Additional data to improve authentication rates

Providing additional data during this process is essential for enhancing user experience and ensuring security. Here are key reasons to include extra information:

  1. Enhanced risk assessment: Supplying more details about the transaction and customer enables issuers and authentication systems to perform a more accurate risk evaluation. Information such as purchase history, geographic location, and device details helps issuers determine if risk-based authentication is possible, potentially avoiding extra steps like entering an OTP.

  2. Minimized user friction: Sharing data such as phone number, email, previous authentication history, and shipping details can help authenticate the transaction without direct customer involvement. If the risk assessment deems the transaction low risk, the user may not need to actively authenticate, resulting in a smoother experience—known as a "frictionless flow."

  3. Reduced decline rates: Including more relevant information in the authentication request decreases the likelihood of the issuer declining the transaction due to insufficient data for assessing the buyer's authenticity. This can improve transaction approval rates.

  4. Fraud prevention: Providing additional data, such as device geolocation, IP address, browser behavior, and previous authentication details, enables issuers to more effectively identify fraudulent transactions.

  5. Personalized experience for repeat authentications: When processing multiple transactions for the same user, or when a user has authenticated before, sending prior authentication information (as seen in the threeDSRequestorPriorAuthenticationInfo field) allows issuers to tailor the authentication process based on the user's history.

To make the most of additional data, please review the Use Cases section. There, you'll find clear examples of when and how to provide this information in your integrations, including specific scenarios where additional data is recommended or required to improve authentication success rates.

AcctInfoProperties

Description

acctInfoProperties is an object that provides additional information about the cardholder's account.

Object description

Field
Description
title
acctInfo
type
object
description
Additional information about the cardholder's account.

Object Properties

chAccAgeInd

  • Type: string
  • Description: Indicates how long the account has existed on the merchant's website.

Accepted values:

  • NO_ACCOUNT 01 - No account (guest)
  • CREATED_DURING_TRANSACTION 02 - Created during the transaction
  • LESS_30_DAYS 03 - Less than 30 days
  • BETWEEN_30_AND_60_DAYS 04 - Between 30 and 60 days
  • MORE_60_DAYS 05 - More than 60 days

Example value: '01' or 'NO_ACCOUNT'

chAccChange

  • Type: string
  • Description: Date of the most recent change to the cardholder's account on the merchant's website.

Format: YYYYMMDD

Example value: '20210310'

  • Length: 8 characters

chAccChangeInd

  • Type: string
  • Description: Time elapsed since the last change to the account on the merchant's website.

Accepted values:

  • CHANGED_DURING_TRANSACTION 01 - Changed during the transaction
  • LESS_30_DAYS 02 - Less than 30 days
  • BETWEEN_30_AND_60_DAYS 03 - Between 30 and 60 days
  • MORE_60_DAYS 04 - More than 60 days

Example value: '02' or 'LESS_30_DAYS'

chAccDate

  • Type: string
  • Description: Date the account was created on the merchant's website.

Format: YYYYMMDD

Example value: '20210310'

  • Length: 8 characters

chAccPwChange

  • Type: string
  • Description: Date of the most recent password change or recovery.

Format: YYYYMMDD

Example value: '20210310'

  • Length: 8 characters

chAccPwChangeInd

  • Type: string
  • Description: Time elapsed since the last password change or recovery.

Accepted values:

  • NO_CHANGE 01 - No changes
  • CHANGED_DURING_TRANSACTION 02 - Changed during the transaction
  • LESS_30_DAYS 03 - Less than 30 days
  • BETWEEN_30_AND_60_DAYS 04 - Between 30 and 60 days
  • MORE_60_DAYS 05 - More than 60 days

Example value: '03' or 'LESS_30_DAYS'

nbPurchaseAccount

  • Type: string

  • Description: Number of purchases in the last 6 months.

  • Length: 1 to 4 characters

Example value: '1234'

provisionAttemptsDay

  • Type: string
  • Description: Number of card addition attempts in the last 24 hours.

Example values: 2, 02, 002

  • Length: 1 to 3 characters

Example value: '002'

txnActivityDay

  • Type: string
  • Description: Number of transactions (successful and abandoned) for this account in the last 24 hours.

Example values: 2, 02, 002

  • Length: 1 to 3 characters

Example value: '02'

txnActivityYear

  • Type: string
  • Description: Number of transactions (successful and abandoned) for this account in the last year.

Example values: 2, 02, 002

  • Length: 1 to 3 characters

Example value: '2'

paymentAccAge

  • Type: string
  • Description: Date the payment method was added to the user's account on the merchant's website.

Format: YYYYMMDD

Example value: '20210307'

  • Length: 8 characters

paymentAccInd

  • Type: string
  • Description: Time elapsed since the payment method was enrolled in the account on the merchant's website.

Accepted values:

  • NO_ACCOUNT 01 - No account (guest)

  • CREATED_DURING_TRANSACTION 02 - During the transaction

  • LESS_30_DAYS 03 - Less than 30 days

  • BETWEEN_30_AND_60_DAYS 04 - Between 30 and 60 days

  • MORE_60_DAYS 05 - More than 60 days

  • Length: 2 characters

Example value: '01' or 'NO_ACCOUNT'

shipAddressUsage

  • Type: string
  • Description: Date the shipping address was first used on the merchant's website.

Format: YYYYMMDD

Example value: '20210305'

  • Length: 8 characters

shipNameIndicator

  • Type: string
  • Description: Indicates if the cardholder's name matches the shipping name used in this transaction.

Accepted values:

  • ACCOUNT_NAME_IDENTICAL_SHIPPING_NAME 01 - Account name matches shipping name

  • ACCOUNT_NAME_DIFFERENT_SHIPPING_NAME 02 - Account name differs from shipping name

  • Length: 2 characters

Example value: '01' or 'ACCOUNT_NAME_IDENTICAL_SHIPPING_NAME'

suspiciousAccActivity

  • Type: string
  • Description: Indicates if the merchant has observed suspicious activity (including previous fraud) on the cardholder's account.

Accepted values:

  • NO_SUSPICIOUS_ACTIVITY_OBSERVED 01 - No suspicious activity observed

  • SUSPICIOUS_ACTIVITY_OBSERVED 02 - Suspicious activity observed

  • Length: 2 characters

Example value: '02' or 'SUSPICIOUS_ACTIVITY_OBSERVED'

Request Example

{
    "acctNumber": "4005580000000040",
    "cardExpiryDate": "2506",
    "purchaseAmount": "20.5",
    "purchaseCurrency": "USD",
    "redirectURI": "https://www.placetopay.com",
    "threeDSAuthenticationInd": "PAYMENT_TRANSACTION",
    "reference": "12345",
    "acctInfo": {
        "chAccAgeInd": "05",
        "chAccDate": "20170101",
        "chAccChangeInd": "MORE_60_DAYS",
        "chAccChange": "20170101",
        "chAccPwChangeInd": "MORE_60_DAYS",
        "chAccPwChange": "20170101",
        "shipAddressUsage": "20170101",
        "txnActivityDay": "1",
        "txnActivityYear": "1",
        "provisionAttemptsDay": "0",
        "nbPurchaseAccount": "1",
        "suspiciousAccActivity": "01",
        "shipNameIndicator": "ACCOUNT_NAME_IDENTICAL_SHIPPING_NAME",
        "paymentAccInd": "MORE_60_DAYS",
        "paymentAccAge": "20170101"
    }
}

PhoneProperties

Description

PhoneProperties is an object representing a phone number according to the ITU-E.164 specification.

Object Description

Field
Description
title
PhoneProperties
type
object
description
Accepted values as per specification See ITU-E.164 format

Object Properties

cc

  • Type: string
  • Description: Country code of the phone number.

Example value: '1'

  • Length: Minimum 1 character, maximum 3 characters.

subscriber

  • Type: string
  • Description: Subscriber number (the local part of the phone number).

Example value: '1234567899'

  • Length: Maximum 15 characters.

Request Example

{
    "acctNumber": "4005580000000040",
    "cardExpiryDate": "2506",
    "purchaseAmount": "20.5",
    "purchaseCurrency": "USD",
    "redirectURI": "https://www.placetopay.com",
    "threeDSAuthenticationInd": "PAYMENT_TRANSACTION",
    "reference": "12345",
    "homePhone": {
        "cc": "123",
        "subscriber": "123456789"
    },
    "mobilePhone": {
        "cc": "123",
        "subscriber": "123456789"
    },
    "workPhone": {
        "cc": "123",
        "subscriber": "123456789"
    }
}

ThreeDSRequestorPriorAuthenticationInfo

Description

threeDSRequestorPriorAuthenticationInfo is an object containing details about how the 3DS Requestor authenticated the cardholder before or during the transaction.

Object Description

Field
Description
title
threeDSRequestorPriorAuthenticationInfo
type
object
description
Information on how the 3DS Requestor authenticated the cardholder before or during the transaction.

Object Properties

threeDSReqPriorAuthMethod

  • Type: string
  • Description: Authentication method used in the transaction.

Accepted values:

  • FRICTIONLESS_AUTHENTICATION 01 - Frictionless authentication
  • CARDHOLDER_CHALLENGE_OCCURRED 02 - Challenge authentication

threeDSReqPriorAuthTimestamp

  • Type: string
  • Description: UTC timestamp of the prior authentication event.

Accepted formats:

  • c – 2020-04-21T01:44:54+00:00
  • YmdHi – 202401011212
  • Length: 12 characters

threeDSReqPriorRef

  • Type: string
  • Description: ACS Transaction ID of the previous authenticated transaction.

Example value: c83f3f5d-1a47-4eff-9fd0-6b63090a89c6

  • Length: Maximum 72 characters

threeDSReqPriorAuthData

  • Type: string
  • Description: DS Transaction ID of the previous authenticated transaction.

Example value: c83f3f5d-1a47-4eff-9fd0-6b63090a89c6

  • Length: Maximum 72 characters

Request Example

{
    "email": "[email protected]",
    "mobilePhone": {
        "cc": "1",
        "subscriber": "5551234567"
    },
    "deviceChannel": "RI",
    "acctNumber": "4111111111111111",
    "cardExpiryDate": "2411",
    "purchaseAmount": "8.25",
    "redirectURI": "http://www.placetopay.com",
    "purchaseCurrency": "USD",
    "messageCategory": "NPA",
    "messageVersion": "2.2.0",
    "threeRIInd": "80",
    "threeDSRequestorPriorAuthenticationInfo": {
        "threeDSReqPriorAuthMethod": "FRICTIONLESS_AUTHENTICATION",
        "threeDSReqPriorAuthTimestamp": "202401011212",
        "threeDSReqPriorRef": "c83f3f5d-1a47-4eff-9fd0-6b63090a89c6",
        "threeDSReqPriorAuthData": "f234f3f5d-1a47-4eff-9fd4-1b62190a89f3"
    },
    "billAddrState": "NY",
    "billAddrLine2": "Apt 4B",
    "billAddrCity": "New York",
    "billAddrPostCode": "10001",
    "billAddrLine3": "",
    "billAddrLine1": "123 Main St",
    "billAddrCountry": "USA",
    "threeDSRequestorID": "MERAESK00100090796",
    "threeDSRequestorName": "EMVCo 3DS Test Requestor",
    "threeDSRequestorURL": "http://ul.com/aa5c3035-0b61-4e3c-8290-44bb1b4ce643"
}

MerchantRiskIndicatorProperties

Description

merchantRiskIndicatorProperties is an object providing details on the merchant's assessment of the fraud risk level for a specific authentication.

Object Description

Field
Description
title
merchantRiskIndicator
type
object
description
Merchant's assessment of the fraud risk level for the specific authentication.

Object Properties

deliveryEmailAddress

  • Type: string
  • Description: For electronic delivery, the email address to which the goods were delivered.
  • Length: 1 to 254 characters

Example value: '[email protected]'

deliveryTimeframe

  • Type: string
  • Description: Indicates the delivery timeframe for the goods.

Accepted values:

  • ELECTRONIC_DELIVERY 01 - Electronic delivery
  • SAME_DAY_SHIPPING 02 - Same day shipping
  • OVERNIGHT_SHIPPING 03 - Overnight shipping
  • TWO_DAYS_OR_MORE_SHIPPING 04 - Two days or more

Example value: '02' or 'SAME_DAY_SHIPPING'

giftCardAmount

  • Type: string
  • Description: For gift or prepaid card purchases, the total amount of gift or prepaid cards purchased in major units (e.g., 123.45 USD is 123).

Example values: 123, 0123, 00123

  • Length: 1 to 15 characters

Example value: '123'

giftCardCount

  • Type: string
  • Description: For gift or prepaid card purchases, the total count of individual gift, prepaid cards, or codes purchased.

Accepted values: 01, 02, ..., 99

  • Length: 2 characters

Example value: '05'

giftCardCurr

  • Type: string
  • Description: For gift or prepaid card purchases, the three-digit ISO 4217 currency code of the gift card.

Accepted values: See ISO 4217 format

  • Length: 3 characters

Example value: 'USD'

preOrderDate

  • Type: string
  • Description: For pre-ordered purchases, the expected date the goods will be available.

Format: YYYYMMDD

Example value: '20250601'

  • Length: 8 characters

preOrderPurchaseInd

  • Type: string
  • Description: Indicates whether the cardholder is placing an order for goods with future availability or a release date.

Accepted values:

  • MERCHANDISE_AVAILABLE 01 - Merchandise available

  • FUTURE_AVAILABILITY 02 - Future availability

  • Length: 2 characters

Example value: '02' or 'FUTURE_AVAILABILITY'

reorderItemsInd

  • Type: string
  • Description: Indicates whether the cardholder is reordering previously purchased merchandise.

Accepted values:

  • FIRST_TIME_ORDERED 01 – First time

  • REORDERED 02 – Reordered

  • Length: 2 characters

Example value: '01' or 'FIRST_TIME_ORDERED'

shipIndicator

  • Type: string
  • Description: Indicates the shipping method selected for the transaction.

Accepted values:

  • SHIP_TO_CARDHOLDER_BILLING_ADDR 01 - Ship to cardholder's billing address

  • SHIP_TO_ANOTHER_VERIFIED_ADDR_ON_FILE 02 - Ship to another verified address on file with the merchant

  • SHIP_TO_ADDR_DIFF_CARDHOLDER_BILLING_ADDR 03 - Ship to an address different from the cardholder's billing address

  • SHIP_TO_STORE 04 - Ship to store / In-store pickup (store address will be provided in shipping address fields)

  • DIGITAL_GOODS 05 - Digital goods (includes online services, e-gift cards, and redemption codes)

  • TRAVEL_EVENT_TICKETS_NOT_SHIPPED 06 - Travel and event tickets, not shipped

  • OTHER 07 - Other (e.g., games, non-shipped digital services, media subscriptions, etc.)

  • Length: 2 characters

Example value: '01' or 'SHIP_TO_CARDHOLDER_BILLING_ADDR'

Request Example

{
    "acctNumber": "4005580000000040",
    "cardExpiryDate": "2506",
    "purchaseAmount": "20.5",
    "purchaseCurrency": "USD",
    "redirectURI": "https://www.placetopay.com",
    "threeDSAuthenticationInd": "PAYMENT_TRANSACTION",
    "reference": "12345",
    "merchantRiskIndicator": {
        "shipIndicator": "SHIP_TO_CARDHOLDER_BILLING_ADDR",
        "deliveryTimeframe": "SAME_DAY_SHIPPING",
        "deliveryEmailAddress": "[email protected]",
        "reorderItemsInd": "FIRST_TIME_ORDERED",
        "preOrderPurchaseInd": "FUTURE_AVAILABILITY",
        "preOrderDate": "20300101",
        "giftCardAmount": "1",
        "giftCardCurr": "840",
        "giftCardCount": "01"
    }
}

ThreeDSRequestorAuthenticationInfoProperties

Description

threeDSRequestorAuthenticationInfoProperties is an object containing details about how the 3DS Requestor authenticated the cardholder before or during the transaction.

Object Description

Field
Description
title
threeDSAuthenticationInfo
type
object
description
Information on how the 3DS Requestor authenticated the cardholder before or during the transaction.

Object Properties

threeDSReqAuthData

  • Type: string
  • Description: 3DS Requestor authentication data.

Example value: '28401b9d217ef8731f0dbee99c73c5902c183c5b1428d572ef63a4fe26586548'

  • Length: Up to 20,000 characters.

threeDSReqAuthMethod

  • Type: string
  • Description: Mechanism used by the cardholder to authenticate with the 3DS Requestor.

Accepted values:

  • REQUESTOR_AUTHENTICATED_OCCURRED 01 - Challenge authentication
  • AUTHENTICATED_WITH_OWN_REQUESTOR_CREDENTIALS 02 - PIN authentication
  • AUTHENTICATED_IN_REQUESTOR_WITH_FEDERATED_ID 03 - Token authentication
  • AUTHENTICATED_IN_REQUESTOR_WITH_ISSUER_CREDENTIALS 04 - Password authentication
  • AUTHENTICATED_IN_REQUESTOR_USING_THIRD_PARTY_AUTHENTICATION 05 - One-Time Password (OTP) authentication
  • AUTHENTICATED_IN_REQUESTOR_WITH_FIDO 06 - Biometric authentication
  • AUTHENTICATED_IN_REQUESTOR_USING_FIDO_AUTHENTICATOR 07 - Mobile app authentication
  • SRC_ASSURANGE_DATA 08 - Other mechanism
  • MASTERCARD_UNKNOWN_VALUE 90 - Mastercard unknown value
  • Length: 2 characters

threeDSReqAuthTimestamp

  • Type: string
  • Description: UTC date and time when the cardholder was authenticated.

Format: YYYYMMDDHHMM

Example value: '202103051200'

  • Length: 12 characters

Request Example

{
    "acctNumber": "4005580000000040",
    "cardExpiryDate": "2506",
    "purchaseAmount": "20.5",
    "purchaseCurrency": "USD",
    "redirectURI": "https://www.placetopay.com",
    "threeDSAuthenticationInd": "PAYMENT_TRANSACTION",
    "reference": "12345",
    "threeDSRequestorAuthenticationInfo": {
        "threeDSReqAuthData": "28401b9d217ef8731f0dbee99c73c5902c183c5b1428d572ef63a4fe26586548",
        "threeDSReqAuthMethod": "FRICTIONLESS_AUTHENTICATION",
        "threeDSReqAuthTimestamp": "202103051200"
    }
}

BridgingMessageExtension

For more information on using this extension to improve authentication rates with version 2.3.1, see Session transaction with Bridging Message Extension.

threeDSAuthenticationInfo

This section provides information on how the 3DS Requestor authenticated the cardholder before or during the transaction.

{
    "threeDSReqAuthMethod": "FRICTIONLESS_AUTHENTICATION",
    "threeDSReqAuthTimestamp": "20240808T153000",
    "threeDSReqAuthData": "data123"
}