Ch 1 (04/11/2019 Update): Lookup Request/Response
***Changes made on 04/11/2019 are delineated below in Red.***
Lookup Request/Response Messages Updated with EMV® 3-D Secure Protocol v2.2.0 Fields
Required Fields
These fields are required to initiate a Cardinal Consumer Authentication transaction.
| Field Name | Description | Required | Field Definition |
|---|---|---|---|
| Amount | Unformatted total transaction amount without any decimalization. Example: $100.00 = 10000, $123.67 = 12367, $.99 = 99 | Y | N(48) |
Conditionally Required Fields
The requirements for these fields are driven by the conditions of the transaction.
| Field Name | Description | Required | Condition | Field Definition |
|---|---|---|---|---|
| AuthenticationIndicator | Indicates the type of Authentication request. 01 - Payment transaction 02 - Recurring transaction 03 - Installment transaction 04 - Add card 05 - Maintain card 06 - Cardholder verification as part of EMV token ID&V
| C | Required if not a Payment transaction. | N(2) |
Device Data Information - OPTIONAL
These fields can be passed to Centinel as redundant device data values if Cardinal Cruise JavaScript is unable to collect this device data in real-time.
| Field Name | Description | Required | Field Definition | |
|---|---|---|---|---|
| BrowserJavaEnabled | A Boolean value that represents the ability of the cardholder browser to execute Java. Value is returned from the navigator.javaEnabled property. Possible Values: True False | O | Boolean | |
BrowserJavascriptEnabled NEW FIELD | A Boolean value that represents represents the ability of the cardholder browser to execute JavaScript. Possible Values: True False | Y | Boolean |
Risk Information - OPTIONAL
These fields can be passed to the issuer to use in risk-based authentication.
| Field Name | Description | Required | Field Definition |
|---|---|---|---|
| No New Changes | |||
| Cardholder Information | |||
| No New Changes | |||
| Requester Authentication | |||
| AlternateAuthenticationMethod | Mechanism used by the cardholder to authenticate to the 3DS requester. Possible Values: 01 - No authentication occurred (e.g. Guest Checkout) 02 - Login to the cardholder account at the Merchant system using Merchant system credentials 03 - Login to the cardholder account at the Merchant system using a Federated ID 04 - Login to the cardholder account at the Merchant system using Issuer credentials 05 - Login to the cardholder account at the Merchant system using third-party authentication 06 - Login to the cardholder account at the Merchant system using FIDO Authenticator
| O | N(2) |
| Requester Prior Authentication | |||
| No New Changes | |||
Additional and Override Fields
Additional data that can be sent into our Centinel platform to override fields or convey to the issuer the alternative authentication methods that the consumer used.
| Field Name | Description | Required | Field Definition |
|---|---|---|---|
| Override Fields | |||
| ChallengeIndicator | Possible Values: 01 - No preference 02 - No challenge requested 03 - Challenge requested (3DS Requestor Preference) 04 - Challenge requested (Mandate)
05 - No challenge requested (transactional risk analysis is already performed) 06 - No challenge requested (Data share only) 07 - No challenge requested (strong consumer authentication is already performed) 08 - No challenge requested (utilise whitelist exemption if no challenge required) 09 - Challenge requested (whitelist prompt requested if challenge required) NOTE: | O | N(2) |
| Tokenization | |||
| No New Changes | |||
| SDK | |||
| No New Changes | |||
| General | |||
DecoupledMaxTime NEW FIELD | Indicates the maximum amount of time that the 3DS Requestor will wait for an ACS to provide the results of a Decoupled Authentication transaction (in minutes). Possible Values: Numeric values between 1 and 10080 accepted. NOTE: Decoupled authentication is not supported at this time. | O | N(5) |
DecoupledIndicator NEW FIELD | Indicates whether the 3DS Requestor requests the ACS to utilise Decoupled Authentication and agrees to utilise Decoupled Authentication if the ACS confirms its use. Possible Values: Y - Decoupled Authentication is supported and preferred if challenge is necessary N - Do not use Decoupled Authentication Default Value: N NOTE: If the element is not provided, the expected action is for the ACS to interpret as N, DO NOT use Decoupled Authentication. Decoupled authentication is not supported at this time. | O | AN(1) |
Merchant Initiated (3RI) - Conditionally Required
These fields are required for merchant initiated transactions when a cardholder isn't present.
| Field Name | Description | Required | Condition | Field Definition |
|---|---|---|---|---|
| ThreeRIIndicator | Indicates the type of 3RI request. Possible Values: 01 - Recurring transaction 02 - Installment transaction 03 - Add card 04 - Maintain card 05 - Account verification
06 - Split/delayed shipment 07 - Top-up 08 - Mail Order 09 - Telephone Order 10 - Whitelist status check 11 - Other payment NOTE: EMV® 3-D Secure version 2.1.0 supports values 01-05. Version 2.2.0 supports values 01-11. | C | Required for Merchant Initiated transactions. | N(2) |
Amount NEW FIELD | Unformatted total transaction amount without any decimalization. Example: $100.00 = 10000, $123.67 = 12367, $.99 = 99 NOTE: Supports 3RI Device Channel in version 2.2.0 | C | N(48) | |
CurrencyCode NEW FIELD | 3 digit numeric ISO 4217 currency code for the sale amount. NOTE: Supports 3RI Device Channel in version 2.2.0 | C | N(3) | |
PurchaseDate NEW FIELD | Date of original purchase. Format: YYYYMMDDHHMMSS NOTE: If not passed, Cardinal will use current date. Required for recurring transactions. NOTE: Supports 3RI Device Channel in version 2.2.0 | C | Required for Recurring and Installment transactions. | AN(14) |
Installment NEW FIELD | Indicates the maximum number of authorizations for installment payments. An integer value greater than 1 indicating the maximum number of permitted authorizations for installment payments. Example values accepted: NOTE: Supports 3RI Device Channel in version 2.2.0 | C | Required for Recurring and Installment transactions. | N(3) |
RecurringEnd NEW FIELD | The date after which no further recurring authorizations should be performed. Format: YYYYMMDD NOTE: Supports 3RI Device Channel in version 2.2.0 | C | Required for Recurring and Installment transactions. | N(8) |
RecurringFrequency NEW FIELD | Integer value indicating the minimum number of days between recurring authorizations. A frequency of monthly is indicated by the value 28. Multiple of 28 days will be used to indicate months. Example: 6 months = 168 Example values accepted (31 days): NOTE: Supports 3RI Device Channel in version 2.2.0 | C | Required for Recurring and Installment transactions. | N(3) |
ProductCode NEW FIELD | Merchant product code. Possible Values: PHY - Goods/Service Purchase CHA - Check Acceptance ACF - Account Funding QCT - Quasi-Cash Transaction PAL - Prepaid Activation and Load NOTE: Supports 3RI Device Channel in version 2.2.0 | C | Required for Brazil. | AN(3) |
PSD2 Whitelist Exemption
These fields are used to communicate information related to PSD2's These fields are used to communicate information related to PSD2's Whitelist Exemption.
| Field Name | Description | Required | Condition | Field Definition |
|---|---|---|---|---|
WhiteListStatus NEW FIELD | Enables the communication of trusted beneficiary/whitelist status between the ACS, the DS and the 3DS Requestor. Possible Values: Y - 3DS Requestor is whitelisted by cardholder N - 3DS Requestor is not whitelisted by cardholder | O | AN(1) |
American Express SafeKey - Conditionally Required
These fields are required for American Express SafeKey Plus, which is only available in the US and for 3DS 1.0.
| Field Name | Description | Required | Condition | Field Definition |
|---|---|---|---|---|
| No New Changes |
Recurring/Installment - Conditionally Required
| Field Name | Description | Required | Condition | Field Definition |
|---|---|---|---|---|
| Installment | Indicates the maximum number of authorizations for installment payments. An integer value greater than 1 indicating the maximum number of permitted authorizations for installment payments. Example values accepted: | C | Required for Recurring and Installment transactions. | N(3) |
| RecurringFrequency | Integer value indicating the minimum number of days between recurring authorizations. A frequency of monthly is indicated by the value 28. Multiple of 28 days will be used to indicate months. Example: 6 months = 168 Example values accepted (31 days): | C | Required for Recurring and Installment transactions. | N(3) |
3DS in Brazil - Conditionally Required
Convey to the issuer the fields needed for the Brazil market.
| Field Name | Description | Required | Condition | Field Definition |
|---|---|---|---|---|
| No New Changes |
API Key Usage - OPTIONAL
Centinel has added support for submitting requests using an API Key. In the past, a request was submitted using a MerchantId, ProcessorId, and TransactionPwd value within the request. In order to provide more flexibility with submitting requests and rotating keys, functionality has been added to support using an API Key when submitting requests. In place of the MerchantId, ProcessorId, and TransactionPwd fields, a request will instead be submitted with identifier, OrgUnit, Algorithm, Timestamp, and Signature fields.
NOTE:
A client wanting to authenticate with Centinel using API Keys will need to do so on both the cmpi_lookup and cmpi_authenticate requests.
| Field Name | Description | Required | Field Definition |
|---|---|---|---|
| No New Changes |
Generating a Signature Value (No New Changes)
The API Key Signature is generated by concatenating the Unix Epoch Time in Milliseconds with the API Key, hashing the result, and then Base64 encoding the final result. Base64(Hash(Timestamp + ApiKey)) SHA-256 Example Values: Milliseconds Since Epoch: 1485534293321 |
SHA-512 Example Values: Milliseconds Since Epoch: 1485534293321 |
Field Level Encryption - OPTIONAL
Cardinal has added field level encryption support for the CardNumber field within our API. To encrypt the CardNumber, the merchant will use a public key provided by Cardinal and provide the alias of the key when sending in the request to Cardinal. There are no specific libraries or .jars required to encrypt the CardNumber (in Java).
The two new fields added to our API are EncryptedCardNumber and EncryptedCardNumberParameters.
| Field Name | Description | Required | Field Definition |
|---|---|---|---|
| No New Changes |
Transformation Used for Encryption | Passed in first Parameter of the EncryptedCardNumber Field |
|---|---|
| No New Changes |
3DS - India IVR Extension
These fields are only supported in the India Market, with 3DS 1.0 and with IVR purchases.
| Field Name | Description | Required | Field Definition |
|---|---|---|---|
| No New Changes |
cmpi_lookup Response Message
This message is generated in response to the cmpi_lookup message.
TIP:
- All fields use ASCII character set (0-9, A-Z, a-z, special characters $%&@!_ etc.)
- The required field contains one of the following values
- Y = Yes (This will be returned on the response on a successful response message)
- C = Conditional (May be returned given the met condition)
- O = Optional (Maybe returned)
- Boolean = True or False
| Field Name | Description | Required | Condition | Field Definition |
|---|---|---|---|---|
| ThreeDSVersion | This field contains the 3DS version that was used to process the transaction. Possible Values: 1.0.2 2.1.0 2.2.0 NOTE: Required for Mastercard Identity Check transactions in Authorization | Y | AN(10) | |
| PAResStatus | Transactions status result identifier. Possible Values: Y - Successful Authentication N - Failed Authentication / Account Not Verified / Transaction Denied U - Unable to Complete Authentication A - Successful Attempts Transaction C - Challenge Required for Authentication R - Authentication Rejected (Merchant must not submit for authorization) D - Challenge Required; Decoupled Authentication confirmed. NOTE: Statuses of C and R only apply to Consumer Authentication 2.0. Decoupled authentication is not supported at this time. | C | AN(1) | |
DecoupledIndicator NEW FIELD | Indicates whether the ACS confirms utilisation of Decoupled Authentication and agrees to utilise Decoupled Authentication to authenticate the Cardholder. Possible Values: Y - Confirms Decoupled Authentication will be utilised N - Decoupled Authentication will not be utilised NOTE: If 3DS Requestor Decoupled Request Indicator = N, a value of Y cannot be returned in the ACS Decoupled Confirmation Indicator. If Transaction Status = D, a value of N is not valid. Decoupled authentication is not supported at this time. | C | Required if Transaction Status = D | AN(1) |
| Tokenization | ||||
| No New Changes | ||||
| WhiteListing | ||||
WhiteListStatus NEW FIELD | Enables the communication of trusted beneficiary/whitelist status between the ACS, the DS and the 3DS Requestor. Possible Values: Y - 3DS Requestor is whitelisted by cardholder N - 3DS Requestor is not whitelisted by cardholder E - Not eligible as determined by issuer P - Pending confirmation by cardholder R - Cardholder rejected U - Whitelist status unknown, unavailable, or does not apply | O | AN(1) | |
WhiteListStatusSource NEW FIELD | This data element will be populated by the system setting Whitelist Status. Possible Values: 01 - 3DS Server 02 - DS 03 - ACS | C | Required if Whitelist Status is present. | N(2) |
Additional Response Fields
Additional fields that can be returned for EMV 3DS (3DS 2.0).
| Field Name | Description | Required | Condition | Field Definition |
|---|---|---|---|---|
| CardholderInfo |
Text provided by the ACS/Issuer to Cardholder during a Frictionless or Decoupled transaction. The Issuer can provide information to Cardholder. For example, “Additional authentication is needed for this transaction, please contact (Issuer Name) at xxx-xxx-xxxx.”. The Issuing Bank can optionally support this value. NOTE: Supports 3RI Device Channel in version 2.2.0. Decoupled authentication is not supported at this time. | C | 3DS 2.0 Required if ACS Decoupled Confirmation Indicator = Y Otherwise, Optional for the ACS. | AN(128) |
| ACSRenderingType | Identifies the UI Type the ACS will use to complete the challenge. NOTE: Only available for App transactions using the Cardinal Mobile SDK | C | Merchant Configuration ON & App | |
| AuthenticationType | Indicates the type of authentication that will be used to challenge the card holder. Possible Values: 01 - Static 02 - Dynamic 03 - OOB (Out of Band)
04 - Decoupled NOTE: EMV® 3-D Secure version 2.1.0 supports values 01-03. Version 2.2.0 supports values 01-04. Decoupled authentication is not supported at this time. | C | Merchant Configuration ON Required in the ARes message if the Transaction Status = C or D in the ARes message. | N(2) |
| ChallengeRequired | Indicates whether a challenge is required to complete authentication. For example, regional mandates. Possible Values: Y - Challenge Required N - Challenge Not Required NOTE: Supports 3RI Device Channel in version 2.2.0. Decoupled authentication is not supported at this time. | C | Merchant Configuration ON Required if Transaction Status = C or D. | A(1) |
| StatusReason | Provides additional information as to why the PAResStatus has the specific value. NOTE: Required for Payment (e.g. Authentication Indicator equals 01 on Lookup Request) transactions when PAResStatus is equal to N, U, or R in the Lookup Response. Please refer to "EMV 3-D Secure Protocol and Core Functions Specification v2.2.0" for a list of Reason Codes. | C | Merchant Configuration ON | N(2) |
3DS Extension Support
| Field Name | Description | Required | Condition | Field Definition |
|---|---|---|---|---|
| IVR Extensions (India Only) | ||||
| No New Changes | ||||