Exemption applied by the ACS to authenticate the transaction without requesting a challenge. Possible values:

• AUTHENTICATION_OUTAGE_EXCEPTION: Authentication Outage Exception exemption.
• LOW_VALUE: Low Value Payment exemption.
• MERCHANT_INITIATED_TRANSACTION: Merchant Initiated Transaction (3RI).
• NONE: No exemption applied.
• RECURRING_PAYMENT: Recurring Payment exemption.
• SECURE_CORPORATE_PAYMENT: Secure Corporate Payment exemption.
• STRONG_CUSTOMER_AUTHENTICATION_DELEGATION: Strong Customer Authentication Delegation exemption.
• TRANSACTION_RISK_ANALYSIS: Acquirer Low-Fraud and Transaction Risk Analysis exemption.

Maps to the 3-D Secure transChallengeExemption field.

AUTHENTICATION_OUTAGE_EXCEPTION LOW_VALUE MERCHANT_INITIATED_TRANSACTION NONE RECURRING_PAYMENT SECURE_CORPORATE_PAYMENT STRONG_CUSTOMER_AUTHENTICATION_DELEGATION TRANSACTION_RISK_ANALYSIS

Indicates whether chargeback liability shift applies to the transaction. Possible values:

• 3DS_AUTHENTICATED: The transaction was fully authenticated through a 3-D Secure flow, chargeback liability shift applies.
• ACQUIRER_EXEMPTION: The acquirer utilised an exemption to bypass Strong Customer Authentication (transStatus = N, or transStatus = I). Liability remains with the acquirer and in this case the acquirer_exemption field is expected to be not NONE.
• NONE: Chargeback liability shift has not shifted to the issuer, i.e. the merchant is liable.
• TOKEN_AUTHENTICATED: The transaction was a tokenized payment with validated cryptography, possibly recurring. Chargeback liability shift to the issuer applies.

3DS_AUTHENTICATED ACQUIRER_EXEMPTION NONE TOKEN_AUTHENTICATED

Verification attempted values:

• APP_LOGIN: Out-of-band login verification was attempted by the ACS.
• BIOMETRIC: Out-of-band biometric verification was attempted by the ACS.
• NONE: No cardholder verification was attempted by the Access Control Server (e.g. frictionless 3-D Secure flow, no 3-D Secure, or stand-in Risk Based Analysis).
• OTHER: Other method was used by the ACS to verify the cardholder (e.g. Mastercard Identity Check Express, recurring transactions, etc.)
• OTP: One-time password verification was attempted by the ACS.

APP_LOGIN BIOMETRIC NONE OTHER OTP

This field partially maps to the transStatus field in the EMVCo 3-D Secure specification and Mastercard SPA2 AAV leading indicators.

Verification result values:

• CANCELLED: Authentication/Account verification could not be performed, transStatus = U.
• FAILED: Transaction was not authenticated. transStatus = N, note: the utilization of exemptions could also result in transStatus = N, inspect the acquirer_exemption field for more information.
• FRICTIONLESS: Attempts processing performed, the transaction was not authenticated, but a proof of attempted authentication/verification is provided. transStatus = A and the leading AAV indicator was one of {kE, kF, kQ}.
• NOT_ATTEMPTED: A 3-D Secure flow was not applied to this transaction. Leading AAV indicator was one of {kN, kX} or no AAV was provided for the transaction.
• REJECTED: Authentication/Account Verification rejected; transStatus = R. Issuer is rejecting authentication/verification and requests that authorization not be attempted.
• SUCCESS: Authentication verification successful. transStatus = Y and leading AAV indicator for the transaction was one of {kA, kB, kC, kD, kO, kP, kR, kS}.

Note that the following transStatus values are not represented by this field:

• C: Challenge Required
• D: Challenge Required; decoupled authentication confirmed
• I: Informational only
• S: Challenge using Secure Payment Confirmation (SPC)

CANCELLED FAILED FRICTIONLESS NOT_ATTEMPTED REJECTED SUCCESS

Three digit cvv printed on the back of the card.

Two digit (MM) expiry month.

Four digit (yyyy) expiry year.

Hostname of card’s locked merchant (will be empty if not applicable).

Last four digits of the card number.

Friendly name to identify the card.

Primary Account Number (PAN) (i.e. the card number). Customers must be PCI compliant to have PAN returned as a field in production. Please contact support@privacy.com for questions.

Spend limit duration values:

• ANNUALLY - Card will authorize transactions up to spend limit in a calendar year.
• FOREVER - Card will authorize only up to spend limit for the entire lifetime of the card.
• MONTHLY - Card will authorize transactions up to spend limit for the trailing month. Month is calculated as this calendar date one month prior.
• TRANSACTION - Card will authorizate multiple transactions if each individual transaction is under the spend limit.

ANNUALLY FOREVER MONTHLY TRANSACTION

Card state values:

• CLOSED - Card will no longer approve authorizations. Closing a card cannot be undone.
• OPEN - Card will approve authorizations (if they match card and account parameters).
• PAUSED - Card will decline authorizations, but can be resumed at a later time.
• PENDING_FULFILLMENT - The initial state for cards of type PHYSICAL. The card is provisioned pending manufacturing and fulfillment. Cards in this state can accept authorizations for e-commerce purchases, but not for "Card Present" purchases where the physical card itself is present.
• PENDING_ACTIVATION - Each business day at 2pm Eastern Time Zone (ET), cards of type PHYSICAL in state PENDING_FULFILLMENT are sent to the card production warehouse and updated to state PENDING_ACTIVATION . Similar to PENDING_FULFILLMENT, cards in this state can be used for e-commerce transactions. API clients should update the card's state to OPEN only after the cardholder confirms receipt of the card.

In sandbox, the same daily batch fulfillment occurs, but no cards are actually manufactured.

CLOSED OPEN PAUSED PENDING_ACTIVATION PENDING_FULFILLMENT

Card types:

• DIGITAL_WALLET - Cards that can be provisioned to a digital wallet like Google Pay or Apple Wallet.
• MERCHANT_LOCKED - Card is locked to first merchant that successfully authorizes the card.
• PHYSICAL - Manufactured and sent to the cardholder. We offer white label branding, credit, ATM, PIN debit, chip/EMV, NFC and magstripe functionality. Contact api@privacy.com for more information.
• SINGLE_USE - Card will close shortly after the first transaction.
• UNLOCKED - Card will authorize at any merchant. Creating these cards requires additional privileges.

DIGITAL_WALLET MERCHANT_LOCKED PHYSICAL SINGLE_USE UNLOCKED

Funding account token.

Types of funding:

• PROMO - Any promotional credit was used in paying for this transaction.

PROMO

Unique identifier to identify the payment card acceptor.

City of card acceptor.

Uppercase country of card acceptor (see ISO 8583 specs).

Short description of card acceptor.

Merchant category code (MCC). A four-digit number listed in ISO 18245. An MCC is used to classify a business by the types of goods or services it provides.

Geographic state of card acceptor (see ISO 8583 specs).