Strong Customer Authentication Tuning

3DSv2 makes a distinction between frictionless and challenge authentication flows. Frictionless authentication occurs when a card issuer opts not to require further input from the cardholder, based on their own risk analysis. A challenge requires the cardholder to provide more information or take extra action to verify their identity. This step provides extra protection for the cardholder, and additional assurance for merchants, but can increase the likelihood of abandonment.

It is possible to provide additional information about the transaction, the customer, and their relationship with the merchant, which an issuer may use as part of their risk analysis. In some cases, this may influence their decision whether to issue a challenge or not. There are some scenarios in which a challenge will always be required, according to card scheme rules or applicable legislation.

We support passing through supplementary data to the issuer for this purpose, as well as a merchant preference indicator for a challenge – it is possible to request that a challenge not be performed, or conversely, to request that one is, or to indicate that one is mandated by specific regional or market requirements. The final decision to challenge or not remains with the issuer.

This data is provided in the strongCustomerAuthentication element available in Cashier API and Hosted Cashier requests, detailed below. If applicable, a shipping address may also be provided – see Shipping address and order details.

All fields below are optional.

strongCustomerAuthentication {
transactionType	string Possible Values: GOODS_OR_SERVICES, CHECK_ACCEPTANCE, ACCOUNT_FUNDING, QUASI_CASH, PREPAID_ACTIVATION Detailed classification of the transaction; where not provided, we default to GOODS_OR_SERVICES You may need to override this to reflect your specific business model; if unsure, consult your Acquirer for advice on what to use
challengeRequested	string Possible Values: NO_PREFERENCE, NO_CHALLENGE_REQUESTED, CHALLENGE_REQUESTED, CHALLENGE_MANDATED Permits the merchant to request that a challenge not be performed, or alternatively, to indicate that one is preferred or necessary Pay360 may override this value for certain types of transaction in accordance with card scheme rules; see threeDSecure.challengeRequest which contains what was ultimately used
merchantRisk {
deliveryEmail	string; valid email address For electronic delivery, the email address to which the merchandise was delivered
deliveryTimeframe	string Possible Values: ELECTRONIC, SAME_DAY, OVERNIGHT, TWO_OR_MORE_DAYS Time frame for merchandise delivery
giftCardPurchase {
totalAmount	integer Total value of gift cards being purchased (major units, e.g. for GBP 12.99, use 12)
currency	string; ISO-4217 alpha-3 code, e.g. “GBP”, “USD” Currency code of cards being purchased
count	integer; up to 99 Total number of cards being purchased
}
preorder	boolean Is this a pre-order of merchandise which will be available in the future?
preorderDate	string; date in YYYY-MM-DD format For pre-orders, the date at which merchandise is expected to be available
reorder	boolean Is the cardholder re-ordering merchandise previously purchased from this merchant?
shippingTo	string Possible Values: BILLING_ADDRESS, VERIFIED_ADDRESS, OTHER_ADDRESS, STORE, DIGITAL, TRAVEL_EVENT, OTHER Indicates the type of shipping address (or shipping method) for the merchandise
}
accountInfo {
accountOpened {
period	string Possible Values: GUEST_CHECKOUT, THIS_TRANSACTION, LESS_THAN_30_DAYS, BETWEEN_30_AND_60_DAYS, MORE_THAN_60_DAYS Relative time period when the account was opened
date	string; date in YYYY-MM-DD format Date the account was opened
}
accountLastChanged {
period	string Possible Values: THIS_TRANSACTION, LESS_THAN_30_DAYS, BETWEEN_30_AND_60_DAYS, MORE_THAN_60_DAYS Relative time period when the account was last changed
date	string; date in YYYY-MM-DD format Date the account was last changed
}
passwordLastChanged {
period	string Possible Values: NO_CHANGE, THIS_TRANSACTION, LESS_THAN_30_DAYS, BETWEEN_30_AND_60_DAYS, MORE_THAN_60_DAYS Relative time period when the password was last changed
date	string; date in YYYY-MM-DD format Date the password was last changed
}
paymentAccountRegistered {
period	string Possible Values: GUEST_CHECKOUT, THIS_TRANSACTION, LESS_THAN_30_DAYS, BETWEEN_30_AND_60_DAYS, MORE_THAN_60_DAYS Relative time period for the payment account registration
date	string; date in YYYY-MM-DD format Date the payment account was registered
}
shippingAddressFirstUsed {
period	string Possible Values: THIS_TRANSACTION, LESS_THAN_30_DAYS, BETWEEN_30_AND_60_DAYS, MORE_THAN_60_DAYS Relative time period for the first use of the shipping address
date	string; date in YYYY-MM-DD format Date the shipping address was first used
}
activity {
purchasesInLastSixMonths	integer; max 9999 Number of purchases made with the account in the previous six months
addCardAttemptsInLast24Hours	integer; max 999 Number of attempts to add a payment card to the account in the previous 24 hours
transactionAttemptsInLast24Hours	integer; max 999 Number of transactions (successful and abandoned) for the account in the previous 24 hours
transactionAttemptsInLastYear	integer; max 999 Number of transactions (successful and abandoned) for the account in the previous year
}
shippingNameSameAsAccountName	boolean Is the name on the account identical to the recipient name in the shipping address?
suspiciousActivity	boolean Has suspicious activity (including fraud) previously occurred on this account?
}
authenticationInfo {
method	string Possible Values: NONE, MERCHANT_CREDENTIAL, FEDERATED_CREDENTIAL, ISSUER_CREDENTIAL, THIRD_PARTY, FIDO_AUTHENTICATOR Method used to authenticate
time	string; date/time in YYYY-MM-DDTHH:MM:SS format (the seconds are not used) Date/time (in UTC) of authentication
}
priorAuthenticationInfo {
reference	string ACS transaction ID (returned in threeDSecure.acsTransactionId) for the previous authentication
method	string Possible Values: FRICTIONLESS_AUTH, CHALLENGE_AUTH, AVS, OTHER_ISSUER Method used in prior authentication
time	string; date/time in YYYY-MM-DDTHH:MM:SS format (the seconds are not used) Date/time (in UTC) of prior authentication
}
}

API examples

Requesting that a challenge should occur


POST /acceptor/rest/transactions/{instId}/payment
{
    "transaction": {
        "currency": "GBP",
        "amount": 150.00,
        "description": "Documentation Example"
    },
    
    "customer": {
        "registered": false,
        "email": "jane.doe@example.com"
    },
    
    "paymentMethod": {
        "card": {
            "pan": "9902000000005132",
            "cv2": "123",
            "expiryDate": "0125",
            "cardHolderName": "Jane Doe"
        },
        
        "billingAddress": {
            "line1": "1 The Street",
            "city": "The Town",
            "postcode": "AA1 1AA",
            "countryCode": "GBR"
        }
    },
    
    "strongCustomerAuthentication": {
        "challengeRequested": "CHALLENGE_REQUESTED"
    }
}

HTTP/1.1 201 Created
{
    "clientRedirect": {
        "type": "THREEDSECURE_V2_REDIRECT",
        "url": "https://dev.mite.pay360.com/threedsv2/handover",
        "threeDSServerTransId": "538d08f7-5742-443e-b945-cf14fac6e1ba"
    },
    "paymentMethod": {
        "registered": false,
        "card": {
            "cardFingerprint": "Yle1QlODkDGdrsfHzW8LoKmvLlw=",
            "new": true,
            "cardType": "VISA_DEBIT",
            "cardUsageType": "DEBIT",
            "cardScheme": "VISA",
            "cardCategory": "DEBIT",
            "maskedPan": "990200******5132",
            "expiryDate": "0125",
            "issuer": "PAY360 TESTING",
            "issuerCountry": "GBR",
            "cardHolderName": "Jane Doe"
        },
        "billingAddress": {
            "line1": "1 The Street",
            "city": "The Town",
            "postcode": "AA1 1AA",
            "country": "United Kingdom",
            "countryCode": "GBR"
        },
        "paymentClass": "CARD",
        "reuse": {
            "storage": "NONE"
        }
    },
    "customFields": {
        "fieldState": []
    },
    "threeDSecure": {
        "scheme": "VISA_SECURE",
        "status": "INCOMPLETE",
        "version": 2,
        "protocolVersion": "2.1.0",
        "threeDSServerTransId": "538d08f7-5742-443e-b945-cf14fac6e1ba",
        "challengeRequest": "CHALLENGE_REQUESTED",
        "versionsAttempted": [
            {
                "version": 2,
                "availability": "AVAILABLE"
            }
        ]
    },
    "customer": {},
    "transaction": {
        "transactionId": "10146042992",
        "merchantDescription": "Documentation Example",
        "status": "PENDING",
        "stage": "THREE_D_SECURE",
        "type": "PAYMENT",
        "amount": 150.00,
        "consumerSpend": 0,
        "currency": "GBP",
        "transactionTime": "2021-12-14T19:08:24.072Z",
        "receivedTime": "2021-12-14T19:08:24.072Z",
        "customerInitiated": true
    },
    "outcome": {
        "status": "SUCCESS",
        "reasonCode": "U100",
        "reasonMessage": "Suspended pending Three D Secure process"
    },
    "strongCustomerAuthentication": {
        "transactionType": "GOODS_OR_SERVICES",
        "challengeRequested": "CHALLENGE_REQUESTED"
    },
    "trace": "TeH5ZalTKkC8VW6z0UvxKiQ",
    "link": [
        {
            "rel": "transaction",
            "href": "https://api.mite.pay360.com/acceptor/rest/transactions/5302521/10146042992"
        }
    ]
}

Digital pre-order payment


POST /acceptor/rest/transactions/{instId}/payment
{
    "transaction": {
        "currency": "GBP",
        "amount": 50.0
    },
    "customer": {
        "merchantRef": "123",
        "email": "jim@real.com"
    },
    "paymentMethod": {
        "card": {
            "pan": "9902000000005132",
            "expiryDate": "0121",
            "cardHolderName": "James Royal"
        },
        "billingAddress": {
            "line1": "1, The Street",
            "city": "Town City",
            "postcode": "TC12 3ER",
            "country": "GBR"
        }
    },
    "strongCustomerAuthentication": {
        "merchantRisk": {
            "deliveryTimeframe": "ELECTRONIC",
            "preorder": true,
            "preorderDate": "2020-11-01",
            "shippingTo": "DIGITAL"
        },
        "accountInfo": {
            "accountOpened": {
                "period": "MORE_THAN_60_DAYS"
            },
            "accountLastChanged": {
                "period": "BETWEEN_30_AND_60_DAYS"
            },
            "passwordLastChanged": {
                "period": "MORE_THAN_60_DAYS"
            },
            "paymentAccountRegistered": {
                "period": "MORE_THAN_60_DAYS"
            },
            "suspiciousActivity": false
        }
    }
}

HTTP/1.1 201
{
    "clientRedirect": {
        "type": "THREEDSECURE_V2_REDIRECT",
        "url": "http://192.168.122.123:13700/threedsv2-stub/web/handover",
        "threeDSServerTransId": "7040fcef-d7a2-4a7a-b793-379066a8b068"
    },
    "paymentMethod": {
        "registered": true,
        "card": {
            "cardFingerprint": "=oXTfA5GwbeAdPUBcuG5z9neoGom",
            "new": false,
            "cardType": "VISA_DEBIT",
            "cardUsageType": "DEBIT",
            "cardScheme": "VISA",
            "cardCategory": "DEBIT",
            "maskedPan": "990200******5132",
            "expiryDate": "0121",
            "issuer": "PAY360 TESTING",
            "issuerCountry": "GBR",
            "cardHolderName": "James Royal"
        },
        "billingAddress": {
            "line1": "1, The Street",
            "city": "Town City",
            "postcode": "TC12 3ER",
            "country": "United Kingdom",
            "countryCode": "GBR"
        },
        "paymentClass": "CARD",
        "reuse": {
            "storage": "NEW",
            "agreement": "ADHOC",
            "originalSchemeReference": "111gbp604ed0ce2a06f94FCee1000z00"
        }
    },
    "customFields": {
        "fieldState": []
    },
    "threeDSecure": {
        "scheme": "VISA_SECURE",
        "status": "INCOMPLETE",
        "version": 2,
        "protocolVersion": "2.1.0",
        "threeDSServerTransId": "7040fcef-d7a2-4a7a-b793-379066a8b068",
        "challengeRequest": "CHALLENGE_REQUESTED",
        "frictionless": false,
        "versionsAttempted": [
            {
                "version": 2,
                "availability": "AVAILABLE"
            }
        ]
    },
    "customer": {
        "id": "10540",
        "merchantRef": "123"
    },
    "transaction": {
        "transactionId": "12221513747",
        "status": "PENDING",
        "stage": "THREE_D_SECURE",
        "type": "PAYMENT",
        "amount": 50.00,
        "consumerSpend": 0,
        "currency": "GBP",
        "transactionTime": "2020-11-13T10:46:14.681Z",
        "receivedTime": "2020-11-13T10:46:14.681Z",
        "customerInitiated": true
    },
    "outcome": {
        "status": "SUCCESS",
        "reasonCode": "U100",
        "reasonMessage": "Suspended pending Three D Secure process"
    },
    "strongCustomerAuthentication": {
        "transactionType": "GOODS_OR_SERVICES",
        "merchantRisk": {
            "deliveryTimeframe": "ELECTRONIC",
            "preorder": true,
            "preorderDate": "2020-11-01",
            "shippingTo": "DIGITAL"
        },
        "accountInfo": {
            "accountOpened": {
                "period": "MORE_THAN_60_DAYS"
            },
            "accountLastChanged": {
                "period": "BETWEEN_30_AND_60_DAYS"
            },
            "passwordLastChanged": {
                "period": "MORE_THAN_60_DAYS"
            },
            "paymentAccountRegistered": {
                "period": "MORE_THAN_60_DAYS"
            },
            "suspiciousActivity": false
        }
    }
}

Suspicious giftcard payment (challenge requested explicitly)


POST /acceptor/rest/transactions/{instId}/payment
{
    "transaction": {
        "currency": "GBP",
        "amount": 1000.0
    },
    "customer": {
        "registered": false,
        "email": "jim@real.com"
    },
    "paymentMethod": {
        "card": {
            "pan": "9902000000005132",
            "expiryDate": "0121",
            "cardHolderName": "James Royal"
        },
        "billingAddress": {
            "line1": "1, The Street",
            "city": "Town City",
            "postcode": "TC12 3ER",
            "country": "GBR"
        }
    },
    "order": {
        "shippingAddress": {
            "line1": "123, Fake Street",
            "city": "Fakeville",
            "postcode": "FV99 6TY",
            "countryCode": "GBR"
        }
    },
    "strongCustomerAuthentication": {
        "challengeRequested": "CHALLENGE_REQUESTED",
        "merchantRisk": {
            "deliveryTimeframe": "SAME_DAY",
            "giftCardPurchase": {
                "totalAmount": 1000,
                "currency": "USD",
                "count": 20
            },
            "shippingTo": "OTHER_ADDRESS"
        },
        "accountInfo": {
            "accountOpened": {
                "period": "MORE_THAN_60_DAYS"
            },
            "accountLastChanged": {
                "period": "THIS_TRANSACTION"
            },
            "passwordLastChanged": {
                "period": "THIS_TRANSACTION"
            },
            "paymentAccountRegistered": {
                "period": "MORE_THAN_60_DAYS"
            },
            "activity": {
                "purchasesInLastSixMonths": 5,
                "transactionAttemptsInLast24Hours": 27,
                "transactionAttemptsInLastYear": 32
            },
            "shippingNameSameAsAccountName": false
        }
    }
}

HTTP/1.1 201
{
    "clientRedirect": {
        "type": "THREEDSECURE_V2_REDIRECT",
        "url": "http://192.168.122.123:13700/threedsv2-stub/web/handover",
        "threeDSServerTransId": "bd360663-e334-4952-8560-8353b701eba0"
    },
    "paymentMethod": {
        "registered": true,
        "card": {
            "cardFingerprint": "=oXTfA5GwbeAdPUBcuG5z9neoGom",
            "new": false,
            "cardType": "VISA_DEBIT",
            "cardUsageType": "DEBIT",
            "cardScheme": "VISA",
            "cardCategory": "DEBIT",
            "maskedPan": "990200******5132",
            "expiryDate": "0121",
            "issuer": "PAY360 TESTING",
            "issuerCountry": "GBR",
            "cardHolderName": "James Royal"
        },
        "billingAddress": {
            "line1": "1, The Street",
            "city": "Town City",
            "postcode": "TC12 3ER",
            "country": "United Kingdom",
            "countryCode": "GBR"
        },
        "paymentClass": "CARD",
        "reuse": {
            "storage": "NEW",
            "agreement": "ADHOC",
            "originalSchemeReference": "111gbp604ed0ce2a06f94FCee1000z00"
        }
    },
    "customFields": {
        "fieldState": []
    },
    "threeDSecure": {
        "scheme": "VISA_SECURE",
        "status": "INCOMPLETE",
        "version": 2,
        "protocolVersion": "2.1.0",
        "threeDSServerTransId": "bd360663-e334-4952-8560-8353b701eba0",
        "challengeRequest": "CHALLENGE_REQUESTED",
        "frictionless": false,
        "versionsAttempted": [
            {
                "version": 2,
                "availability": "AVAILABLE"
            }
        ]
    },
    "customer": {
        "id": "10540",
        "merchantRef": "123"
    },
    "transaction": {
        "transactionId": "12221513754",
        "status": "PENDING",
        "stage": "THREE_D_SECURE",
        "type": "PAYMENT",
        "amount": 1000.00,
        "consumerSpend": 0,
        "currency": "GBP",
        "transactionTime": "2020-11-13T11:08:32.365Z",
        "receivedTime": "2020-11-13T11:08:32.365Z",
        "customerInitiated": true
    },
    "order": {
        "shippingAddress": {
            "line1": "123, Fake Street",
            "city": "Fakeville",
            "postcode": "FV99 6TY",
            "countryCode": "GBR"
        }
    },
    "outcome": {
        "status": "SUCCESS",
        "reasonCode": "U100",
        "reasonMessage": "Suspended pending Three D Secure process"
    },
    "strongCustomerAuthentication": {
        "transactionType": "GOODS_OR_SERVICES",
        "challengeRequested": "CHALLENGE_REQUESTED",
        "merchantRisk": {
            "deliveryTimeframe": "SAME_DAY",
            "giftCardPurchase": {
                "totalAmount": 1000,
                "currency": "USD",
                "count": 20
            },
            "shippingTo": "OTHER_ADDRESS"
        },
        "accountInfo": {
            "accountOpened": {
                "period": "MORE_THAN_60_DAYS"
            },
            "accountLastChanged": {
                "period": "THIS_TRANSACTION"
            },
            "passwordLastChanged": {
                "period": "THIS_TRANSACTION"
            },
            "activity": {
                "purchasesInLastSixMonths": 5,
                "transactionAttemptsInLast24Hours": 27,
                "transactionAttemptsInLastYear": 32
            },
            "paymentAccountRegistered": {
                "period": "MORE_THAN_60_DAYS"
            },
            "shippingNameSameAsAccountName": false
        }
    }
}

Reorder payment (no challenge requested explicitly)


POST /acceptor/rest/transactions/{instId}/payment
{
    "transaction": {
        "currency": "GBP",
        "amount": 75.0
    },
    "customer": {
        "registered": false,
        "email": "jim@real.com"
    },
    "paymentMethod": {
        "card": {
            "pan": "9902000000005132",
            "expiryDate": "0121",
            "cardHolderName": "James Royal"
        },
        "billingAddress": {
            "line1": "1, The Street",
            "city": "Town City",
            "postcode": "TC12 3ER",
            "country": "GBR"
        }
    },
    "strongCustomerAuthentication": {
        "challengeRequested": "NO_CHALLENGE_REQUESTED",
        "merchantRisk": {
            "deliveryTimeframe": "TWO_OR_MORE_DAYS",
            "reorder": true,
            "shippingTo": "BILLING_ADDRESS"
        },
        "accountInfo": {
            "accountOpened": {
                "date": "2018-07-23"
            },
            "accountLastChanged": {
                "date": "2019-09-21"
            },
            "passwordLastChanged": {
                "date": "2020-09-07"
            },
            "paymentAccountRegistered": {
                "date": "2018-07-23"
            },
            "activity": {
                "purchasesInLastSixMonths": 6,
                "transactionAttemptsInLast24Hours": 1,
                "transactionAttemptsInLastYear": 12
            },
            "shippingNameSameAsAccountName": true
        },
        "priorAuthenticationInfo": {
            "reference": "64a09f9b-0d89-4cfe-8de9-9b96fdfa4eb8",
            "method": "FRICTIONLESS_AUTH",
            "time": "2020-10-11T13:04:54"
        }
    }
}

HTTP/1.1 201
{
    "clientRedirect": {
        "type": "THREEDSECURE_V2_REDIRECT",
        "url": "http://192.168.122.123:13700/threedsv2-stub/web/handover",
        "threeDSServerTransId": "03d5a712-ecc8-4e63-991c-36c9d88cf233"
    },
    "paymentMethod": {
        "registered": true,
        "card": {
            "cardFingerprint": "=oXTfA5GwbeAdPUBcuG5z9neoGom",
            "new": false,
            "cardType": "VISA_DEBIT",
            "cardUsageType": "DEBIT",
            "cardScheme": "VISA",
            "cardCategory": "DEBIT",
            "maskedPan": "990200******5132",
            "expiryDate": "0121",
            "issuer": "PAY360 TESTING",
            "issuerCountry": "GBR",
            "cardHolderName": "James Royal"
        },
        "billingAddress": {
            "line1": "1, The Street",
            "city": "Town City",
            "postcode": "TC12 3ER",
            "country": "United Kingdom",
            "countryCode": "GBR"
        },
        "paymentClass": "CARD",
        "reuse": {
            "storage": "NEW",
            "agreement": "ADHOC",
            "originalSchemeReference": "111gbp604ed0ce2a06f94FCee1000z00"
        }
    },
    "customFields": {
        "fieldState": []
    },
    "threeDSecure": {
        "scheme": "VISA_SECURE",
        "status": "INCOMPLETE",
        "version": 2,
        "protocolVersion": "2.1.0",
        "threeDSServerTransId": "03d5a712-ecc8-4e63-991c-36c9d88cf233",
        "challengeRequest": "CHALLENGE_REQUESTED",
        "frictionless": false,
        "versionsAttempted": [
            {
                "version": 2,
                "availability": "AVAILABLE"
            }
        ]
    },
    "customer": {
        "id": "10540",
        "merchantRef": "123"
    },
    "transaction": {
        "transactionId": "12221513757",
        "status": "PENDING",
        "stage": "THREE_D_SECURE",
        "type": "PAYMENT",
        "amount": 75.00,
        "consumerSpend": 0,
        "currency": "GBP",
        "transactionTime": "2020-11-13T11:13:42.379Z",
        "receivedTime": "2020-11-13T11:13:42.379Z",
        "customerInitiated": true
    },
    "outcome": {
        "status": "SUCCESS",
        "reasonCode": "U100",
        "reasonMessage": "Suspended pending Three D Secure process"
    },
    "strongCustomerAuthentication": {
        "transactionType": "GOODS_OR_SERVICES",
        "challengeRequested": "NO_CHALLENGE_REQUESTED",
        "merchantRisk": {
            "deliveryTimeframe": "TWO_OR_MORE_DAYS",
            "reorder": true,
            "shippingTo": "BILLING_ADDRESS"
        },
        "accountInfo": {
            "accountOpened": {
                "date": "2018-07-23"
            },
            "accountLastChanged": {
                "date": "2019-09-21"
            },
            "passwordLastChanged": {
                "date": "2020-09-07"
            },
            "activity": {
                "purchasesInLastSixMonths": 6,
                "transactionAttemptsInLast24Hours": 1,
                "transactionAttemptsInLastYear": 12
            },
            "paymentAccountRegistered": {
                "date": "2018-07-23"
            },
            "shippingNameSameAsAccountName": true
        },
        "priorAuthenticationInfo": {
            "reference": "64a09f9b-0d89-4cfe-8de9-9b96fdfa4eb8",
            "method": "FRICTIONLESS_AUTH",
            "time": "2020-10-11T13:04:54"
        }
    }
}

Developer Documents