Enriched TabaPay Shield Attributes
Make smarter risk, security, payment, and compliance decisions using enriched data in Create Transaction API.
Enriched TabaPay Shield Attributes is a set of information returned to all TabaPay Clients to help enhance security, payment optimization, risk and compliance decisions, and reduce the incidence of fraud. This data, transmitted as part of the response in Create Transaction API includes various vital attributes that help assess the security and integrity of each transaction. Each data point assists you to make informed decisions, helping promote safer transactions while maintaining compliance with industry standards.
Enriched TabaPay Shield Attributes are automatically available to all TabaPay Clients who are integrated with our TabaPay Unified API
The following attributes are included as part of Risk-Related Object within the API TabaPay to all our clients as part of Create Transaction API response.
- All networks:
- Network ID
- Payment Account Reference (PAR)
- ECI Response
- Visa-specific Data:
- CAVV Results Code (Visa)
- Authorization Characteristic Indicator (ACI) (Visa)
- MasterCard-specific Data:
- UCAF Downgrade Indicator (MasterCard)
- Merchant Advice Code (MasterCard)
Note: Availability of many of the values depends on the downstream card network. Not all values may be available at all times and are subject to availability at the network.
Network Identifier (Network ID)
Enabled for everyone. No configuration needed.
If you are a TabaPay client, you are already enabled to receive Network ID in our response to the Create Transaction API.
Definition
A network generated transaction identifier that is unique to every authorization and financial request.
The identifier links original messages to subsequent messages, such as those for exception item processing and clearing records.
Where to find it
Today, all TabaPay Clients receive Network ID in our response to the Create Transaction API.
Benefits and how to use
- Network ID links all transactions throughout the lifecycle of a transaction, from authorization to disputes to follow up transactions.
- Visa network recommendation: If a push (Original Credit Transaction OCT) is preceded by a pull (Account Funding Transaction AFT), then the network ID of the AFT is recommended to be passed in the OCT for both domestic and international transactions.
- Pass the network ID of the original transaction in subsequent Merchant Initiated Transactions (MIT).
Visa CAVV Results Code
Visa and MasterCard
CAVV Results Code for Visa; UCAF Downgrade Reason Indicator for MasterCard
Definition
When cryptogram type of CAVV - Cardholder Authentication Verification Value is present in TabaPay's Unified API, the CAVV Results Code returned in the response indicates whether the downstream issuing systems were able to successfully verify this cryptogram value.
When is CAVV Cryptogram Present
During Create Transaction API, CAVV Cryptograms are forwarded to Card Networks in the Authorization message.
- CAVV is present for 3DS-enabled transactions as well as with Apple Pay and Google Pay token payloads.
When the instruction to authorize reaches the issuer, the issuing systems will verify the CAVV Value to ensure that the issuer authenticated the cardholder for the transaction and that its contents have not been altered.
When available from the card networks in the Authorization Response, TabaPay will relay the CAVV Results Code in our API response.
CAVV Results Code is a vital input to your Risk Decision
The CAVV Results Code enhances your risk management transaction data. TabaPay encourages our clients to develop a risk strategy that utilizes a layered risk management approach.
CAVV Results Code is suggested to be used in combination with other risk-related data such as verifying addresses, geolocation data, device data, and historical transaction data.
Benefits and how to use
Upon receiving a CAVV Results Code, TabaPay Clients can utilize the table below to understand whether the transaction is protected or not.
The results not only indicate the performance of the current transaction in question, but will help merchants fine tune their risk decisioning upstream for future transactions.
| CAVV Results Code | Description | What does this mean |
|---|---|---|
| Blank | CAVV not present in authorization message OR CAVV not verified, issuer has not selected CAVV verification option | No liability shift; merchant not protected from chargebacks |
| 0 | CAVV could not be verified OR CAVV data was not provided when expected | No liability shift; merchant not protected from chargebacks |
| 1 | CAVV failed verification – cardholder authentication | (Usually an indication of potential bad or fraudulent CAVV data in the authorization message; CAVV was created by the Issuer’s ACS) Liability for this transaction should remain with the Issuer for fraud chargebacks. |
| 2 | CAVV passed verification – cardholder authentication | Fully authenticated transaction. Liability shift applied and the merchant is protected from applicable chargebacks. |
| 3 | CAVV passed verification – attempted authentication | Attempted authentication; Liability shift applied, and merchant is protected from applicable chargebacks. |
| 4 | CAVV failed verification – attempted authentication | Attempted authentication; Liability shift applied, and merchant is protected from applicable chargebacks. |
| 5 | Reserved | Not used/not applicable |
| 6 | CAVV not verified, issuer not participating in CAVV verification | Attempted authentication; Liability shift applied, and merchant is protected from applicable chargebacks. |
| 7 | CAVV failed verification – attempted authentication | Attempted authentication; Liability shift applied, and merchant is protected from applicable chargebacks. |
| 8 | CAVV passed verification – attempted authentication | Attempted authentication; Liability shift applied, and merchant is protected from applicable chargebacks. |
| 9 | CAVV failed verification – attempted authentication | Attempted authentication; Liability shift applied, and merchant is protected from applicable chargebacks. |
| A | CAVV passed verification – attempted authentication | Attempted authentication; Liability shift applied, and merchant is protected from applicable chargebacks. |
| B | CAVV passed verification – no liability shift | No liability shift; merchant not protected from fraud chargebacks. |
| C | CAVV was not verified (Attempted Authentication) | Liability shift applied, and merchant is protected from applicable chargebacks. |
| D | CAVV was not verified (Cardholder Authentication) | Liability shift applied, and merchant is protected from applicable chargebacks. |
Scenarios when CAVV Verification Fails
CAVV verification can fail for one of the following reasons
| Scenario | Details |
|---|---|
| Transaction May Be Fraudulent | A fraud perpetrator may be trying to submit an authorization transaction with a “made up” CAVV in an attempt to obtain an authorization. Due to the potential for fraud, issuers are most likely to decline the transaction when CAVV verification fails. This results data, therefore, enhances our client's risk decisioning process. |
| Processing Error (Rare) | When CAVV data is corrupted |
| Issuer system issues | Unexpected issues at the issuer that prevents them from reading the CAVV cryptogram |
MasterCard UCAF Collection Downgrade Indicator
Definition
A Mastercard Identity Check transaction is downgraded to a non-Identity Check transaction if an Accountholder Authentication Value (AAV) or UCAF is not present or is invalid when providing 3DS payload to TabaPay in the Create Transaction API. The result of this downgrade is provided in the UCAF Collection Downgrade Indicator
| Value | Description |
|---|---|
| 0 | Missing Universal Cardholder Authentication Field (UCAF) |
| 1 | Invalid Universal Cardholder Authentication Field (UCAF) |
| 2 | Invalid Security Level Indicator (SLI). If you receive this code, please let TabaPay know via [email protected] |
Where to find it
UCAF Collection Downgrade Indicator is specific to transactions performed using an authenticated MasterCard payment credential.
Benefits and how to use
Upon receiving a UCAF Collection Indicator, TabaPay Clients can utilize the table below to understand whether the transaction is protected or not.
The results not only indicate the performance of the current transaction in question, but will help merchants fine tune their risk decisioning upstream for future transactions.
Visa Authorization Characteristics Indicator (ACI)
Definition
This value reflects the results of the Visa Custom Payment Service (CPS) evaluation of the transaction by the Visa network upon processing an authorization.
What is Visa Custom Payment Service (CPS)
The Visa® Custom Payment Service (CPS) program outlines transaction data criteria and processing standards that U.S. merchants must meet to qualify for a CPS program, while at the same time improves risk management techniques. CPS rules vary based on the type of transactions processed.
One of the chief criteria for CPS qualification is including address in the transaction. Have the cardholder’s address validated at the time of transaction, when required. Exceptions are bill payment transactions, Visa corporate card transactions, Visa purchasing card transactions.
Where to find it
ACI is returned only for transactions performed using a Visa payment credential.
Benefits and how to use
Questions?
Check with your TabaPay account representative to find out if your MCC qualifies for CPS/Card Not Present interchange rates.
Feel free to contact your TabaPay account representative if you receive an N or a T.
A value of N means that the transaction does not qualify for CPS and therefore any of the CPS interchange values will not apply.
A value of T means that no CPS program is available for the transaction.
An X means that CPS was disqualified for the transaction
| ACI Code | Description |
|---|---|
| A | Card Present. |
| C | Card Present with merchant name and location data (cardholder-activated, self-service terminal). |
| E | Card Present with merchant name and location data. |
| F | Card Not Present—Account Funding. |
| K | Card Present with key-entry |
| J | Card Not Present—Recurring Bill Payment. |
| N | Not a payment service transaction. |
| P | Card Not Present (Preferred Customer participation requested) |
| R | Card Not Present (Address Verification Service not required). |
| S | Electronic Commerce 3-D Secure Attempts |
| T | A CPS Program was not available when authorized |
| U | Card Not Present—3-D Secure Electronic Commerce. |
| V | Card Not Present (Address Verification Service requested). |
| W | Card Not Present—Non-3-D Secure Electronic Commerce |
| X | Disqualified custom payment service transaction (inserted by BASE II) |
Payment Account Reference
A Payment Account Reference (PAR) is a unique identifier associated with a specific cardholder PAN and its affiliated tokens. This 29 character identification number can be used in place of sensitive consumer identification fields, and transmitted across the payments ecosystem to facilitate consumer identification.
When available, TabaPay Clients can rely on PAR for all transactions for transactions initiated by tokenized and non-tokenized accounts. By expanding the availability of PAR beyond tokenized PANs to include non-tokenized PANs, acquirers and merchants will be able to manage fraud, risk, customer service, and analytics using the PAR value. Each TabaPay Client must determine if the PAR reduces impact on their Payment Card Industry Data Security Standard (PCI-DSS) compliance programs.
When cardholders conduct transactions with tokens, TabaPay Clients have limited or no access to the cardholder’s PAN. The establishment of a PAR associated to a PAN and all tokens associated with the PAN helps TabaPay Clients to uniquely identify a cardholder account without continued exposure and storage of the PAN. The PAR value is only used for uniquely referencing a PAN and is not used to replace the PAN in payment transaction processing.
Where to Find PAR
PAR will be returned for transactions performed using Visa and MasterCard payment credentials, where the payment credential is either a PAN or a network token.
Benefits and How to Use
You can use PAR with Apple Pay or Google Pay.
Use PAR for PAN-level rules
Challenge: The PAR ties a PAN to all its underlying tokens. If you accept PAN and tokens (Apple Pay or Google Pay or any network token), you will not be able to effectively set card level rules given you do not know the underlying card a token belongs to.
Solution: PAR! If you want to set PAN-based rules, or card level controls (e.g. volume/velocity rules), you can set those rules using PAR, and still be able to know that the same PAN was used even when the transaction was tokenized (Apple Pay, Google Pay, or any network token). The PAR is the same whether the payment credential was a PAN or its network token.
Note: Duplicate card check will not work. It is recommended to create client-side control that checks to see if that PAR exists across other user IDs, and if it does, then block the card from transacting.
Benefits
PAR provides a consolidated view of transactions associated with a PAN and its affiliated tokens, making it easier to identify customers and their associated transactions across payment channels.
- Futureproof payments: Improve monitoring and tracking of transaction activity across the payment ecosystem.
- Improve security: Remove sensitive PAN data from multiple systems, eliminating the need to desensitize payment details.
- Drive operational efficiencies: Assign one PAR for the life of the account to connect all physical and virtual versions of a card.
- Loyalty Program Engine: Reestablish an effective payment card-linked loyalty program and improve customer recognition.
- Customer relationship manager plugin: Swiftly identify customers and their associated transactions to improve and personalize customer service.
- Risk management and fraud: Deliver metrics for fraud systems via a data element or in authorization response messaging.
Visa ECI Response
Definition
Electronic Commerce Indicator (ECI) Response from the network. This is the value that indicates any downgrade if the transaction does not qualify for liability shift or when the CAVV included in the request was not present or invalid.
Where to Find ECI
ECI Response is available on transactions performed using a Visa payment credential, and where the original request included an ECI value.
How to Use ECI
This value is used in concert with the Visa CAVV Results Codeis used in knowing whether authentication was successful and whether the transaction will fetch liability shift.
ECI in Request vs ECI in Response
The ECI provided in the Create Transaction API Request which is used for transaction processing with the card network is not guaranteed to fetch liability shift.
The ECI coming back in the response is the value that the networks return upon processing the authorization request and is a more reliable way of understanding liability shift.
| Code | Description |
|---|---|
| 05 | Fully Authenticated Transaction |
| 06 | Attempted Authentication Transaction |
| 07 | Non 3-D Secure Transaction |
Merchant Advice Code
Definition
MasterCard's Transaction Processing Excellence (TPE) program offers these Merchant Advice Codes (MACs). They are a set of codes that Mastercard supports to enable issuers to communicate additional information regarding a transaction response. These codes indicate further actions on subsequent transactions that TabaPay Clients should take to continue serving cardholders.
The purpose of these TPE programs is to identify unfavorable transaction processing behavior and drive positive processing behavior change, resulting in a more seamless network experience for all parties involved.
Program Fees
Program fees will be assessed under the MasterCard Transaction Processing Excellence (TPE program) if certain processing behaviors are breached during Authorization.
Benefits and how to use
- The ability to optimize approval rate performance.
- Lower operational costs associated with submitting unnecessary authorization requests.
- Improved management of subscription services.
- The MACs give merchants that accept non-reloadable prepaid and single-use VCN cards the opportunity to inform their customers using these products for ongoing purchases that a replacement payment source should be added to ensure uninterrupted service.
MAC 03
A MAC value of 03 is indicates that a transaction should not be resubmitted. It denotes that an account is closed or fraudulent, and that no further approvals will be forthcoming by the issuer.
Per MasterCard, there will be a fee assessed for each authorization request resubmission following a MAC 03 decline within a 30-day period.
MAC 03 or 21
Update processing logic to avoid resubmitting transactions previously declined with a MAC value of 03 or 21.
MAC 40
The use of consumer non-reloadable prepaid products and single-use virtual accounts have been identified as significant contributing factors for lower card-not-present (CNP) transaction approval rates, especially in cases of recurring payments.
Mastercard is enhancing its processing for consumer non-reloadable prepaid products by ensuring a MAC value is present in responses when a non-reloadable prepaid card can be identified.
| Value | Description |
|---|---|
| 01 | New account information available |
| 02 | Cannot approve at this time, try again later |
| 03 | Do not try again |
| 04 | Token requirements not fulfilled for this token type |
| 05 | Negotiated value not approved |
| 21 | Payment Cancellation (Mastercard use only) |
| 22 | Merchant does not qualify for product code |
| 24 | Retry after 1 hour (Mastercard use only) |
| 25 | Retry after 24 hours (Mastercard use only) |
| 26 | Retry after 2 days (Mastercard use only) |
| 27 | Retry after 4 days (Mastercard use only) |
| 28 | Retry after 6 days (Mastercard use only) |
| 29 | Retry after 8 days (Mastercard use only) |
| 30 | Retry after 10 days (Mastercard use only) |
| 40 | Consumer non-reloadable prepaid card |
| 41 | Consumer single-use virtual card number) |
Network Return Code and Merchant Advice Code
TabaPay Clients consuming MACs can apply the following logic to take better decision.
| Network Response Code Value | Merchant Advice Code (MAC) | Decisioning Logic |
|---|---|---|
| 79 or 82 | 01 | updated information was found for TabaPay Account Updater. Check for new information before reattempting. |
| 79 or 82 | 03 | updated credentials are not found to be available for TabaPay Account Updater. Do not retry. |
| 83 | 01 | authentication may improve the likelihood of an approval. Retry using authentication (such as EMV® 3DS). |
| 83 | 03 | suspected fraud. Do not retry. |
| 79, 82, or 83 | 02 | retry the transaction later. |
Updated 2 minutes ago