Enriched TabaPay Shield Attributes

Make smarter risk, security, payment, and compliance decisions using enriched data in Create Transaction API.

Enriched TabaPay Shield Attributes is a set of information returned to all TabaPay Clients to help enhance security, payment optimization, risk and compliance decisions, and reduce the incidence of fraud. This data, transmitted as part of the response in Create Transaction API includes various vital attributes that help assess the security and integrity of each transaction. Each data point assists you to make informed decisions, helping promote safer transactions while maintaining compliance with industry standards.

👍

Enriched TabaPay Shield Attributes are automatically available to all TabaPay Clients who are integrated with our TabaPay Unified API

The following attributes are included as part of Risk-Related Object within the API TabaPay to all our clients as part of Create Transaction API response.

  • All networks:
    • Network ID
    • Payment Account Reference (PAR)
    • ECI Response
  • Visa-specific Data:
    • CAVV Results Code (Visa)
    • Authorization Characteristic Indicator (ACI) (Visa)
  • MasterCard-specific Data:
    • UCAF Downgrade Indicator (MasterCard)
    • Merchant Advice Code (MasterCard)

Note: Availability of many of the values depends on the downstream card network. Not all values may be available at all times and are subject to availability at the network.

🎉 Network Identifier (Network ID)

📘

Enabled for everyone. No configuration needed.

If you are a TabaPay client, you are already enabled to receive Network ID in our response to the Create Transaction API.

Definition

A network generated transaction identifier that is unique to every authorization and financial request.

The identifier links original messages to subsequent messages, such as those for exception item processing and clearing records.

Where to find it

Today, all TabaPay Clients receive Network ID in our response to the Create Transaction API.

Benefits and how to use

  • Network ID links all transactions throughout the lifecycle of a transaction, from authorization to disputes to follow up transactions.
  • Visa network recommendation: If a push (Original Credit Transaction OCT) is preceded by a pull (Account Funding Transaction AFT), then the network ID of the AFT is recommended to be passed in the OCT for both domestic and international transactions.
  • Pass the network ID of the original transaction in subsequent Merchant Initiated Transactions (MIT).

🎉 Visa CAVV Results Code

📘

Visa and MasterCard

CAVV Results Code for Visa; UCAF Downgrade Reason Indicator for MasterCard

Definition

When cryptogram type of CAVV - Cardholder Authentication Verification Value is present in TabaPay's Unified API, the CAVV Results Code returned in the response indicates whether the downstream issuing systems were able to successfully verify this cryptogram value.

📘

When is CAVV Cryptogram Present

During Create Transaction API, CAVV Cryptograms are forwarded to Card Networks in the Authorization message.

  • CAVV is present for 3DS-enabled transactions as well as with Apple Pay and Google Pay token payloads.

When the instruction to authorize reaches the issuer, the issuing systems will verify the CAVV Value to ensure that the issuer authenticated the cardholder for the transaction and that its contents have not been altered.

When available from the card networks in the Authorization Response, TabaPay will relay the CAVV Results Code in our API response.

⚠️

CAVV Results Code is a vital input to your Risk Decision

The CAVV Results Code enhances your risk management transaction data. TabaPay encourages our clients to develop a risk strategy that utilizes a layered risk management approach.

CAVV Results Code is suggested to be used in combination with other risk-related data such as verifying addresses, geolocation data, device data, and historical transaction data.

Benefits and how to use

Upon receiving a CAVV Results Code, TabaPay Clients can utilize the table below to understand whether the transaction is protected or not.

The results not only indicate the performance of the current transaction in question, but will help merchants fine tune their risk decisioning upstream for future transactions.

CAVV Results CodeDescriptionWhat does this mean
BlankCAVV not present in authorization
message OR CAVV not verified,
issuer has not selected CAVV verification option
No liability shift; merchant not protected from chargebacks
0CAVV could not be
verified OR CAVV data was not
provided when expected
No liability shift; merchant not protected from chargebacks
1CAVV failed verification –
cardholder authentication
(Usually an indication of potential bad or fraudulent CAVV data in the authorization message; CAVV was created by the Issuer’s ACS)

Liability for this transaction should remain with the Issuer for fraud chargebacks.
2CAVV passed verification –
cardholder authentication
Fully authenticated transaction. Liability shift applied and the merchant is protected from applicable chargebacks.
3CAVV passed verification –
attempted authentication
Attempted authentication; Liability shift applied, and merchant is protected from applicable chargebacks.
4CAVV failed verification –
attempted authentication
Attempted authentication; Liability shift applied, and merchant is protected from applicable chargebacks.
5ReservedNot used/not applicable
6CAVV not verified, issuer not
participating in CAVV verification
Attempted authentication; Liability shift applied, and merchant is protected from applicable chargebacks.
7CAVV failed verification –
attempted authentication
Attempted authentication; Liability shift applied, and merchant is protected from applicable chargebacks.
8CAVV passed verification –
attempted authentication
Attempted authentication; Liability shift applied, and merchant is protected from applicable chargebacks.
9CAVV failed verification –
attempted authentication
Attempted authentication; Liability shift applied, and merchant is protected from applicable chargebacks.
ACAVV passed verification –
attempted authentication
Attempted authentication; Liability shift applied, and merchant is protected from applicable chargebacks.
BCAVV passed verification – no
liability shift
No liability shift; merchant not protected from fraud chargebacks.
CCAVV was not verified (Attempted
Authentication)
Liability shift applied, and merchant is protected from applicable chargebacks.
DCAVV was not verified (Cardholder
Authentication)
Liability shift applied, and merchant is protected from applicable chargebacks.

Scenarios when CAVV Verification Fails

CAVV verification can fail for one of the following reasons

ScenarioDetails
Transaction May Be FraudulentA fraud perpetrator may be trying to submit an authorization transaction with a “made up” CAVV in an attempt to obtain an authorization. Due to the
potential for fraud, issuers are most likely to decline the transaction when CAVV verification fails. This results data, therefore, enhances our client's risk decisioning process.
Processing Error (Rare)When CAVV data is corrupted
Issuer system issuesUnexpected issues at the issuer that prevents them from reading the CAVV cryptogram

🎉 MasterCard UCAF Collection Downgrade Indicator

Definition

A Mastercard Identity Check transaction is downgraded to a non-Identity Check transaction if an Accountholder Authentication Value (AAV) or UCAF is not present or is invalid when providing 3DS payload to TabaPay in the Create Transaction API. The result of this downgrade is provided in the UCAF Collection Downgrade Indicator

ValueDescription
0Missing Universal Cardholder Authentication Field (UCAF)
1Invalid Universal Cardholder Authentication Field (UCAF)
2Invalid Security Level Indicator (SLI). If you receive this code, please let TabaPay know via [email protected]

Where to find it

UCAF Collection Downgrade Indicator is specific to transactions performed using an authenticated MasterCard payment credential.


Benefits and how to use

Upon receiving a UCAF Collection Indicator, TabaPay Clients can utilize the table below to understand whether the transaction is protected or not.

The results not only indicate the performance of the current transaction in question, but will help merchants fine tune their risk decisioning upstream for future transactions.

🎉 Visa Authorization Characteristics Indicator (ACI)

Definition

This value reflects the results of the Visa Custom Payment Service (CPS) evaluation of the transaction by the Visa network upon processing an authorization.

❗️

What is Visa Custom Payment Service (CPS)

The Visa® Custom Payment Service (CPS) program outlines transaction data criteria and processing standards that U.S. merchants must meet to qualify for a CPS program, while at the same time improves risk management techniques. CPS rules vary based on the type of transactions processed.

One of the chief criteria for CPS qualification is including address in the transaction. Have the cardholder’s address validated at the time of transaction, when required. Exceptions are bill payment transactions, Visa corporate card transactions, Visa purchasing card transactions.

Where to find it

ACI is returned only for transactions performed using a Visa payment credential.


Benefits and how to use

👍

Questions?

Check with your TabaPay account representative to find out if your MCC qualifies for CPS/Card Not Present interchange rates.

Feel free to contact your TabaPay account representative if you receive an N or a T.

A value of N means that the transaction does not qualify for CPS and therefore any of the CPS interchange values will not apply.

A value of T means that no CPS program is available for the transaction.

An X means that CPS was disqualified for the transaction

Remember, when performing 3DS on an authorization, liability shift is not applied when the transaction is not CPS qualified.

ACI CodeDescription
ACard Present.
CCard Present with merchant name and location data (cardholder-activated,
self-service terminal).
ECard Present with merchant name and location data.
FCard Not Present—Account Funding.
KCard Present with key-entry
JCard Not Present—Recurring Bill Payment.
NNot a payment service transaction.
PCard Not Present (Preferred Customer participation requested)
RCard Not Present (Address Verification Service not required).
SElectronic Commerce 3-D Secure Attempts
TA CPS Program was not available when authorized
UCard Not Present—3-D Secure Electronic Commerce.
VCard Not Present (Address Verification Service requested).
WCard Not Present—Non-3-D Secure Electronic Commerce
XDisqualified custom payment service transaction (inserted by BASE II)

Payment Account Reference

A Payment Account Reference (PAR) is a unique identifier associated with a specific cardholder PAN and its affiliated tokens. This 29 character identification number can be used in place of sensitive consumer identification fields, and transmitted across the payments ecosystem to facilitate consumer identification.

When available, TabaPay Clients can rely on PAR for all transactions for transactions initiated by tokenized and non-tokenized accounts. By expanding the availability of PAR beyond tokenized PANs to include non-tokenized PANs, acquirers and merchants will be able to manage fraud, risk, customer service, and analytics using the PAR value. Each TabaPay Client must determine if the PAR reduces impact on their Payment Card Industry Data Security Standard (PCI-DSS) compliance programs.

When cardholders conduct transactions with tokens, TabaPay Clients have limited or no access to the cardholder’s PAN. The establishment of a PAR associated to a PAN and all tokens associated with the PAN helps TabaPay Clients to uniquely identify a cardholder account without continued exposure and storage of the PAN. The PAR value is only used for uniquely referencing a PAN and is not used to replace the PAN in payment transaction processing.

Where to Find PAR

PAR will be returned for transactions performed using Visa and MasterCard payment credentials, where the payment credential is either a PAN or a network token.


Benefits and How to Use

You can use PAR with Apple Pay or Google Pay.

📘

Use PAR for PAN-level rules

Challenge: The PAR ties a PAN to all its underlying tokens. If you accept PAN and tokens (Apple Pay or Google Pay or any network token), you will not be able to effectively set card level rules given you do not know the underlying card a token belongs to.

Solution: PAR! If you want to set PAN-based rules, or card level controls (e.g. volume/velocity rules), you can set those rules using PAR, and still be able to know that the same PAN was used even when the transaction was tokenized (Apple Pay, Google Pay, or any network token). The PAR is the same whether the payment credential was a PAN or its network token.

Note: Duplicate card check will not work. It is recommended to create client-side control that checks to see if that PAR exists across other user IDs, and if it does, then block the card from transacting.

Benefits

PAR provides a consolidated view of transactions associated with a PAN and its affiliated tokens, making it easier to identify customers and their associated transactions across payment channels.

  • Futureproof payments: Improve monitoring and tracking of transaction activity across the payment ecosystem.
  • Improve security: Remove sensitive PAN data from multiple systems, eliminating the need to desensitize payment details.
  • Drive operational efficiencies: Assign one PAR for the life of the account to connect all physical and virtual versions of a card.
  • Loyalty Program Engine: Reestablish an effective payment card-linked loyalty program and improve customer recognition.
  • Customer relationship manager plugin: Swiftly identify customers and their associated transactions to improve and personalize customer service.
  • Risk management and fraud: Deliver metrics for fraud systems via a data element or in authorization response messaging.

🎉 Visa ECI Response

Definition

Electronic Commerce Indicator (ECI) Response from the network. This is the value that indicates any downgrade if the transaction does not qualify for liability shift or when the CAVV included in the request was not present or invalid.

Where to Find ECI

ECI Response is available on transactions performed using a Visa payment credential, and where the original request included an ECI value.


How to Use ECI

This value is used in concert with the Visa CAVV Results Codeis used in knowing whether authentication was successful and whether the transaction will fetch liability shift.

📘

ECI in Request vs ECI in Response

The ECI provided in the Create Transaction API Request which is used for transaction processing with the card network is not guaranteed to fetch liability shift.

The ECI coming back in the response is the value that the networks return upon processing the authorization request and is a more reliable way of understanding liability shift.

CodeDescription
05Fully Authenticated Transaction
06Attempted Authentication Transaction
07Non 3-D Secure Transaction

🎉 Merchant Advice Code

Definition

MasterCard's Transaction Processing Excellence (TPE) program offers these Merchant Advice Codes (MACs). They are a set of codes that Mastercard supports to enable issuers to communicate additional information regarding a transaction response. These codes indicate further actions on subsequent transactions that TabaPay Clients should take to continue serving cardholders.

The purpose of these TPE programs is to identify unfavorable transaction processing behavior and drive positive processing behavior change, resulting in a more seamless network experience for all parties involved.

📘

Program Fees

Program fees will be assessed under the MasterCard Transaction Processing Excellence (TPE program) if certain processing behaviors are breached during Authorization.

Benefits and how to use

  • The ability to optimize approval rate performance.
  • Lower operational costs associated with submitting unnecessary authorization requests.
  • Improved management of subscription services.
  • The MACs give merchants that accept non-reloadable prepaid and single-use VCN cards the opportunity to inform their customers using these products for ongoing purchases that a replacement payment source should be added to ensure uninterrupted service.

Where to find MAC

MAC is available on transactions performed using a MasterCard payment credential.

More on MAC

⚠️

MAC 03

A MAC value of 03 is indicates that a transaction should not be resubmitted. It denotes that an account is closed or fraudulent, and that no further approvals will be forthcoming by the issuer.

Per MasterCard, there will be a fee assessed for each authorization request resubmission following a MAC 03 decline within a 30-day period.

📘

MAC 03 or 21

Update processing logic to avoid resubmitting transactions previously declined with a MAC value of 03 or 21.

📘

MAC 40

The use of consumer non-reloadable prepaid products and single-use virtual accounts have been identified as significant contributing factors for lower card-not-present (CNP) transaction approval rates, especially in cases of recurring payments.

Mastercard is enhancing its processing for consumer non-reloadable prepaid products by ensuring a MAC value is present in responses when a non-reloadable prepaid card can be identified.

ValueDescription
01New account information available
02Cannot approve at this time, try again later
03Do not try again
04Token requirements not fulfilled for this token type
05Negotiated value not approved
21Payment Cancellation (Mastercard use only)
22Merchant does not qualify for product code
24Retry after 1 hour (Mastercard use only)
25Retry after 24 hours (Mastercard use only)
26Retry after 2 days (Mastercard use only)
27Retry after 4 days (Mastercard use only)
28Retry after 6 days (Mastercard use only)
29Retry after 8 days (Mastercard use only)
30Retry after 10 days (Mastercard use only)
40Consumer non-reloadable prepaid card
41Consumer single-use virtual card number)

Network Return Code and Merchant Advice Code

TabaPay Clients consuming MACs can apply the following logic to take better decision.

Network Response Code ValueMerchant Advice Code (MAC)Decisioning Logic
79 or 8201updated information was found for TabaPay Account Updater. Check for new information before reattempting.
79 or 8203updated credentials are not found to be available for TabaPay Account Updater. Do not retry.
8301authentication may improve the likelihood of an approval. Retry using authentication (such as EMV® 3DS).
8303suspected fraud. Do not retry.
79, 82, or 8302retry the transaction later.


Questions? Contact Sales or make a post