Skip to content

    Parameters

    Parameters

    3DS version 2.0 supports much more input parameters than the previous version 1.0. Most of these parameters will be used by the card issuing bank to evaluate the risk of the payment transaction.

    Even if most of the parameters are optional, some are recommended to increase the chance of a frictionless flow and to bypass a challenge for the cardholder.

    The following sections and tables list all parameters relevant for the 3DS 2.0 authentication.

    More technical details on an API service level can be found in our API documentation.

    Input Parameter

    ParameterRequiredDescription
    cardholderNameoptionalThe name of the cardholder.
    emailoptionalThe email address of the cardholder.
    billingAddressoptionalobject containing the shipping address details.
    billingAddress.streetoptionalThe street address of the cardholder billing address.
    billingAddress.houseNumberoptionalThe street number of the cardholder billing address.
    billingAddress.cityoptionalThe city of the cardholder billing address.
    billingAddress.zipoptionalThe postal code of the cardholder billing address.
    billingAddress.stateoptionalThe state of the cardholder billing address.
    billingAddress.countryoptionalThe country of the cardholder billing address.

    Transaction Data

    ParameterRequiredDescription
    amountrequiredThe amount of the purchase. In case of an authentication without payment for recurring future payments this should include the expected total purchase amount.
    currencyrequiredThe currency of the purchase.
    recurringExpiryconditionalDate after which no further authorizations shall be performed. This field is only required in case of an authentication for recurring payments.
    recurringFrequencyconditionalIndicates the minimum number of days between authorizations. This field is only required in case of an authentication for recurring payments.

    Risk Data

    ParameterRequiredDescription
    customerAccountoptionalAn object containing information about the customer account with the merchant.
    customerAccount.accountIdentifieroptionalThe account identifier at the merchant side.
    customerAccount.creationDateoptionalThe date when the customer opened the account with the merchant.
    customerAccount.lastChangeDateoptionalThe date when the customer account with the merchant was last changed, including billing or shipping addres, new payment account or new user(s) added.
    customerAccount.changeIndicatoroptionalLength of the time since the customer account information with the merchant was last changed, including billing or shipping addres, new payment account or new user(s) added. Supported values: CHANGED_WITH_THIS_TRANSACTION / LESS_THAN_THIRTY_DAYS / THIRTY_TO_SIXTY_DAYS / MORE_THAN_SIXTY_DAYS
    customerAccount.lastPasswordChangeDateoptionalThe date when the customer account with the merchant had a password change or account reset.
    customerAccount.passwordChangeIndicatoroptionalLength of the time since the customer account information with the merchant had a password change or account reset. Supported values: NO_CHANGE / CHANGED_WITH_THIS_TRANSACTION / LESS_THAN_THIRTY_DAYS / THIRTY_TO_SIXTY_DAYS / MORE_THAN_SIXTY_DAYS
    customerAccount.authenticationMethodoptionalMechanism used by the customer to authenticate to the merchant account. Supported values: GUEST / OWN_CREDENTIALS / FEDERATED_ID / ISSUER_CREDENTIALS / THIRD_PARTY_AUTH / FIDO_AUTHENTICATOR
    customerAccount.authenticationTimestampoptionalDate and time in UTC of the customer authentication to the merchant account.

    Browser Data

    ParameterRequiredDescription
    acceptHeaderrequiredExact content of the HTTP accept headers as sent to the 3DS Requestor from the cardholder's browser. This field is limited to maximum 2048 characters and if the total length exceeds the limit, the 3DS Server truncates the excess portion.
    ipoptionalIP address of the browser as returned by the HTTP headers to the 3DS Requestor. The field is limited to maximum 45 characters and the accepted values are as following: IPv4 address is represented in the dotted decimal format of 4 sets of decimal numbers separated by dots. The decimal number in each and every set is in the range 0 - 255.
    javaEnabledrequiredBoolean that represents the ability of the cardholder browser to execute Java.
    languagerequiredValue representing the browser language as defined in IETF BCP47. The value is limited to 1-8 characters. Value is returned from navigator.language property.
    colorDepthrequiredValue representing the bit depth of the colour palette for displaying images, in bits per pixel. Obtained from Cardholder browser using the screen.colorDepth property. The field is limited to 1-2 characters.
    screenHeightrequiredTotal height of the cardholder's screen in pixels. Value is returned from the screen.height property. The value is limited to 1-6 characters.
    screenWidthrequiredTotal width of the cardholder's screen in pixels. Value is returned from the screen.width property. The value is limited to 1-6 characters.
    timezonerequiredTime difference between UTC time and the cardholder browser local time, in minutes. The field is limited to 1-5 characters where the value is returned from the getTimezoneOffset() method.
    userAgentrequiredExact content of the HTTP user-agent header. The field is limited to maximum 2048 characters. If the total length of the User-Agent sent by the browser exceeds 2048 characters, the 3DS Server truncates the excess portion.
    challengeWindowSizerequiredDimensions of the challenge iFrame window that should be displayed to the cardholder in case of a challenge. The ACS shall reply with content that is formatted to appropriately render in this window to provide the best possible user experience. Preconfigured sizes are width X height in pixels of the window displayed in the cardholder browser window. This is used only to prepare the CReq request and it is not part of the AReq flow. If not present it will be omitted. However, when sending the challenge request accepted values are: 01 -> 250 x 400 / 02 -> 390 x 400 / 03 -> 500 x 600 / 04 -> 600 x 400 / 05 -> Full screen

    Output Parameter

    The following parameters are relevant for a 3DS 2.0 authentication response.

    Authentication Result

    ParameterRequiredDescription
    versionrequiredThe version of the 3DS protocol. Supported values: 1.0, 2.0
    statusrequiredThe email address of the cardholder. Indicates whether a transaction qualifies as an authenticated transaction. Y = authentication verification successful / A = authentication attempted; not authenticated, but a proof of attempted authentication is provided / C = challenge required; additional SCA authentication is required / R = authentication rejected; issuer is rejecting / N = not authenticated; transaction denied. / U = authentication could not be performed; technical or other problem
    transactionIdrequiredThe transaction identifier from the 3DS authentication. 3DS 1.0: This will be the XID / 3DS 2.0: This will be the dsTransID
    authenticationValueoptionalThe authenticationValue returned in the 3DS authentication. CAVV: Visa, AMEX, JCB, Diners/Discover / UCAF: Mastercard
    ecioptionalThe Electronic Commerce Indicator (ECI) provided by the ACS or DS to indicate the results of the attempt to authenticate the cardholder. The ECI values might differ depending on the card scheme. For all fully authenticated or authentication attempted transactions the liability will be shifted to the card issuer. Mastercard: 00 - no authentication available / 01 - authentication attempted / 02 - fully authenticated / 07 - fully authenticated (Mastercard distinguishes between fully authenticated recurring payments (flagged with ECI 07) and all other fully authenticated transactions (flagged with ECI 02)) All other card schemes: 05 - fully authenticated / 06 - authentication attempted / 07 - no authentication available
    challengeDataconditionalObject containing details for the challenge iFrame in case the status=C. Only relevant for 3DS 2.0
    challengeData.acsUrlrequiredFully qualified URL of the ACS in case the authentication response message indicates that further cardholder interaction is required to complete the authentication.
    challengeData.base64EncodedChallengeRequestrequiredBase64-encoded challenge request object in case the authentication response message indicates that further cardholder interaction is required to complete the authentication.
    challengeData.challengeWindowSizerequiredDimensions of the challenge iframe window in which the challenge page will be displayed to the Cardholder. This value should match the provided size in the browserInfo call. EMVCo assigned window size. '01' -> 250px x 400px, '02' -> 390px x 400px, '03' -> 500px x 600px, '04' -> 600px x 400px, '05' -> Full screen, or full container content

    Was this helpful?

    What was your feeling about it?