Parameters
Parameters
3DS version 2.0 supports much more input parameters than the previous version 1.0. Most of these parameters will be used by the card issuing bank to evaluate the risk of the payment transaction.
Even if most of the parameters are optional, some are recommended to increase the chance of a frictionless flow and to bypass a challenge for the cardholder.
The following sections and tables list all parameters relevant for the 3DS 2.0 authentication.
More technical details on an API service level can be found in our API documentation.
Input Parameter
Parameter | Required | Description | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
cardholderName | optional | The name of the cardholder. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
optional | The email address of the cardholder. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
billingAddress | optional | object containing the shipping address details. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
billingAddress.street | optional | The street address of the cardholder billing address. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
billingAddress.houseNumber | optional | The street number of the cardholder billing address. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
billingAddress.city | optional | The city of the cardholder billing address. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
billingAddress.zip | optional | The postal code of the cardholder billing address. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
billingAddress.state | optional | The state of the cardholder billing address. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
billingAddress.country | optional | The country of the cardholder billing address. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Transaction Data
Parameter | Required | Description |
---|---|---|
amount | required | The amount of the purchase. In case of an authentication without payment for recurring future payments this should include the expected total purchase amount. |
currency | required | The currency of the purchase. |
recurringExpiry | conditional | Date after which no further authorizations shall be performed. This field is only required in case of an authentication for recurring payments. |
recurringFrequency | conditional | Indicates the minimum number of days between authorizations. This field is only required in case of an authentication for recurring payments. |
Risk Data
Parameter | Required | Description | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
customerAccount | optional | An object containing information about the customer account with the merchant. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
customerAccount.accountIdentifier | optional | The account identifier at the merchant side. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
customerAccount.creationDate | optional | The date when the customer opened the account with the merchant. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
customerAccount.lastChangeDate | optional | The date when the customer account with the merchant was last changed, including billing or shipping addres, new payment account or new user(s) added. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
customerAccount.changeIndicator | optional | Length of the time since the customer account information with the merchant was last changed, including billing or shipping addres, new payment account or new user(s) added. Supported values: CHANGED_WITH_THIS_TRANSACTION / LESS_THAN_THIRTY_DAYS / THIRTY_TO_SIXTY_DAYS / MORE_THAN_SIXTY_DAYS | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
customerAccount.lastPasswordChangeDate | optional | The date when the customer account with the merchant had a password change or account reset. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
customerAccount.passwordChangeIndicator | optional | Length of the time since the customer account information with the merchant had a password change or account reset. Supported values: NO_CHANGE / CHANGED_WITH_THIS_TRANSACTION / LESS_THAN_THIRTY_DAYS / THIRTY_TO_SIXTY_DAYS / MORE_THAN_SIXTY_DAYS | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
customerAccount.authenticationMethod | optional | Mechanism used by the customer to authenticate to the merchant account. Supported values: GUEST / OWN_CREDENTIALS / FEDERATED_ID / ISSUER_CREDENTIALS / THIRD_PARTY_AUTH / FIDO_AUTHENTICATOR | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
customerAccount.authenticationTimestamp | optional | Date and time in UTC of the customer authentication to the merchant account. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Browser Data
Parameter | Required | Description |
---|---|---|
acceptHeader | required | Exact content of the HTTP accept headers as sent to the 3DS Requestor from the cardholder's browser. This field is limited to maximum 2048 characters and if the total length exceeds the limit, the 3DS Server truncates the excess portion. |
ip | optional | IP address of the browser as returned by the HTTP headers to the 3DS Requestor. The field is limited to maximum 45 characters and the accepted values are as following: IPv4 address is represented in the dotted decimal format of 4 sets of decimal numbers separated by dots. The decimal number in each and every set is in the range 0 - 255. |
javaEnabled | required | Boolean that represents the ability of the cardholder browser to execute Java. |
language | required | Value representing the browser language as defined in IETF BCP47. The value is limited to 1-8 characters. Value is returned from navigator.language property. |
colorDepth | required | Value representing the bit depth of the colour palette for displaying images, in bits per pixel. Obtained from Cardholder browser using the screen.colorDepth property. The field is limited to 1-2 characters. |
screenHeight | required | Total height of the cardholder's screen in pixels. Value is returned from the screen.height property. The value is limited to 1-6 characters. |
screenWidth | required | Total width of the cardholder's screen in pixels. Value is returned from the screen.width property. The value is limited to 1-6 characters. |
timezone | required | Time difference between UTC time and the cardholder browser local time, in minutes. The field is limited to 1-5 characters where the value is returned from the getTimezoneOffset() method. |
userAgent | required | Exact content of the HTTP user-agent header. The field is limited to maximum 2048 characters. If the total length of the User-Agent sent by the browser exceeds 2048 characters, the 3DS Server truncates the excess portion. |
challengeWindowSize | required | Dimensions of the challenge iFrame window that should be displayed to the cardholder in case of a challenge. The ACS shall reply with content that is formatted to appropriately render in this window to provide the best possible user experience. Preconfigured sizes are width X height in pixels of the window displayed in the cardholder browser window. This is used only to prepare the CReq request and it is not part of the AReq flow. If not present it will be omitted. However, when sending the challenge request accepted values are: 01 -> 250 x 400 / 02 -> 390 x 400 / 03 -> 500 x 600 / 04 -> 600 x 400 / 05 -> Full screen |
Output Parameter
The following parameters are relevant for a 3DS 2.0 authentication response.
Authentication Result
Parameter | Required | Description |
---|---|---|
version | required | The version of the 3DS protocol. Supported values: 1.0, 2.0 |
status | required | The email address of the cardholder. Indicates whether a transaction qualifies as an authenticated transaction. Y = authentication verification successful / A = authentication attempted; not authenticated, but a proof of attempted authentication is provided / C = challenge required; additional SCA authentication is required / R = authentication rejected; issuer is rejecting / N = not authenticated; transaction denied. / U = authentication could not be performed; technical or other problem |
transactionId | required | The transaction identifier from the 3DS authentication. 3DS 1.0: This will be the XID / 3DS 2.0: This will be the dsTransID |
authenticationValue | optional | The authenticationValue returned in the 3DS authentication. CAVV: Visa, AMEX, JCB, Diners/Discover / UCAF: Mastercard |
eci | optional | The Electronic Commerce Indicator (ECI) provided by the ACS or DS to indicate the results of the attempt to authenticate the cardholder. The ECI values might differ depending on the card scheme. For all fully authenticated or authentication attempted transactions the liability will be shifted to the card issuer. Mastercard: 00 - no authentication available / 01 - authentication attempted / 02 - fully authenticated / 07 - fully authenticated (Mastercard distinguishes between fully authenticated recurring payments (flagged with ECI 07) and all other fully authenticated transactions (flagged with ECI 02)) All other card schemes: 05 - fully authenticated / 06 - authentication attempted / 07 - no authentication available |
challengeData | conditional | Object containing details for the challenge iFrame in case the status=C. Only relevant for 3DS 2.0 |
challengeData.acsUrl | required | Fully qualified URL of the ACS in case the authentication response message indicates that further cardholder interaction is required to complete the authentication. |
challengeData.base64EncodedChallengeRequest | required | Base64-encoded challenge request object in case the authentication response message indicates that further cardholder interaction is required to complete the authentication. |
challengeData.challengeWindowSize | required | Dimensions of the challenge iframe window in which the challenge page will be displayed to the Cardholder. This value should match the provided size in the browserInfo call. EMVCo assigned window size. '01' -> 250px x 400px, '02' -> 390px x 400px, '03' -> 500px x 600px, '04' -> 600px x 400px, '05' -> Full screen, or full container content |