Visa Secure Data Field Mandate: Required Data Fields


Visa Secure is Visa's EMV 3-D Secure authentication product that facilitates Strong Customer Authentication (SCA) for electronic payments.

Learn more about SCA and EMV 3-D Secure

  Merchants and partners using Trust Payments shopping cart plugins do not need to take any action because these plugins are already configured to provide this data.

  To support the payments ecosystem in realising the full benefits of EMV 3-D Secure authentication, Visa has mandated that merchants update their authentication requests (AReq/THREEDQUERY) messages to include the fields described below by 12 August 2024.

Failure to comply with this mandate may result in authentication failure, downgrades and the loss liability shift protection from Visa.


Visa has provided the following guidance regarding this mandate:

Consistent and high-quality data helps enhance business outcomes for merchants, cardholders and issuers

When merchants leverage authentication through Visa Secure, issuers are trusted to detect fraudulent transactions. Key data elements in every AReq/THREEDQUERY message are critical to supporting an issuer in making accurate risk assessments for successful authentications.

When merchants provide the below referenced fields in their AReq/THREEDQUERY messages, the following benefits can be achieved across the entire EMV 3DS ecosystem globally:

  • Merchants see an authentication success rate lift of +4% and an approval rate lift of +6%. (4,5)
  • Issuers can see a +65% fraud detection rate (FDR) lift. (6)

Visa Secure is designed to provide a frictionless experience for Visa cardholders. Enhanced data quality may deliver more seamless experiences, increased security confidence and fewer false declines to cardholders.

  • Cardholders receive a better experience through a +57% frictionless rate lift. (5)

(4) The dataset for these calculations contains 95% of Visa Secure global transactions that occurred during the months of February–March 2022. The uplift figures were generated by merchants based on the rate at which they populate the priority data elements and averaging their product performance. For more information, please refer to the global business cases in the Global—Better Data Best Practices Guide for Visa Secure, available in the Merchant Resources section of the Visa Secure Services Library.
(5) Based on merchants that populate more than 50% of the priority data elements.
(6) The dataset for this analysis contains Visa global transactions that were reported as fraud during the month of August 2021. The FDR performance uplift was calculated by comparing the performance of a Visa fraud detection model in the scenario when priority data elements were present versus when they were replaced by null or default values used in the risk-based authentication (RBA) model.


Required fields

Please ensure your system is updated to adhere to the following field specification:

  Merchants and partners that use external payment gateways and 3DS providers must contact their chosen payment gateways and 3DS providers to confirm how to ensure this data is provided.

Trust Payments
Field name
Field name
Requirement Status Description
XPath: /billing/name/first
Cardholder Name Required (Browser / In-App) The customer’s billing first name.
XPath: /billing/name/last
Cardholder Name Required (Browser / In-App) The customer’s billing last name.
XPath: /billing/email
Cardholder Email Address Conditional (Browser / In-App)

The customer’s billing email address.

Maximum length of 255 (maximum of 64 characters before the ”@” symbol).

Required when billingtelephone is not submitted.

XPath: /billing/telephone
Cardholder Phone Number Conditional (Browser / In-App)

The customer’s telephone number. Valid characters:

  • Numbers 0-9
  • Spaces
  • Special characters: + – ( )

Required when billingemail is not submitted.

XPath: /customer/ip
Browser IP Address Required (Browser)

Payment Pages & JS Library: Trust Payments collects and provides this data.

3DS API: Must be collected and provided by merchant or partner.

XPath: /customer/browserscreenheight
Browser Screen Height Required (Browser)

Payment Pages & JS Library: Trust Payments collects and provides this data.

3DS API: Must be collected and provided by merchant or partner.

XPath: /customer/browserscreenwidth
Browser Screen Width Required (Browser)

Payment Pages & JS Library: Trust Payments collects and provides this data.

3DS API: Must be collected and provided by merchant or partner.

N/A Device IP Address Required (In-App)

Common Device Identification Parameters

Mobile SDK: Trust Payments collects and provides this data

XPath: /billing/street
N/A Recommended The street entered for the customer’s billing address.
XPath: /billing/town
N/A Recommended The town entered for the customer’s billing address.
XPath: /billing/county
N/A Recommended

The county entered for the customer’s billing address. For US addresses, the state would be entered in this field. Valid formats:

  • Preferred: Two character state code, e.g. “NY”.
  • Full state name, e.g. “New York”.
XPath: /billing/postcode
N/A Recommended The billing postcode or ZIP code. This must be a valid postcode/ZIP code for the billingcountryiso2a submitted.
XPath: /billing/country
N/A Recommended

The country for the customer’s billing address. This will need to be in ISO2A format.

Click here for a full list of country codes.

We have updated the field specifications on the below links to reflect this new requirement:

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request