Providing Payer Authentication Information for Authorization
The values that are returned from payer authentication must be provided when seeking
authorization for the transaction. Authentication information that is not included when
considering authorization may cause the transaction to be refused or downgraded and
prevent the normal liability shift from occurring.
The level of security in payer authentication is denoted by the two digit Electronic
Commerce Indicator (ECI) that is assigned to the transaction. These digital values have
text equivalents which are assigned to the
e_commerce_indicator
field. Visa card brands use 05, 06, and 07 digit values to express the authentication level
for a 3-D Secure transaction.
ECI Value | Meaning | Visa |
---|---|---|
05 | Authenticated | vbv |
06 | Attempted authentication with a cryptogram | vbv_attempted |
07 | Internet, not authenticated | vbv_failure/internet |
Mastercard and Maestro cards use 00, 01, 02, 06, and 07 digit values to indicate the
authentication level of the transaction.
ECI Value | Meaning | Mastercard/Maestro |
---|---|---|
00 | Internet, not authenticated | spa/internet |
01 | Attempted authentication | spa |
02 | Authenticated | spa |
06 | Exemption from authentication or
network token without 3‑D Secure | spa |
07 | Authenticated merchant-initiated
transaction | spa |
The payer authentication response contains other information that needs to be passed on
for successful authorization. Be sure to include these fields when requesting a separate
authorization:
- ccAuthService_directoryServerTransactionID(Mastercard, Maestro, UPI only)
- ccAuthService_eciRaw
- ccAuthService_paresStatus
- ccAuthService_paSpecificationVersion
- payerAuthEnrollReply_ucafAuthenticationData(Mastercard/Maestro only)
- payerAuthValidateReply_ucafCollectionIndicator(Mastercard/Maestro only)
- ccAuthService_cavv
- ccAuthService_xid