Risk-Related Data
Mitigate risks to your platform and users.
Want Risk-Related Data?
Interested in receiving the additional data attributes from TabaPay? Please reach out to your TabaPay account representative or write to [email protected]
Note: Network ID is returned back for all TabaPay clients and no special enablement is required to receive it.
The following attributes are included as part of Risk-Related Data from TabaPay to our clients who are enabled to receive it. When enabled, the following attributes will be sent to the TabaPay Client as part of Create Transaction API response.
- All networks:
- Network ID
- Payment Account Reference (PAR) (Coming Soon)
- ECI Response
- Visa-specific Data:
- CAVV Results Code (Visa)
- Authorization Characteristic Indicator (ACI) (Visa)
- MasterCard-specific Data:
- UCAF Downgrade (MasterCard)
- UCAF Response (MasterCard)
- Merchant Advice Code (MasterCard)
Availability depends on network
Not all values may be available at all times and are subject to availability at the network.
Network Identification Code (Network ID)
Enabled for everyone. No configuration needed.
If you are a TabaPay client, you are already enabled to receive Network ID in our response to the Create Transaction API.
A network generated transaction identifier that is unique to every authorization and financial request.
The identifier links original messages to subsequent messages, such as those for exception item processing and clearing records.
Today, all TabaPay Clients receive Network ID in our response to the Create Transaction API.
CAVV Results Code (Visa) & UCAF (MasterCard)
Visa and MasterCard
CAVV Results Code for Visa; UCAF Downgrade Reason for MasterCard
When cryptogram type of CAVV - Cardholder Authentication Verification Value is present in TabaPay's Unified API, the CAVV Results Code returned in the response indicates whether the downstream issuing systems were able to successfully verify this cryptogram value.
When is CAVV Cryptogram Present
During Create Transaction API, CAVV Cryptograms are forwarded to Card Networks in the Authorization message.
- CAVV is present for 3DS-enabled transactions as well as with Apple Pay and Google Pay token payloads.
When the instruction to authorize reaches the issuer, the issuing systems will verify the CAVV Value to ensure that the issuer authenticated the cardholder for the transaction and that its contents have not been altered.
When available from the card networks in the Authorization Response, TabaPay will relay the CAVV Results Code in our API response.
CAVV Results Code is a vital input to your Risk Decision
The CAVV Results Code enhances your risk management transaction data. TabaPay encourages our clients to develop a risk strategy that utilizes a layered risk management approach.
CAVV Results Code is suggested to be used in combination with other risk-related data such as verifying addresses, geolocation data, device data, and historical transaction data.
Visa - CAVV Results Codes
| CAVV Results Code | Description | What does this mean |
|---|---|---|
| Blank | CAVV not present in authorization message OR CAVV not verified, issuer has not selected CAVV verification option | No liability shift; merchant not protected from chargebacks |
| 0 | CAVV could not be verified OR CAVV data was not provided when expected | No liability shift; merchant not protected from chargebacks |
| 1 | CAVV failed verification – cardholder authentication | (Usually an indication of potential bad or fraudulent CAVV data in the authorization message; CAVV was created by the Issuer’s ACS) Liability for this transaction should remain with the Issuer for fraud chargebacks. |
| 2 | CAVV passed verification – cardholder authentication | Fully authenticated transaction. Liability shift applied and the merchant is protected from applicable chargebacks. |
| 3 | CAVV passed verification – attempted authentication | Attempted authentication; Liability shift applied, and merchant is protected from applicable chargebacks. |
| 4 | CAVV failed verification – attempted authentication | Attempted authentication; Liability shift applied, and merchant is protected from applicable chargebacks. |
| 5 | Reserved | Not used/not applicable |
| 6 | CAVV not verified, issuer not participating in CAVV verification | Attempted authentication; Liability shift applied, and merchant is protected from applicable chargebacks. |
| 7 | CAVV failed verification – attempted authentication | Attempted authentication; Liability shift applied, and merchant is protected from applicable chargebacks. |
| 8 | CAVV passed verification – attempted authentication | Attempted authentication; Liability shift applied, and merchant is protected from applicable chargebacks. |
| 9 | CAVV failed verification – attempted authentication | Attempted authentication; Liability shift applied, and merchant is protected from applicable chargebacks. |
| A | CAVV passed verification – attempted authentication | Attempted authentication; Liability shift applied, and merchant is protected from applicable chargebacks. |
| B | CAVV passed verification – no liability shift | No liability shift; merchant not protected from fraud chargebacks. |
| C | CAVV was not verified (Attempted Authentication) | Liability shift applied, and merchant is protected from applicable chargebacks. |
| D | CAVV was not verified (Cardholder Authentication) | Liability shift applied, and merchant is protected from applicable chargebacks. |
Scenarios when CAVV Verification Fails
CAVV verification can fail for one of the following reasons
| Scenario | Details |
|---|---|
| Transaction May Be Fraudulent | A fraud perpetrator may be trying to submit an authorization transaction with a “made up” CAVV in an attempt to obtain an authorization. Due to the potential for fraud, issuers are most likely to decline the transaction when CAVV verification fails. This results data, therefore, enhances our client's risk decisioning process. |
| Processing Error (Rare) | When CAVV data is corrupted |
| Issuer system issues | Unexpected issues at the issuer that prevents them from reading the CAVV cryptogram |
MasterCard - UCAF Collection Indicator Downgrade
A Mastercard Identity Check transaction is downgraded to a non-Identity Check transaction if an Accountholder Authentication Value (AAV) is not present or is invalid.
The possible values are:
0 - Missing Universal Cardholder Authentication Field (UCAF)
1 - Invalid Universal Cardholder Authentication Field (UCAF)
2 - Invalid Security Level Indicator (SLI)
Visa Authorization Characteristics Indicator (ACI)
This value reflects the results of the Visa Custom Payment Service (CPS) evaluation of the transaction.
A value of N means that the transaction does not qualify for CPS and therefore any of the CPS interchange values will not apply.
A value of T means that no CPS program is available for the transaction.
What is Visa Custom Payment Service (CPS)
The Visa® Custom Payment Service (CPS) program outlines transaction data criteria and processing standards that U.S. merchants must meet to qualify for a CPS program, while at the same time improves risk management techniques. CPS rules vary based on the type of transactions processed.
One of the chief criteria for CPS qualification is including address in the transaction. Have the cardholder’s address validated at the time of transaction, when required. Exceptions are bill payment transactions, Visa corporate card transactions, Visa purchasing card transactions.
Check with your TabaPay account representative to find out if your MCC qualifies for CPS/Card Not Present interchange rates.
Payment Account Reference
A Payment Account Reference (PAR) is a unique identifier associated with a specific cardholder PAN and its affiliated tokens. This 29 character identification number can be used in place of sensitive consumer identification fields, and
transmitted across the payments ecosystem to facilitate consumer identification.
When available, TabaPay Clients can rely on PAR for all transactions for transactions initiated by tokenized and non-tokenized accounts. By expanding the availability of PAR beyond tokenized PANs to include non-tokenized PANs, acquirers and merchants will be able to manage fraud, risk, customer service, and analytics using the PAR value. Each TabaPay Client must determine if the PAR reduces impact on their Payment Card Industry Data Security Standard (PCI DSS) compliance programs.
When cardholders conduct transactions with tokens, TabaPay Clients have limited or no access to the cardholder’s PAN. The establishment of a PAR associated to a PAN and all tokens associated with the PAN helps TabaPay Clients to uniquely identify a cardholder account without continued exposure and storage of the PAN. The PAR value is only used for uniquely referencing a PAN and is not used to replace the PAN in payment transaction processing.
Benefits
PAR provides a consolidated view of transactions associated with a PAN and its affiliated tokens, making it easier to identify customers and their associated transactions across payment channels.
- Futureproof payments: Improve monitoring and tracking of transaction activity across the payment ecosystem.
- Improve security: Remove sensitive PAN data from multiple systems, eliminating the need to desensitize payment details.
- Drive operational efficiencies: Assign one PAR for the life of the account to connect all physical and virtual versions of a card.
- Loyalty Program Engine: Reestablish an effective payment card-linked loyalty program and improve customer recognition.
- Customer relationship manager plugin: Swiftly identify customers and their associated transactions to improve and personalize customer service.
- Risk management and fraud: Deliver metrics for fraud systems via a data element or in authorization response messaging.
ECI Response
Electronic Commerce Indicator (ECI) Response from the network. This is the value that indicates any downgrade if the transaction does not qualify for liability shift or when the CAVV included in the request was not present or invalid.
Visa - ECI Response
- 05 - Fully Authenticated Transaction
- 06 - Attempted Authentication Transaction
- 07 - Non 3-D Secure Transaction
Merchant Advice Code
TabaPay will be sending MasterCard Merchant Advice Code (MACs) to those TabaPay Clients that are enabled to receive them.
MasterCard's Transaction Processing Excellence (TPE) program offers these Merchant Advice Codes (MACs). They are a set of codes that Mastercard supports to enable issuers to communicate additional information regarding a transaction response. These codes indicate further actions on subsequent transactions that TabaPay Clients should take to continue serving cardholders.
The purpose of these TPE programs is to identify unfavorable transaction processing behavior and drive positive processing behavior change, resulting in a more seamless network experience for all parties involved.
Benefits
- The ability to optimize approval rate performance.
- Lower operational costs associated with submitting unnecessary authorization requests
- Improved management of subscription services.
- The MACs give merchants that accept non-reloadable prepaid and single-use VCN cards the opportunity to inform their customers using these products for ongoing purchases that a replacement payment source should be added to ensure uninterrupted service.
Program Fees
Program fees will be assessed under the MasterCard Transaction Processing Excellence (TPE program) if certain processing behaviors are breached during Authorization.
MAC 03
A MAC value of 03 is indicates that a transaction should not be resubmitted. It denotes that an account is closed or fraudulent, and that no further approvals will be forthcoming by the issuer.
Per MasterCard, there will be a fee assessed for each authorization request resubmission following a MAC 03 decline within a 30-day period.
MAC 03 or 21
Update processing logic to avoid resubmitting transactions previously declined with a MAC value of 03 or 21.
MAC 40
The use of consumer non-reloadable prepaid products and single-use virtual accounts have been identified as significant contributing factors for lower card-not-present (CNP) transaction approval rates, especially in cases of recurring payments.
Mastercard is enhancing its processing for consumer non-reloadable prepaid products by ensuring a MAC value is present in responses when a non-reloadable prepaid card can be identified.
| Value | Description |
|---|---|
| 01 | New account information available |
| 02 | Cannot approve at this time, try again later |
| 03 | Do not try again |
| 04 | Token requirements not fulfilled for this token type |
| 05 | Negotiated value not approved |
| 21 | Payment Cancellation (Mastercard use only) |
| 22 | Merchant does not qualify for product code |
| 24 | Retry after 1 hour (Mastercard use only) |
| 25 | Retry after 24 hours (Mastercard use only) |
| 26 | Retry after 2 days (Mastercard use only) |
| 27 | Retry after 4 days (Mastercard use only) |
| 28 | Retry after 6 days (Mastercard use only) |
| 29 | Retry after 8 days (Mastercard use only) |
| 30 | Retry after 10 days (Mastercard use only) |
| 40 | Consumer non-reloadable prepaid card |
| 41 | Consumer single-use virtual card number) |
Network Return Code and Merchant Advice Code
TabaPay Clients consuming MACs can apply the following logic to take better decision.
| Network Response Code Value | Merchant Advice Code (MAC) | Decisioning Logic |
|---|---|---|
| 79 or 82 | 01 | updated information was found for TabaPay Account Updater. Check for new information before reattempting. |
| 79 or 82 | 03 | updated credentials are not found to be available for TabaPay Account Updater. Do not retry. |
| 83 | 01 | authentication may improve the likelihood of an approval. Retry using authentication (such as EMV® 3DS). |
| 83 | 03 | suspected fraud. Do not retry. |
| 79, 82, or 83 | 02 | retry the transaction later. |
Updated 2 months ago