Visa Secure is Visa's EMV 3-D Secure authentication product that facilitates Strong Customer Authentication (SCA) for electronic payments.
Merchants and partners using Trust Payments shopping cart plugins do not need to take any action because these plugins are already configured to provide this data.
To support the payments ecosystem in realising the full benefits of EMV 3-D Secure authentication, Visa has mandated that merchants update their authentication requests (AReq/THREEDQUERY) messages to include the fields described below by 12 August 2024.
Failure to comply with this mandate may result in authentication failure, downgrades and the loss liability shift protection from Visa.
Visa has provided the following guidance regarding this mandate:
Consistent and high-quality data helps enhance business outcomes for merchants, cardholders and issuers
When merchants leverage authentication through Visa Secure, issuers are trusted to detect fraudulent transactions. Key data elements in every AReq/THREEDQUERY message are critical to supporting an issuer in making accurate risk assessments for successful authentications.
When merchants provide the below referenced fields in their AReq/THREEDQUERY messages, the following benefits can be achieved across the entire EMV 3DS ecosystem globally:
- Merchants see an authentication success rate lift of +4% and an approval rate lift of +6%. (4,5)
- Issuers can see a +65% fraud detection rate (FDR) lift. (6)
Visa Secure is designed to provide a frictionless experience for Visa cardholders. Enhanced data quality may deliver more seamless experiences, increased security confidence and fewer false declines to cardholders.
- Cardholders receive a better experience through a +57% frictionless rate lift. (5)
(4) The dataset for these calculations contains 95% of Visa Secure global transactions that occurred during the months of February–March 2022. The uplift figures were generated by merchants based on the rate at which they populate the priority data elements and averaging their product performance. For more information, please refer to the global business cases in the Global—Better Data Best Practices Guide for Visa Secure, available in the Merchant Resources section of the Visa Secure Services Library.
(5) Based on merchants that populate more than 50% of the priority data elements.
(6) The dataset for this analysis contains Visa global transactions that were reported as fraud during the month of August 2021. The FDR performance uplift was calculated by comparing the performance of a Visa fraud detection model in the scenario when priority data elements were present versus when they were replaced by null or default values used in the risk-based authentication (RBA) model.
Required fields
Please ensure your system is updated to adhere to the following field specification:
Merchants and partners that use external payment gateways and 3DS providers must contact their chosen payment gateways and 3DS providers to confirm how to ensure this data is provided.
|
Trust Payments THREEDQUERY Field name |
Visa AReq Field name |
Requirement Status | Description |
| billingfirstname XPath: /billing/name/first |
Cardholder Name | Required (Browser / In-App) | The customer’s billing first name. |
| billinglastname XPath: /billing/name/last |
Cardholder Name | Required (Browser / In-App) | The customer’s billing last name. |
| billingemail XPath: /billing/email |
Cardholder Email Address | Conditional (Browser / In-App) |
The customer’s billing email address. Maximum length of 255 (maximum of 64 characters before the ”@” symbol). Required when billingtelephone is not submitted. |
| billingtelephone XPath: /billing/telephone |
Cardholder Phone Number | Conditional (Browser / In-App) |
The customer’s telephone number. Valid characters:
Required when billingemail is not submitted. |
| customerip XPath: /customer/ip |
Browser IP Address | Required (Browser) |
Payment Pages & JS Library: Trust Payments collects and provides this data. 3DS API: Must be collected and provided by merchant or partner. |
| N/A | Device IP Address | Required (In-App) |
Common Device Identification Parameters Mobile SDK: Trust Payments collects and provides this data |
| browserscreenheight XPath: /customer/browserscreenheight |
Browser Screen Height | Recommended (Browser) |
Payment Pages & JS Library: Trust Payments collects and provides this data. 3DS API: Must be collected and provided by merchant or partner. |
| browserscreenwidth XPath: /customer/browserscreenwidth |
Browser Screen Width | Recommended (Browser) |
Payment Pages & JS Library: Trust Payments collects and provides this data. 3DS API: Must be collected and provided by merchant or partner. |
| billingpremise XPath: /billing/premise |
N/A | Recommended | The first line of the customer's billing address. |
| billingstreet XPath: /billing/street |
N/A | Recommended | The second line of the customer's billing address. |
| billingtown XPath: /billing/town |
N/A | Recommended | The town entered for the customer’s billing address. |
| billingcounty XPath: /billing/county |
N/A | Recommended |
The county entered for the customer’s billing address. For US addresses, the state would be entered in this field. Valid formats:
|
| billingpostcode XPath: /billing/postcode |
N/A | Recommended | The billing postcode or ZIP code. This must be a valid postcode/ZIP code for the billingcountryiso2a submitted. |
| billingcountryiso2a XPath: /billing/country |
N/A | Recommended |
The country for the customer’s billing address. This will need to be in ISO2A format. |
We have updated the field specifications on the below links to reflect this new requirement:
