menu

Payment API

What's on this page

Online Payments / Payment Features / 3D-Secure 2 / Compliance Guide

3-D Secure 2 Compliance Guide

The guide helps you prepare for PSD2 SCA compliance using 3-D Secure 2. It provides all the information you need on how to adapt your existing CCV Pay integration. For more information about PSD2, SCA, and 3-D Secure 2, refer to our 3-D Secure 2 overview.

3-D Secure 2 is only applicable for card transactions.For CCV Pay it affects the following payment methods:

  • card
  • landingpage: if you allow to complete these with a card payment
  • vault

3-D Secure 2 requires information about each payment. This document describes the fields providing this information. Issuers will put in place 3-D Secure 2 therefore recommend to provide as much information as possible. It will ensure a higher payment acceptance rate.

The 3-D Secure 2 fields have a strict format. Integrators can choose to let CCV Pay validate the data it receives. We encourage integrators to use this feature.

Consequences of not being 3-D Secure 2 compliant

CCV Pay provides a solution for being 3-D Secure 2 compliant. It is up to you to ensure that the information per transaction conforms to the 3-D Secure 2 specification. Schemes like Visa and MasterCard state that they will enforce this specification in the future. Non-compliant implementations can result in issuers declining your transactions, leading to lower conversion rates.

Use Cases

Card payment

Using our Card Payment Page

This is a standard card payment extended with the new 3-D Secure 2 data. The flow between your integration and CCV Pay does not change. However, the customer journey will be different in case of 3-D Secure 2 authentication. Instead of a redirect, CCV Pay shows a pop-up with the challenge.

  1. You initiate a new transaction with the 3-D Secure 2 compliant data

    {
    "amount" : 10.99,
    "currency" : "eur",
    "method" : "card",
    "returnUrl" : "https://shop.merchant.com/return?order=123456",
    "merchantOrderReference" : "123456",
    "description" : "Order 123456",
    "language" : "nld",
    "billingAddress": "Westvoortsedijk",
    "billingCity": "Arnhem",
    "billingState": "GE",
    "billingPostalCode" :"6827 AT",
    "billingCountry": "NL",
    "billingHouseNumber": "55",
    "accountInfo": {
        "accountIdentifier": "7cec0016-0bf3-45c7-bc1a-7916750a39a2",
        "accountCreationDate": "20190101",
        "passwordChangeIndicator": "CHANGED_DURING_TRANSACTION",
        "email": "john.doe@ccvlab.eu",
        "workPhoneCountry": "31",
        "workPhoneNumber": "11193500",
        "authenticationMethod": "OWN_CREDENTIALS"
    },
    "merchantRiskIndicator": {
        "deliveryEmailAddress": "johny.doe@ccvlab.eu",
        "deliveryTimeframe": "SAME_DAY",
        "passwordChangeIndicator": "CHANGED_DURING_TRANSACTION",
        "shippingIndicator": "BILLING_ADDRESS"
    },
    "threeds2RequestInfo": {
        "challengeIndicator": "NO_PREFERENCE",
        "transactionType": "GOODS_AND_SERVICES_PURCHASE"
    }
}

  2. CCV Pay responds with a generated transaction containing a unique payUrl

    {
     "method": "card",
     "reference": "C200603121922297CB87E190.2",
     "currency": "eur",
     "created": 1591179562332,
     "language": "nld",
     "billingAddress": "Westvoortsedijk",
     "billingCity": "Arnhem",
     "billingPostalCode": "6827 AT",
     "billingCountry": "NL",
     "amount": 10.99,
     "billingState": "GE",
     "merchantOrderReference": "123456",
     "billingHouseNumber": "55",
     "returnUrl": "https://shop.merchant.com/return?order=123456",
     "payUrl": "https://onlinepayments.ccv.eu/card/payment.html?reference=C200603121922297CB87E190.2",
     "lastUpdate": 1591179562332,
     "cancelUrl": "https://onlinepayments.ccv.eu/card/cancel/merchant?reference=C200603121922297CB87E190.2",
     "description": "Order 123456",
     "status": "pending",
     "type": "sale"
}

  3. You redirect the customer to the payUrl

  4. The customer submits their/her card data

  5. CCV Pay verifies if 3-D Secure 2 is applicable. If so:

    • If the issuer allows frictionless authentication: CCV Pay redirects the customer to your returnUrl
    • If the issuer asks for authentication: CCV Pay shows a challenge in a pop-up to the customer on the hosted page. After the customer completes the challenge, CCV Pay redirects the customer to your returnUrl

Using a Vault Access Token

This is a standard card payment extended with the new 3-D Secure 2 data. The flow between your integration and CCV Pay does not change. However, the customer’s journey will be different in case of a 3-D Secure 2 authentication. Instead of a redirect, CCV Pay shows a pop-up with the challenge.

  1. You initiate a new transaction with a vaultAccessToken

    {
    "details": {
        "vaultAccessToken": "48EC3B2DF1EF84D0D1737629"
    },
    "amount" : 10.99,
    "currency" : "eur",
    "method" : "card",
    "returnUrl" : "https://shop.merchant.com/return?order=123456",
    "merchantOrderReference" : "123456",
    "description" : "Order 123456",
    "language" : "nld",
    "billingAddress": "Westvoortsedijk",
    "billingCity": "Arnhem",
    "billingState": "GE",
    "billingPostalCode" :"6827 AT",
    "billingCountry": "NL",
    "billingHouseNumber": "55",
    "accountInfo": {
        "accountIdentifier": "7cec0016-0bf3-45c7-bc1a-7916750a39a2",
        "accountCreationDate": "20190101",
        "passwordChangeIndicator": "CHANGED_DURING_TRANSACTION",
        "email": "john.doe@ccvlab.eu",
        "workPhoneCountry": "31",
        "workPhoneNumber": "11193500",
        "authenticationMethod": "OWN_CREDENTIALS"
    },
    "merchantRiskIndicator": {
        "deliveryEmailAddress": "johny.doe@ccvlab.eu",
        "deliveryTimeframe": "SAME_DAY",
        "passwordChangeIndicator": "CHANGED_DURING_TRANSACTION",
        "shippingIndicator": "BILLING_ADDRESS"
    },
    "threeds2RequestInfo": {
        "challengeIndicator": "NO_PREFERENCE",
        "transactionType": "GOODS_AND_SERVICES_PURCHASE"
    }
}

  2. CCV Pay responds with a generated transaction containing a unique payUrl

    {
    "method": "card",
    "reference": "C200603124543752CB87E195.2",
    "currency": "eur",
    "created": 1591181143828,
    "language": "nld",
    "brand": "visa",
    "billingAddress": "Westvoortsedijk",
    "billingCity": "Arnhem",
    "billingPostalCode": "6827 AT",
    "billingCountry": "NL",
    "amount": 10.99,
    "details": {
        "cardholderFirstName": "j",
        "maskedPan": "4111XXXXXXXX1111",
        "cardholderLastName": "l"
    },
    "billingState": "GE",
    "merchantOrderReference": "123456",
    "billingHouseNumber": "55",
    "returnUrl": "https://shop.merchant.com/return?order=123456",
    "payUrl": "https://onlinepayments.ccv.eu/card/payment.html?reference=C200603124543752CB87E195.2",
    "lastUpdate": 1591181143828,
    "cancelUrl": "https://onlinepayments.ccv.eu/card/cancel/merchant?reference=C200603124543752CB87E195.2",
    "description": "Order 123456",
    "status": "pending",
    "type": "sale"
}

  3. Depending on your account configuration there are 2 options

    1. If 3-D Secure is enabled for your account,
      1. You must redirect the customer to the payUrl
      2. CCV Pay verifies if 3-D Secure 2 is applicable. If so:
        • If the issuer allows frictionless authentication: CCV Pay redirects the customer to your returnUrl
        • If the issuer asks for authentication: CCV Pay shows a challenge in a pop-up to the customer on the hosted page. After the customer completes the challenge, CCV Pay redirects the customer to your returnUrl
    2. If 3-D Secure is not enabled for your account, you don’t need to redirect the customer.
    • If you do, CCV Pay immediately redirects the customer to your returnUrl

  4. CCV Pay sends the authorisation to the issuer for completion

Vault enrollment

This is a standard vault enrollment extended with the new 3-D Secure 2 data. The flow between your integration and CCV Pay does not change. However, the customer’s journey will be different in case of a 3-D Secure 2 authentication. Instead of a redirect, CCV Pay shows a pop-up with the challenge.

Note


Vault enrollment for an SCA required card is always presented with a 3-D Secure 2 authentication challenge pop-up window. The threeds2RequestInfo.challengeIndicator is ignored and can therefore be omitted from the request. The details.scaToken field inside the vault transaction response is set to true to indicate that the cardholder authentication was performed using 3-D Secure.

  1. You initiate a new transaction 
    {
    "dataType": "card",
    "returnUrl" : "https://shop.merchant.com/return?order=123456",
    "merchantOrderReference" : "123456",
    "description" : "Order 123456",
    "language" : "nld",
    "billingAddress": "Westvoortsedijk",
    "billingCity": "Arnhem",
    "billingState": "GE",
    "billingPostalCode" :"6827 AT",
    "billingCountry": "NL",
    "billingHouseNumber": "55",
    "accountInfo": {
        "accountIdentifier": "7cec0016-0bf3-45c7-bc1a-7916750a39a2",
        "accountCreationDate": "20190101",
        "passwordChangeIndicator": "CHANGED_DURING_TRANSACTION",
        "email": "john.doe@ccvlab.eu",
        "workPhoneCountry": "31",
        "workPhoneNumber": "11193500",
        "authenticationMethod": "OWN_CREDENTIALS"
    },
    "merchantRiskIndicator": {
        "deliveryEmailAddress": "johny.doe@ccvlab.eu",
        "deliveryTimeframe": "SAME_DAY",
        "passwordChangeIndicator": "CHANGED_DURING_TRANSACTION",
        "shippingIndicator": "BILLING_ADDRESS"
    },
    "threeds2RequestInfo": {
        "transactionType": "GOODS_AND_SERVICES_PURCHASE"
    }
}
  2. CCV Pay responds with a generated transaction containing a unique payUrl 
    {
    "method": "vault",
    "reference": "V200603125210957CB87E19A.2",
    "created": 1591181531005,
    "language": "nld",
    "billingAddress": "Westvoortsedijk",
    "billingCity": "Arnhem",
    "billingPostalCode": "6827 AT",
    "billingCountry": "NL",
    "billingState": "GE",
    "merchantOrderReference": "123456",
    "billingHouseNumber": "55",
    "returnUrl": "https://shop.merchant.com/return?order=123456",
    "payUrl": "https://onlinepayments.ccv.eu/card/payment.html?reference=C200603125210968CB87E19B.2",
    "lastUpdate": 1591181531005,
    "description": "Order 123456",
    "status": "pending",
    "type": "token"
}
  3. You redirect the customer to the payUrl
  4. The customer submits their/her card data
  5. CCV Pay verifies if 3-D Secure 2 is applicable. If so:
    • If the issuer allows frictionless authentication, CCV Pay redirects the customer to your returnUrl
    • If the issuer asks for authentication, CCV Pay shows a challenge in a pop-up to the customer on the hosted page. After the customer completes the challenge, CCV Pay redirects the customer to your returnUrl
  6. CCV Pay sends the authorisation to the issuer for completion
  7. You read the transaction to get the status and the Vault Access Token

Landing page payments

This is a standard landing page payment extended with the new 3-D Secure 2 data. The flow between your integration and CCV Pay does not change. However, the customer’s journey will be different in case of a 3-D Secure 2 authentication. Instead of a redirect, CCV Pay shows a pop-up with the challenge.

  1. You initiate a new transaction with the 3-D Secure 2 compliant data

    {
    "amount" : 10.99,
    "currency" : "eur",
    "method" : "landingpage",
    "returnUrl" : "https://shop.merchant.com/return?order=123456",
    "merchantOrderReference" : "123456",
    "description" : "Order 123456",
    "language" : "nld",
    "billingAddress": "Westvoortsedijk",
    "billingCity": "Arnhem",
    "billingState": "GE",
    "billingPostalCode" :"6827 AT",
    "billingCountry": "NL",
    "billingHouseNumber": "55",
    "accountInfo": {
        "accountIdentifier": "7cec0016-0bf3-45c7-bc1a-7916750a39a2",
        "accountCreationDate": "20190101",
        "passwordChangeIndicator": "CHANGED_DURING_TRANSACTION",
        "email": "john.doe@ccvlab.eu",
        "workPhoneCountry": "31",
        "workPhoneNumber": "11193500",
        "authenticationMethod": "OWN_CREDENTIALS"
    },
    "merchantRiskIndicator": {
        "deliveryEmailAddress": "johny.doe@ccvlab.eu",
        "deliveryTimeframe": "SAME_DAY",
        "passwordChangeIndicator": "CHANGED_DURING_TRANSACTION",
        "shippingIndicator": "BILLING_ADDRESS"
    },
    "threeds2RequestInfo": {
        "challengeIndicator": "NO_PREFERENCE",
        "transactionType": "GOODS_AND_SERVICES_PURCHASE"
    }
}

  2. CCV Pay responds with a generated transaction containing a unique payUrl

    {
     "method": "landingpage",
     "reference": "L200603161403114CB87E19E.2",
     "currency": "eur",
     "created": 1591193643343,
     "language": "nld",
     "billingAddress": "Westvoortsedijk",
     "billingCity": "Arnhem",
     "billingPostalCode": "6827 AT",
     "billingCountry": "NL",
     "amount": 10.99,
     "details": {
         "expirationDuration": "P0Y2M1DT0H0M0.000S"
     },
     "billingState": "GE",
     "merchantOrderReference": "123456",
     "billingHouseNumber": "55",
     "returnUrl": "https://shop.merchant.com/return?order=123456",
     "payUrl": "https://onlinepayments.ccv.eu/landingpage/payment.html?reference=L200603161403114CB87E19E.2",
     "lastUpdate": 1591193643343,
     "description": "Order 123456",
     "status": "pending",
     "type": "sale"
 }

  3. You redirect the customer to the payUrl

  4. The customer selects Card as the payment method

  5. The customer submits their/her card data

  6. CCV Pay verifies if 3-D Secure 2 is applicable. If so:

    • If the issuer allows frictionless authentication, CCV Pay redirects the customer to your returnUrl
    • If the issuer asks for authentication, we show a challenge in a pop-up to the customer on the hosted page. After the customer completes the challenge, CCV Pay redirects the customer to your returnUrl

  7. CCV Pay sends the authorisation to the issuer for completion

Test and go live

The validation rules apply for test and live transactions. You can use a test api key to verify your changes before executing any live transactions.

API Changes

3-D Secure 2 has a significant impact on the API for both existing and new fields. The following section highlights these changes on format and validation. A complete overview of our API is located at the API-reference page.

Each field consists of the following specification to construct a valid request message.

  • Name: the JSON field name of the data element,
  • Type: the JSON type of the data element,
  • Size: if applicable, the minimum and/or maximum character length of the data element,
  • Format: if applicable, the format or allowed values of the element data,
  • Inclusion: determines if the data element in the message is required or optional,
  • Description: describes the purpose of the field and provides additional information if available.

Validation

The 3-D Secure 2 fields have a strict format. Merchants can choose to let CCV Pay validate these fields using the scaReady flag. By default this feature is disabled.

Setting the scaReady flag to yes has the following repercussions:

  • Strict validation of the format and size of the fields,
  • Validation on inclusion of required fields,
  • Any data element that does not comply with the specification results in one or more input error.

Info


The scaReady flag only applies to validation. The usage of 3-D Secure does not depend on this flag.

Inclusion

  • Required: the data element must be included. If not present, an input error is returned,
  • Optional: the data element may be included but not required. If present, it must conform to the specification.

Note


Most 3-D Secure 2 data is optional. We recommend to add as much data as possible to the request. It increases the chance of Frictionless authentication.

Transaction Request

The following fields are applicable for both payment and vault transactions.

Name Type Size Format Inclusion Description
scaReady boolean 2-3 Possible values: yes or (default) no Optional Value set by the payment initiator to indicate that all the required data for 3-D Secure 2 overview is provided for this payment and must be validated by CCV Pay
billingAddress string 50 Required if scaReady set to yes, else optional The cardholder billing address. May contain house number and/or extension
billingCity string 50 Required if scaReady set to yes, else optional The cardholder billing city
billingState string 1-3 The country subdivision code as defined in the Country Subdivision Codes - ISO 3166-2 Required if scaReady set to yes, else optional The cardholder billing state
billingPostalCode string 16 Required if scaReady set to yes, else optional The cardholder billing postal code
billingCountry string 2 ISO 3166 alpha-2 code Required if scaReady set to yes, else optional The cardholder billing country
billingHouseNumber string 10 Optional The cardholder address number. May also be part of billingAddress
billingHouseExtension string 10 Optional The cardholder address box, apartment or other additional indicator. May also be part of billingAddress
billingPhoneNumber string 12-15 The subscriber-section of a telephone number as defined in the ITU-T E.164 specification Required if scaReady set to yes, else optional The cardholder billing phone number
billingPhoneCountry string 1-3 The telephone number country code as defined in the ITU-T E.164 - list and ITU-T E.164 - Complementary list Required if scaReady set to yes, else optional The cardholder billing phone country code
shippingAddress string 50 Optional The cardholder shipping address. May contain house number and/or extension
shippingCity string 50 Optional The cardholder shipping city
shippingState string 1-3 The country subdivision code as defined in the Country Subdivision Codes - ISO 3166-2 Optional The cardholder shipping state
shippingPostalCode string 16 Optional The cardholder shipping postal code
shippingCountry string 2 ISO 3166 alpha-2 code Optional The cardholder shipping country
shippingHouseNumber string 10 Optional The cardholder address number. May also be part of shippingAddress
shippingHouseExtension string 10 Optional The cardholder address box, apartment or other additional indicator. May also be part of shippingAddress
sequenceInfo object Optional Indicates if the payment is part of a sequence
accountInfo object Optional Information about the account of the cardholder with the merchant
threeds2RequestInfo object Optional Information about the merchants 3-D Secure 2 requirements for this transaction
merchantRiskIndicator object Optional Information about the specific purchase by the cardholder
browserInfo object Required if you capture card data, else optional Accurate Browser information used by the issuer for risk assessment

More on Billing & Shipping Information

If your integration already provides billing and shipping information, it might require some changes:

  • If you provide any fields, you must provide them within the size limits. In practice most integrations provide them within these bounds so we expect little impact,
  • If you provide the state, you must provide it as a Country Subdivision Code - ISO 3166-2 ,
  • If you provide the house number or extension in the separate fields, CCV Pay will add them to the address,
  • If you do not provide any shipping fields, CCV Pay uses the billing information as shipping information,
  • If you provide one or more shipping fields, the billing default will not apply. You must provide all shipping fields,
  • If you provide a phone number, you must provide the country code in a separate field e.g.: billingPhoneCountry.

Billing example with explicit house number and extension

{
    "billingAddress": "Westvoortsedijk",
    "billingCity": "Arnhem",
    "billingState": "GE",
    "billingPostalCode" :"6827 AT",
    "billingCountry": "NL",
    "billingHouseNumber": "55",
    "billingHouseExtension": "Bus 1",
    "billingPhoneNumber": "11193500",
    "billingPhoneCountry": "31"
}

Billing example with house number and extension as part of the address

{
    "billingAddress": "Westvoortsedijk 55, Bus 1",
    "billingCity": "Arnhem",
    "billingState": "GE",
    "billingPostalCode" :"6827 AT",
    "billingCountry": "NL",
    "billingPhoneNumber": "11193500",
    "billingPhoneCountry": "31"
}

Payment Sequence Information Object

This is applicable if you want to inform the card issuer if this payment is part of a sequence. The information is optional.

Info


CCV Pay does not provide automated recurring or instalments. This is only meta information for 3-D Secure 2 and will be used for risk assessment by the issuer.

Name Type Size Format Inclusion Description
type string Possible Values:
EXPRESS_CHECKOUT
RECURRING
INSTALMENT
UNSCHEDULED		 Required If the payment is part of a sequence of payments, indicate the type of sequence
instalmentMaxAuthorisations integer 3 Required if type is INSTALMENT and mode is INITIAL If the payment is part of an instalment, the maximum number of instalments allowed with this authentication
recurringExpiry string 8 Date formatted in YYYYMMDD Required if type is RECURRING and mode is INITIAL If the payment is part of a recurring payment, the date that the last recurring payment is executed
recurringFrequency integer 3 Required if type is RECURRING and mode is INITIAL If the payment is part of a recurring payment, the number of days between each recurring payment
mode string Possible Values:
INITIAL
SUBSEQUENT		 Required if type is RECURRING, INSTALMENT or UNSCHEDULED If the payment is part of an unscheduled sequence, indicate if the transaction is the initial or subsequent transaction
source string Possible Values:
CIT
MIT		 Required if type is RECURRING, INSTALMENT or UNSCHEDULED Indicate who the initiator is of the payment
initialTransactionId string Max 20 Required if type is RECURRING, INSTALMENT or UNSCHEDULED and no vault access token is used If the payment is part of a chain of transactions, the reference to the initial or last subsequent transaction of the chain
industryPractice string Possible Values:
INCREMENTAL
DELAYED_CHARGES
NO_SHOW
REAUTHORIZATION
RESUBMISSION
Optional If the payment is a change of an existing CIT, indicate what industry practice triggered the change

Instalment Example

{
    "sequenceInfo": {
      "type": "INSTALMENT",
      "mode": "INITIAL",
      "source": "CIT",
      "instalmentMaxAuthorisations": "12"
    }
}

Recurring Example

{
    "sequenceInfo": {
      "type": "RECURRING",
      "mode": "INITIAL",
      "source": "CIT",
      "recurringExpiry": "20211231",
      "recurringFrequency": "12"
    }
}

Account information Object

The Account Information contains optional information about the account of the cardholder with the merchant.

Note


Provide at least the following fields if available to improve the issuer's risk assessment: email, homePhoneNumber + homePhoneCountry, and mobilePhoneNumber + mobilePhoneCountry.

Note: Time periods can be defined with an exact date or with an approximate indicator. You can choose either, a date or an indicator.

Name Type Size Format Inclusion Description
accountIdentifier string max 64 Optional Identification of the customer account with the merchant
accountAgeIndicator string Possible values:
NO_ACCOUNT (guest check-out)
CREATED_DURING_TRANSACTION
LESS_THAN_30_DAYS:
30_TO_60_DAYS
MORE_THAN_60_DAYS		 Optional Indicator when the customer created the account with the merchant
accountCreationDate string 8 Date formatted in YYYYMMDD Optional Date that the customer created the account with the merchant
accountChangeIndicator string Possible values:
CHANGED_DURING_TRANSACTION
LESS_THAN_30_DAYS
30_TO_60_DAYS
MORE_THAN_60_DAYS		 Optional Indicator when the customer last changed the account with the merchant
accountChangedDate string 8 Date formatted in YYYYMMDD Optional Date that the customer last changed the account with the merchant
passwordChangeIndicator string Possible values:
NO_CHANGE
CHANGED_DURING_TRANSACTION
LESS_THAN_30_DAYS
30_TO_60_DAYS
MORE_THAN_60_DAYS		 Optional Indicator when the customer had a password change
passwordChangeDate string 8 Date formatted in YYYYMMDD Optional Date that the customer had a password change
purchasesLast6Months string 1-4 Optional Number of purchases with this cardholder account during the previous six months
attemptsToAddLastDay string 1-3 Optional Number of Add Card attempts in the last 24 hours
transactionLastDay string 2 Optional Number of transactions (successful and abandoned) for this cardholder account with the merchant across all payment accounts in the previous 24 hours
transactionLastYear string 3 Optional Number of transactions (successful and abandoned) for this cardholder account with the merchant across all payment accounts in the previous year
paymentAccountDate string 8 Date formatted in YYYYMMDD Optional Date that the payment account was enrolled in the cardholder’s account with the merchant
paymentAccountIndicator string Possible values:
NO_ACCOUNT(guest check-out)
DURING_TRANSACTION
LESS_THAN_30_DAYS
30_TO_60_DAYS
MORE_THAN_60_DAYS		 Optional Indicates the length of time that the payment account was enrolled in the cardholder’s account with the merchant
shippingAddressFirstUsage string 8 Date formatted in YYYYMMDD Optional Date when the shipping address used for this transaction was first used with the merchant
shippingAddressUsageIndicator string Possible values:
THIS_TRANSACTION
LESS_THAN_30_DAYS
30_TO_60_DAYS
MORE_THAN_60_DAYS		 Optional Indicates when the shipping address used for this transaction was first used with the merchant
shippingNameIndicator string Possible values:
IDENTICAL
DIFFERENT		 Optional Indicates if the cardholder Name on the account is identical to the shipping Name used for this transaction
suspiciousAccountActivity string Possible values:
NOT_SUSPICIOUS
SUSPICIOUS		 Optional Indicates whether the merchant has experienced suspicious activity (including previous fraud) on the cardholder account
email string 1-254 Shall meet requirements of Section 3.4 of IETF RFC 5322 . Optional The email address associated with the account that is either entered by the cardholder, or is on file with the merchant. Defaults to billingEmail
workPhoneNumber string max 15 Data formatted according to the ITU-T E.164 specification. Optional The subscriber section of a work phone number provided by the cardholder
workPhoneCountry string 1-3 Possible values: ITU-T E.164 - list , ITU-T E.164 - Complementary list . Optional The Country code section of a work phone number provided by the cardholder
homePhoneNumber string max 15 Data formatted according to the ITU-T E.164 specification. Optional The subscriber section of a home phone number provided by the cardholder
homePhoneCountry string 1-3 Possible values: ITU-T E.164 - list , ITU-T E.164 - Complementary list . Optional The Country code section of a home phone number provided by the cardholder
mobilePhoneNumber string max 15 Data formatted according to the ITU-T E.164 specification. Optional The subscriber section of a mobile phone number provided by the cardholder
mobilePhoneCountry string 1-3 Possible values: ITU-T E.164 - list , ITU-T E.164 - Complementary list . Optional The Country code section of a mobile number provided by the cardholder
authenticationMethod string Possible values:
NO_LOGIN
OWN_CREDENTIALS
FEDERATED_ID
ISSUER_CREDENTIALS
THIRD_PARTY_AUTH
FIDO_AUTH		 Optional
authenticationTimestamp string 12 Date formatted in YYYYMMDDHHMM Optional Date and time in UTC of the cardholder authentication
dateOfBirth string 8 Date formatted in YYYYMMDD Optional Date of birth of the customer

Example

{
    "accountInfo": {
        "accountIdentifier": "7cec0016-0bf3-45c7-bc1a-7916750a39a2",
        "accountCreationDate": "20190101",
        "passwordChangeIndicator": "CHANGED_DURING_TRANSACTION",
        "email": "john.doe@ccvlab.eu",
        "workPhoneCountry": "31",
        "workPhoneNumber": "11193500",
        "authenticationMethod": "OWN_CREDENTIALS"
    }
}

3-D Secure 2 Request Information Object

The 3-D Secure 2 Request Information contains optional information about the merchants 3-D Secure 2 related requirements for this transaction.

Name Type Size Format Inclusion Description
challengeIndicator string Possible values:
NO_PREFERENCE (default)
NO_CHALLENGE
REQUEST_BY_MERCHANT_PREFERENCE
REQUEST_FOR_MANDATE		 Optional Indicates whether a 3-D Secure 2 challenge is requested for this transaction. For more information see 3-D Secure 2 Challenge Indicator
transactionType string Possible values:
GOODS_AND_SERVICES_PURCHASE (default)
CHECK_ACCEPTANCE
ACCOUNT_FUNDING
QUASI_CASH_TRANSACTION
PREPAID_ACTIVATION_AND_LOAD		 Optional Identifies the type of transaction being authenticated

Example

{
    "threeds2RequestInfo": {
        "challengeIndicator": "NO_CHALLENGE",
        "transactionType": "CHECK_ACCEPTANCE"
    }
}

Challenge Indicator

Dependent on the use case, a different challenge indicator should be used

Use Case Indicator Description
Redirect Payment NO_PREFERENCE The customer is redirect to us and provides the card details on our payment form
No-click / one-click payment NO_CHALLENGE Payment with vault access token. The customer already provided their card details during a card enrollment
Store Card-on-File REQUEST_BY_MERCHANT_PREFERENCE Payment which includes adding the card to our vault (storeInVault = yes) or a vault enrollment
Recurring / Instalment REQUEST_FOR_MANDATE First payment of recurring or instalment sequence

Liability

In general, if 3-D Secure 2 is used, the issuer is liable in case of charge backs by the cardholder or fraudulent transactions. However, as a merchant you can indicate if you want your customer to be challenged or not with an exemption. In general, when an exemption is requested by the merchant, the liability shifts towards the merchant.

The challenge indicator can be used to indicate if you want an exemption or not.

Indicator Liability Description
NO_PREFERENCE Issuer Issuer decides if challenge is required
NO_CHALLENGE Merchant Merchant requests no challenge. Issuer decides if challenge is required
REQUEST_BY_MERCHANT_PREFERENCE Issuer Issuer decides if challenge is required
REQUEST_FOR_MANDATE Issuer Issuer decides if challenge is required

Merchant Risk Indicator Object

The Merchant Risk Indicator contains optional information about the specific purchase by the cardholder.

Name Type Size Format Inclusion Description
deliveryEmailAddress string max 254 Optional For Electronic delivery, the email address to which the merchandise was delivered. Defaults to billingEmail or shippingEmail
deliveryTimeframe string Possible values:
ELECTRONIC
SAME_DAY
OVERNIGHT
TWO_DAY_OR_MORE		 Indicates the merchandise delivery timeframe
giftCardAmount string 15 Optional For prepaid or gift card purchase, the purchase amount total of prepaid or gift card(s) in major units (for example, USD 123.45 is 123)
giftCardCount string 15 Optional For prepaid or gift card purchase, total count of individual prepaid or gift cards/codes purchased
giftCardCurrency string 3 ISO 4217 numeric code Optional For prepaid or gift card purchase, the currency code of the card
preOrderDate string 8 Date formatted in YYYYMMDD Optional For a pre-ordered purchase, the expected date that the merchandise will be available
preOrderPurchaseIndicator string Possible values:
AVAILABLE
FUTURE_AVAILABILITY		 Optional Indicates whether cardholder is placing an order for merchandise with a future availability or release date
reorderItemsIndicator string Possible values:
FIRST_TIME
REORDERED		 Optional Indicates whether the cardholder is reordering previously purchased merchandise
shippingIndicator string Possible values:
BILLING_ADDRESS
VERIFIED_ADDRESS
NOT_BILLING_ADDRESS
LOCAL_STORE_PICKUP
DIGITIAL_GOODS
TRAVEL_AND_EVENT_TICKETS
OTHER		 Optional Indicates shipping method chosen for the transaction

Example

{
    "merchantRiskIndicator": {
        "deliveryEmailAddress": "johny.doe@ccvlab.eu",
        "deliveryTimeframe": "SAME_DAY",
        "passwordChangeIndicator": "CHANGED_DURING_TRANSACTION",
        "shippingIndicator": "BILLING_ADDRESS",
        "giftCardAmount": "10.99",
        "giftCardCount": "1",
        "giftCardCurrency": "978"
    }
}

Shipping indicator

Merchants must choose the Shipping Indicator code that most accurately describes the cardholder’s specific transaction, not their general business.

If one or more items are included in the sale, use the Shipping Indicator code for the physical goods, or if all digital goods, use the Shipping Indicator code that describes the most expensive item.

Browser Information Object

Accurate Browser Information is obtained for the issuer to determine the ability to support authentication on a particular cardholder browser for each transaction.

This information will be required if you are capturing the card data on your own PCI compliant environment.

If you redirect the customer to CCV Pay, we obtain the information from the cardholder’s browser. In that case the browser object-field is optional.

Info


If you provide any of these fields, you must provide all of them!

Name Type Size Format Inclusion Description
javaEnabled boolean Optional Boolean that represents the ability of the cardholder browser to execute Java
acceptHeaders string max 2048 Optional The content of the HTTP accept headers as sent to the merchant from the cardholder’s browser
ipAddress string max 45 Accepted values: IPv4 and IPv6 Optional IP address of the browser as returned by the HTTP headers to the merchant
language string 1-8 Optional Value representing the browser language as defined in IETF BCP47
screenColorDepth string 1-2 Possible values:
1: 1 bit
4: 4 bit
8: 8 bit
15: 15 bit
16: 16 bit
24: 24 bit
32: 32 bit
64: 64 bit		 Optional Value representing the bit depth of the colour palette for displaying images, in bits per pixel
screenHeight string 1-6 Optional Total height of the cardholder’s screen in pixels
screenWidth string 1-6 Optional Total width of the cardholder’s screen in pixels
timeZone string 1-5 Optional Time difference between UTC time and the cardholder browser local time, in minutes
userAgent string max 2048 Optional The content of the HTTP user-agent header
challengeWindowSize string Possible values:
W250H400
W390H400
W500H600
W600H400
FULL_SCREEN		 Optional Dimensions of the challenge pop-up that is presented to the cardholder

You can extract this information partially from the browser using JavaScript

function BrowserInfo() {
    this.language = navigator.language;
    this.screenColorDepth = window.screen.colorDepth;
    this.screenHeight = window.screen.height;
    this.screenWidth = window.screen.width;
    this.timeZone = new Date().getTimezoneOffset();
}

The fields acceptHeaders, userAgent can be extracted from the incoming web request.

Example

{
    "browserInfo": {
        "javaEnabled": false,
        "acceptHeaders": "application/json, text/javascript, */*; q=0.01",
        "ipAddress": "127.0.0.1",
        "language": "nl",
        "screenColorDepth": "24",
        "screenHeight": "2160",
        "screenWidth": "3840",
        "timeZone": "-120",
        "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Firefox/68.0",
        "challengeWindowSize": "500X600"
    }
}