cmpi_lookup Response Message
This message is generated in response to the cmpi_lookup message.
TIP:
All fields use ASCII character set (0-9, A-Z, a-z, special characters $%&@!_ etc.)
The required field contains one of the following values
Y = Yes (This will be returned on the response on a successful response message)
C = Conditional (May be returned given the met condition)
O = Optional (Maybe returned)
Boolean = True or False
Field Name | Description | Required | Condition | Field Definition |
|---|---|---|---|---|
ThreeDSVersion | This field contains the 3DS version that was used to process the transaction. Possible Values: 1.0.2 2.1.0 2.2.0 Note: Required for Mastercard Identity Check transactions in Authorization | Y | AN(10) | |
Enrolled | Status of Authentication eligibility. Possible Values: Y - Yes, Bank is participating in 3-D Secure protocol and will return the ACSUrl N - No, Bank is not participating in 3-D Secure protocol U - Unavailable, The DS or ACS is not available for authentication at the time of the request B - Bypass, Merchant authentication rule is triggered to bypass authentication in this use case Note: If the Enrolled value is NOT Y, then the Consumer is NOT eligible for Authentication. | Y | AN(1) | |
ErrorDesc | Application error description for the associated error number(s). Note: Multiple error descriptions are separated by a comma. | Y | AN(255) | |
ErrorNo | Application error number(s). A non-zero value represents the error encountered while attempting to process the message request. Note: Multiple error numbers are separated by a comma. | Y | AN(255) | |
EciFlag | Electronic Commerce Indicator (ECI). The ECI value is part of the 2 data elements that indicate the transaction was processed electronically. This should be passed on the authorization transaction to the Gateway/Processor. Possible Values: 02 or 05 or N2** - Authenticated Transaction 01 or 06 - Attempted Authentication Transaction 00 or 07 or N0** - Non 3-D Secure Transaction Mastercard - 02, 01, 00, N0**, N2** **ECI N0 or N2 will only occur in Mastercard for non payment authentication (NPA) transactions VISA - 05, 06, 07 AMEX - 05, 06, 07 JCB - 05, 06, 07 DINERS CLUB - 05, 06, 07 Cartes Bancaires (CB) Visa - 05, 06, 07 Cartes Bancaires (CB) Mastercard - 02, 01, 00 ELO: 05, 06, 07 Union Pay International: 05, 06, 07 eftpos (Visa or MC) - 05, 06, 07 | Y | AN(2) | |
OrderId | Centinel generated order identifier. Used to link multiple actions on a single order to a single identifier. Mod-10 compliant and unique BIN range to CardinalCommerce services. | Y | N(16) | |
TransactionId | Centinel transaction identifier. This value identifies the transaction within the Centinel system. To complete the transaction, the value is required to be passed on the Authenticate message to link the Lookup and Authenticate message together. Note: The TransactionId is the preferred identifier for linking the Lookup and Authenticate message. | Y | AN(20) | |
SignatureVerification This is a legacy response field related to 3DS 1.0.2. This value will either be returned with a value of Y or not returned at all. The SignatureVerification value should no longer be used in any processing logic as it is not relevant to EMV 3DS authentication. | Transaction Signature status identifier. Possible Values: Y - Indicates that the signature of the PARes has been validated successfully and the message contents can be trusted. | C | AN(1) | |
CardBrand | Card brand that the transaction was processed for authentication. Possible Values: AMERICAN EXPRESS | Y | AN(16) | |
CardBin | Card bin represents the first six numbers of the CardNumber field passed in on the cmpi_lookup request. | Y | N(6) | |
DSTransactionId | Unique transaction identifier assigned by the Directory Server (DS) to identify a single transaction. Note: Required for Mastercard Identity Check transaction in Authorization - Only available in EMV 3DS (3DS 2.0) transactions | C | AN(36) | |
RawACSUrl | The fully qualified URL to redirect the Consumer to complete the Consumer Authentication transaction. Note: Available if Enrolled = Y | C | This is the real ACS_URL that will be passed along with EAF_URL and is only returned for the merchants that have Enhanced Alt Flow (EAF) enabled on their Payer Auth. | AN(2048) |
ACSUrl | The fully qualified URL to redirect the Consumer to complete the Consumer Authentication transaction. Note: Available if Enrolled = Y | C | AN(2048) | |
StepUpUrl | The fully qualified URL that the client uses to post the cardholder in order to complete the Consumer Authentication transaction for the Cardinal Cruise API integration. Note: This is only for a Cardinal Cruise API Integration | C | AN(2048) | |
Cavv | Cardholder Authentication Verification Value (CAVV) Authentication Verification Value (AVV) Universal Cardholder Authentication Field (UCAF) This value should be appended to the authorization message signifying that the transaction has been successfully authenticated. This value will be encoded according to the Merchant's configuration in either Base64 encoding or Hex encoding. A Base64 encoding Merchant configuration will produce values of 28 or 32 characters A Hex encoding Merchant configuration will produce values of 40 or 48 characters. The value when decoded will either be 20 bytes for CAVV or 20 or 24 bytes if the value is AAV (Mastercard UCAF). | C | AN(40) | |
PAResStatus | Transactions status result identifier. Possible Values: Y - Successful Authentication N* - Failed Authentication / Account Not Verified / Transaction Denied U - Unable to Complete Authentication A - Successful Attempts Transaction C** - Challenge Required for Authentication R** - Authentication Rejected (Merchant must not submit for authorization) D - Challenge Required; Decoupled Authentication confirmed. I - Informational Only; 3DS Requestor challenge preference acknowledged. *Note: Status N may also indicate a TRA Exemption in MasterCard 2.1 transactions. In general, networks may use any PAResStatus value differently in exemption use cases. **Note: Statuses of C and R only apply to Consumer authentication 2.0. Decoupled authentication is not supported at this time. | C | AN(1) | |
Payload | The encoded payment request generated by Centinel. Note: Available if Enrolled = Y | C | IF DeviceChannel = Browser, AN(2048) IF DeviceChannel = SDK, maximum length up to 100KB | |
Xid | Transaction identifier resulting from authentication processing. Note: Gateway/Processor API specification may require this value to be appended to the authorization message. This value will be encoded according to the Merchant's configuration in either Base64 encoding or Hex encoding. A Base64 encoding Merchant configuration will produce values of 28 characters. A Hex encoding Merchant configuration will produce values of 40 characters. | C | AN(40) | |
CavvAlgorithm | Indicates the algorithm used to generate the CAVV value. Possible Values: 2 - CVV with ATN 3 - Mastercard SPA algorithm Note: Only returned for MasterCard SecureCode transaction (3DS 1.0). | C | N(1) | |
MerchantReferenceNumber | Merchant specified data that is echoed back. Note: This is the same value that was passed in on the cmpi_lookup request in the MerchantReferenceNumber field. | O | AN(20) | |
UCAFIndicator | Universal Cardholder Authentication Field (UCAF) Indicator value provided by the issuer. Possible Values: 0 - Non-SecureCode transaction, bypassed by the Merchant 1 - Merchant-Only SecureCode transaction 2 - Fully authenticated SecureCode transaction Note: This field is only returned for Mastercard SecureCode transactions (3DS 1.0) | C | N(1) | |
DecoupledIndicator | Indicates whether the ACS confirms utilisation of Decoupled Authentication and agrees to utilise Decoupled Authentication to authenticate the Cardholder. Possible Values: Y - Confirms Decoupled Authentication will be utilised N - Decoupled Authentication will not be utilised Note: If 3DS Requestor Decoupled Request Indicator = N, a value of Y cannot be returned in the ACS Decoupled Confirmation Indicator. If Transaction Status = D, a value of N is not valid. Decoupled authentication is not supported at this time. | C | Required if Transaction Status = D | AN(1) |
ReasonCode | The error code indicating a problem with this transaction. | C | 3DS 2.0 | AN(3) |
ReasonDesc | Text and additional detail about the error for this transaction. Note: This field concatenates the errorDescription and errorDetail from the authentication response message | C | 3DS 2.0 | AN(4096) |
Warning | Text provided for merchants to self-diagnose integration or transaction level issues thus establishing a scalable feedback mechanism. Note: This is a soft error and will not stop the transaction. Merchants are recommended to take corrective action to overcome the Warning message. | C | 3DS 2.0 | AN(4096) |
CardHolderInfo | Text provided by the ACS/Issuer to Cardholder during a Frictionless transaction. The Issuer can provide information to Cardholder. For example, “Additional authentication is needed for this transaction, please contact (Issuer Name) at xxx-xxx-xxxx.”. The Issuing Bank can optionally support this value. The merchant is required to display this within their Checkout when present. Note: Supports 3RI Device Channel in version 2.2.0. Decoupled authentication is not supported at this time. | C | 3DS 2.0 Required if ACS Decoupled Confirmation Indicator = Y Otherwise, Optional for the ACS. | AN(128) |
ACSRenderingType | Identifies the UI Type the ACS will use to complete the challenge. Response is a two-element object: {acsInterface, acsUiTemplate} Possible Values:
Notes:
| C | Merchant Configuration ON & App | { N(2), N(2) } |
AuthenticationType | Indicates the type of authentication that will be used to challenge the card holder. Possible Values: 01 - Static 02 - Dynamic 03 - OOB (Out of Band) 04 - Decoupled Note: EMV® 3-D Secure version 2.1.0 supports values 01-03. Version 2.2.0 supports values 01-04. Decoupled authentication is not supported at this time. | C | Merchant Configuration ON Required in the ARes message if the Transaction Status = C or D in the ARes message. | N(2) |
ChallengeRequired | Indicates whether a challenge is required to complete authentication. For example, regional mandates. Possible Values: Y - Challenge Required N - Challenge Not Required Note: Supports 3RI Device Channel in version 2.2.0. Decoupled authentication is not supported at this time. | C | Merchant Configuration ON Required if Transaction Status = C or D. | A(1) |
StatusReason | Provides additional information as to why the PAResStatus has the specific value. Note: Required for Payment (e.g. Authentication Indicator equals 01 on Lookup Request) transactions when PAResStatus is equal to N, U, or R in the Lookup Response. Please refer to "EMV 3-D Secure Protocol and Core Functions Specification v2.2.0" for a list of Reason Codes. | C | Merchant Configuration ON | N(2) |
ACSTransactionId | Unique transaction identifier assigned by the ACS to identify a single transaction. | C | 3DS 2.0 | AN(36) |
ThreeDSServerTransactionId | Unique transaction identifier assigned by the 3DS Server to identify a single transaction. | C | 3DS 2.0 | AN(36) |
SDKFlowType | Indicates the SDK Flow that was used as part of the transaction. | C | Required for app based transaction | AN(100) |
ACSReferenceNumber | Unique identifier assigned by the EMVCo Secretariat upon Testing and Approval. | C | 3DS 2.0 | AN(32) |
ACSOperatorID | DS assigned ACS identifier. | C | 3DS 2.0 | AN(32) |
Digital Authentication Framework (DAF) | ||||
APCStatus | Indicates the status of the Authenticated Payment Credential (APC). Possible Values:
| C | Required for DAF transactions | AN(50) |
Tokenization | ||||
ThirdPartyToken | Third Party Token that is returned from the token provider after a card number is specified on the request. Note: This field is returned if Tokenization is enabled in the Merchant profile setting AND the Merchant is using a third party token provider. | O | AN(100) | |
Token | Centinel generated order identifier. Note: This field is returned if Tokenization is enabled in the Merchant profile settings. | O | AN(26) | |
TrustListing | ||||
WhiteListStatus | Enables the communication of trusted beneficiary between the ACS, the DS and the 3DS Requestor. Possible Values: Y - 3DS Requestor is trustlisted by cardholder N - 3DS Requestor is not trustlisted by cardholder E - Not eligible as determined by issuer P - Pending confirmation by cardholder R - Cardholder rejected U - Trustlist status unknown, unavailable, or does not apply Note: This field may be returned for 2.1.0 if the MasterCard PSD2 extensions are passed and issuer supports them. | O | AN(1) | |
WhiteListStatusSource | This data element will be populated by the system setting WhitelistStatus. Possible Values: 01 - 3DS Server 02 - DS 03 - ACS | C | Required if WhitelistStatus is present. | N(2) |
Cartes Bancaire | ||||
NetworkScore | The global score calculated by the CB Scoring platform | O | Optional for CB | N(2) |
CavvAlgorithm | Identifies the algorithm used by the ACS to calculate the | O | Optional for CB | N(1) |
ExemptionData | Indicates the exemption applied by the ACS | C | Returned when the ACS applies an exemption to the transaction, resulting in a Frictionless consumer experience. | AN(4) A 3-byte value corresponding to the CB2A field 56/0033 e.g. TWFu |
AuthorizationPayload | The Base64 encoded JSON Payload of CB specific Authorization Values returned in the Frictionless Flow. Example File: AuthorizationPayload-JSON File | C | Merchant Configuration ON | Base64 Encoded |
mada | ||||
DSReferenceNumber | EMVCo-assigned unique identifier to track approved DS. | Y | Required for mada. | AN(32) |
ThreeDSServerOperatorID | DS-assigned 3DS Server identifier. | Y | Required for mada. | AN(32) |
ACSOperatorID | DS assigned ACS identifier. | Y | Required for mada. | AN(32) |
ACSReferenceNumber | Unique identifier for the ACS assigned by the EMVCo Secretariat upon Testing and Approval. | Y | Required for mada. | AN(32) |
AuthorizationPayload | The Base64 encoded JSON Payload of mada specific Authorization Values. Example File: AuthorizationPayload-JSON File | Y | Required for mada. | Base64 Encoded |
IVR Extensions (India Only) | ||||
IvrEnabledMessage | Flag to indicate if a valid IVR transaction was detected. | C | Required for India IVR | Boolean |
IvrEncryptionKey | Encryption key to be used in the event the ACS requires encryption of the credential field. | C | Required for India IVR | AN(16) |
IvrEncryptionMandatory | Flag to indicate if the ACS requires the credential to be encrypted. | C | Required for India IVR | Boolean |
IvrEncryptionType | An indicator from the ACS to inform the type of encryption that should be used in the event the ACS requires encryption of the credential field. | C | Required for India IVR | AN(20) |
IvrLabel | An ACS Provided label that can be presented to the Consumer. Recommended use with an application. | C | Required for India IVR | AN(20) |
IvrPrompt | An ACS provided string that can be presented to the Consumer. Recommended use with an application. | C | Required for India IVR | AN(80) |
IvrStatusMessage | An ACS provided message that can provide additional information or details. | C | Required for India IVR. | AN(80) |
Identity Check Insights | ||||
IDCI_Score | Risk Assessment from Mastercard | C | Required if merchant requests the score | N(1) |
IDCI_Decision | Decision on the Risk Assessment from Mastercard | C | Required if merchant requests the score | |
IDCI_ReasonCode1 | ReasonCode from Mastercard | C | Required if merchant requests the score | A(1) |
IDCI_ReasonCode2 | ReasonCode from Mastercard | C | Required if merchant requests the score | A(2) |