Visa Click to Pay

For Merchants and Payment Service Providers

Data Elements - Visa Click to Pay

Data Objects

Address

The allowed characters for the address line 1, 2, and 3 are: .',:_#/ ()ÁáÀàÂâÄäÃãÇçÉéÈèÊêËëÍíÎîÏïÑñÓóÔôÕõŒœÚúÙùÛûÜüŸÿÆæĄąĆćĘꣳŃńŚśŹźŻż/

Field

Type Mandate

Description

addressId

String Conditional

The address identifier in the SRC system.

Conditionality: Required when provided as a response to the SRCi.

Format: Universally Unique Identifier (UUID)

name

String Conditional

The recipient name for the address, if known.

Condtionality: Required when known to the SRC system for this address

Format: Alphanumeric; maximum 140 characters

line1

String Conditional

Line 1 of the address.

Condtionality: Required if this is a shipping address in a valid format for the country.

Format: Maximum 140 characters. Alphanumeric

line2

String Optional

Line 2 of the address.

Format: Maximum 140 characters. Alphanumeric

line3

String Optional

Line 3 of the address.

Format: Maximum 140 characters. Alphanumeric

city

String Conditional

The city associated with the address.

Condtionality: Required if this is a shipping address in a valid format for the country.

Format: Alphanumeric, maximum 100 characters.

state

String Conditional

The state associated with the address.

Condtionality: Required if this is a shipping address in a valid format for the country.

Format: String

zip

String Conditional

The zip code associated with the address.

Condtionality: Required if this is a shipping address in a valid format for the country and has a postal code or zip code.

Format: Alphabetic, numeric; 3–16 characters.

countryCode

String Required

The country code associated with the address.

Format: ISO-3166-1 alpha-2 standard code

Example: AU - Australia

AccountReference

Field

Type Mandate

Description

srcDigitalCardId

String Conditional

ID of the selected card.

Condtionality: Required if consumerIdentity is not present.

consumerIdentity

ConsumerIdentity Conditional

Primary verifiable consumer identifier within an SRC Profile; for example, an email address.

Condtionality: Required if srcDigitalCardId is not present.

AssuranceData

Field

Type Mandate

Description

verificationData

List<VerificationData> Required

Set of verification data structures relating to distinct types of assurance.

Format: List of VerificationData structures.

eci

String Optional

If present, a value indicating the result of the authenti­ cation performed or attempted during a transaction. Use this value in the e-commerce authorization message to VisaNet.

Format: Maximum 2 digits. It is one of the following values:

  • 05 – Successful authentication
  • 06 – Authentication attempted
  • 07 – Authentication not performed

AuthenticationContext

Field

Type Mandate

Description

authenticationReasons

String Required

SRCi-provided authentication reasons used by the SRC System to perform authentication.

Format: They are one or more of the following enumerated values:

  • TRANSACTION_AUTHENTICATION
  • NOT_PREFERRED

srciDpaId

String Conditional

DPA identifier, which is generated by the SRC system during DPA registration.

Condtionality: Either srciDpaId or a dpaData structure must be provided when authenticationReasons is TRANSACTION_AUTHENTICATION.

Format: 64 bytes

dpaData

DpaData Conditional DPA registration data.

dpaTransactionOptions

DpaTransactionOptions Optional

DPA configuration data, which overrides the configu­ ration on the SRC system that was created during DPA registration.

Ignored if supplied in the init call or elsewhere in the checkout call.

acquirerMerchantId

String Required Acquirer-assigned Merchant identifier. Value must be provided to perform transaction authentication by the SRC System.

acquirerBIN

String Required Acquirer identification code as assigned by the Directory Server. Value must be provided to perform transaction authenti­cation by the SRC System.

merchantName

String Required Merchant name assigned by the Acquirer or Payment System. Value must be provided to perform transaction authenti­ cation by the SRC System.

AuthenticationMethod

Field

Type Mandate

Description

authenticationMethodType

String Required

SRCi to indicate for a particular transaction if Click to Pay needs to perform managed authentication or not.

Format: It is one of the following values:

  • SMS_OTP
  • EMAIL_OTP
  • 3DS
  • APP_AUTHENTICATION
  • MANAGED_AUTHENTICATION (Deprecated)

authenticationSubject

String Optional

Authentication subject. This should be set to CARDHOLDER.

Format: It is one of the following values:

  • CARDHOLDER
  • CONSUMER
  • CARD

uriData

UriData Optional URI associated with the authentication method, if available.

authenticationCredentialReference

String Optional Authentication credential reference, which may be provided by the identity provider once an authentication is initiated to qualify the nature of the authentication method. For example, SMS_OTP may use the masked mobile number "***-***-1234", which can be displayed to the Consumer to aid method selection.

methodAttributes

JSON Optional Attributes related to the authentication method; see "Method Attributes."

AuthenticationPreference

Field

Type Mandate

Description

authenticationMethods

List<AuthenticationMethod> Optional

SRCIs may provide their preferences related to an authentication method so that SRC system can facilitate authentication. 

For e.g. SRCI preferred value for Challenge indicator may be passed here.

payloadRequested

String Optional

Whether the SRCi or merchant prefers an authenticated payload.

Format: It is one of the following values:

  • AUTHENTICATED
  • NON_AUTHENTICATED

Card

Field

Type Mandate

Description

primaryAccountNumber

String Required

The account number of the card to be enrolled and provisioned.

Format: Numeric

panExpirationMonth

String Required

The account number expiration month.

Format: Numeric, 2 digits, MM

panExpirationYear

String Required

The account number expiration year.

Format: Numeric, 4 digits, YYYY

cardSecurityCode

String Conditional

The card security code (CVV2) value associated with the account number on the card, if available.

Condtionality: Required for those cards that a card security code.

Format: Numeric, 3-4 digits

cardholderFullName

String Conditional

The full name of the cardholder on the card.

Condtionality: Required if the billingAddress name field or the cardHolderFirstName and cardHolderLastName are not passed.

cardholderFirstName

String Optional The first name of the cardholder.

cardholderLastName

String Optional The last name of the cardholder.

billingAddress

Address Optional Billing address.

paymentAccountReference

String Conditional The Payment Account Reference (PAR) associated with the cardholder account that uniquely identifies the account to which the payment card is associated.

CheckoutResponse

Field

Type Mandate

Description

srcCorrelationId

String Required

The unique identifier generated by SRC system to track and link SRC messages. This is used as a transaction identifier assigned by the SRC system for this particular transaction.

Returned when cards are returned.

Format: Universally Unique Identifier (UUID)

srciTransactionId

String Required

A unique transaction ID created by the SRCi, which may be created on the merchant page. It must be passed through to all networks (SRC systems) and DCFs.

Format: Alphanumeric, maximum 100 characters

maskedCard

MaskedCard Required Masked card information.

shippingAddressZip

String Optional Zip code of the address being shipped to. The zip code must have been requested in DPA shipping preferences.

shippingCountryCode

String Optional

Country code of the address being shipped to. The country must have been requested in the DPA shipping preferences.

Format: Country Code2, ISO-3166-1, alpha-2 standard code

Example: AU - Australia

maskedConsumer

MaskedConsumer Required

Masked information about the consumer for display purposes.

Format: MaskedConsumer structure.

encryptedPayload

String Conditional

Encrypted payload to be given to the merchant.

Conditionality: Returned only when PCI/PII data is requested by the DPA during a SRC transaction.

assuranceData

AssuranceData Conditional

Information about any risk assessment operations performed by the SRC system.

Condtionality: Provided when the SRCi requests payment authentication.

isGuestCheckout

Boolean Required

Whether the consumer checked out as a guest.

Format: It is One of the following values:

  • true – the consumer checked out as a guest
  • false – the consumer did not check out as a guest (default)

isNewUser

Boolean Required

Whether the consumer enrolled during checkout in this transaction.

Format: It is one of the following values:

  • true – the consumer enrolled during checkout in this transaction
  • false – the consumer did not enroll during checkout in this transaction (default)

ComplianceResources

Field Type Mandate Description

complianceType

String Required

Compliance type.

Format: It is one of the following values:

  • TERMS_AND_CONDITIONS
  • PRIVACY_POLICY
  • REMEMBER_ME

uri

String Required

Uniform Resource Identifier (URI), a valid web address or URL

Format: Mmaximum 1024 characters

ComplianceSettings

Field Type Mandate

Description

complianceResources

List<ComplianceResource> Conditional

One or more compliance resources, which consists of a single compliance type and URI.

Conditionality: Required when complianceSettings is specified.

Consumer

Field

Type Mandate

Description

firstName

String Optional

Consumer’s first name.

Format: Maximum 30 characters

lastName

String Optional

Consumer’s last name.

Format: Alphanumeric; between 2–80 characters

fullName

String Optional

Consumer’s full name.

Format: Alphanumeric; between 2–80 characters

emailAddress String Conditional

Consumer's email address.

Conditionality: Required when linking a new card.

Format: Maximum 255 characters

mobileNumber

PhoneNumber Conditional

Consumer's phone number.

Conditionality: Required when linking a new card.

 

countryCode String Optional

The country code associated with the address.

Format: ISO-3166-1 alpha-2 standard code

Example: AU - Australia

languageCode

String Optional

Consumer's locale.

Format: Locale, based on ISO format for language (ISO 639-1) and alpha-2 country code (ISO 3166-1 alpha-2). The language and country should be separated using a (_).

Example: en_US

consumerIdentity

ConsumerIdentity Optional Primary verifiable consumer identifier within an SRC Profile; for example, an email address.

nationalIdentifier

String Optional

Geographic­specific, nationally-provided identifier for the Consumer.

Format: Maximum 20 characters

ConsumerIdentity

Field

Type Mandate

Description

identityProvider

String Optional The Identity provider. The default value is SRC

identityValue

String Required

Value of the consumer identity, which is used to locate information within the SRC profile.

Format: String for valid email address, for mobile number must be the E.164 format max length of 15 including the country code. Remove special characters: All spaces, dashes, and parentheses should be removed, and all characters should be numeric. The mobile number must not include '+'

Example: [email protected], 61423123456

identityType

String Required The type of the consumer identity. It is one of the following values:
  • EMAIL_ADDRESS
  • MOBILE_PHONE_NUMBER

ConfirmationData

Field

Type Mandate

Description

checkoutEventType

String Optional

Event type associated with the update.

Format: It is one of the following values:

  • 01 - Authorize
  • 02 - Capture
  • 03 - Refund
  • 04 - Cancel
  • 05 - Fraud
  • 06 - Chargeback
  • 07 - Other

checkoutEventStatus

String Optional

Event types associated with the order.

Format: It is one of the following values:

  • 01 - Created
  • 02 - Confirmed
  • 03 - Cancelled
  • 04 - Fraud Cancelled
  • 05 - Other
  • 06 – 50 - EMVCo future use
  • 51 - 99 - SRC

confirmationStatus

String Optional

Status of the event as provided by the SRCi in the Confir­ mation message.

Format: It is one of the following values:

  • 01 - Success
  • 02 - Failure
  • 03 - Other

confirmationReason

String Optional

Description of the reason for the event associated with the order.

Format: Maximum 64 characters

confirmationTimestamp

String Optional

Date and time, in coordinated Universal Time, (UTC) of the event completion corresponding to the Confirmation event by the SRCi.

Format: UNIX Epoch timestamp, in milliseconds

networkAuthorizationCode

String Optional

Authorization code associated with an approved transaction.

Format: Maximum 25 characters

networkTransactionIdentifier

String Optional

Unique authorization-related tracing value assigned by a Payment Network.

Format: Maximum 25 characters

paymentNetworkReference

String Optional

Transaction identifier as provided by a Payment Network after authorization has been completed.

Format: Maximum 25 characters

assuranceData

   

Future

transactionAmount

TransactionAmount Optional Amount of the transaction. Supplied if 3DS is performed by the SRC system.

CustomInputData

Field

Type Mandate

Description

checkoutOrchestrator

String Optional Checkout orchestrator. Must be "merchant" for Merchant Orchestrated Checkout.

customFlowType

String Optional

Flow type indicator for SRC orchestrated flows.

Format: It is one of the following values:

  • paymentsetting
  • withincheckout

paymentCardTypeSelected

String Optional

Identifies the cardholder selection to process the transaction as either debit or credit at checkout. Applicable only when the card product supports both credit and debit (Combo) options.

Format: It is one of the following values:

  • CREDIT
  • DEBIT

DigitalCardData

Field

Type Mandate

Description

status

String Required

The digital card status any given time in the SRC system.

Format: It is one of the following values:

  • ACTIVE

presentationName

String Conditional

Presentation text created by the consumer to enable recognition of the PAN entered into the DCF. This value is unique to the DCF and defined by the consumer.

Format: String; maximum 64 characters

descriptorName

String Required

Presentation text defined by the SRC programme that describes the PAN presented as a digital card. This descriptor is the same across all DCFs.

Format: String; maximum 64 characters

artUri

String Required

URI of the Art card application. Can be provided by SRC Issuer (SRCPI) .

Format: A valid URI; maximum 100 characters

artHeight

String Required

Height of the Art card image, in pixels.

Format: Numeric value between 1 and 4096, inclusive
Example: artHeight: ...

artWidth

String Required

Width of the Art card image, in pixels.

Format: Numeric value between 1 and 4096, inclusive
Example: artWidth : ...

pendingEvents

String Conditional

Set of events that are pending completion such as Card Holder Verification, AVS, SCA, Device Binding, etc.

Conditionality: Required when the value of status is set to PENDING.

Format: It is an array of one or more of the following strings:

  • PENDING_CONSUMER_IDV
  • PENDING_CONSUMER_DEVICE_BINDING
  • PENDING_CARDHOLDER_AUTHENTICATION

authenticationMethods

List<AuthenticationMethod> Optional

Authentication method indicated by the SRCi to the SRC System.

DpaData

Field

Type Mandate

Description

srcDpaId

String Conditional

DPA identifier, which is generated by the SRC system during DPA registration. Required if srciDpaId is not provided in the top-level structure of the request body; optional unless you want to specify a display presentation name, the website address, or the preferred 3DS behavior.

Format: String, 64 bytes

dpaPresentationName

String Conditional

Display name of the DPA. Required to facilitate transaction authentication.

Format: String,

Example: Mycompany Online

dpaUri

String Optional

The URI for the website.

Example: http://www.Mycompanyonline.com

dpaThreeDsPreference

Deprecated

String Optional

Contact your Visa representative for information about using this field to receive authentication data.

Format: It is one of the following values:

  • ONBEHALF
  • SELF
  • NONE
  • UNKNOWN (default)

DpaTransactionOptions

This structure represents the config parameters that are common across all transactions, originates from the Digital Payment Application (DPA).

Field

Type Mandate

Description

dpaLocale

String Optional

DPA’s preferred locale. This can be the same as the locale in the init parameters or can be different.

Format: Based on ISO format for language (ISO 639-1) and alpha-2 country code (ISO 3166-1 alpha-2). The language and country should be separated using an underscore ( _ ).

Example: en_US, fr_CA

dpaAcceptedBillingCountries

List<String> Optional

Billing countries. Payments from the listed billing countries are accepted. If this list is empty, all countries are accepted.

Format: Array of country codes in ISO 3166-1 alpha-2 format

Example: ["US", "CA", "AU"]

dpaAcceptedShippingCountries

List<String> Optional

Shipping countries; shipping region country codes that limit the selection of eligible shipping addresses. If this list is empty, all countries are accepted.

Format: Array of country codes in ISO 3166-1 alpha-2 format

authenticationPreferences

AuthenticationPreferences Conditional Authentication preferences provided by the SRCi. Required for the SRC system to facilitate authentication.

acquirerBIN

String Conditional

Acquirer BIN.

Condtionality: Required for the SRC system to facilitate authentication.

merchantName

String Conditional

Merchant name.

Condtionality: Required for the SRC system to facilitate authentication.

recurringData

RecurringData Conditional

The data specific to a recurring transaction.

Condtionality: Required for the SRC system to facilitate authentication when the transaction is initiated for a recurring purchase.

acquirerMerchantId

String Conditional

Acquirer-assigned Merchant identifier.

Condtionality: Required for the SRC system to facilitate authentication.

dpaBillingPreference

String Optional

Verbosity of billing address required by the DPA.

Format: It is one of the following values:

  • FULL (default)
  • POSTAL_COUNTRY
  • NONE

dpaShippingPreference

String Optional

Extent to which DPA wants to have shipping address collected. Not required for Merchant Orchestrated Checkout; if passed, it will be changed to NONE.

Format: It is one of the following values:

  • FULL (default)
  • POSTAL_COUNTRY
  • NONE

consumerNameRequested

Boolean Optional

Whether the name of the consumer has been requested.

Format: It is one of the following values:

  • true (default)
  • false

consumerEmailAddressRequested

Boolean Optional

Whether the email address of the consumer has been requested.

Format: It is one of the following values:

  • true (default)
  • false

consumerPhoneNumberRequested

Boolean Optional

Whether the Phone number of the consumer has been requested.

Format: It is one of the following values:

  • true (default)
  • false

consumerNationalIdentifierRequested

Boolean Optional

Whether the Consumer National identifier for the consumer is requested.

Format: It is one of the following values:

  • true
  • false

paymentOptions

PaymentOptions Optional Payment options requested by the DPA.

reviewAction

String Optional

Whether the payment will be processed immediately after selection or after confirmation.

Format: It is one of the following values:

  • pay -- proceed after selection
  • continue -- proceed after confirmation (default)

checkoutDescription

String Optional Review message to go with action.

transactionType

String Optional

Type of the transaction.

Format: It is one of the following values:

  • PURCHASE (default)
  • BILL_PAYMENT
  • MONEY_TRANSFER

orderType

Deprecated

   

Type of orders.

Format: It is one of the following values:

  • REAUTHORIZATION
  • RECURRING
  • INSTALLMENT

transactionInstruction

Deprecated

   

Transaction instruction.

Format: Enum; it is one of the following values:

  • RECURRING_PAYMENTS
  • SUBSCRIPTION_SERVICES
  • INSTALLMENTS

numberOfPayments

Deprecated

   

Maximum number of authorizations for installment payments. Required when transactionInstruction is specified.

Format:

purchaseDate

Deprecated

   

Original purchase date. Required when transactionInstruction is specified.

Format: UNIX Epoch timestamp. The value is in milliseconds.

recurringEndDate

Deprecated

   

The date after which no further recurring authorizations should be performed. Required when transactionInstruction is specified.

Format: UNIX Epoch timestamp. The value is in milliseconds.

recurringFrequency

Deprecated

   

Minimum number of days between recurring authorizations. Required when transactionInstruction is specified.

Format: Integer

payloadTypeIndicator

String Optional

The verbosity of payload requested.

Format: Enum, it is one of the following values:

  • FULL - includes everything; all PCI & PII data (card/token, billing, shipping, consumer)
  • SUMMARY - (default) no JWE. If FULL needed during checkout, SRCi needs to make a request for it explicitly.
  • PAYMENT - same as FULL
  • NON_PAYMENT - only PII (billing, shipping, consumer). It has both SUMMARY and encryptedPayload without card, token, or dynamicData.
  • NONE - just srcCorrelationId (with COMPLETE dcfActionCode)

transactionAmount

TransactionAmount Conditional

Amount of the transaction.

Condtionality: Required for SRC system to facilitate authentication.

merchantOrderId

String Optional

The order identifier generated by the DPA. Typically used for reconciliation process by the DPA.

Format: Universally Unique Identifier (UUID)

merchantCategoryCode

String Optional

Code associated with Merchant Category

Format: 4-digit string

merchantCountryCode

String Optional

The country code associated with the merchant’s billing or shipping address.

Format: ISO-3166 - 1 alpha-2 standard code

Example: US – United States

threeDsInputData

Deprecated

   

If 3DS is requested for the transaction, this attribute is required.

Format: ThreeDSInputData structure

dpaThreeDsPreference

Deprecated

   

Do not specify a value here. Set dpaThreeDsPreference in the dpaData structure instead.

authenticatedCredentialRequested

Deprecated

   

Do not specify a value here. Set the payloadRequested field in the authenticationPreferences structure instead.

SRCi preference to perform authentication and to receive authentication data for the transaction.

Format: It is one of the following values:

  • true
  • false (default)

customInputData

CustomInputData Optional Custom input data elements presented to the SRC System.

DynamicData

Field

Type Mandate

Description

dynamicDataValue

String Conditional

The value of the dynamic data.

Condtionality: Must be provided when dynamicDataType is not NONE.

dynamicDataType

String Required

Type of dynamic data required in the payload.

Format: It is one of the following values:

  • CARD_APPLICATION_CRYPTOGRAM_SHORT_FORM
  • CARD_APPLICATION_CRYPTOGRAM_LONG_FORM
  • CARDHOLDER_AUTHENTICATION_CRYPTOGRAM
  • NONE

dynamicDataExpiration

String Conditional

The requested validity period for the dynamic data in Coordinated Universal Time (UTC).

Condtionality: Must be provided when dynamicDataType is not NONE.

Example: Wed Jan 15 23:40:23 GMT 2020

MaskedAddress

The allowed characters for the address line 1, 2, and 3 are: .',:_#/ ()ÁáÀàÂâÄäÃãÇçÉéÈèÊêËëÍíÎîÏïÑñÓóÔôÕõŒœÚúÙùÛûÜüŸÿÆæĄąĆćĘꣳŃńŚśŹźŻż/

Field

Type Mandate

Description

addressId

String Optional The ID associated with the masked address in the SRC system.

line1

String Optional

Line 1 of the masked address in the SRC system. Required for shipping address.

Format: Alphanumeric, Maximum 140 characters.

Example: 1** M*** St

line2

String Optional

Line 2 of the masked address in the SRC system. Required for shipping address.

Format: Alphanumeric, Maximum 140 characters.

line3

String Optional

Line 3 of the masked address in the SRC system. Required for shipping address.

Format: Alphanumeric, Maximum 140 characters.

city

String Optional

City name associated with the masked address in the SRC system. The address must have the city name in the valid address format for the country.

Format: Alphanumeric, UTF-8 white space; maximum 100 characters

state

String Optional

State code associated with the masked address in the SRC system. The address must have the state name in the valid address format for the country.

Must be a valid 2-characters code for US and CA and a valid 3- characters code for AU.

Example: VA

zip

String Optional

The zip code associated with the masked address.

Format: Alphanumeric, maximum 3–16 characters.

countryCode

String Optional

Country code associated with the masked address in the SRC system.

Format: ISO-3166-1 alpha-2 standard code

Example: US

createTime

String Optional

Date and time the masked address was created.

Format: String; 25 characters

lastUsedTime

String Optional

Date and time the masked address was last used.

Format: UNIX Epoch timestamp. The value is in milliseconds.

MaskedCard

Field

Type Mandate

Description

srcDigitalCardId

String Required

A unique ID associated with the digital card. Represent the PAN or payment token.

Format: Universally Unique Identifier (UUID), maximum 36 characters

panBin

String Required

The bank ID number associated with the card, the first significant digits of the PAN included in an unmasked form.

Format: Numeric maximum length = PAN length - 10

panLastFour

String Required

Last 4 digits of the PAN included in an unmasked form.

Format: Numeric; maximum 4 digits

tokenBinRange String Conditional

Token's BIN range.

Conditionality: Required when CheckoutResponse contains a tokenized payload.

paymentAccountReference

String Required The Payment Account Reference (PAR) associated with the cardholder account that uniquely identifies the account to which the payment card is associated.
tokenLastFour String Conditional

Last 4 digits of the token.

Conditionality: Required when CheckoutResponse contains a tokenized payload.

Format: Numeric; maximum 4 digits

panExpirationMonth

String Required

The month when the account number is set to expire.

Format: Numeric; 2 digits

panExpirationYear

String Required

The year when the account number is set to expire.

Format: Numeric; 4 digits

digitalCardData

DigitalCardData Required

The metadata about the card, which contains digital card information used in the acceptance environment and in the user interface. This data provides a reference to the actual PAN or Payment token without actually disclosing either.

Digital card data is grouped together based on the following categories:

  • Digital card information: data used in request and response messages
  • UI/UX presentation data: the data in user interfaces to provide the consumer with a recognizable descriptor
  • Digital card art: image that accompanies digital card information for user interface purposes.

dateOfCardCreated

String Required

Timestamp that identifies when this card was enrolled into the SRC system.

Format: UNIX Epoch timestamp. The value is in milliseconds.

dateOfCardLastUsed

String Conditional

Timestamp that identifies when this card was last used for an SRC transaction.

Conditionality: Required when the card has been used during a previous transaction.

Format: UNIX Epoch timestamp. The value is in milliseconds.

maskedBillingAddress

MaskedAddress Conditional

Billing address associated with the card, masked for display purposes.

Conditionality: Required when dpaBillingPreference is set to either POSTAL_COUNTRY or FULL and the SRC system posesses a billing address for the selected srcDigitalCardId.

paymentCardType

String Required

Indicates whether the card supports both credit and debit options.

Format: It is a list of one or more of the following values:

  • CREDIT
  • DEBIT
  • COMBO
tokenId String Conditional

Reference identifier to the Token that enables the SRC System to communicate with the Token Service Provider without transmitting the actual PAN/Token; Present when PAN is eligible for tokenization. The reference identifier is associated with the SRC Profile to which the Payment Card belongs and is unique within an SRC System.

Conditionality: Required when CheckoutResponse contains a tokenized payload.

Format: Alphabetic, numeric [A-Z][a-z][0-9,-], and hyphens ( - ), e.g., spaces are not allowed; maximum 36.

MaskedConsumer

Field

Type Mandate

Description

srcConsumerId

String Required

SRC consumer Reference identifier generated by the SRC system.

Format: Universally Unique Identifier (UUID)

countryCode

String Required

Country code associated with the masked address of consumer country in the SRC system.

Format: ISO-3166-1 alpha-2 standard code

languageCode

String Required

Consumer's locale.

Format: Locale, based on ISO format for language (ISO 639-1) and alpha-2 country code (ISO 3166-1 alpha-2). The language and country should be separated using a (_).

status

String Required

Signifies the state of the consumer at any given time at the SRC system.

Format: It is one of the following values:

  • ACTIVE
  • SUSPENDED
  • LOCKED

dateConsumerAdded

String Required

Timestamp that identifies when the consumer was added to the SRC system .

Format: UNIX Epoch timestamp. The value is in milliseconds.

maskedConsumerIdentity

MaskedConsumerIdentity Required Masked value of the primary verifiable consumer Identifier within an SRC profile. For example, an email address or a mobile phone number.

maskedEmailAddress

String Optional

The email address of the consumer.

Note: This field supports internationalization using UTF-8 characters.

Format: A valid email address; maximum 255 characters

maskedFirstName

String Optional

The first name of the consumer.

Note: getSrcProfile response will not return maskedFirstName.

Format: Alphanumeric; maximum 30 characters

maskedLastName

String Optional

The last name of the consumer.

Note: getSrcProfile response will not return maskedLastName.

Format: Alphanumeric; maximum 30 characters

maskedFullName

String Optional

The full name of the consumer.

Format: Alphanumeric; maximum 60 characters

maskedMobileNumber

MaskedMobileNumber Optional The masked mobile number of the consumer.

maskedNationalIdentifier

String Optional

Masked consumer national Identifier

Format: Alphanumeric; maximum 20 characters

complianceSettings

ComplianceSettings Optional Consumer compliance settings

dateConsumerLastUsed

String Optional

Timestamp that identifies when the consumer last transacted to the SRC system.

Format: UNIX Epoch timestamp. The value is in milliseconds.

MaskedConsumerIdentity

Field

Type Mandate

Description

identityType

String Required

The type of primary consumer Identifier to an SRC Profile.

Format: It is one of the following values:

  • EMAIL_ADDRESS
  • MOBILE_PHONE_NUMBER

Example: "identityType": "EMAIL_ADDRESS"

maskedIdentityValue

String Required

Masked consumer’s email address or mobile phone number. The masked identity value for mobile number will be 12 characters, 8 asterisks followed by last 4 digits. 

Example: "maskedIdentityValue":  "xyz**@visa.com********9904" 

MaskedPhoneNumber

Field

Type Mandate

Description

countryCode

String Required

The country code associated with the consumer's phone number.

Format: Numeric string; only digits allowed, leading zeroes ( 0 ), plus signs ( + ), spaces and other alphabetic or alphanumeric characters are not allowed; minimum size 1 digit, maximum size 4 digits.

Example: "1" for the United States or Canada.

phoneNumber

String Required

Masked phone number of the consumer.

Format: String; 12 characters total with 8 asterisks followed by the last 4 digits of the phone number.

Example: "********9904"

MethodAttributes

Field

Type Mandate

Description

challengeIndicator

String Optional

A challenge indicator value related to 3DS authentication.

Format: It is one of the following values:

  • 01 - No preference
  • 02 - No challenge requested
  • 03 - Challenge requested (3DS Requestor Preference)
  • 04 - Challenge requested (Mandate)
  • 05 - No challenge requested (transactional risk analysis is already performed)
  • 06 - No challenge requested (Data share only)
  • 07 - No challenge requested (strong consumer authentication is already performed)
  • 08 - No challenge requested (utilize trust list exemption if no challenge required)
  • 09 - Challenge requested (trust list prompt requested if challenge required)

otpValue

String Conditional

One time password;

Condtionality: Required when authenticationMethodType in the authenticationMethod structure is SMS_OTP or EMAIL_OTP.

Format: Maximum 16 characters.

stepUpIdentifier

String Conditional

Step-up identification;

CondtionalityRequired when authenticationMethodType in the authenticationMethod structure is SMS_OTP, EMAIL_OTP, or APP_AUTHENTICATION.

MethodResults

Attributes related to the results of a given authentication method.

Field

Type Mandate

Description

transStatus

String Optional

Whether a transaction qualifies as an authenticated transaction (for 3DS authentication).

Format: It is one of the following string values:

  • "Y"
  • "R"
  • "C"
  • "N"
  • "U"
  • "A"
  • "D"
  • "I"

dsTransId

String Optional

ID assigned by the DS to identify the transaction (for 3DS authenti­cation).

Format: String; UUID

acsTransId

String Optional

ID assigned by the ACS to identify the transaction (for 3DS authenti­cation).

Format: String; UUID

statusCode String Optional Status of the Tranaction if Approved or Declined by the Issuer
challengeInd String Optional

Transaction if it was challenged or frictionless.

Format: It is one of the following string values:

  • 0 - Frictionless
  • 1 - Challenged
signatureVerification String Optional Transaction Signature status identifier.
enrolled String Optional

Status of Authentication eligibility.

Format: It is one of the following string values:

  • Y - Yes, Bank is participating in 3-D Secure protocol and will return the ACSUrl
  • N - No, Bank is not participating in 3-D Secure protocol
  • U - Unavailable, The DS or ACS is not available for authentication at the time of the request
  • B - Bypass, Merchant authentication rule is triggered to bypass authentication in this use case
    Note: If the Enrolled value is NOT Y, then the Consumer is NOT eligible for Authentication
transactionId String Optional Centinel transaction identifier. This value identifies the transaction within the Centinel system. To complete the transaction, the value is required to be passed on the Authenticate message to link the Lookup and Authenticate message together.
orderId String Optional Centinel generated order identifier. Used to link multiple actions on a single order to a single identifier. Mod-10 compliant and unique BIN range to CardinalCommerce services.
threeDsVersion String Optional

This field contains the 3DS version that was used to process the transaction.

Format: It is one of the following string values:

  • 2.2.0
errorNo String Optional Application error number(s). A non-zero value represents the error encountered while attempting to process the message request.
 
Note: Multiple error numbers are separated by a comma.
cardBrand String Optional Card brand that the transaction was processed for authentication.
 
Will always be VISA
threeDSServerTransactionId String Optional Unique transaction identifier assigned by the 3DS Server to identify a single transaction.

Note: Refer to the EMVCo 3DS Specification for more details on the 3DS ­specific attributes and definitions.

PaymentOptions

Field

Type Mandate

Description

dpaDynamicDataTtlMinutes

String Optional

The minimum requested validity period for the transaction credentials, such as a cryptogram, returned by the SRC system, in minutes.

If this is not provided, the values are determined by the SRCs.

Format: integer

Example: 2

dynamicDataType

String Optional

The dynamic data type.

Format: It is one of the following values:

  • CARD_APPLICATION_CRYPTOGRAM_LONG_FORM – Transaction Authentication Verification Value
  • CARD_APPLICATION_CRYPTOGRAM_SHORT_FORM - Dynamic Token Verification Value
  • CARDHOLDER_AUTHENTION_CRYPTOGRAM - Cardholder Authentication Verification Value
 
  • TAVV Deprecated – Transaction Authentication Verification Value
  • DTVV Deprecated – Dynamic Token Verification Value

dpaPanRequested

Boolean Optional

Whether PAN data is requested.

Format: It is one of the following values:

  • true
  • false (default)

PaymentToken

Field

Type Mandate

Description

paymentToken

String Required

The tokenized payment instrument.

Format: String; ISO/IEC 7812 format

tokenExpirationMonth

String Required

Tokenized payment instrument expiration month.

Format: Numeric, 2 digits; MM

tokenExpirationYear

String Required

Tokenized payment instrument expiration year.

Format: Numeric, 4 digits; YYYY

paymentAccountReference

String Optional

A non-financial reference assigned to each unique PAN and used to link a Payment Account represented by that PAN to affiliated Payment Tokens.

Format: Alphanumeric, maximum 29 characters

PhoneNumber

Field

Type Mandate

Description

countryCode

String Required

The country code associated with the consumer phone number.

Format: The E.164 format includes the country code, the local area code, and the local phone number. No spaces: When adding the number as a contact, there should be no spaces. Remove special characters: All spaces, dashes, and parentheses should be removed, and all characters should be numeric. The country code must not include +.

  • Min Length = 1
  • Max Length = 3

Example: 1

phoneNumber

String Required

Phone number without country code.

Format: The E.164 format. No spaces: When adding the number as a contact, there should be no spaces. Remove special characters: All spaces, dashes, and parentheses should be removed, and all characters should be numeric. For some countries e.g. Australia, leading ‘0’ of the local number needs to be removed while converting to E164 e.g. ‘0423 123 456’ becomes ‘61423123456’

  • Min Length = 4
  • Max Length = 14 with the condition of max length including country code must not exceed 15 digits

RecurringData

Field

Type Mandate

Description

recurringAmount

String Conditional

Recurring amount. Required when recurringData is specified in DPA Transaction Options.

Format: Minor units of currency with all punctuation removed.

Example: 12345 for $123.45 in USD.

SrcProfile

Field

Type Mandate

Description

idToken

JWT Required A unique identifier associated with the masked token. The ID token is returned only for the consumer recognized by this SRC system.

maskedCards

MaskedCard Required Card list of recognized/authenticated consumer.

maskedConsumer

MaskedConsumer Required Recognized consumer.

TransactionAmount

Field

Type Mandate

Description

transactionAmount

String Required

Amount associated with transaction.

Format: Numeric string; maximum 9 digits before an optional decimal point and 4 decimal digits after

transactionCurrencyCode

String Required

Currency code used for the transaction amount.

Format: ISO 4217 alpha-3 currency code

UriData

Field

Type Mandate

Description

uri

String Required

Specifies the URI for the given authentication method.

Format: String; maximum 2048 characters

uriType

String Required

URI type.

Format: It is one of the following values:

  • APP_URI
  • WEB_URI

VerificationData

Field

Type Mandate

Description

verificationType

String Required

Type of verification data.

Format: It is one of the following values:

  • CARDHOLDER

verificationEntity

String Required

Entity performing the verification.

Format: It is one of the following values:

  • 02 - SRC Initiator
  • 03 – SRCPI

Example: "02" or "03"

verificationEvents

String Required

Event causing the verification to occur.

Format: Array that can contain the following values:

  • 01 – Payment transaction

verificationMethod

String Required

Method of verification.

Format: It is one of the following values:

  • 02 – App-based authentication
  • 04 – One-time passcode
  • 07 – FIDO

Example: "02", "04", or "07"

verificationResults

String Required

Result of the verification.

Format: It is one of the following values:

  • 01 – Verified

Example: "01"

verificationTimestamp

String Required

Date and time in UTC that the verification was conducted.

Format: UNIX Epoch timestamp.

methodResults

JSON Optional

Method results.

Format: JSON object