Lookup Response (cmpi_lookup)

cmpi_lookup Response Message

This message is generated in response to the cmpi_lookup message.

TIP:

  • All fields use ASCII character set (0-9, A-Z, a-z, special characters $%&@!_ etc.)

  • The required field contains one of the following values

    • Y = Yes (This will be returned on the response on a successful response message)

    • C = Conditional (May be returned given the met condition)

    • O = Optional (Maybe returned)

    • Boolean = True or False

Field Name 

Description

Required

Condition

Field Definition

Field Name 

Description

Required

Condition

Field Definition

ThreeDSVersion

This field contains the 3DS version that was used to process the transaction.

Possible Values:

1.0.2

2.1.0

2.2.0

Note: Required for Mastercard Identity Check transactions in Authorization

Y

 

AN(10)

Enrolled

Status of Authentication eligibility. 

Possible Values:

Y - Yes, Bank is participating in 3-D Secure protocol and will return the ACSUrl

N - No, Bank is not participating in 3-D Secure protocol

U - Unavailable, The DS or ACS is not available for authentication at the time of the request

B - Bypass, Merchant authentication rule is triggered to bypass authentication in this use case

Note: If the Enrolled value is NOT Y, then the Consumer is NOT eligible for Authentication.

Y

 

AN(1)

ErrorDesc

Application error description for the associated error number(s).

Note: Multiple error descriptions are separated by a comma.

Y

 

AN(255)

ErrorNo

Application error number(s). A non-zero value represents the error encountered while attempting to process the message request.

Note: Multiple error numbers are separated by a comma.

Y

 

AN(255)

EciFlag

Electronic Commerce Indicator (ECI). The ECI value is part of the 2 data elements that indicate the transaction was processed electronically. This should be passed on the authorization transaction to the Gateway/Processor.

Possible Values:

02 or 05 - Fully Authenticated Transaction

01 or 06 - Attempted Authentication Transaction

00 or 07 - Non 3-D Secure Transaction 

Mastercard - 02, 01, 00

VISA - 05, 06, 07

AMEX - 05, 06, 07

JCB - 05, 06, 07

DINERS CLUB - 05, 06, 07

Cartes Bancaires (CB) Visa - 05, 06, 07

Cartes Bancaires (CB) Mastercard -  02, 01, 00

ELO: 05, 06, 07

Union Pay International: 05, 06, 07

eftpos (Visa or MC) - 05, 06, 07

Y

 

AN(2)

OrderId

Centinel generated order identifier. Used to link multiple actions on a single order to a single identifier. Mod-10 compliant and unique BIN range to CardinalCommerce services. 

Y

 

N(16)

TransactionId

Centinel transaction identifier. This value identifies the transaction within the Centinel system. To complete the transaction, the value is required to be passed on the Authenticate message to link the Lookup and Authenticate message together.

Note: The TransactionId is the preferred identifier for linking the Lookup and Authenticate message.

Y

 

AN(20)

SignatureVerification

Transaction Signature status identifier.

Possible Values:

Y - Indicates that the signature of the PARes has been validated successfully and the message contents can be trusted.

N - Indicates that the PARes could not be validated. This result could be for a variety of reasons; tampering, certificate expiration, etc., and the result should not be trusted.

C

 

AN(1)

CardBrand

Card brand that the transaction was processed for authentication.  

Possible Values:

AMERICAN EXPRESS
DISCOVER
JCB
MAESTRO
MASTERCARD
SOLO
VISA
UNKNOWN
LASER
ELECTRON
DINERS CLUB
ENROUTE
ELO
UPI
EFTPOS

Y

 

AN(16)

CardBin

Card bin represents the first six numbers of the CardNumber field passed in on the cmpi_lookup request.

Y

 

N(6)

DSTransactionId

Unique transaction identifier assigned by the Directory Server (DS) to identify a single transaction.

Note: Required for Mastercard Identity Check transaction in Authorization - Only available in EMV 3DS (3DS 2.0) transactions

C

 

AN(36)

RawACSUrl

The fully qualified URL to redirect the Consumer to complete the Consumer Authentication transaction.

Note: Available if Enrolled = Y

C

This is the real ACS_URL that will be passed along with EAF_URL and is only returned for the merchants that have Enhanced Alt Flow (EAF) enabled on their Payer Auth.

AN(2048)

ACSUrl

The fully qualified URL to redirect the Consumer to complete the Consumer Authentication transaction.

Note: Available if Enrolled = Y

C

 

AN(2048)

StepUpUrl

 

The fully qualified URL that the client uses to post the cardholder in order to complete the Consumer Authentication transaction for the Cardinal Cruise API integration.

Note: This is only for a Cardinal Cruise API Integration

C

 

AN(2048)

Cavv

Cardholder Authentication Verification Value (CAVV)

Authentication Verification Value (AVV)

Universal Cardholder Authentication Field (UCAF)

This value should be appended to the authorization message signifying that the transaction has been successfully authenticated. This value will be encoded according to the Merchant's configuration in either Base64 encoding or Hex encoding. A Base64 encoding Merchant configuration will produce values of 28 or 32 characters A Hex encoding Merchant configuration will produce values of 40 or 48 characters. The value when decoded will either be 20 bytes for CAVV or 20 or 24 bytes if the value is AAV (Mastercard UCAF).

C

 

AN(40)

PAResStatus

Transactions status result identifier.

Possible Values:

Y - Successful Authentication

N* - Failed Authentication / Account Not Verified / Transaction Denied

U - Unable to Complete Authentication 

A - Successful Attempts Transaction 

C** - Challenge Required for Authentication

R** - Authentication Rejected (Merchant must not submit for authorization)

D - Challenge Required; Decoupled Authentication confirmed.

I - Informational Only; 3DS Requestor challenge preference acknowledged.

*Note: Status N may also indicate a TRA Exemption in MasterCard 2.1 transactions. In general, networks may use any PAResStatus value differently in exemption use cases.

**Note: Statuses of C and R only apply to Consumer authentication 2.0.  Decoupled authentication is not supported at this time.

C

 

AN(1)

Payload

The encoded payment request generated by Centinel.

Note: Available if Enrolled = Y

C

 

IF DeviceChannel = Browser, AN(2048)

 

IF DeviceChannel = SDK, maximum length

up to 100KB

Xid

Transaction identifier resulting from authentication processing.

Note: Gateway/Processor API specification may require this value to be appended to the authorization message. This value will be encoded according to the Merchant's configuration in either Base64 encoding or Hex encoding. A Base64 encoding Merchant configuration will produce values of 28 characters. A Hex encoding Merchant configuration will produce values of 40 characters. 

C

 

AN(40)

CavvAlgorithm

Indicates the algorithm used to generate the CAVV value.

Possible Values:

2 - CVV with ATN

3 - Mastercard SPA algorithm

Note: Only returned for MasterCard SecureCode transaction (3DS 1.0).

C

 

N(1)

MerchantReferenceNumber

Merchant specified data that is echoed back. 

Note: This is the same value that was passed in on the cmpi_lookup request in the MerchantReferenceNumber field.

O

 

AN(20)

UCAFIndicator

Universal Cardholder Authentication Field (UCAF) Indicator value provided by the issuer.

Possible Values:

0 - Non-SecureCode transaction, bypassed by the Merchant

1 - Merchant-Only SecureCode transaction

2 - Fully authenticated SecureCode transaction

Note: This field is only returned for Mastercard SecureCode transactions (3DS 1.0)

C

 

N(1)

DecoupledIndicator

Indicates whether the ACS confirms utilisation of Decoupled Authentication and agrees to utilise Decoupled Authentication to authenticate the Cardholder.

Possible Values:

Y - Confirms Decoupled Authentication will be utilised

N - Decoupled Authentication will not be utilised

Note: 

If 3DS Requestor Decoupled Request Indicator = N, a value of Y cannot be returned in the ACS Decoupled Confirmation Indicator.

If Transaction Status = D, a value of N is not valid.  Decoupled authentication is not supported at this time.

C

Required if Transaction Status = D

AN(1)

ReasonCode

The error code indicating a problem with this transaction.  

C

3DS 2.0

AN(3)

ReasonDesc

Text and additional detail about the error for this transaction.  

Note: This field concatenates the errorDescription and errorDetail from the authentication response message

C

3DS 2.0

AN(4096)

Warning

Text and additional detail about the error for this transaction. This field will concatenate all the fields from optional extensions that are contributing to the error.

Note: This is a soft error and will not stop the transaction. Although, merchants are recommended to take corrective action to overcome the Warning message.

C

3DS 2.0

AN(4096)

CardHolderInfo

Text provided by the ACS/Issuer to Cardholder during a Frictionless transaction.

The Issuer can provide information to Cardholder. For example, “Additional authentication is needed for this transaction, please contact (Issuer Name) at xxx-xxx-xxxx.”. 

The Issuing Bank can optionally support this value. The merchant is required to display this within their Checkout when present.

Note:  Supports 3RI Device Channel in version 2.2.0.  Decoupled authentication is not supported at this time.

C

3DS 2.0

Required if ACS Decoupled Confirmation Indicator = Y Otherwise, Optional for the ACS.

AN(128)

ACSRenderingType

Identifies the UI Type the ACS will use to complete the challenge. Response is a two-element object: {acsInterface, acsUiTemplate}

Possible Values:

  • acsInterface

    • 01 = Native UI

    • 02 = HTML UI

  • acsUiTemplate

    • 01 = Text

    • 02 = Single Select

    • 03 = Multi Select

    • 04 = OOB

    • 05 = HTML Other

Notes:

  1. ACSRenderingType is only available for App transactions using the Cardinal Mobile SDK.

  2. acsUiTemplate = 05 will only appear with acsInterface = 02

C

Merchant Configuration ON & App

{ N(2), N(2) }

AuthenticationType

Indicates the type of authentication that will be used to challenge the card holder. 

Possible Values:

01 - Static

02 - Dynamic 

03 - OOB (Out of Band)

04 - Decoupled

Note:  EMV® 3-D Secure version 2.1.0 supports values 01-03.  Version 2.2.0 supports values 01-04.  Decoupled authentication is not supported at this time.

C

Merchant Configuration ON

Required in the ARes message if the Transaction Status = C or D in the ARes message.

N(2)

ChallengeRequired

Indicates whether a challenge is required to complete authentication. For example, regional mandates.

Possible Values:

Y - Challenge Required

N - Challenge Not Required

Note:  Supports 3RI Device Channel in version 2.2.0.  Decoupled authentication is not supported at this time.

C

Merchant Configuration ON

Required if Transaction Status = C or D.

A(1)

StatusReason

Provides additional information as to why the PAResStatus has the specific value. 

Note: Required for Payment (e.g. Authentication Indicator equals 01 on Lookup Request) transactions when PAResStatus is equal to N, U, or R in the Lookup Response.  Please refer to "EMV 3-D Secure Protocol and Core Functions Specification v2.2.0" for a list of Reason Codes.

See possible values.

C

Merchant Configuration ON

N(2)

ACSTransactionId

Unique transaction identifier assigned by the ACS to identify a single transaction.

C

3DS 2.0

AN(36)

ThreeDSServerTransactionId

Unique transaction identifier assigned by the 3DS Server to identify a single transaction.

C

3DS 2.0

AN(36)

SDKFlowType

Indicates the SDK Flow that was used as part of the transaction.

C

Required for app based transaction
(Device Channel = 01)

AN(100)

ACSReferenceNumber

Unique identifier assigned by the EMVCo Secretariat upon Testing and Approval.

C

3DS 2.0

AN(32)

ACSOperatorID

DS assigned ACS identifier.
Each DS can provide a unique ID to each ACS
on an individual basis.

C

3DS 2.0

AN(32)

Tokenization

ThirdPartyToken

Third Party Token that is returned from the token provider after a card number is specified on the request.

Note: This field is returned if Tokenization is enabled in the Merchant profile setting AND the Merchant is using a third party token provider.

O

 

AN(100)

Token

Centinel generated order identifier.

Note: This field is returned if Tokenization is enabled in the Merchant profile settings.

O

 

AN(26)

TrustListing

WhiteListStatus

Enables the communication of trusted beneficiary between the ACS, the DS and the 3DS Requestor.

Possible Values: 

Y - 3DS Requestor is trustlisted by cardholder

N - 3DS Requestor is not trustlisted by cardholder

E - Not eligible as determined by issuer

P - Pending confirmation by cardholder

R - Cardholder rejected

U - Trustlist status unknown, unavailable, or does not apply

Note: This field may be returned for 2.1.0 if the MasterCard PSD2 extensions are passed and issuer supports them.

O

 

AN(1)

WhiteListStatusSource

This data element will be populated by the system setting WhitelistStatus.

Possible Values:

01 - 3DS Server

02 - DS

03 - ACS

C

Required if WhitelistStatus is present.

N(2)

 

Cartes Bancaire 

NetworkScore

The global score calculated by the CB Scoring platform

O

Optional for CB

N(2)

CavvAlgorithm

Identifies the algorithm used by the ACS to calculate the
Authentication Value and is derived from the  "CB-AVALGO"

O

Optional for CB

N(1)

ExemptionData

Indicates the exemption applied by the ACS

C

Returned when the ACS applies an exemption to the transaction, resulting in a Frictionless consumer experience.

AN(4)

 

A 3-byte value corresponding to the CB2A field 56/0033 e.g. TWFu

AuthorizationPayload

The Base64 encoded JSON Payload of CB specific Authorization Values returned in the Frictionless Flow.

Example File: AuthorizationPayload-JSON File

C

Merchant Configuration ON

Base64 Encoded

IVR Extensions (India Only)

IvrEnabledMessage

Flag to indicate if a valid IVR transaction was detected.

C

Required for India IVR

Boolean

IvrEncryptionKey

Encryption key to be used in the event the ACS requires encryption of the credential field.

C

Required for India IVR

AN(16)

IvrEncryptionMandatory

Flag to indicate if the ACS requires the credential to be encrypted.

C

Required for India IVR

Boolean

IvrEncryptionType

An indicator from the ACS to inform the type of encryption that should be used in the event the ACS requires encryption of the credential field.

C

Required for India IVR

AN(20)

IvrLabel

An ACS Provided label that can be presented to the Consumer. Recommended use with an application. 

C

Required for India IVR

AN(20)

IvrPrompt

An ACS provided string that can be presented to the Consumer. Recommended use with an application.

C

Required for India IVR

AN(80)

IvrStatusMessage

An ACS provided message that can provide additional information or details.

C

Required for India IVR.

AN(80)

Identity Check Insights

IDCI_Score

Risk Assessment from Mastercard

C

Required if merchant requests the score

N(1)

IDCI_Decision

Decision on the Risk Assessment from Mastercard

C

Required if merchant requests the score

 

IDCI_ReasonCode1

ReasonCode from Mastercard

C

Required if merchant requests the score

A(1)

IDCI_ReasonCode2

ReasonCode from Mastercard

C

Required if merchant requests the score

A(2)