Providing Payer Authentication Information for Authorization

The values that are returned from payer authentication must be provided when seeking authorization for the transaction. Authentication information that is not included when considering authorization may cause the transaction to be refused or downgraded and prevent the normal liability shift from occurring.
The level of security in payer authentication is denoted by the two digit Electronic Commerce Indicator (ECI) that is assigned to the transaction. These digital values have text equivalents which are assigned to the
e_commerce_indicator
field.
Visa card brands use 05, 06, and 07 digit values to express the authentication level for a 3-D Secure transaction.
Text Values for ECI Values
ECI Value
Meaning
Visa
05
Authenticated
vbv
06
Attempted authentication with a cryptogram
vbv_attempted
07
Internet, not authenticated
vbv_failure/internet
Mastercard and Maestro cards use 00, 01, 02, 06, and 07 digit values to indicate the authentication level of the transaction.
Mastercard/Maestro Text Values for ECI Values
ECI Value
Meaning
Mastercard/Maestro
00
Internet, not authenticated
spa/internet
01
Attempted authentication
spa
02
Authenticated
spa
06
Exemption from authentication or network token without 3‑D Secure
spa
07
Authenticated merchant-initiated transaction
spa
The payer authentication response contains other information that needs to be passed on for successful authorization. Be sure to include these fields when requesting a separate authorization:
  • ccAuthService_directoryServerTransactionID
    (Mastercard, Maestro
    , UPI only
    )
  • ccAuthService_eciRaw
  • ccAuthService_paresStatus
  • ccAuthService_paSpecificationVersion
  • payerAuthEnrollReply_ucafAuthenticationData
    (Mastercard/Maestro only)
  • payerAuthValidateReply_ucafCollectionIndicator
    (Mastercard/Maestro only)
  • ccAuthService_cavv
  • ccAuthService_xid