Visa Secure EMV® 3DS authentification
To search in the page use Ctrl+F on your keyboard
Visa Business News: modification of 3DS fields required
The effective date has been postponed to August 12, 2024, and the number of fields required in the 3-D Secure authentication request has been reduced from 12 to 7.
From mid August 2024, Visa will require 7 fields to be filled in the authentication request (AReq) in order to enhance its scoring tool and optimize Frictionless buying journeys.
In order to comply with the new Visa regulations, you will need to fill in 7 mandatory fields in the payment request sent to Worldline Sips, regardless of your integration method (Sips Paypage or Sips Office).
For information, despite the change in status of certain fields (from mandatory to recommended), Visa recommends in its January 2024 note to fill in the 12 fields below in order to improve decision making regarding authentication.
Please find below the list of fields concerned :
| Recommanded status | Fields required by Visa | Fields to be filled in your requests to Worldline Sips | Additional information |
|---|---|---|---|
| Mandatory | Browser IP Address | customerIpAddress | Field populated by Worldline Sips, if not provided by the merchant |
| Mandatory | Browser Screen Height | N/A | Field populated by Worldline Sips |
| Mandatory | Browser Screen Width | N/A | Field populated by Worldline Sips |
| Recommended | Cardholder Billing Address City | billingAddress.city | Field limited to 50 characters, ANU50(restricted String) |
| Recommended | Cardholder Billing Address Country | billingAddress.country | ISO 3166-1, 3 country letters as required by EMVCo 2.2 specifications (e.g. FRA) |
| Recommended | Cardholder Billing Address Line | billingAddress.addressAdditional1 | Field limited to 50 characters, ANU50(restricted String) |
| Recommended | Cardholder Billing Address Postal Code | billingAddress.zipCode | Field limited to 10 characters, ANU10(restricted String) |
| Recommended | Cardholder Billing Address State | billingAddress.citystate | Field limited to 30 characters, ANU30(restricted String) |
| Mandatory | Cardholder Email Address | holderContact.email | Field limited to 128 characters, ANU128(email) |
| Mandatory | Cardholder Name | holderContact.firstName et holderContact.lastName | Fields limited to 50 characters each, ANU50(restricted String) |
| Mandatory | Cardholder Phone Number (Work/Home/Mobile) | holderContact.workPhone ou holderContact.phone ou holderContact.mobile | At least 1 of the 3 fields must be provided; they are limited to 30 characters, ANS30(phone) |
| Mandatory | Common Device Identification Parameters | N/A | Field to be provided only for transactions from a Software Development Kit; not applicable (Worldline Sips does not provide a SDK) |
It is recommended to provide both phone and email data fields for authentication, however, if the merchant only collects one of the data fields, then providing one of the two options satisfies the minimum data requirement.
For phone number fields:
- accepted formats: +33612345678, +330612345678, +336-12-34-56-78, +33-6-12-34-56-78, +336 12 34 56 78, +33 6 12 34 56 78
- not accepted formats: 0612345678, 0033612345678, 00330612345678, 33612345678
For the fields mentioned above, Worldline Sips will not check, block or add data by default. The data will be transmitted as it is, to the Visa Directory Server.
According to Visa, more data merchants provide, more accurate the issuers’ scoring tools will be and more frictionless buying journeys, they will be able to offer.
If a merchant does not send this additional data, they will not be penalized but will not benefit from this optimized frictionless buying journeys.
For any further information, please contact your usual Worldline Sips contacts.
