Webhook Event Codes

The following page describes each of the event codes available as part of Thredd's Event Delivery Service.

Event Code 101 - Fraud Rule Triggered by a Transaction

📘
Note
To use this event code, you must be onboarded for Fraud Transaction Monitoring, and have valid fraud rules set up. For more information, speak to your Account Manager.

The 101 event code is used to send out a message when a fraud rule is triggered by a transaction.

{ 
  "productId": 12345,
  "events": [101],
  "webhookStatus": "active",  
  "config": {
    "url": "https://client_domain.com/webhook",
    "customHeaders": {
      "header1": "value_1",
      "header2": "value_2"
    }
  }
}

After the webhook has been successfully set up, when a fraud rule is triggered by a transaction, a notification response is sent asynchronously from the Event Delivery Service to the URL specified in the webhook. See the below example of a response.

{
  "context": {
    "notificationId": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
    "eventCode": 101,
    "eventVersion": "v1",
    "notificationTime": "2024-01-24T23:20:28Z"
  },
  "payload": {
    "fraudAlertId": "05e991e3-9058-4d79-bf01-76d4e8fe2059",
    "productId": 123,
    "transactionId": 98765432101212,
    "tokenId": 545454121,
    "transactionAmount": "50.75",
    "currency": "USD",
    "merchantName": "Sample Merchant",
    "location": "United Kingdom",
    "dateTime": "2024-01-24T14:30:00Z",
    "mcc": "4567",
    "notificationMessageContent": "Did you attempt $50.75 on card ending 1234 at Example Merchant ? We suspect fraud and blocked the card, Acknowledge if you made this purchase."
  }
}

The below table describes each of the fields included in the notification response.

Field	Description
context	Object that contains the context of the notification, such as the event code.
notificationId	Unique identifier of the notification.
eventCode	The event code. In this case, the event code is 101.
eventVersion	The event version.
notificationTime	When the notification was created. Time in the UTC format of 'yyyy-MM-ddTHH:mm:ssZ'.
payload	Object that contains the payload of the notification, which is specific to the event code.
fraudAlertId	Unique identity of the fraud alert.
productId	The product identifier.
transactionId	Unique identifier of the transaction.
tokenId	The public token of the cardholder.
transactionAmount	The amount of the transaction.
currency	The currency of the transaction.
merchantName	The name of the merchant.
location	The location of the merchant where the transaction occurred.
dateTime	The date and time of the transaction in the UTC format of 'yyyy-MM-ddTHH:mm:ssZ'.
mcc	The Merchant Category Code (MCC) of the merchant.
notificationMessageContent	The content of the message sent to the customer.

Event Code 102 - Closing a Fraud Alert

📘
Note
To use this event code, you must be onboarded for Fraud Transaction Monitoring, and have valid fraud rules set up. For more information, speak to your Account Manager.

The 102 event code is used to send out a message when a fraud alert is closed.

{
  "productId": 12345,
  "events": [102],
  "webhookStatus": "active",  
  "config": {
    "url": "https://client_domain.com/webhook",
    "customHeaders": {
      "header1": "value_1",
      "header2": "value_2"
    }
  }
}

After the webhook has been successfully set up, when a fraud alert is closed, a notification response is sent asynchronously from the Event Delivery Service to the URL specified in the webhook. See the below example of a response.

{
  "context": {
    "notificationId": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
    "eventCode": 102,
    "eventVersion": "v1",
    "notificationTime": "2024-01-24T23:20:28Z"
  },
  "payload": {
    "fraudAlertId": "05e991e3-9058-4d79-bf01-76d4e8fe2059",
    "fraudAlertType": "Acknowledgement",
    "notificationMessageContent": "From Bank: Thank you for replying. Your card ending 1234 has been unblocked.",
    "productId": 123
  }
}

The below table describes each of the fields included in the notification response.

Field	Description
context	Object that contains the context of the notification, such as the event code.
notificationId	Unique identifier of the notification.
eventCode	The event code. In this case, the event code is 102.
eventVersion	The event version.
notificationTime	When the notification was created. Time in the UTC format of 'yyyy-MM-ddTHH:mm:ssZ'.
payload	Object that contains the payload of the notification, which is specific to the event code.
fraudAlertId	The unique identity of the fraud alert.
fraudAlertType	The type of fraud acknowledgement. For example, `Timeout` or `Acknowledgment`.
notificationMessageContent	The content of the message sent to the customer.
productId	The product identifier.

Event Code 103 - Card Status Change

📘
Note
Event Code 103 (Card Status Change) sends notifications asynchronously only, as messages are processed in batches. Clients will not receive notifications in a specific order. If a client requires ordered processing, you must use the notification timestamp provided in the payload to ensure proper sequencing.

The 103 event code is used to send out a message when a card status is changed.

{
  "productId": 12345,
  "events": [103],
  "webhookStatus": "active",  
  "config": {
    "url": "https://client_domain.com/webhook",
    "customHeaders": {
      "header1": "value_1",
      "header2": "value_2"
    }
  }
}

After the webhook has been successfully set up, when a card status is changed, a notification response is sent asynchronously from the Event Delivery Service to the URL specified in the webhook. See the below example of a response.

{
"context": {
"notificationId": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
"eventCode": 103,
"eventVersion": "v1",
"notificationTime": "2024-01-24T23:20:28Z"
},
"payload": {
"tokenId": "123456789",
"productId": 123,
"dateTime": "2024-01-24T14:30:00Z",
"newCardStatus": "41",
"oldCardStatus": "00",
"message": "Card status changed from active to lost or stolen.",
"trackingId": "60b83k64-526e-4d25-84c7-32b6e47c02b3"
}
}

The below table describes each of the fields included in the notification response.

Field	Description
context	Object that contains the context of the notification, such as the event code.
notificationId	Unique identifier of the notification.
eventCode	The event code. In this case, the event code is 103.
eventVersion	The event version.
notificationTime	When the notification was created. Time in the UTC format of 'yyyy-MM-ddTHH:mm:ssZ'.
payload	Object that contains the payload of the notification, which is specific to the event code.
tokenId	The public token of the cardholder.
productId	The product identifier.
dateTime	The date and time the status for the card changed. In the UTC format of 'yyyy-MM-ddTHH:mm:ssZ'.
newCardStatus	The current status of the card.
oldCardStatus	The previous status of the card.
message	The card status change reason message created by Thredd based on the new card status and old card status.
trackingId	The Unique identifier generated by Thredd for tracking.

Event Code 104 - Custom PAN Creation

📘
Note
The ability to create a card with a custom PAN is a chargeable service. Contact your Account Manager if you're interested in creating cards with a custom PAN.
For more information on creating a custom PAN, see Customisable Card Number.

The 104 event code is used to send out a message a card with a Custom PAN has been created.

{ 
  "productId": 12345,
  "events": [104],
  "webhookStatus": "active",  
  "config": {
    "url": "https://client_domain.com/webhook",
    "customHeaders": {
      "header1": "value_1",
      "header2": "value_2"
    }
  }
}

After the webhook has been successfully set up, when a card with a Custom PAN has been created, a notification response is sent asynchronously from the Event Delivery Service to the URL specified in the webhook. See the below example of a response.

{
  "context": {
    "notificationId": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
    "eventCode": 104,
    "eventVersion": "v1",
    "notificationTime": "2024-01-24T23:20:28Z"
  },
  "payload": {
    "productId": 123,
    "messageId": "60b83k64-526e-4d25-84c7-32b6e47c02b3",
    "publicToken": "123456789"
  }
}

The below table describes each of the fields included in the notification response.

Field	Description
context	Object that contains the context of the notification, such as the event code.
notificationId	Unique identifier of the notification.
eventCode	The event code. In this case, the event code is 104.
eventVersion	The event version.
notificationTime	When the notification was created. Time in the UTC format of 'yyyy-MM-ddTHH:mm:ssZ'.
payload	Object that contains the payload of the notification, which is specific to the event code.
productId	The product identifier.
messageId	A unique Guid generated by Thredd.
publicToken	The public token of the cardholder.

Event Code 105 - Customer Alert to Potential Scam

📘
Note
You must be onboarded for Scam Transaction Monitoring, and have set up scam alerts, to use this event code. For more information, speak to your Account Manager.

The 105 event code enables you to action your pending payments based on the outcome of a manual review in Fraud Transaction Monitoring. When the webhook service has been successfully set up, notifications will be sent when:

There is a payment event only. For example, a non-card event
An incident is reviewed (one message per alert reviewed) and set to Risk or No Risk

See the below example of a webhook for a 105 event code.

{
  "programManagerCode" : "TRD",  
  "productId": 12345,
  "events": [105],
  "webhookStatus": "active",  
  "config": {
    "url": "https://client_domain.com/webhook",
    "customHeaders": {
      "header1": "value_1",
      "header2": "value_2"
    }
  }
}

After the webhook has been successfully set up, when a potential scam has been flagged, a notification response is sent from the Event Delivery Service to the URL specified in the webhook. See the below example of a response.

{
  "context": {
    "programManagerId": 16,
    "eventCode": 105,
    "eventVersion": "v1",
    "notificationTime": "2024-11-24T11:20:28Z",
  },
  "payload": 
   {
      "transactionId": "123412341234",
      "eventid": "55221979-a4cd-4d7a-bb0c-1b3f0b7cb92c",
      "reviewStatus": "no-risk",
      "reviewDate": "2024-11-24T09:15:10.086Z"
   },
  "messageHeaders": {
    "schemaId": 1
  }

The below table describes each of the fields included in the notification response.

Field	Description
context	Object that contains the context of the notification, such as the event code.
notificationId	Unique identifier of the notification.
eventCode	The event code. In this case, the event code is 105.
eventVersion	The event version.
notificationTime	When the notification was created. Time in the UTC format of 'yyyy-MM-ddTHH:mm:ssZ'.
payload	Object that contains the payload of the notification, which is specific to the event code.
transactionId	The unique identifier for the transaction. It can be used to link different messages as part of the same transaction (for example, payment request and confirmation messages).
eventid	The unique reference for the event. This reference string should be fully unique across the entire system.
reviewStatus	The review of the potential scam from Scam Transaction Monitoring. For example, "no-risk".
reviewDate	When an analyst reviewed the potential scam in Scam Transaction Monitoring.
messageHeaders	Object containing the message headers.
schemaId	The schema identifier. This is always `1`. Note that this is a Scam Transaction Monitoring config setting passed on in the response, and no client action is needed.

Event Code 106 - Tokenisation Authorisation Request (TAR)

The 106 event code is used to send out a Tokenisation Authorisation Request (TAR).

{
  "productId": 12345,
  "events": [106],
  "webhookStatus": "active",  
  "config": {
    "url": "https://client_domain.com/webhook",
    "customHeaders": {
      "header1": "value_1",
      "header2": "value_2"
    }
  }
}

After the webhook has been successfully set up, when a TAR has been made, a notification response is sent asynchronously from the Event Delivery Service to the URL specified in the webhook. See the below example of a response.

{
"context": {
"notificationId": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
"eventCode": 106,
"eventVersion": "v1",
"notificationTime": "2024-01-24T23:20:28Z"
},
"payload": {
"publicToken": "123456789",
"productId": "124",
"paymentToken": "987654321",
"dpan": "5168563000002547",
"networkTokenReference": "67024958022",
"provisioningTraceId": "VIS1-20210318-381077544887139",
"tokenisationServiceDateTime": "2024-10-29T15:16:30Z",
"processorDateTime": "2024-10-29T15:16:50Z",
"responseCode": "85",
"requestSource": "MOBILE_BANKING_APP",
"tokenRequestorId": "1234",
"orangeFlowIndicator": true
}
}

The below table describes each of the fields included in the notification response.

Field	Description
context	Object that contains the context of the notification, such as the event code.
notificationId	Unique identifier of the notification.
eventCode	The event code. In this case, the event code is 104.
eventVersion	The event version.
notificationTime	When the notification was created. Time in the UTC format of 'yyyy-MM-ddTHH:mm:ssZ'.
payload	Object that contains the payload of the notification, which is specific to the event code.
publicToken	The public token associated with the TAR notification.
productId	The unique identifier of the product.
paymentToken	Thredd's internal identifier for the payment token.
dpan	The DPAN identifier for the payment token.
networkTokenReference	The unique token reference from the network.
provisioningTraceId	The lifecycle identifier to link tokenisation events that are related.
tokenisationServiceDateTime	The event generation timestamp from the tokenisation service.
processorDateTime	The event processing timestamp from Thredd.
responseCode	Identifies the action taken by Thredd for the tokenisation request: 00 - Unconditional approval 85 - Conditional approval 05 - Generic Decline N7 - CVV2 Failure 14 - Invalid PAN 54 - Invalid Expiration Date 59 - Fraud Risk 96 - Issuer Internal System Error
requestSource	The provisioning request source.
tokenRequestorId	The unique identifier of the token request initator.
orangeFlowIndicator	Identifies if a given authorisation request is flagged as high fraud risk by Apple (Orange Flow). Based on the 9th character of the `wallet_reasons` attribute.

Event Code 107 - Activation Code Notification (ACN)

The 107 event code is used to send out an Activation Code Notification (ACN).

{  
  "productId": 12345,
  "events": [107],
  "webhookStatus": "active",  
  "config": {
    "url": "https://client_domain.com/webhook",
    "customHeaders": {
      "header1": "value_1",
      "header2": "value_2"
    }
  }
}

After the webhook has been successfully set up, when an ACN has been made, a notification response is sent asynchronously from the Event Delivery Service to the URL specified in the webhook. See the below example of a response.

{
"context": {
"notificationId": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
"eventCode": 107,
"eventVersion": "v1",
"notificationTime": "2024-01-24T23:20:28Z"
},
"payload": {
"publicToken": "123456789",
"productId": "124",
"paymentToken": "987654321",
"dpan": "5168563000002547",
"networkTokenReference": "67024958022",
"provisioningTraceId": "VIS1-20210318-381077544887139",
"tokenisationServiceDateTime": "2024-10-29T15:16:30Z",
"processorDateTime": "2024-10-29T15:16:50Z",
"otpValue": "123456",
"otpReason": "TOKEN_DEVICE_BINDING",
"otpExpirationDate": "2024-10-29T15:46:30Z",
"activationMethod": "6",
"deviceInfo": {
		"deviceId": "01234B234C1230011230054848300695D86E17C703548A4A",
		"deviceType": "W"
							}
}
}

The below table describes each of the fields included in the notification response.

Field	Description
context	Object that contains the context of the notification, such as the event code.
notificationId	Unique identifier of the notification.
eventCode	The event code. In this case, the event code is 104.
eventVersion	The event version.
notificationTime	When the notification was created. Time in the UTC format of 'yyyy-MM-ddTHH:mm:ssZ'.
payload	Object that contains the payload of the notification, which is specific to the event code.
publicToken	The public token associated with the TAR notification.
productId	The unique identifier of the product.
paymentToken	Thredd's internal identifier for the payment token.
dpan	The DPAN identifier for the payment token.
networkTokenReference	The unique token reference from the network.
provisioningTraceId	The lifecycle identifier to link tokenisation events that are related.
tokenisationServiceDateTime	The event generation timestamp from the tokenisation service.
processorDateTime	The event processing timestamp from Thredd.
otpValue	The One-Time Passcode (OTP) value.
otpReason	The reason for the one One-Time Passcode (OTP). For example, `PAYMENT`, `TOKEN_DEVICE_BINDING`, `CARDHOLDER_STEPUP`, `RUSTED_LISTING_ENROLLMENT`.
otpExpirationDate	The OTP expiration timestamp.
activationMethod	The customer's activation method preference.
deviceInfo	Object that contains information on the device.
deviceId	The device ID for the tokenisation request.
deviceType	The device type for the tokenisation request.

Event Code 108 - Tokenisation Complete Notification (TCN)

The 108 event code is used to send out a Tokenisation Complete Notification (TCN).

{ 
  "productId": 12345,
  "events": [108],
  "webhookStatus": "active",  
  "config": {
    "url": "https://client_domain.com/webhook",
    "customHeaders": {
      "header1": "value_1",
      "header2": "value_2"
    }
  }
}

After the webhook has been successfully set up, when an TCN has been made, a notification response is sent asynchronously from the Event Delivery Service to the URL specified in the webhook. See the below example of a response.

{
  "context": {
    "notificationId": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
    "eventCode": 108,
    "eventVersion": "v1",
    "notificationTime": "2024-01-24T23:20:28Z"
  },
  "payload": {
    "publicToken": "123456789",
    "productId": "124",
    "paymentToken": "987654321",
    "dpan": "5168563000002547",
    "networkTokenReference": "67024958022",
    "provisioningTraceId": "VIS1-20210318-381077544887139",
    "tokenisationServiceDateTime": "2024-10-29T15:16:30Z",
    "processorDateTime": "2024-10-29T15:16:50Z"
  }
}

The below table describes each of the fields included in the notification response.

Field	Description
context	Object that contains the context of the notification, such as the event code.
notificationId	Unique identifier of the notification.
eventCode	The event code. In this case, the event code is 104.
eventVersion	The event version.
notificationTime	When the notification was created. Time in the UTC format of 'yyyy-MM-ddTHH:mm:ssZ'.
payload	Object that contains the payload of the notification, which is specific to the event code.
publicToken	The public token associated with the TAR notification.
productId	The unique identifier of the product.
paymentToken	Thredd's internal identifier for the payment token.
dpan	The DPAN identifier for the payment token.
networkTokenReference	The unique token reference from the network.
provisioningTraceId	The lifecycle identifier to link tokenisation events that are related.
tokenisationServiceDateTime	The event generation timestamp from the tokenisation service.
processorDateTime	The event processing timestamp from Thredd.

Event Code 109 - Tokenisation Event Notification (TEN)

The 109 event code is used to send out a Tokenisation Event Notification (TEN).

{ 
  "productId": 12345,
  "events": [109],
  "webhookStatus": "active",  
  "config": {
    "url": "https://client_domain.com/webhook",
    "customHeaders": {
      "header1": "value_1",
      "header2": "value_2"
    }
  }
}

After the webhook has been successfully set up, when a TEN has been made, a notification response is sent asynchronously from the Event Delivery Service to the URL specified in the webhook. See the below example of a response.

{
  "context": {
    "notificationId": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
    "eventCode": 109,
    "eventVersion": "v1",
    "notificationTime": "2024-01-24T23:20:28Z"
  },
  "payload": {
    "publicToken": "123456789",
    "productId": "124",
    "paymentToken": "987654321",
    "dpan": "5168563000002547",
    "networkTokenReference": "67024958022",
    "provisioningTraceId": "VIS1-20210318-381077544887139",
    "tokenisationServiceDateTime": "2024-10-29T15:16:30Z",
    "processorDateTime": "2024-10-29T15:16:50Z",
    "eventReason": "8",
    "messageReasonCode": "02",
    "eventRequestor": " ",
    "processorTokenStatus": "ACTIVE",
    "tokenisationServiceTokenStatus": "ACTIVE"
  }
}

The below table describes each of the fields included in the notification response.

Field	Description
context	Object that contains the context of the notification, such as the event code.
notificationId	Unique identifier of the notification.
eventCode	The event code. In this case, the event code is 104.
eventVersion	The event version.
notificationTime	When the notification was created. Time in the UTC format of 'yyyy-MM-ddTHH:mm:ssZ'.
payload	Object that contains the payload of the notification, which is specific to the event code.
publicToken	The public token associated with the TAR notification.
productId	The unique identifier of the product.
paymentToken	Thredd's internal identifier for the payment token.
dpan	The DPAN identifier for the payment token.
networkTokenReference	The unique token reference from the network.
provisioningTraceId	The lifecycle identifier to link tokenisation events that are related.
tokenisationServiceDateTime	The event generation timestamp from the tokenisation service.
processorDateTime	The event processing timestamp from Thredd.
eventReason	The tokenisation event reason to indicate the reason why the event was triggered.
messageReasonCode	The reason code associated with a given event reason where applicable.
eventRequestor	Indicates the entity that requested the event.
processorTokenStatus	The issuer processor (Thredd) token internal status.
tokenisationServiceTokenStatus	The Tokenisation Service token status (For example, VDEP or MDES).

Event Code 110 - Tokenisation Status Update Failure Notification (TFN)

The 110 event code is used to send out a Failed Token Status Change notification.

{
  "productId": 12345,
  "events": [110],
  "webhookStatus": "active",  
  "config": {
    "url": "https://client_domain.com/webhook",
    "customHeaders": {
      "header1": "value_1",
      "header2": "value_2"
    }
  }
}

After the webhook has been successfully set up, when a TFN has been made, a notification response is sent asynchronously from the Event Delivery Service to the URL specified in the webhook. See the below example of a response.

{
  "context": {
    "notificationId": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
    "eventCode": 110,
    "eventVersion": "v1",
    "notificationTime": "2024-01-24T23:20:28Z"
  },
  "payload": {
    "publicToken": "123456789",
    "productId": "124",
    "paymentToken": "987654321",
    "dpan": "5168563000002547",
    "networkTokenReference": "67024958022",
    "provisioningTraceId": "VIS1-20210318-381077544887139",
    "tokenisationServiceDateTime": "2024-10-29T15:16:30Z",
    "processorDateTime": "2024-10-29T15:16:50Z",
    "processorTokenStatus": "ACTIVE",
    "tokenisationServiceTokenStatus": "ACTIVE"
  }
}

The below table describes each of the fields included in the notification response.

Field	Description
context	Object that contains the context of the notification, such as the event code.
notificationId	Unique identifier of the notification.
eventCode	The event code. In this case, the event code is 104.
eventVersion	The event version.
notificationTime	When the notification was created. Time in the UTC format of 'yyyy-MM-ddTHH:mm:ssZ'.
payload	Object that contains the payload of the notification, which is specific to the event code.
publicToken	The public token associated with the TAR notification.
productId	The unique identifier of the product.
paymentToken	Thredd's internal identifier for the payment token.
dpan	The DPAN identifier for the payment token.
networkTokenReference	The unique token reference from the network.
provisioningTraceId	The lifecycle identifier to link tokenisation events that are related.
tokenisationServiceDateTime	The event generation timestamp from the tokenisation service.
processorDateTime	The event processing timestamp from Thredd.
processorTokenStatus	The issuer processor (Thredd) token internal status.
tokenisationServiceTokenStatus	The Tokenisation Service token status (for example, VDEP or MDES).

Event Code 112 - Transaction Confirmation Event

The Transaction Confirmation (TC) events are a notification sent using Thredd's webhook service for transaction confirmations (Event Code = 112).

{
  "productId": 12345,
  "events": [112],
  "webhookStatus": "active",  
  "config": {
    "url": "https://client_domain.com/webhook",
    "customHeaders": {
      "header1": "value_1",
      "header2": "value_2"
    }
  }
}

After the webhook has been successfully set up, you will start to receive TC events based on the configuration of your webhook and a notification response is sent asynchronously from the Event Delivery Service to the URL specified in the webhook. See the below example of a response.

{
"context": {
"notificationId": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
"eventCode": 112,
"eventVersion": "v1",
"notificationTime": "2024-01-24T23:20:28Z"
},
"payload": {
"network": "Visa",
"subnetwork": "STAR",
"programManagerCode": "FTX",
"programManagerName": "FintechX",
"programManagerResponse": "00",
"actualBalance": "1500.0000",
"additionalAmount": "50.0000",
"transactionFee": "2.00",
"processorAuthorisationCode": "134822",
"acquiringInstitutionId": "06003758",
"acquirerForwarderId": "000405700",
"availableBalance": "1480.0000",
"billingAmount": "100.0000",
"billingCurrency": "840",
"blockedAmount": "0.0000",
"customerAccount": "CUST123456",
"fxPadding": "1.25",
"fixedFee": "0.0000",
"rateFee": "0.0000",
"mcc": "5411",
"mccDescription": "Grocery Stores",
"mccPadding": "0.50",
"merchantId": "MID98765",
"merchantName": "Walmart NY",
"transactionNote": "Weekly grocery purchase",
"localTransactionTime": "010107",
"localTransactionDate": "20250626",
"processingCode": "000000",
"schemeResponseCode": "00",
"token": "123456789",
"transactionAmount": "100.0000",
"transactionCurrency": "840",
"acceptorCountryCode": "USA",
"transactionDescription": "POS Purchase",
"processorTransactionDateTime": "2025-05-28T10:15:17Z",
"transactionId": "789456123",
"transactionStatusCode": "A",
"transactionType": "A",
"isThreddAuthorised": "Y",
"avsResult": "Y",
"mtid": "0100",
"productId": "1234",
"velocityGroup": "VG01",
"posCapability": "0001000000000100000000000000000000100000000230000",
"posData": "58V9000900000Px100",
"transactionLifeCycleId": "VIS1-20160608-086160508692217",
"transLink": "250415787144555555",
"retrievalReferenceNumber": "510559697285",
"posTerminal": "ECOMM001",
"networkFraudData": "",
"paymentTokenId": "998877",
"paymentTokenWallet": "APPLE"
}
}

The below table describes each of the fields included in the notification response.

Field	Description	Type	Mandatory
context	The context object.
notificationId	Unique identifier of the notification.	String	Yes
eventCode	The event code of the event.	Integer	Yes
eventVersion	The version of the event.	String	Yes
notificationTime	Notification created time in the UTC format of 'yyyy-MM-ddTHH:mm:ssZ'.	String	Yes
payload	The payload object.
network	Primary card network (Visa, Mastercard, DGN).	String	Yes
subnetwork	Merchant routing network (STAR, Pulse, DGN), Value only present for MNE transactions.	String	No
programManagerCode	The Program Manager code.	String	Yes
programManagerName	The Program Manager name.	String	No
programManagerResponse	The Program Manager response. Empty for EHI mode 3 transactions, Thredd generated transactions and non-EHI transactions.	String	No
actualBalance	Actual balance after transaction (in the card account currency).	String	No
additionalAmount	The additional amount (DE54).	String	No
transactionFee	The transaction fee (DE28).	String	No
processorAuthorisationCode	Authorisation code generated by Thredd for approved and declined authorisation requests.	String	No
acquiringInstitutionId	The Acquiring Bank ID as assigned by the network.	String	No
acquirerForwarderId	Identifies the acquiring institution forwarding a Request or Advice message.	String	No
availableBalance	Available balance after transaction.	String	No
billingAmount	Settlement billing amount.	String	No
billingCurrency	Billing currency (ISO 3-digit numeric).	String	No
blockedAmount	Blocked amount after transaction.	String	No
customerAccount	The customer account reference.	String	No
fxPadding	Foreign currency padding.	String	No
fixedFee	Total fixed fee amount.	String	No
rateFee	Total percentage rate fee amount.	String	No
mcc	Merchant Category Code. 4-digit MCC.	String	No
mccDescription	MCC description.	String	No
mccPadding	MCC padding.	String	No
merchantId	Merchant ID.	String	No
merchantName	Merchant name and location.	String	No
transactionNote	Note about the transaction.	String	No
localTransactionTime	Local merchant transaction time.	String	No
localTransactionDate	Terminal local date of transaction. MMDD with YYYY added by Thredd. YYYY='0000' if MMDD invalid.	String	No
processingCode	Processing code for transaction.	String	No
schemeResponseCode	Scheme response code (For example, "00" or "05").	String	No
token	Thredd public token of card.	String	Yes
transactionAmount	The transaction amount.	String	Yes
transactionCurrency	Transaction currency (ISO 3-digit). For example, "840".	String	Yes
acceptorCountryCode	Transaction country (ISO 3-alpha). For example, "USA".	String	No
transactionDescription	Description of the transaction.	String	No
processorTransactionDateTime	Date and time of processing. Format: yyyy-MM-ddTHH:mm:ssZ	String	No
transactionId	Unique transaction ID.	String	Yes
transactionStatusCode	Transaction status code.	String	No
transactionType	The transaction type.	String	Yes
isThreddAuthorised	Indicates if the transaction is authorised by Thredd. "Y" or "N".	String	No
avsResult	The Address Verification System (AVS) result.	String	No
mtid	The Message Type Identifier. For example, "0100" or "0400".	String	No
productId	The Product ID of the card.	String	Yes
velocityGroup	Velocity group code.	String	No
posCapability	POS capability codes.	String	No
posData	POS data codes.	String	No
transactionLifeCycleId	Lifecycle Trace ID.	String	Yes
transLink	Identifier to link related transactions.	String	No
retrievalReferenceNumber	Retrieval Reference Number.	String	No
posTerminal	POS Terminal ID.	String	No
networkFraudData	Fraud or Risk Indicators received from the card network. For example, Visa: '011099 1122 013099 33'	String	No
paymentTokenId	Payment token ID.	String	No
paymentTokenWallet	Wallet the payment token belongs to. For example, APPLE (For Apple Pay Wallet) or SAMSUNG (For Samsung Pay Wallet).	String	No

Event Code 113 - Cardinal 3DS ADX

The 113 event code is used when Cardinal sends an ADX Authentication Result event.

{
  "productId": 12345,
  "events": [113],
  "webhookStatus": "active",  
  "config": {
    "url": "https://client_domain.com/webhook",
    "customHeaders": {
      "header1": "value_1",
      "header2": "value_2"
    }
  }
}

After the webhook has been successfully set up, when Cardinal send an ADX authentication result event, a notification response is sent asynchronously from the Event Delivery Service to the URL specified in the webhook. See the below example of a response.

{
  "context": {
    "notificationId": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
    "eventCode": 113,
    "eventVersion": "v1",
    "notificationTime": "2024-01-24T23:20:28Z"
  },
  "payload": {
    "webRequestId": "3479b99f-40b5-95c2-a73c-9e83b644f765",
    "dsTransactionId": "00ec043e-40b5-4ce4-95c2-9e83b644f412",
    "requestId": "0fe3b99f-8c52-41cf-a73c-0107fefd56e3",
    "issuerOrgId": "5723c1870063ac1a9c3ab07c",
    "cavv": "AAIBASR0YAAAAN6vhACIdQ8DKJSL",
    "cavvHex": "00020101247460000000DEAF8400887500073512",
    "eci": "05",
    "messageVersion": "2.2.2",
    "authenticationResponse": "Y",
    "authenticationType": "OTP",
    "riskScore": "50",
    "ip": "123.567.22.980",
    "paymentInfo": {
      "cardNumber": "123456789098877655",
      "cardExpiryMonth": "01",
      "cardExpiryYear": "2028",
      "cardType": "Credit",
      "cardHolderName": "Johnny B Goode"
    }
  }
}

The below table describes each of the fields included in the notification response.

Field	Description
context	Object that contains the context of the notification, such as the event code.
notificationId	Unique identifier of the notification.
eventCode	The event code. In this case, the event code is 113.
eventVersion	The event version.
notificationTime	When the notification was created. Time in the UTC format of 'yyyy-MM-ddTHH:mm:ssZ'.
payload	Object that contains the payload of the notification, which is specific to the event code.
webRequestId	The web request identifier.
dsTransactionId	The unique transaction identifier.
requestId	System generated transaction reference identifier.
issuerOrgId	Organisation identifier designated by VCAS. Hexadecimal value.
cavv	Payment system specific value that is used to provide proof of authentication. This is the Base64 representation of the authentication value.
cavvHex	Payment system specific value that is used to provide proof of authentication. This is the Hexadecimal representation of the authentication value.
eci	Payment system specific value provided by ACS to indicate results of the attempt to authenticate.
messageVersion	Version of the message based on the 3DS specification. For example, `1.0.2`.
authenticationResponse	The response sent back to the merchant. For example, `Y`.
authenticationType	The type of authentication used for a given transaction. For example, `OTPEmail`.
riskScore	The risk score of the transaction.
ip	The IP Address of the device.
paymentInfo	Object containing details on the card.
cardNumber	Payment card number used in transaction.
cardExpiryMonth	The expiry month of the payment card.
cardExpiryYear	The expiry year of the payment card.
cardType	The card type of the payment card. For example, `Credit`.
cardHolderName	The name of the cardholder for the payment card.

Event Code 114 - Detailed Cardinal 3DS ADX

The 114 event code is used when Cardinal sends a detailed ADX Authentication Result event.

{
  "productId": 12345,
  "events": [114],
  "webhookStatus": "active",  
  "config": {
    "url": "https://client_domain.com/webhook",
    "customHeaders": {
      "header1": "value_1",
      "header2": "value_2"
    }
  }
}

After the webhook has been successfully set up, when Cardinal send a detailed ADX authentication result event, a notification response is sent asynchronously from the Event Delivery Service to the URL specified in the webhook. See the below example of a response.

{
  "context": {
    "notificationId": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
    "eventCode": 114,
    "eventVersion": "v1",
    "notificationTime": "2024-01-24T23:20:28Z"
  },
  "payload": {
    "webRequestId": "3479b99f-40b5-95c2-a73c-9e83b644f765",
    "dsTransactionId": "00ec043e-40b5-4ce4-95c2-9e83b644f412",
    "requestId": "0fe3b99f-8c52-41cf-a73c-0107fefd56e3",
    "issuerOrgId": "5723c1870063ac1a9c3ab07c",
    "cavv": "AAIBASR0YAAAAN6vhACIdQ8DKJSL",
    "cavvHex": "00020101247460000000DEAF8400887500073512",
    "eci": "05",
    "messageVersion": "2.2.2",
    "authenticationResponse": "Y",
    "authenticationType": "OTP",
    "riskScore": "50",
    "transStatusReason": "01",
    "merchantChallengeIndicator": "NoPreference",
    "pubtoken": "123456789",
    "merchantInfo": {
      "acquirerId": "55554444",
      "acquirerCountryCode": "826",
      "merchantId": "12345678",
      "merchantName": "Ranier Expeditions",
      "merchantURL": "wwww.google.com",
      "merchantCategoryCode": "5734",
      "merchantCountryCode": "372"
    },
    "transactionInfo": {
      "transactionTimeStamp": "2024-03-21T20:55:49.000Z",
      "transactionAmount": 1000,
      "transactionCurrency": "840",
      "transactionExponent": 0,
      "transactionAmountUSD": 1248,
      "transactionType": "Purchase",
      "purchaseType": "GoodsOrService",
      "channel": "WEB",
      "flowStatus": "Fully Authenticated",
      "addressMatch": "Y",
      "ruleTriggered": "Low-Risk Rule",
      "merchantAdditionalData": {
        "shippingIndicator": "ShipToBillingAddress",
        "deliveryTimeFrame": "ElectronicDelivery",
        "deliveryEmailAddress": "[email protected]",
        "reorderItemsIndicator": "FirstTime",
        "preorderPurchaseIndicator": "MerchandiseAvailable",
        "preorderDate": "20240828",
        "giftCardAmount": 10000,
        "giftCardCurrency": "840",
        "giftCardCount": 1
      },
      "vcasPanStatus": "Active",
      "paymentInfo": {
        "cardNumber": "123456789098877655",
        "cardExpiryMonth": "01",
        "cardExpiryYear": "2028",
        "cardType": "Credit",
        "cardHolderName": "Johnny B Goode"
      },
      "billingAddress": {
        "firstName": "Johnny",
        "middleName": "B",
        "lastName": "Goode",
        "address1": "123 Main Street",
        "address2": "Apartment 99",
        "address3": "NA",
        "locality": "Anytown",
        "region": "IA",
        "postalCode": "52227",
        "countryCode": "826"
      },
      "shippingAddress": {
        "firstName": "Johnny",
        "middleName": "B",
        "lastName": "Goode",
        "address1": "123 Main Street",
        "address2": "Apartment 99",
        "address3": "NA",
        "locality": "Anytown",
        "region": "IA",
        "postalCode": "52227",
        "countryCode": "826"
      },
      "consumerInfo": {
        "emailAddress": "[email protected]",
        "phoneNumber": "+14151231234",
        "mobileNumber": "+14151231234",
        "workNumber": "+14151231234"
      },
      "consumerWalletInfo": {
        "provider": "Apple",
        "walletAge": 10000,
        "paymentCardAge": 10000
      },
      "deviceInfo": {
        "userAgent": "Google Chrome",
        "ip": "123.567.22.980",
        "latitude": "38.8951",
        "longitude": "-77.0364",
        "browserAcceptHeader": "*/*",
        "browserJavaEnabled": "True",
        "browserJavascriptEnabled": true,
        "browserLanguage": "en-US",
        "browserColorDepth": "24",
        "browserScreenHeight": "960",
        "browserWidth": "1536",
        "browserTimeZone": "-330",
        "platform": "Android",
        "deviceModel": "Android",
        "operatingSystemName": "Marshmallow",
        "operatingSystemVersion": "1.2.3.4",
        "locale": "Denver",
        "advertisingId": "NA",
        "screenResolution": "1080x1920",
        "deviceName": "Android",
        "sdkAppId": "45a2fc4d-d95f-4709-9200-65129b772",
        "deviceExtendedData": "NA"
      },
      "riskProviderInfo": {
        "name": "Cardinal",
        "providerId": "45a2fc4d-d95f-4709-9200-65129b772jdiK",
        "deviceId": "x45e5ca957d4420d8d2cfbb98c6c3f84"
      },
      "mandatedRegion": "NONE",
      "challengeCancel": "01",
      "reasonCodes": {
        "risk": {
          "reasonCode": "Low-Risk",
          "reasonDescription": "Low-Risk"
        },
        "stepUp": {
          "reasonCode": "Low-Risk",
          "reasonDescription": "Low-Risk"
        },
        "initiateAction": {
          "reasonCode": "Low-Risk",
          "reasonDescription": "Low-Risk"
        },
        "validate": {
          "reasonCode": "Low-Risk",
          "reasonDescription": "Low-Risk"
        }
      }
    },
    "additionalRiskResultInfo": {
      "riskIndicator": "01",
      "deviceIDVelocity": 0,
      "ipVelocity": 0
    },
    "exemptionInfo": {
      "merchantFraudRate": "1",
      "secureCorporatePayment": "N"
    },
    "extensionData": {
      "acsrba": {
        "status": "Success",
        "score": "950",
        "decision": "Not Low Risk",
        "reasonCode1": "A",
        "reasonCode2": "GG"
      },
      "emvPaymentToken": {
        "tokenRequestorId": "12345678910",
        "tokenStatusIndicator": "A",
        "tokenAdditionalData": {
          "tokenAdditionalDataVersion": "1.0",
          "tokenCharacteristics": "06"
        },
        "version": "1.0"
      },
      "dafExtension": {
        "authPayCredStatus": "Y",
        "authPayProcessReqInd": "01",
        "dafAdvice": "01",
        "version": "1.0"
      }
    },
    "threeRIInd": "01",
    "threeDSRequestorPriorAuthenticationInfo": {
      "threeDSReqPriorAuthData": "NA",
      "threeDSReqPriorAuthMethod": "01",
      "threeDSReqPriorAuthTimestamp": "2028-08-28T10:23:31.490Z",
      "threeDSReqPriorRef": "NA"
    }
  }
}

The below table describes each of the fields included in the notification response.

Field	Description
context	Object that contains the the context of the notification, such as the event code.
notificationId	Unique identifier of the notification.
eventCode	The event code. In this case, the event code is 114.
eventVersion	The event version.
notificationTime	When the notification was created. Time in the UTC format of 'yyyy-MM-ddTHH:mm:ssZ'.
payload	Object that contains the payload of the notification, which is specific to the event code.
webRequestId	The web request identifier.
dsTransactionId	Directory Server (DS) generated transaction reference id.
requestId	System generated transaction reference identifier.
issuerOrgId	Organisation identifier designated by VCAS. Hexadecimal value.
cavv	Payment system specific value that is used to provide proof of authentication. This is the Base64 representation of the authentication value.
cavvHex	Payment system specific value that is used to provide proof of authentication. This is the Hexadecimal representation of the authentication value.
eci	Payment system specific value provided by ACS to indicate results of the attempt to authenticate.
messageVersion	Version of the message based on 3DS specification.
authenticationResponse	The response sent back to the merchant. For example, `Y`.
authenticationType	The type of authentication used for a given transaction. For example, `OTPEmail`.
riskScore	Risk score of the transaction as determined by VCAS.
transStatusReason	A value from the VCAS TransStatusReason field that will appear on either the ARes or RReq message (depending on whether or not the transaction was challenged).
merchantChallengeIndicator	Indicates whether a challenge is requested from the merchant. Note: EMV 3DS transactions only.
pubtoken	The Public token of the card.
merchantInfo	Object containing details on the card.
acquirerId	The acquirerID for the merchant performing the purchase request.
acquirerCountryCode	The country code of the acquirer. In ISO 3166-1 Numeric format.
merchantId	The merchant identifier for the merchant performing the purchase request.
merchantName	The name of the merchant performing the purchase request.
merchantURL	The URL or App Name for the merchant performing the purchase request.
merchantCategoryCode	The Merchant Category Code (MCC) used to describe the merchant’s type of business, product, or service.
merchantCountryCode	The country code of the merchant. For 3DS 1.0 transactions this value is alpha-2 format e.g. `US`. For EMV 3DS transactions this value is numeric-3 format. For example, `840`.
merchantInfo	End of the merchantInfo object.
transactionInfo	Object containing details of the transaction.
transactionTimeStamp	The transaction timestamp in UTC per ISO 8601 UTC.
transactionAmount	The transaction amount (raw amount, for example 1000 for £10.00).
transactionCurrency	The transaction currency. Format is numeric-3 format. For example, `840`.
transactionExponent	Exponent for formatting the given currency ISO 4217 code.
transactionAmountUSD	The transaction amount in US dollars (represented in raw amount; where 1000 is for $10.00).
transactionType	The type of transaction. For example, `Purchase`.
purchaseType	The purchase type. For example, `AccountFunding`.
channel	The channel in which the transaction occurs.. For example, `WEB`.
flowStatus	The Visa Consumer Authentication Service (VCAS) internal description of the status of the transaction at the time the transaction was completed. For example, `Not Authenticated`.
addressMatch	Whether the shipping address matches the billing address. Y = shipping and billing address are the same. N = shipping and billing addresses are different.
ruleTriggered	The name of the rule triggered during risk processing.
merchantAdditionalData	Object containing additional merchant date.
shippingIndicator	Indicates shipping method chosen for the transaction. For example, `ShipToVerifiedAddress`.
deliveryTimeFrame	The delivery time frame. For example, `ElectronicDelivery`.
deliveryEmailAddress	The email address where merchandise was delivered.
reorderItemsIndicator	Specifies whether the item has been reordered. For example, `Reordered`.
preorderPurchaseIndicator	Specifies whether the purchase is a pre-order. For example, `FutureAvailability`.
preorderDate	The expected date merchandise is available; YYYYMMDD.
giftCardAmount	For a gift card, this is the purchase amount, represented in raw amount. For example 1000 for £10.00.
giftCardCurrency	The currency of the gift card. In ISO 4217 3-digit numeric standard.
giftCardCount	The total count of individual prepaid or gift cards/codes purchased.
merchantAdditionalData	End of the merchantAdditionalData object.
vcasPanStatus	Indicates the status of the PAN status at the time of the transaction (Active, Blocked, Bypass, Unavailable). This value can impact the transaction outcome and is managed by the issuer in the VCAS Customer Service application.
paymentInfo	Object containing details on the card.
cardNumber	The card number of the payment card.
cardExpiryMonth	The expiry month of the payment card.
cardExpiryYear	The expiry year of the payment card.
cardType	The card type of the payment card. For example, `Credit`.
cardHolderName	The name of the cardholder for the payment card.
paymentInfo	End of the paymentInfo object.
billingAddress	Object containing details of the billing address.
firstName	First name of the cardholder's billing address.
middleName	Middle name of the cardholder's billing address.
lastName	Last name of the cardholder's billing address.
address1	First line of the billing address.
address2	Second line of the billing address.
address3	Third line of the billing address.
locality	The locality of the billing address.
region	The region of the billing address.
postalCode	The postal code of the billing address.
countryCode	The country code of the billing address. Format is numeric-3 format. For example, `840`.
billingAddress	End of the billingAddress object.
shippingAddress	Object containing details of the shipping address.
firstName	First name of the person's shipping address.
middleName	Middle name of the person's shipping address.
lastName	Last name of the person's shipping address.
address1	First line of the shipping address.
address2	Second line of the shipping address.
address3	Third line of the shipping address.
locality	The locality of the shipping address.
region	The region of the shipping address.
postalCode	The postal code of the shipping address.
countryCode	The country code of the shipping address. Format is numeric-3 format. For example, `840`.
shippingAddress	End of the shippingAddress object.
consumerInfo	Object containing details on the consumer.
emailAddress	Email address of the consumer.
phoneNumber	Phone number of the consumer.
mobileNumber	Mobile number of the consumer.
workNumber	Work number of the consumer.
consumerInfo	End of the consumerInfo object.
consumerWalletInfo	Object containing details on the consumer wallet.
provider	The wallet provider.
walletAge	The number of days the wallet has existed.
paymentCardAge	The number of days the card has been in the wallet.
consumerWalletInfo	End of the consumerWalletInfo object.
deviceInfo	Object containing information on the device.
userAgent	The User Agent for browser or Device Identifier for InApp purchase.
ip	The IP address of the device.
latitude	The latitude of the device based on geolocation or IP Address.
longitude	The longitude of the device based on geolocation or IP Address.
browserAcceptHeader	The raw HTTP Accept header from the browser.
browserJavaEnabled	Indicates whether the browser can execute Java.
browserJavascriptEnabled	Indicates whether the browser can execute JavaScript.
browserLanguage	The browser language returned from navigator language property.
browserColorDepth	The value representing the bit depth of the colour palette.
browserScreenHeight	The height of cardholder’s screen in pixels.
browserWidth	The width of cardholder’s screen in pixels.
browserTimeZone	The time difference between UTC time and the cardholder’s browser local time, in minutes.
platform	The platform of the device. For example, `Android`.
deviceModel	The mobile device manufacturer and model.
operatingSystemName	The name of the device operating system.
operatingSystemVersion	The version of the device operating system.
locale	The Device Locale from the browser header or from the app’s language settings. This value can be a single locale value or multiple values concatenated with commas. In EMV 3DS this is not available due to new flows so this will be a single language value following BCP 47 format.
advertisingId	The unique ID available for advertising and fraud detection purposes from the Merchant native app.
screenResolution	The pixel width and height. Example, 1080x1920.
deviceName	The user assigned device name.
sdkAppId	The unique ID created on all installations and updates of the 3DS Requestor App on a consumer device.
deviceExtendedData	The Base64url encoded JSON Object. Device information gathered by the 3DS SDK from a consumer device.
deviceInfo	End of the deviceInfo object.
riskProviderInfo	Object containing information on the Risk Provider.
name	The name of the Device Profiling and Risk Engine Provider.
providerId	The Risk Provider transaction reference ID.
deviceId	The device identifier can be used to identify risky or good cardholder behavior. The ID is the transaction session ID provided by the 3DS server. DeviceId data is dependent on Method URL data collection, for EMV 3DS browser-based transactions only.
riskProviderInfo	End of the riskProviderInfo object.
mandatedRegion	The region in which mandates may apply to the current transaction. Added to support the new PSD2 transactions in the EEA.
challengeCancel	Indicator informing the Access Control Server (ACS) and the DS that the authentication has been canceled. Value sent from the VCAS ChallengeCancel field on the Req message if the transaction was challenged.
reasonCodes	Object that contains reason codes.
risk	An object containing the ReasonCode for Risk.
reasonCode	Used by the issuer for informational purposes.
reasonDescription	Used by the issuer for informational purposes.
risk	End of the risk object.
stepUp	An object containing the ReasonCode for StepUp.
reasonCode	Used by the issuer for informational purposes.
reasonDescription	Used by the issuer for informational purposes.
stepUp	End of the stepUp object.
initiateAction	An object containing the ReasonCode for InitiateAction.
reasonCode	Used by the issuer for informational purposes.
reasonDescription	Used by the issuer for informational purposes.
initiateAction	End of the initiateAction object.
validate	An object containing the ReasonCode for Validate.
reasonCode	Used by the issuer for informational purposes.
reasonDescription	Used by the issuer for informational purposes.
validate	End of the validate object.
risk	End of the risk object.
transactionInfo	End of the transactionInfo object.
AdditionalRiskResultInfo	Object containing additional risk result information.
riskIndicator	The Risk Indicator value is set during risk or challenge flows to indicate the risk or challenge type. The value is then used in the construction of certain Authentication Values. For example, Visa CAVV Usage 3 Version 7 or Mastercard Enhanced IAV SPA2.
deviceIDVelocity	The number of times VCAS or another risk provider has seen the same DeviceID within a given timespan. By default, the timespan is set to 10 minutes.
ipVelocity	The number of times VCAS or another risk provider has seen the same IP address in a given timespan. By default, the timespan is set to 10 minutes.
AdditionalRiskResultInfo	End of the AdditionalRiskResultInfo object.
ExemptionInfo	Object containing exemption information.
merchantFraudRate	The merchant fraud rate. Note that this is currently only available on Mastercard EMV 3DS transactions where extension data is present. Fraud rate in the EEA calculated as per PSD2 RTS. Mastercard will not calculate or validate the merchant fraud score.
secureCorporatePayment	Indicates that dedicated payment processes and procedures were used, potential secure corporate payment exemption applies. Logically this field should only be set to yes if the acquirer exemption field is blank. A merchant cannot claim both acquirer exemption and secure payment. However, the DS will not validate the conditions in the extension. DS will pass data as presented. Note: currently only available on Mastercard EMV 3DS transactions where extension data is present. secureCorporatePayment will be available in future EMV versions.
ExemptionInfo	End of the ExemptionInfo object.
ExtensionData	Object containing extension data.
acsrba	Object containing Mastercard risk analysis provided by the Mastercard Directory Server.
status	Indicates whether the Smart Authentication platform can provide the authentication assessment for that transaction.
score	An authentication assessment between 0-950 in increments of 50, with the threshold increasing with increasing authentication risk.
decision	Indicates the authentication risk analysis and whether Mastercard would have fully authenticated the transaction in a Smart Authentication Stand-In situation.
reasonCode1	One-character value (A-Z) reflecting key anchor variables related to the transaction, with A as the highest risk to Z as the most trusted reason.
reasonCode2	Ensures that ACS is coded to receive reasonCode2 to be able to take advantage of future insights provided in this field. Defaults to 'GG.' Currently not used. Reserved for future use.
acsrba	End of the acsrba object.
emvPaymentToken	Object data provided with the authentication indicating the card number was tokenised.
tokenRequestorId	Identifies each unique combination of Token Requestor and Token Domain(s) for a given Token Service Provider.
tokenStatusIndicator	Identifies the status of the Payment Token. Possible values A(Active for payment), I(Inactive for payment), S(Temporarily suspended for payment), D(Permanently deactivated for payments) and P(Pending).
tokenAdditionalData	Object containing additional token data.
tokenAdditionalDataVersion	Indicates the extension version and matches the value provided by the "Version" field on the "Data" object. Used for Visa transactions only. For example, `1.0`.
tokenCharacteristics	Indicates the type of token. Used for Visa transactions only. Values include: 01 (E-commerce/Card on File), 02 (Secure Element), 03 (Cloud Based Payments), 05 (E-commerce Enabler), or 06 (Pseudo Account).
tokenAdditionalData	End of the tokenAdditionalData object.
version	The version number of the token message extension.
emvPaymentToken	End of the emvPaymentToken object.
dafExtension	An AReq extension which indicates that the transaction is to be considered for DAF (Digital Authentication Framework) eligibility.
authPayCredStatus	Enables the communication of Authenticated Payment Credential Status between the VDS and the 3DS Server, and the VDS and the ACS. Values include: Y = Payment account is an Authenticated Payment Credential N = Payment account is not an Authenticated Payment Credential U = Authenticated Payment Credential status unknown, unavailable, or does not apply B = Payment account has been blocked by the issuer I = Payment account is invalid as determined by the issuer Note: This element is not present in the AReq DAF extension between the 3DS Server and the VDS and is not present in the ARes and RReq DAF extension between the ACS and the VDS. Note: A Blocked status is most likely indicative of suspected fraud on the account.An invalid status most likely identifies an account that has been closed by the issuer.
authPayProcessReqInd	Indicates whether the purpose of the transaction is to process as a DAF transaction or to inquire on the Authenticated Payment Credential Status.
dafAdvice	Indicates to the ACS whether the transaction must be approved or whether approval is an issuer decision. Values include: 01 = Must approve, or 02 = Issuer decision.
version	Version number of the message extension. For example, `1.0`.
extensionData	End of the extensionData object.
threeRIInd	Indicates the type of Requestor-Initiated Authentication (3RI) request.
threeDSRequestorPriorAuthenticationInfo	Object containing prior transaction authentication data for 3DS request.
threeDSReqPriorAuthData	Data that documents and supports a specific authentication process.
threeDSReqPriorAuthMethod	Mechanism used by the cardholder to previously authenticate to the 3DS Requestor.
threeDSReqPriorAuthTimestamp	Date and time in UTC of the prior cardholder authentication. Date format = YYYYMMDDHHMM
threeDSReqPriorRef	Data which provides additional information to the ACS to determine the best approach for handling a request.
threeDSRequestorPriorAuthenticationInfo	End of the threeDSRequestorPriorAuthenticationInfo object.