not apply

trustListStatus string

2.2.0 2.3.1

APP BRW 3RI

optional

Indicates whether the cardholder has added the merchant to their list of trusted merchants. A cardholder can typically only choose to trust a merchant after successfully completing a challenge. A cardholder may not be required to complete a challenge with a merchant they have previously trusted.

Options:

`Y`	Merchant is trusted by cardholder
`N`	Merchant has not yet been trusted by cardholder
`E`	Not eligible as determined by issuer
`P`	Pending confirmation by cardholder
`R`	Cardholder rejected the request to trust the merchant
`U`	Trusted status unknown, unavailable, or does not apply

whiteListStatusSource string

2.2.0 2.3.1

APP BRW 3RI

deprecated

DEPRECATED

Deprecated in favour of trustListStatusSource.

Options:

`01`	3DS Server
`02`	Directory Server (DS)
`03`	Access Control Server (ACS)

trustListStatusSource string

2.2.0 2.3.1

APP BRW 3RI

optional

Identifies the system which set the whiteListStatus value.

Options:

`01`	3DS Server
`02`	Directory Server (DS)
`03`	Access Control Server (ACS)

multiTransaction object

2.3.1

APP BRW 3RI

optional

Additional transaction information in case of multiple transactions or Merchants.

Show definition

merchantList array

optional

A unique identifier for the extension.

Show definition

merchantNameListed string optional	Name of the listed Merchant. Name used in the authorisation message as defined in ISO 8583-1. Maximum length: 40
acquirerMerchantIdListed string optional	Acquirer-assigned Merchant Listed Identifier. This may be the same value that is used in authorisation requests sent on behalf of the 3DS Requestor and is represented in ISO 8583-1 formatting requirements. Maximum length: 15
merchantAmount string optional	Purchase amount for the Merchant in minor units of currency with all punctuation removed. Maximum length: 48
merchantCurrency string optional	Currency Code in which purchase Merchant Amount is expressed (ISO 4217 three-digit numeric currency code). Example: `"826"` Length: 3
merchantExponent string optional	Minor units of currency as specified in the ISO 4217 currency exponent. Example: `"2"` Maximum length: 1
sellerId string optional	Merchant-assigned Seller identifier that links additional Seller Information. If this data element is present, this must match the Seller ID. Maximum length: 50

avValidityTime string

optional

Number of days that the AV (Authentication Value) is valid.

Example: "999"

avNumberUse string

optional

Number of times that the AV (Authentication Value) is valid.

Example: "99"

sellerInfo array

2.3.1

APP BRW 3RI

optional

Additional transaction information for transactions where Merchants submit transaction details on behalf of another entity, i.e., individual sellers in a marketplace or drivers in a ridesharing platform.

Show definition

Maximum length: 50

sellerName string

2.3.1

required

Name of the Seller.

Maximum length: 100

sellerId string

2.3.1

conditional

Merchant-assigned Seller identifier.

Conditions:

Required if Seller ID in MultiTransaction object is present.

Maximum length: 50

sellerBusinessName string

2.3.1

optional

Business name of the Seller.

Maximum length: 100

sellerAccDate string

2.3.1

optional

Date converted into UTC that the Seller started using the Merchant’s services.

Format: YYYYMMDD

sellerAddrLine1 string

2.3.1

optional

First line of the business or contact street address of the Seller.

Maximum length: 50

sellerAddrLine2 string

2.3.1

optional

Second line of the business or contact street address of the Seller.

Maximum length: 50

sellerAddrLine3 string

2.3.1

optional

Third line of the business or contact street address of the Seller.

Maximum length: 50

sellerAddrCity string

2.3.1

optional

Business or contact city of the Seller.

Maximum length: 50

sellerAddrState string

2.3.1

optional

Business or contact state or province of the Seller. Country subdivision code defined in ISO 3166-2. For example, using the ISO entry US-CA (California, United States), the correct value for this field = CA. Note that the country and hyphen are not included in this value.

Maximum length: 3

sellerAddrPostCode string

2.3.1

optional

Business or contact ZIP or other postal code of the Seller.

Maximum length: 16

sellerAddrCountry string

2.3.1

optional

Business or contact country of the Seller. ISO 3166-1 numeric three-digit country code.

Example: "826"

Length: 3

sellerEmail string

2.3.1

optional

Email address of the Seller.

Maximum length: 254

sellerPhone object

optional

Business or contact phone number of the Seller.

Show definition

cc string 2.3.1 optional	Country code. Example: `"44"`
subscriber string 2.3.1 optional	Subscriber number. Example: `"1234567899"`

messageExtension array

2.1.0 2.2.0 2.3.1

APP BRW 3RI

optional

Data necessary to support requirements not otherwise defined in the 3D Secure message format.

Show definition

id string optional	A unique identifier for the extension. Example: `"id-123"`
name string optional	The name of the extension as defined by the extension owner. Example: `"Extension Name"`
criticalityIndicator boolean optional	Indicates whether the recipient must understand the contents of the extension to interpret the entire message.
data object,array,boolean,integer,number,string optional	The data carried in the extension.

Authenticate Response

Show all

timestamp integer

A Unix timestamp indicating when we finished handling the request.

Example: 1512828988

status integer

The HTTP response status code.

Example: 200

cardScheme string

2.1.0 2.2.0 2.3.1

The card scheme which the card uses.

Example: "Visa"

liabilityShifted boolean

Whether liability for this transaction was shifted to the issuer. See Liability Shift.

Example: true

data object

Response payload.

Hide definition

messageVersion string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

3DS protocol version identifier.

threeDSServerTransID string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

The unique identifier (UUID) for tracking the transaction throughout the 3DS process.

Example: "c5584543-b67e-5117-bb34-3567ac6a1123"

sdkTransID string

2.1.0 2.2.0 2.3.1

APP

Universally unique transaction identifier assigned by the 3DS SDK to identify a single transaction.

Example: "a3384543-b67e-5117-bb34-4567ac6a1123"

acsTransID string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

The unique identifier (UUID) used by the ACS for tracking the transaction throughout the 3DS process.

Must be provided in the Challenge Request.

May be provided in the threeDSReqPriorRef field in order to identify a prior authentication.

Example: "214a549e-2310-4359-b590-c53a20adcc78"

dsTransID string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

The unique identifier (UUID) used by the directory server for tracking the transaction throughout the 3DS process. Provided for information only.

Example: "a3384543-b67e-5117-bb34-4567ac6a1123"

dsReferenceNumber string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

A unique identifier assigned to the directory server by EMVCo. Provided for information only.

Example: "3DS_LOA_DIS_ABCD_020200_00001"

acsReferenceNumber string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

A unique identifier assigned to the ACS by EMVCo. Provided for information only.

Example: "3DS_LOA_ACS_ABCD_020200_00001"

acsOperatorID string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

DS assigned ACS identifier. Each DS can provide a unique ID to each ACS on an individual basis.

authenticationType string

2.1.0 2.2.0

APP BRW

DEPRECATED

Deprecated in favour of authenticationMethod. For 2.3.1 requests, the first authenticationMethod is values are mapped an equivalent value in this field.

Options:

`01`	Static, for example, a password or passcode
`02`	Dynamic, for example, a one time password (OTP)
`03`	Out-of-Band (OOB), for example, using the issuing bank's mobile app
`04`	Decoupled Authentication

authenticationMethod array

2.3.1

Indicates type of authentication the issuer will use to challenge the Cardholder.

Options:

`01`	Static Passcode
`02`	SMS OTP
`03`	Key fob or EMV card reader OTP
`04`	App OTP
`05`	OTP Other
`06`	KBA
`07`	OOB Biometrics
`08`	OOB Login
`09`	OOB Other
`10`	Other
`11`	Push Confirmation
`12`	Decoupled
`13`	WebAuthn
`14`	SPC
`15`	Behavioural biometrics
`16`	Electronic ID

Maximum length: 99

authenticationValue string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

The card scheme specific value to be used for authorising the transaction. Also referred to as "CAVV" (Cardholder Authentication Verification Value) by Visa, AAV (Accountholder Authentication Value) by Mastercard and AEVV (American Express Verification Value) by American Express.

On Non-Payment Authentications (NPA) no value is returned by American Express or Mastercard, even if they are successful.

There are limitations on when and for how long the authenticationValue can be stored.

Please refer to the Payment Card Industry 3-D Secure (PCI 3DS) guide for further details.

transChallengeExemption string

2.3.1

APP BRW 3RI

Exemption applied by the ACS to authenticate the transaction without requesting a challenge.

Options:

`05`	Transaction Risk Analysis exemption
`08`	Trust List exemption
`10`	Low Value exemption
`11`	Secure Corporate Payments exemption

transStatus string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

Indicates the outcome of the authenticate request, and how to proceed.

Options:

`Y`	Authentication Successful	The transaction achieved a Frictionless authentication, continue to authorisation using the authenticationValue.	2.1.0 2.2.0 2.3.1
`A`	Authentication Attempted	3DS was attempted but was not possible. However the card scheme granted a successful authentication on the issuer's behalf.	2.1.0 2.2.0 2.3.1
`N`	Authentication Failed	The authentication failed, stop processing the transaction.	2.1.0 2.2.0 2.3.1
`U`	Authentication Unavailable	Authentication could not be performed. You may attempt to proceed to authorisation without an authenticationValue.	2.1.0 2.2.0 2.3.1
`C`	Challenge Required	A challenge is required, make a Challenge Request.	2.1.0 2.2.0 2.3.1
`D`	Decoupled Challenge Required	A challenge will be performed by the issuer without using a 3DS Challenge Request. Make a Result Request to learn the final outcome. You may need to wait the length of time set in the threeDSRequestorDecMaxTime Authenticate Request field.	2.1.0 2.2.0 2.3.1
`R`	Authentication Rejected	The issuer rejected the authentication attempt and requests that authorisation is not attempted.	2.1.0 2.2.0 2.3.1
`I`	Informational Only	Authentication for the transaction was not requested. The data was sent to the ACS for informational purposes only.	2.1.0 2.2.0 2.3.1
`S`	Challenge using SPC	Challenge using SPC	2.3.1

transStatusReason string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

Provides information on the transStatus value.

Options:

`01`	Card authentication failed	2.1.0 2.2.0 2.3.1
`02`	Unknown device	2.1.0 2.2.0 2.3.1
`03`	Unsupported device	2.1.0 2.2.0 2.3.1
`04`	Exceeds authentication frequency limit	2.1.0 2.2.0 2.3.1
`05`	Expired card	2.1.0 2.2.0 2.3.1
`06`	Invalid card number	2.1.0 2.2.0 2.3.1
`07`	Invalid transaction	2.1.0 2.2.0 2.3.1
`08`	No card record	2.1.0 2.2.0 2.3.1
`09`	Security failure	2.1.0 2.2.0 2.3.1
`10`	Stolen card	2.1.0 2.2.0 2.3.1
`11`	Suspected fraud	2.1.0 2.2.0 2.3.1
`12`	Transaction not permitted to cardholder	2.1.0 2.2.0 2.3.1
`13`	Cardholder not enrolled in service	2.1.0 2.2.0 2.3.1
`14`	Transaction timed out at the ACS	2.1.0 2.2.0 2.3.1
`15`	Low confidence	2.1.0 2.2.0 2.3.1
`16`	Medium confidence	2.1.0 2.2.0 2.3.1
`17`	High confidence	2.1.0 2.2.0 2.3.1
`18`	Very high confidence	2.1.0 2.2.0 2.3.1
`19`	Exceeds ACS maximum challenges	2.1.0 2.2.0 2.3.1
`20`	Non-payment (NPA) transaction not supported	2.1.0 2.2.0 2.3.1
`21`	3RI transaction not supported	2.1.0 2.2.0 2.3.1
`22`	ACS technical issue	2.1.0 2.2.0 2.3.1
`23`	Decoupled authentication required by ACS but not requested by 3DS Requestor	2.1.0 2.2.0 2.3.1
`24`	3DS Requestor decoupled authentication max expiry time exceeded	2.1.0 2.2.0 2.3.1
`25`	Insufficient time provided for decoupled authentication to authenticate cardholder. ACS will not attempt authentication	2.1.0 2.2.0 2.3.1
`26`	Authentication attempted but not performed by the cardholder	2.1.0 2.2.0 2.3.1
`27`	Preferred Authentication Method not supported	2.3.1
`28`	Validation of content security policy failed	2.3.1
`29`	Authentication attempted but not completed by the cardholder. Fall back to Decoupled Authentication	2.3.1
`30`	Authentication completed successfully but additional authentication of the Cardholder required. Reinitiate as Decoupled Authentication	2.3.1
`80`	Identity Check Insights	Mastercard	2.1.0 2.2.0 2.3.1
`80`	Error connecting to ACS	Visa	2.1.0 2.2.0 2.3.1
`81`	ACS Timed Out	Visa	2.1.0 2.2.0 2.3.1
`82`	Invalid Response from ACS	Visa	2.1.0 2.2.0 2.3.1
`83`	System Error Response from ACS	Visa	2.1.0 2.2.0 2.3.1
`84`	Transaction not processed by Smart Authentication Stand-In due to challenge cancellation	Mastercard	2.1.0 2.2.0 2.3.1
`84`	Internal Error While Generating CAVV	Visa	2.1.0 2.2.0 2.3.1
`85`	VMID not eligible for requested program	Visa	2.1.0 2.2.0 2.3.1
`86`	Protocol Version Not Supported by ACS	Visa	2.1.0 2.2.0 2.3.1
`87`	Device Channel is 3RI therefore did not route to Smart Authentication Stand-In	Mastercard	2.1.0 2.2.0 2.3.1
`87`	Transaction is excluded from Attempts Processing which includes non-reloadable pre-paid cards and non-payment authentications	Visa	2.1.0 2.2.0 2.3.1
`88`	3DS Requestor Prior Transaction Authentication Data was provided but not found by the ACS or it was expired	Mastercard	2.1.0 2.2.0 2.3.1
`88`	Requested program not supported by the ACS	Visa	2.1.0 2.2.0 2.3.1

transStatusReasonInfo string

2.3.1

Transaction Status Reason Information

eci string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

Electronic Commerce Indicator

Options:

`00`	Authentication Failed	Mastercard
`01`	Authentication attempted, but not completed	Mastercard
`02`	Authentication Successful	Mastercard
`05`	Authentication Successful	Visa, American Express, Discover, JCB, UnionPay, eftpos
`06`	Authentication attempted, but not completed	Visa, American Express, Discover, JCB, UnionPay, eftpos
`07`	Authentication Failed	Visa, American Express, Discover, JCB, UnionPay, eftpos
`N0`	Not Authenticated (NPA)	Mastercard
`N2`	Authenticated (NPA)	Mastercard

acsChallengeMandated string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

Indicates whether regional mandates (e.g. PSD2) require a challenge to be performed. If using the 3RI device channel, a decoupled challenge must be used.

Options:

`Y`	Challenge is mandated
`N`	Challenge is not mandated

acsDecConInd string

2.2.0 2.3.1

APP BRW 3RI

Indicates whether the ACS will use decoupled authentication.

Options:

`Y`	Decoupled authentication will be used
`N`	Decoupled authentication will not be used

acsRenderingType object

2.1.0 2.2.0 2.3.1

APP

Indicates whether the ACS will use decoupled authentication.

Show definition

acsInterface string

2.1.0 2.2.0 2.3.1

The user interface type which the ACS will use to present the challenge.

Options:

`01`	Native UI	2.1.0 2.2.0 2.3.1
`02`	HTML UI	2.1.0 2.2.0 2.3.1

acsUiTemplate string

2.1.0 2.2.0 2.3.1

The user interface template which the ACS will present to the cardholder.

Options:

`01`	Text field	2.1.0 2.2.0 2.3.1
`02`	Single select field (e.g. dropdown field)	2.1.0 2.2.0 2.3.1
`03`	Multi select field (e.g. checkbox fields)	2.1.0 2.2.0 2.3.1
`04`	Out-of-Band (OOB) (e.g. using the issuing bank's mobile app)
`05`	HTML other	2.1.0 2.2.0 2.3.1
`06`	HTML OOB	2.3.1
`07`	Information	2.3.1

acsSignedContent string

2.1.0 2.2.0 2.3.1

APP

A JSON Web Signature (JWS) object containing the ACS URL, ACS ephemeral public key and SDK ephemeral public key. These are used by the SDK to communicate securely with the ACS when performing the challenge.

acsURL string

2.1.0 2.2.0 2.3.1

BRW

The URL of the ACS to be used for the challenge.

broadInfo object

2.1.0 2.2.0 2.3.1

APP BRW 3RI

Broadcast information - structured information sent between the 3DS Server, the DS, and the ACS.

Show definition

Maximum length: 4096

category string

Indicates the category/type of information.

Options:

`01`	General
`02`	Certificate expiry
`03`	Fraud alert
`04`	Transactional data
`05`	Certificate expiry
`06`	Other

Length: 2

description string

Information to be broadcast to recipients.

Maximum length: 4000

expDate string

The date after which the relevance of the broadcast information expires. Format: YYYYMMDD

Length: 8

severity string

Indicates the importance/severity level of the broadcast information.

Options:

`01`	Critical (Immediate action)
`02`	Major (Major impact)
`03`	Minor (Minor impact)
`04`	Informational (No immediate action)

Length: 2

recipients array

Indicates the intended recipient(s) of the broadcast information.

Options:

`01`	3DS SDK
`02`	3DS Server
`03`	DS
`04`	ACS

source string

Indicates the source of the broadcast information.

Options:

`01`	3DS Server
`02`	DS
`03`	ACS

Length: 2

cardholderInfo string

2.1.0 2.2.0 2.3.1

APP BRW 3RI

Text provided by the issuer to be displayed to the cardholder.

cardholderInfoIssuerImage string

2.3.1

APP BRW 3RI

The URL of the issuer's logo or image to be displayed to the cardholder.

cardholderInfoPaymentSystemImage string

2.3.1

APP BRW 3RI

The URL of the payment system's logo or image to be displayed to the cardholder.

cardSecurityCodeStatus string

2.3.1

APP BRW 3RI

Enables the communication of Card Security Code Status between the ACS, the DS and the 3DS Requestor.

Options:

`Y`	Validated
`N`	Failed validation
`U`	Status unknown, unavailable, or does not apply

cardSecurityCodeStatusSource string

2.3.1

APP BRW 3RI

This data element will be populated by the system setting Card Security Code Status.

Options:

`01`	DS
`02`	ACS

deviceBindingStatus string

2.3.1

APP BRW 3RI

Options:

`01`	Device is not bound by Cardholder
`02`	Not eligible as determined by Issuer
`03`	Pending confirmation by Cardholder
`04`	Cardholder rejected the request
`05`	Device Binding Status unknown, unavailable, or does not apply
`11`	= Device is bound by Cardholder (device is bound using hardware / SIM internal to the Consumer Device. For instance, keys stored in a secure element on the device)
`12`	Device is bound by Cardholder (device is bound using hardware external to the Consumer Device. For example, an external FIDO Authenticator)
`13`	Device is bound by Cardholder (Device is bound using data that includes dynamically generated data and could include a unique device ID)
`14`	Device is bound by Cardholder (Device is bound using static device data that has been obtained from the Consumer Device)
`15`	Device is bound by Cardholder (Other method)

deviceBindingStatusSource string

2.3.1

APP BRW 3RI

This data element will be populated by the system setting Device Binding Status.

Options:

`01`	3DS Server
`02`	DS
`03`	ACS

deviceRecognisedVersion string

2.3.1

APP

Indicates the highest Data Version of the Device Information supported by the ACS.

threeDSRequestorAppURLInd string

2.3.1

APP

Indicates whether the OOB Authentication App used by the ACS during a challenge supports the 3DS Requestor App URL.

Options:

`Y`	3DS Requestor App URL is supported by the OOB Authentication App
`N`	3DS Requestor App URL is NOT supported by the OOB Authentication App

whiteListStatus string

2.2.0 2.3.1

APP BRW 3RI

DEPRECATED

Deprecated in favour of trustListStatus.

Options:

`Y`	Merchant is trusted by cardholder
`N`	Merchant has not yet been trusted by cardholder
`E`	Not eligible as determined by issuer
`P`	Pending confirmation by cardholder
`R`	Cardholder rejected the request to trust the merchant
`U`	Trusted status unknown, unavailable, or does not apply

trustListStatus string

2.2.0 2.3.1

APP BRW 3RI

Options:

`Y`	Merchant is trusted by cardholder
`N`	Merchant has not yet been trusted by cardholder
`E`	Not eligible as determined by issuer
`P`	Pending confirmation by cardholder
`R`	Cardholder rejected the request to trust the merchant
`U`	Trusted status unknown, unavailable, or does not apply

whiteListStatusSource string

2.2.0 2.3.1

APP BRW 3RI

DEPRECATED

Deprecated in favour of trustListStatusSource.

Options:

`01`	3DS Server
`02`	Directory Server (DS)
`03`	Access Control Server (ACS)

trustListStatusSource string

2.2.0 2.3.1

APP BRW 3RI

Identifies the system which set the trustListStatus value.

Options:

`01`	3DS Server
`02`	Directory Server (DS)
`03`	Access Control Server (ACS)

spcTransData object

2.3.1

BRW

Information that the 3DS Requestor passes in the SPC API for display in the Smart Modal Window

Show definition

additionalData string

For SPC API enhancement, to be defined in a future 3DS specification release

Maximum length: 90000

challenge string

Random string generated by the ACS to prevent replay attacks.

Minimum length: 43

Maximum length: 100

challengeInfoText string

Text provided by the ACS to be displayed during the SPC authentication.

Maximum length: 350

currency string

Transaction amount currency to be displayed during the SPC authentication. ISO 4217 three-digit currency code.

Length: 3

displayName string

Card or product name (Payment Instrument) to be displayed during the SPC authentication

Maximum length: 40

icon string

Card image (Payment Instrument) URL or Data URL to be displayed during the SPC authentication.

Maximum length: 4096

issuerImageSpc object

Issuer logo or Image URLs or Data URLs to be displayed during the SPC authentication. Includes at minimum the Default Image and at maximum the three Fully Qualified URLs or Data URLs defined as default, dark mode or monochrome images of the Issuer Image SPC. - Fully Qualified URLs or Data URLs in correct JSON object format - Fully Qualified URL Variable length, maximum 2048 characters Data URL Variable length, maximum 30000 characters. The Data URL embeds the image in Base64-encoded format. Refer to RFC 2397.

Show definition

default string	Default image URL or Data URL.
darkMode string	Dark mode image URL or Data URL.
monochrome string	Monochrome image URL or Data URL.

payeeName string

The display name of the payee that this SPC call is for (e.g. the Merchant). Matches the Merchant Name from the AReq message.

Maximum length: 40

payeeOrigin string

The origin of the payee that this SPC call is for (e.g. the Merchant). Matches the Merchant URL domain from the AReq message. Fully Qualified URL.

Maximum length: 2048

psImageSpc object

Payment System logo or Image URLs to be displayed during the SPC authentication. Includes at minimum the Default Image and at maximum the three Fully Qualified URLs or Data URLs defined as default, dark mode or monochrome images of the Issuer Image SPC. - Fully Qualified URLs or Data URLs in correct JSON object format - Fully Qualified URL Variable length, maximum 2048 characters Data URL Variable length, maximum 30000 characters. The Data URL embeds the image in Base64-encoded format. Refer to RFC 2397.

Show definition

default string	Default image URL or Data URL.
darkMode string	Dark mode image URL or Data URL.
monochrome string	Monochrome image URL or Data URL.

timeout string

The number of milliseconds before the request to sign the transaction details times out. Integer coded as a string in the range 60000–500000

value string

Transaction amount as a decimal value to be displayed during the SPC authentication.

Maximum length: 40

extInd string

For SPC and WebAuthn API enhancement. (Only present if value = Y)

Options:

`Y`	Extension requested

Maximum length: 1

webAuthnCredList array

2.3.1

APP

List of WebAuthn credentials that the ACS can use to authenticate the cardholder.

Show definition

rpID string	Relying Party ID. Maximum length: 2048
credentialIds string	WebAuthn Credential (Base64url-encoded). Maximum length: 1000

messageExtension array

2.1.0 2.2.0 2.3.1

APP BRW 3RI

Data necessary to support requirements not otherwise defined in the 3D Secure message format.

Show definition

id string	A unique identifier for the extension. Example: `"id-123"`
name string	The name of the extension as defined by the extension owner. Example: `"Extension Name"`
criticalityIndicator boolean	Indicates whether the recipient must understand the contents of the extension to interpret the entire message.
data object,array,boolean,integer,number,string	The data carried in the extension.

Feedback

Was this page helpful?