Warning : Real-time Feedback

Owned by Suyash Somani
Apr 05, 2023
2 min read

The Warning field on the Cardinal APIs (specifically, Lookup Response and Authenticate Response) is an internally generated value to present the merchant or integrator with real-time feedback on the API requests so that they can take corrective action.

It is used to inform the merchant of various scenarios that are classified below:

Objective

Scenario

Warning

Mitigation Plan

Objective

Scenario

Warning

Mitigation Plan

Secure Credentials

Merchant passes Transaction Password on Cardinal APIs instead of a Signature value generated using API Key, API Identifier, OUID

Use of TransactionPwd is deprecated and must be replaced with an API Key Signature

Please reach out to your Account Manager to migrate from Transaction Password to SSO credentials.

Enhance Data Quality

Merchant does not pass conditionally required fields on Lookup Request API

Field(s) where necessary data is not passed or leads to Data Quality issues; {{List of missing conditionally required fields}}

Merchants should pass conditionally required fields unless market or regional mandate restricts sending this information.

Digital Authentication Framework (DAF)

Merchant supports DAF but, issuer does not.

Issuer does not support DAF

Informational only - no action on merchant.

Merchant did not update the VMID on their account

What is a VMID?
A VMID is an identifier at Visa for a merchant that a merchant needs to get through its acquirer. Even if a merchant has multiple acquirers, they will only have one VMID. DAF is one of the programs where a VMID can be used.

Configure VMID on merchant profile

Merchants can choose to update VMID on their account by using Onboarding API or, share the VMID with their Account Manager who can upload VMID on merchant’s behalf.

Alternatively, merchants may choose to send VMID value as RequestorId on the Lookup Request.

Merchant does not support DAF but, issuer does.

Issuer supports DAF

Merchant may want to consider using DAF given the various benefits.

Prevent EMV 3DS Downgrades

Merchant did not pass DFReferenceId on the Lookup Request

What this means:
DFReferenceId* field is required to be passed by the merchant on the Lookup Request. This allows Cardinal to link browser fields collected during the Device Data Collection (DDC) call and indicate the outcome of the 3DS Method call on the Authentication request.

Missing required field on Lookup Request; DFReferenceId

  1. Ensure you are running Device Data Collection.

  2. Proceed with Lookup Request after Device Data Collection completes.

  3. Make sure you are sending the DFReferenceID* on the Lookup Request that you received on the Device Data Collection.

  4. As a backup, make sure you are sending 11 browser fields on the Lookup Request.

  5. If you need additional information, please reference our Device Data Collection page.

Device Data Collection (DDC) needs to be completed before a merchant can initiate the Lookup request.

There are several instances where this can occur:

  1. Device Channel not present

  2. Partial browser fields collected on DDC

  3. Merchant did not run DDC

Merchant did not run DDC or did not wait for it to complete

  1. Ensure you are running Device Data Collection.

  2. Proceed with Lookup Request after Device Data Collection completes.

  3. Make sure you are sending the DFReferenceID* on the Lookup Request that you received on the Device Data Collection.

  4. As a backup, make sure you are sending 11 browser fields on the Lookup Request.

  5. If you need additional information, please reference our Device Data Collection page