3DS Mandated Fields
Overview
The following guide outlines the recommended data fields required when processing 3DSv2 transactions.
3DSv2 is commonly used when processing Customer Initiated Transactions (CITs) for eCommerce payments and supports compliance with Strong Customer Authentication (SCA) requirements under PSD2 within the UK and Europe.
Providing accurate and complete browser, cardholder and device data improves the likelihood of successful authentication and subsequent authorisation. Failure to provide these fields may result in:
- Increased authentication failures
- Reduced authorisation rates
- Transactions being processed without full 3D Secure protection
- Potential loss of liability shift protection in the event of fraud disputes
Card schemes and issuers strongly recommend that merchants provide the following data fields wherever possible when processing 3DSv2 transactions.
What Services will be impacted?
- Direct API [
auth_only,sale,auth_capture] - Payment Links generated via the Acquired.com Hub [
auth_only,sale,auth_capture] - Hosted Checkout [
auth_only,sale] - Components [
auth_only,sale,auth_capture]
Mandated Fields
| Fields | Required |
|---|---|
| Browser IP address | Required |
| Browser screen height | Required |
| Browser screen width | Required |
| Cardholder email address | Strongly recommended* |
| Cardholder name | Required |
| Cardholder phone number (work/home/mobile - at least one of these fields must be provided) | Strongly recommended* |
| Cardholder phone code (2 digit value). If you are providing the Cardholder phone number, then this becomes a REQUIRED field | Strongly recommended* |
| Common device identification parameters (device IP address) | Required |
*At least one of either the cardholder email address or cardholder phone number should be provided where possible. We strongly recommend to provide both.
What do you need to do?
Acquired already capture the following three fields and as such, there are no changes required:
- Browser IP address
- Browser screen height
- Browser screen width
However, merchants and partners should ensure they collect and pass the following fields within their payment requests wherever possible:
- Cardholder name
- Cardholder email address - strongly recommended
- Cardholder phone number - strongly recommended
- Cardholder phone code - this becomes a required field if you do provide the cardholder phone number
- Common device identification parameters (device IP address)
NoteThe details to pass through above can be stored against an Acquired Customer ID. If you are utilising the Customer ID creation process, then the values are not required to be passed through within the actual request to the payment endpoints as we will inherit the associated Customer ID values.
Merchants and partners that use an external 3DSv2 provider must contact their provider and confirm how to ensure that the data is provided.
Please contact our support team via our support portal if you have any queries.