Risk-Related Data

Mitigate risks to your platform and users.

🚧

Want Risk-Related Data?

Interested in receiving the additional data attributes from TabaPay? Please reach out to your TabaPay account representative or write to [email protected]

Note: Network ID is returned back for all TabaPay clients and no special enablement is required to receive it.

The following attributes are included as part of Risk-Related Data from TabaPay to our clients who are enabled to receive it. When enabled, the following attributes will be sent to the TabaPay Client as part of Create Transaction API response.

  • All networks:
    • Network ID
    • Payment Account Reference (PAR) (Coming Soon)
    • ECI Response
  • Visa-specific Data:
    • CAVV Results Code (Visa)
    • Authorization Characteristic Indicator (ACI) (Visa)
  • MasterCard-specific Data:
    • UCAF Downgrade (MasterCard)
    • UCAF Response (MasterCard)
    • Merchant Advice Code (MasterCard)

🚧

Availability depends on network

Not all values may be available at all times and are subject to availability at the network.

Network Identification Code (Network ID)

📘

Enabled for everyone. No configuration needed.

If you are a TabaPay client, you are already enabled to receive Network ID in our response to the Create Transaction API.

A network generated transaction identifier that is unique to every authorization and financial request.

The identifier links original messages to subsequent messages, such as those for exception item processing and clearing records.

Today, all TabaPay Clients receive Network ID in our response to the Create Transaction API.

CAVV Results Code (Visa) & UCAF (MasterCard)

📘

Visa and MasterCard

CAVV Results Code for Visa; UCAF Downgrade Reason for MasterCard

When cryptogram type of CAVV - Cardholder Authentication Verification Value is present in TabaPay's Unified API, the CAVV Results Code returned in the response indicates whether the downstream issuing systems were able to successfully verify this cryptogram value.

👍

When is CAVV Cryptogram Present

During Create Transaction API, CAVV Cryptograms are forwarded to Card Networks in the Authorization message.

  • CAVV is present for 3DS-enabled transactions as well as with Apple Pay and Google Pay token payloads.

When the instruction to authorize reaches the issuer, the issuing systems will verify the CAVV Value to ensure that the issuer authenticated the cardholder for the transaction and that its contents have not been altered.

When available from the card networks in the Authorization Response, TabaPay will relay the CAVV Results Code in our API response.

🚧

CAVV Results Code is a vital input to your Risk Decision

The CAVV Results Code enhances your risk management transaction data. TabaPay encourages our clients to develop a risk strategy that utilizes a layered risk management approach.

CAVV Results Code is suggested to be used in combination with other risk-related data such as verifying addresses, geolocation data, device data, and historical transaction data.

Visa - CAVV Results Codes

CAVV Results CodeDescriptionWhat does this mean
BlankCAVV not present in authorization
message OR CAVV not verified,
issuer has not selected CAVV verification option
No liability shift; merchant not protected from chargebacks
0CAVV could not be
verified OR CAVV data was not
provided when expected
No liability shift; merchant not protected from chargebacks
1CAVV failed verification –
cardholder authentication
(Usually an indication of potential bad or fraudulent CAVV data in the authorization message; CAVV was created by the Issuer’s ACS)

Liability for this transaction should remain with the Issuer for fraud chargebacks.
2CAVV passed verification –
cardholder authentication
Fully authenticated transaction. Liability shift applied and the merchant is protected from applicable chargebacks.
3CAVV passed verification –
attempted authentication
Attempted authentication; Liability shift applied, and merchant is protected from applicable chargebacks.
4CAVV failed verification –
attempted authentication
Attempted authentication; Liability shift applied, and merchant is protected from applicable chargebacks.
5ReservedNot used/not applicable
6CAVV not verified, issuer not
participating in CAVV verification
Attempted authentication; Liability shift applied, and merchant is protected from applicable chargebacks.
7CAVV failed verification –
attempted authentication
Attempted authentication; Liability shift applied, and merchant is protected from applicable chargebacks.
8CAVV passed verification –
attempted authentication
Attempted authentication; Liability shift applied, and merchant is protected from applicable chargebacks.
9CAVV failed verification –
attempted authentication
Attempted authentication; Liability shift applied, and merchant is protected from applicable chargebacks.
ACAVV passed verification –
attempted authentication
Attempted authentication; Liability shift applied, and merchant is protected from applicable chargebacks.
BCAVV passed verification – no
liability shift
No liability shift; merchant not protected from fraud chargebacks.
CCAVV was not verified (Attempted
Authentication)
Liability shift applied, and merchant is protected from applicable chargebacks.
DCAVV was not verified (Cardholder
Authentication)
Liability shift applied, and merchant is protected from applicable chargebacks.

Scenarios when CAVV Verification Fails

CAVV verification can fail for one of the following reasons

ScenarioDetails
Transaction May Be FraudulentA fraud perpetrator may be trying to submit an authorization transaction with a “made up” CAVV in an attempt to obtain an authorization. Due to the
potential for fraud, issuers are most likely to decline the transaction when CAVV verification fails. This results data, therefore, enhances our client's risk decisioning process.
Processing Error (Rare)When CAVV data is corrupted
Issuer system issuesUnexpected issues at the issuer that prevents them from reading the CAVV cryptogram

MasterCard - UCAF Collection Indicator Downgrade

A Mastercard Identity Check transaction is downgraded to a non-Identity Check transaction if an Accountholder Authentication Value (AAV) is not present or is invalid.

The possible values are:
0 - Missing Universal Cardholder Authentication Field (UCAF)
1 - Invalid Universal Cardholder Authentication Field (UCAF)
2 - Invalid Security Level Indicator (SLI)

Visa Authorization Characteristics Indicator (ACI)

This value reflects the results of the Visa Custom Payment Service (CPS) evaluation of the transaction.

A value of N means that the transaction does not qualify for CPS and therefore any of the CPS interchange values will not apply.

A value of T means that no CPS program is available for the transaction.

📘

What is Visa Custom Payment Service (CPS)

The Visa® Custom Payment Service (CPS) program outlines transaction data criteria and processing standards that U.S. merchants must meet to qualify for a CPS program, while at the same time improves risk management techniques. CPS rules vary based on the type of transactions processed.

One of the chief criteria for CPS qualification is including address in the transaction. Have the cardholder’s address validated at the time of transaction, when required. Exceptions are bill payment transactions, Visa corporate card transactions, Visa purchasing card transactions.

Check with your TabaPay account representative to find out if your MCC qualifies for CPS/Card Not Present interchange rates.

Payment Account Reference

A Payment Account Reference (PAR) is a unique identifier associated with a specific cardholder PAN and its affiliated tokens. This 29 character identification number can be used in place of sensitive consumer identification fields, and transmitted across the payments ecosystem to facilitate consumer identification.

When available, TabaPay Clients can rely on PAR for all transactions for transactions initiated by tokenized and non-tokenized accounts. By expanding the availability of PAR beyond tokenized PANs to include non-tokenized PANs, acquirers and merchants will be able to manage fraud, risk, customer service, and analytics using the PAR value. Each TabaPay Client must determine if the PAR reduces impact on their Payment Card Industry Data Security Standard (PCI DSS) compliance programs.

When cardholders conduct transactions with tokens, TabaPay Clients have limited or no access to the cardholder’s PAN. The establishment of a PAR associated to a PAN and all tokens associated with the PAN helps TabaPay Clients to uniquely identify a cardholder account without continued exposure and storage of the PAN. The PAR value is only used for uniquely referencing a PAN and is not used to replace the PAN in payment transaction processing.

Benefits

PAR provides a consolidated view of transactions associated with a PAN and its affiliated tokens, making it easier to identify customers and their associated transactions across payment channels.

  • Futureproof payments: Improve monitoring and tracking of transaction activity across the payment ecosystem.
  • Improve security: Remove sensitive PAN data from multiple systems, eliminating the need to desensitize payment details.
  • Drive operational efficiencies: Assign one PAR for the life of the account to connect all physical and virtual versions of a card.
  • Loyalty Program Engine: Reestablish an effective payment card-linked loyalty program and improve customer recognition.
  • Customer relationship manager plugin: Swiftly identify customers and their associated transactions to improve and personalize customer service.
  • Risk management and fraud: Deliver metrics for fraud systems via a data element or in authorization response messaging.

ECI Response

Electronic Commerce Indicator (ECI) Response from the network. This is the value that indicates any downgrade if the transaction does not qualify for liability shift or when the CAVV included in the request was not present or invalid.

Visa - ECI Response

  1. 05 - Fully Authenticated Transaction
  2. 06 - Attempted Authentication Transaction
  3. 07 - Non 3-D Secure Transaction

Merchant Advice Code

TabaPay will be sending MasterCard Merchant Advice Code (MACs) to those TabaPay Clients that are enabled to receive them.

MasterCard's Transaction Processing Excellence (TPE) program offers these Merchant Advice Codes (MACs). They are a set of codes that Mastercard supports to enable issuers to communicate additional information regarding a transaction response. These codes indicate further actions on subsequent transactions that TabaPay Clients should take to continue serving cardholders.

The purpose of these TPE programs is to identify unfavorable transaction processing behavior and drive positive processing behavior change, resulting in a more seamless network experience for all parties involved.

Benefits

  • The ability to optimize approval rate performance.
  • Lower operational costs associated with submitting unnecessary authorization requests
  • Improved management of subscription services.
  • The MACs give merchants that accept non-reloadable prepaid and single-use VCN cards the opportunity to inform their customers using these products for ongoing purchases that a replacement payment source should be added to ensure uninterrupted service.

📘

Program Fees

Program fees will be assessed under the MasterCard Transaction Processing Excellence (TPE program) if certain processing behaviors are breached during Authorization.

🚧

MAC 03

A MAC value of 03 is indicates that a transaction should not be resubmitted. It denotes that an account is closed or fraudulent, and that no further approvals will be forthcoming by the issuer.

Per MasterCard, there will be a fee assessed for each authorization request resubmission following a MAC 03 decline within a 30-day period.

📘

MAC 03 or 21

Update processing logic to avoid resubmitting transactions previously declined with a MAC value of 03 or 21.

📘

MAC 40

The use of consumer non-reloadable prepaid products and single-use virtual accounts have been identified as significant contributing factors for lower card-not-present (CNP) transaction approval rates, especially in cases of recurring payments.

Mastercard is enhancing its processing for consumer non-reloadable prepaid products by ensuring a MAC value is present in responses when a non-reloadable prepaid card can be identified.

ValueDescription
01New account information available
02Cannot approve at this time, try again later
03Do not try again
04Token requirements not fulfilled for this token type
05Negotiated value not approved
21Payment Cancellation (Mastercard use only)
22Merchant does not qualify for product code
24Retry after 1 hour (Mastercard use only)
25Retry after 24 hours (Mastercard use only)
26Retry after 2 days (Mastercard use only)
27Retry after 4 days (Mastercard use only)
28Retry after 6 days (Mastercard use only)
29Retry after 8 days (Mastercard use only)
30Retry after 10 days (Mastercard use only)
40Consumer non-reloadable prepaid card
41Consumer single-use virtual card number)

Network Return Code and Merchant Advice Code

TabaPay Clients consuming MACs can apply the following logic to take better decision.

Network Response Code ValueMerchant Advice Code (MAC)Decisioning Logic
79 or 8201updated information was found for TabaPay Account Updater. Check for new information before reattempting.
79 or 8203updated credentials are not found to be available for TabaPay Account Updater. Do not retry.
8301authentication may improve the likelihood of an approval. Retry using authentication (such as EMV® 3DS).
8303suspected fraud. Do not retry.
79, 82, or 8302retry the transaction later.