**Last updated**: 11 March 2026 | [**Change log**](/access/products/card-verifications/changelog/) # Verify a customer's account To verify your customer's account, you must send a verifications request to one of our supported resources. ## Intelligent verification With an Intelligent verification, Worldpay chooses the amount to use in the verification. ### Intelligent verification request You can `POST` your intelligent verification request to one of these resources: ### `oneTime` intelligent verification For a `oneTime` verification, `POST` your request to the `verifications:oneTime` action link received in your [query the verifications root resource](/access/products/card-verifications/v4/get-started#query-verifications-root-resource) request. `POST` `https://try.access.worldpay-bsh.securedataplatform.com/verifications/accounts/intelligent/oneTime` ### `cardOnFile` intelligent verification `cardOnFile` payments are initiated by the customer using the payment instrument details that have already been stored. For a `cardOnFile` verification, `POST` your request to the `verifications:cardOnFile` action link received in your [query the verifications root resource](/access/products/card-verifications/v4/get-started#query-verifications-root-resource) request to become Cardholder Initiated Transaction (CIT) compliant. `POST` `https://try.access.worldpay-bsh.securedataplatform.com/verifications/accounts/intelligent/cardOnFile` ### Example request body Intelligent verification for `cardOnFile` and `oneTime` requests: Verification request ```json { "transactionReference": "{uniqueTransactionReference}", "currency": "GBP", "merchant": { "entity": "default" }, "paymentInstrument": { "type": "card/plain", "cvc": "321", "cardHolderName": "John Appleseed", "cardNumber": "4444333322221111", "cardExpiryDate": { "month": 5, "year": 2035 }, "verificationAddress": { "address1": "Worldpay", "countryCode": "GB", "postalCode": "CB4 0WE", "city": "Cambridge" } } } ``` Verification request with paymentFacilitator ```json { "transactionReference": "{uniqueTransactionReference}", "merchant": { "entity": "default", "paymentFacilitator": { "pfId": "12345678901", "isoId": "4101", "subMerchant": { "merchantId": "873674903278364", "name": "Example Shop", "street": "123 Street", "state": "CA", "city": "San Francisco", "countryCode": "840", "postalCode": "94101", "taxId": "987-65-4321", "telephone": "800-555-9999", "email": "contact@example.com", "url": "developer.worldpay-bsh.securedataplatform.com" } } }, "currency": "GBP", "paymentInstrument": { "type": "card/plain", "cardNumber": "4444333322221111", "cardHolderName": "John Appleseed", "cardExpiryDate": { "month": 5, "year": 2035 }, "verificationAddress": { "address1": "address1", "postalCode": "aaaa", "city": "city", "countryCode": "GB" }, "cvc": "123" }, "recipient": { "accountReference": "azAZ0123", "lastName": "Moriarty", "address": { "postalCode": "DH1 3LE" }, "dateOfBirth": { "day": 1, "month": 2, "year": 2000 } } } ``` Verification request with token ```json { "transactionReference": "{uniqueTransactionReference}", "currency": "GBP", "merchant": { "entity": "default" }, "paymentInstrument": { "type": "card/tokenized", "href": "https://try.access.worldpay-bsh.securedataplatform.com/tokens/{}" }, "recipient": { "accountReference": "azAZ0123", "lastName": "Moriarty", "address": { "postalCode": "DH1 3LE" }, "dateOfBirth": { "day": 1, "month": 2, "year": 2000 } } } ``` Note Only use the `Intelligent verification request with paymentFacilitator` if you are a payment facilitator. Descriptions of your intelligent verification request parameters: | Parameter | Required | Description | | --- | --- | --- | | `currency` | ✅ | The 3-digit currency code.See list of [supported currencies](/access/products/reference/supported-countries-currencies#iso-currency-codes). | | `transactionReference` | ✅ | A **unique** reference generated by you that is used to identify a payment throughout its lifecycle. See [transaction reference format](/access/products/reference/formatting#transaction-reference-format), for more details and the best practices. | | `paymentInstrument` | ✅ | An object that contains your customer's payment details. | | `paymentInstrument.cardHolderName` | ✅ | An object that contains your customer's name. | | `paymentInstrument.cardNumber` | ✅ | An object that contains your customer's payment card number. | | `paymentInstrument.type` | ✅ | An object that contains your customer's payment type, card/plain. | | `paymentInstrument.verificationAddress` | ❌ | An object containing the verification address information. **If included you must send** at least: `city` `countryCode``postalCode` | | `paymentInstrument.cardExpiryDate` | ✅ | An object that contains your customer's payment card expiry date. | | `paymentInstrument.cvc` | ❌ | CVC is a unique set of 3 or 4 numbers on the back of your customer's card. Including the CVC in your request increases the chances of the verification request `outcome` being `verified`. Our API checks to see if the CVC supplied matches the CVC held by the issuing bank. | | `merchant` | ✅ | An object that contains information about the merchant. | | `merchant.entity` | ✅ | Direct your verification to assist with billing, reporting and reconciliation. This is **mandatory** for verifications. For more information contact your [Relationship Manager or Implementation Manager](https://www.worldpay-bsh.securedataplatform.com/en-GB/merchant-support#still-need-help). | | `merchant.mcc` | ❌ | A Merchant Category Code (`mcc`) can be applied to an individual request. An `mcc` can only be provided if the dynamic `mcc` feature has been enabled during [boarding](https://www.worldpay-bsh.securedataplatform.com/en-GB/merchant-support#still-need-help). If enabled but not provided, `merchant.mcc` defaults to a configured value. For more information contact your Relationship Manager or Implementation Manager. | | `merchant.paymentFacilitator` | ❌ | An object containing your payment facilitator information. If required you must send:pfIdisoIdsubMerchant.merchantIdsubMerchant.postalcodesubMerchant.streetsubMerchant.citysubMerchant.countryCodesubMerchant.urlThis information is **only** required for verification if you are a payment facilitator. | | `recipient` | ❌ | An object that contains the details of the recipient of the payment.`accountReference`: Partial account number`lastName``dateOfBirth.day``dateOfBirth.month``dateOfBirth.year``address.postalCode` We highly recommend you supply this, if your MCC is 6012 or 6051. Sending this field ensures you remain PSD2 compliant and avoid potential acquirer refusals. | ## Dynamic verification Our Dynamic verifications service gives you granular control over the amount that is used for verification. ### Dynamic verification request You can `POST` your verification request to one of these resources : ### `dynamicOneTime` verification For a `dynamicOneTime` verification, `POST` your request to the `verifications:dynamicOneTime` action link received in your [query the verifications root resource](/access/products/card-verifications/v4/get-started#query-verifications-root-resource) request. `POST` `https://try.access.worldpay-bsh.securedataplatform.com/verifications/accounts/dynamic/oneTime` ### `dynamicCardOnFile` verification `cardOnFile` payments are initiated by the customer using the payment instrument details that have already been stored. For a `dynamicCardOnFile` verification, `POST` your request to the `verifications:dynamicCardOnFile` action link received in your [query the verifications root resource](/access/products/card-verifications/v4/get-started#query-verifications-root-resource) request to become Cardholder Initiated Transaction (CIT) compliant. `POST` `https://try.access.worldpay-bsh.securedataplatform.com/verifications/accounts/dynamic/cardOnFile` ### Example request body Dynamic verification for `cardOnFile` and `oneTime` requests: Verification request ```json { "transactionReference": "unique-transactionReference", "merchant": { "entity": "default" }, "instruction": { "value": { "currency": "GBP", "amount": 20 }, "paymentInstrument": { "type": "card/plain", "cvc": "321", "cardHolderName": "John Appleseed", "cardNumber": "4444333322221111", "cardExpiryDate": { "month": 5, "year": 2035 }, "verificationAddress": { "address1": "Worldpay", "countryCode": "GB", "postalCode": "CB4 0WE", "city": "Cambridge" } } } } ``` Verification request with paymentFacilitator ```json { "transactionReference": "unique-transactionReference", "merchant": { "entity": "default", "mcc": "6012", "paymentFacilitator": { "pfId": "12345678901", "isoId": "4101", "subMerchant": { "merchantId": "873674903278364", "name": "Example Shop", "street": "123 Street", "state": "CA", "city": "San Francisco", "countryCode": "840", "postalCode": "94101", "taxId": "987-65-4321", "telephone": "800-555-9999", "email": "contact@example.com", "url": "developer.worldpay-bsh.securedataplatform.com" } } }, "instruction": { "value": { "currency": "GBP", "amount": 20 }, "paymentInstrument": { "type": "card/plain", "cvc": "321", "cardHolderName": "John Appleseed", "cardNumber": "4444333322221111", "cardExpiryDate": { "month": 5, "year": 2035 }, "verificationAddress": { "address1": "Worldpay", "countryCode": "GB", "postalCode": "CB4 0WE", "city": "Cambridge" } } }, "recipient": { "accountReference": "azAZ0123", "lastName": "Moriarty", "address": { "postalCode": "DH1 3LE" }, "dateOfBirth": { "day": 1, "month": 2, "year": 2000 } } } ``` Verification request with token ```json { "transactionReference": "unique-transactionReference", "merchant": { "entity": "default" }, "instruction": { "value": { "currency": "GBP", "amount": 20 }, "paymentInstrument": { "type": "card/tokenized", "href": "https://try.access.worldpay-bsh.securedataplatform.com/tokens/{}}" } }, "recipient": { "accountReference": "azAZ0123", "lastName": "Moriarty", "address": { "postalCode": "DH1 3LE" }, "dateOfBirth": { "day": 1, "month": 2, "year": 2000 } } } ``` Note Only use the `Dynamic verification request with paymentFacilitator` if you are a payment facilitator. Descriptions of your dynamic verification request parameters: | Parameter | Required | Description | | --- | --- | --- | | `instruction` | ✅ | An object that contains all the information related to the payment. | | `value.currency` | ✅ | The 3-digit currency code.See list of [supported currencies](/access/products/reference/supported-countries-currencies#iso-currency-codes). | | `value.amount` | ✅ | The payment amount. This is a whole number with an exponent e.g. if exponent is two, 250 is 2.50. You can find the relevant exponent in our [currency table](/access/products/reference/supported-countries-currencies#iso-currency-codes). | | `transactionReference` | ✅ | A **unique** reference generated by you that is used to identify a payment throughout its lifecycle. See [transaction reference format](/access/products/reference/formatting#transaction-reference-format), for more details and the best practices. | | `paymentInstrument` | ✅ | An object that contains your customer's payment details. | | `paymentInstrument.cardHolderName` | ✅ | An object that contains your customer's name. | | `paymentInstrument.cardNumber` | ✅ | An object that contains your customer's payment card number. | | `paymentInstrument.type` | ✅ | An object that contains your customer's payment type, card/plain. | | `paymentInstrument.verificationAddress` | ❌ | An object containing the verification address information. **If included you must send** at least: `city` `countryCode``postalCode` | | `paymentInstrument.cardExpiryDate` | ✅ | An object that contains your customer's payment card expiry date. | | `paymentInstrument.cvc` | ❌ | CVC is a unique set of 3 or 4 numbers on the back of your customer's card. Including the CVC in your request increases the chances of the verification request `outcome` being `verified`. Our API checks to see if the CVC supplied matches the CVC held by the issuing bank. | | `merchant` | ✅ | An object that contains information about the merchant. | | `merchant.entity` | ✅ | Direct your verification to assist with billing, reporting and reconciliation. This is **mandatory** for verifications. For more information contact your [Relationship Manager](https://www.worldpay-bsh.securedataplatform.com/en-GB/merchant-support#still-need-help). | | `merchant.mcc` | ❌ | A Merchant Category Code (`mcc`) can be applied to an individual request. An `mcc` can only be provided if the dynamic mcc feature has been enabled during [boarding](https://www.worldpay-bsh.securedataplatform.com/en-GB/merchant-support#still-need-help). If enabled but not provided, `merchant.mcc` defaults to a configured value. For more information contact your [Relationship Manager](https://www.worldpay-bsh.securedataplatform.com/en-GB/merchant-support#still-need-help). | | `merchant.paymentFacilitator` | ❌ | An object containing your payment facilitator information. If required you must send:pfIdisoIdsubMerchant.merchantIdsubMerchant.postalcodesubMerchant.streetsubMerchant.citysubMerchant.countryCodesubMerchant.urlThis information is **only** required for verification if you are a payment facilitator. | | `recipient` | ❌ | An object that contains the details of the recipient of the payment.`accountReference`: Partial account number`lastName``dateOfBirth.day``dateOfBirth.month``dateOfBirth.year``address.postalCode` We highly recommend you supply this, if your MCC is 6012 or 6051. Sending this field ensures you remain PSD2 compliant and avoid potential acquirer refusals. | ## 3DS You can optionally submit 3DS parameters for intelligent and dynamic verification requests. To get the `customer` authentication object you must complete an [authentication request](/access/products/3ds/web/authentication) using our [3DS API](/access/products/3ds). details summary Intelligent verification example request Intelligent verification with 3DS1 ```json { "transactionReference": "{uniqueTransactionReference}", "currency": "GBP", "merchant": { "entity": "default", "mcc": "6012", "paymentFacilitator": { "pfId": "12345678901", "isoId": "4101", "subMerchant": { "merchantId": "873674903278364", "name": "Example Shop", "street": "123 Street", "state": "CA", "city": "San Francisco", "countryCode": "840", "postalCode": "94101", "taxId": "987-65-4321", "telephone": "800-555-9999", "email": "contact@example.com", "url": "developer.worldpay-bsh.securedataplatform.com" } } }, "paymentInstrument": { "type": "card/plain", "cvc": "321", "cardHolderName": "John Appleseed", "cardNumber": "4444333322221111", "cardExpiryDate": { "month": 5, "year": 2035 }, "verificationAddress": { "address1": "Worldpay", "countryCode": "GB", "postalCode": "CB4 0WE", "city": "Cambridge" } }, "customer": { "authentication": { "version": "1.0.2", "type": "3DS", "eci": "05", "authenticationValue": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=", "transactionId": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=" } }, "recipient": { "accountReference": "azAZ0123", "lastName": "Moriarty", "address": { "postalCode": "DH1 3LE" }, "dateOfBirth": { "day": 1, "month": 2, "year": 2000 } } } ``` Intelligent verification with 3DS2 ```json { "transactionReference": "{uniqueTransactionReference}", "currency": "GBP", "merchant": { "entity": "default", "mcc": "6012", "paymentFacilitator": { "pfId": "12345678901", "isoId": "4101", "subMerchant": { "merchantId": "873674903278364", "name": "Example Shop", "street": "123 Street", "state": "CA", "city": "San Francisco", "countryCode": "840", "postalCode": "94101", "taxId": "987-65-4321", "telephone": "800-555-9999", "email": "contact@example.com", "url": "developer.worldpay-bsh.securedataplatform.com" } } }, "paymentInstrument": { "type": "card/plain", "cvc": "321", "cardHolderName": "John Appleseed", "cardNumber": "4444333322221111", "cardExpiryDate": { "month": 5, "year": 2035 }, "verificationAddress": { "address1": "Worldpay", "countryCode": "GB", "postalCode": "CB4 0WE", "city": "Cambridge" } }, "customer": { "authentication": { "version": "2.1.0", "type": "3DS", "eci": "05", "authenticationValue": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=", "transactionId": "683001f5-3805-423a-b580-638e4b2093b3" } }, "recipient": { "accountReference": "azAZ0123", "lastName": "Moriarty", "address": { "postalCode": "DH1 3LE" }, "dateOfBirth": { "day": 1, "month": 2, "year": 2000 } } } ``` Intelligent verification with 3DS1 and token ```json { "transactionReference": "{uniqueTransactionReference}", "currency": "GBP", "merchant": { "entity": "default" }, "paymentInstrument": { "type": "card/tokenized", "href": "https://try.access.worldpay-bsh.securedataplatform.com/tokens/{}" }, "customer": { "authentication": { "version": "1.0.2", "type": "3DS", "eci": "05", "authenticationValue": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=", "transactionId": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=" } }, "recipient": { "accountReference": "azAZ0123", "lastName": "Moriarty", "address": { "postalCode": "DH1 3LE" }, "dateOfBirth": { "day": 1, "month": 2, "year": 2000 } } } ``` Intelligent verification with 3DS2 and token ```json { "transactionReference": "{uniqueTransactionReference}", "currency": "GBP", "merchant": { "entity": "default" }, "paymentInstrument": { "type": "card/tokenized", "href": "https://try.access.worldpay-bsh.securedataplatform.com/tokens/{}" }, "customer": { "authentication": { "version": "1.0.2", "type": "3DS", "eci": "05", "authenticationValue": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=", "transactionId": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=" } }, "recipient": { "accountReference": "azAZ0123", "lastName": "Moriarty", "address": { "postalCode": "DH1 3LE" }, "dateOfBirth": { "day": 1, "month": 2, "year": 2000 } } } ``` details summary Dynamic verification example request Dynamic verification with 3DS1 ```json { "transactionReference": "unique-transactionReference", "merchant": { "entity": "default", "mcc": "6012", "paymentFacilitator": { "pfId": "12345678901", "isoId": "4101", "subMerchant": { "merchantId": "873674903278364", "name": "Example Shop", "street": "123 Street", "state": "CA", "city": "San Francisco", "countryCode": "840", "postalCode": "94101", "taxId": "987-65-4321", "telephone": "800-555-9999", "email": "contact@example.com", "url": "developer.worldpay-bsh.securedataplatform.com" } } }, "instruction": { "value": { "currency": "GBP", "amount": 20 }, "paymentInstrument": { "type": "card/plain", "cvc": "321", "cardHolderName": "John Appleseed", "cardNumber": "4444333322221111", "cardExpiryDate": { "month": 5, "year": 2035 }, "verificationAddress": { "address1": "Worldpay", "countryCode": "GB", "postalCode": "CB4 0WE", "city": "Cambridge" } } }, "customer": { "authentication": { "version": "1.0.2", "type": "3DS", "eci": "05", "authenticationValue": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=", "transactionId": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=" } }, "recipient": { "accountReference": "azAZ0123", "lastName": "Moriarty", "address": { "postalCode": "DH1 3LE" }, "dateOfBirth": { "day": 1, "month": 2, "year": 2000 } } } ``` Dynamic verification with 3DS2 ```json { "transactionReference": "unique-transactionReference", "merchant": { "entity": "default", "mcc": "6012", "paymentFacilitator": { "pfId": "12345678901", "isoId": "4101", "subMerchant": { "merchantId": "873674903278364", "name": "Example Shop", "street": "123 Street", "state": "CA", "city": "San Francisco", "countryCode": "840", "postalCode": "94101", "taxId": "987-65-4321", "telephone": "800-555-9999", "email": "contact@example.com", "url": "developer.worldpay-bsh.securedataplatform.com" } } }, "instruction": { "value": { "currency": "GBP", "amount": 20 }, "paymentInstrument": { "type": "card/plain", "cvc": "321", "cardHolderName": "John Appleseed", "cardNumber": "4444333322221111", "cardExpiryDate": { "month": 5, "year": 2035 }, "verificationAddress": { "address1": "Worldpay", "countryCode": "GB", "postalCode": "CB4 0WE", "city": "Cambridge" } } }, "customer": { "authentication": { "version": "2.1.0", "type": "3DS", "eci": "05", "authenticationValue": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=", "transactionId": "683001f5-3805-423a-b580-638e4b2093b3" } }, "recipient": { "accountReference": "azAZ0123", "lastName": "Moriarty", "address": { "postalCode": "DH1 3LE" }, "dateOfBirth": { "day": 1, "month": 2, "year": 2000 } } } ``` Dynamic verification with 3DS1 and token ```json { "transactionReference": "unique-transactionReference", "merchant": { "entity": "default" }, "instruction": { "value": { "currency": "GBP", "amount": 20 }, "paymentInstrument": { "type": "card/tokenized", "href": "https://try.access.worldpay-bsh.securedataplatform.com/tokens/{}}" } }, "customer": { "authentication": { "version": "1.0.2", "type": "3DS", "eci": "05", "authenticationValue": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=", "transactionId": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=" } }, "recipient": { "accountReference": "azAZ0123", "lastName": "Moriarty", "address": { "postalCode": "DH1 3LE" }, "dateOfBirth": { "day": 1, "month": 2, "year": 2000 } } } ``` Dynamic verification with 3DS2 and token ```json { "transactionReference": "unique-transactionReference", "merchant": { "entity": "default" }, "instruction": { "value": { "currency": "GBP", "amount": 20 }, "paymentInstrument": { "type": "card/tokenized", "href": "https://try.access.worldpay-bsh.securedataplatform.com/tokens/{}}" } }, "customer": { "authentication": { "version": "2.1.0", "type": "3DS", "eci": "05", "authenticationValue": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=", "transactionId": "683001f5-3805-423a-b580-638e4b2093b3" } }, "recipient": { "accountReference": "azAZ0123", "lastName": "Moriarty", "address": { "postalCode": "DH1 3LE" }, "dateOfBirth": { "day": 1, "month": 2, "year": 2000 } } } ``` #### The descriptions of parameters from your 3DS authorization request | Parameter | Required | Description | | --- | --- | --- | | `customer` | ✅ | An object containing the result of your customer's verification. For more details see [3DS verification](/access/products/3ds/web/challenge-verification#verification). | | `authentication.type` | ✅ | 3DS | | `authentication.version` | ✅ | The version of 3DS used to process the transaction.For 3DS1 - `1.0.2`For 3DS2 - `2.1.0` or `2.2.0` Required for Mastercard's Identity Check transactions in Authorization. | | `authentication.eci` | ✅ | Electronic Commerce Indicator (ECI).Indicates the outcome of the [3DS verification](/access/products/3ds/web/challenge-verification#verification).02 or 05 - Fully Authenticated Transaction01 or 06 - Attempted Authentication Transaction00 or 07 - Non 3-D Secure Transaction**Mastercard** - 02, 01, 00**Visa** - 05, 06, 07**Amex** - 05, 06, 07**JCB** - 05, 06, 07**Diners** - 05, 06, 07 | | `authentication.authenticationValue` | ✅ | A cryptographic value that provides evidence of the outcome of a 3DS verification.Visa - Cardholder Authentication Verification Value (CAVV)Mastercard - Universal Cardholder Authentication Field (UCAF)For version 3DS1: `authentication.authenticationValue` is required if `authentication.eci` value is 01, 02 or 05For version 3DS2: `authentication.authenticationValue` is required if `authentication.eci` value is 01, 02, 05 or 06.`authentication.authenticationValue` must be 28 digits max and must be base64-encoded. | | `authentication.transactionId` | ✅ | Required, if `authentication.eci` value is 01, 02, 05 or 06.A unique authentication transaction identifier, generated by the issuer.For version 3DS1: `transactionId` must be base64-encoded and 28 digits in length.For version 3DS2: `transactionId` must be a UUID and 36 characters in length. | ## Apple Pay decrypted You can optionally submit Apple Pay decrypted parameters for intelligent and dynamic `cardOnFile` requests. #### Verification example request: Intelligent verification with Apple Pay decrypted ```json { "currency":"EUR", "paymentInstrument":{ "type":"card/networkToken+applepay", "cardHolderName":"Joe Bloggs", "cardExpiryDate":{ "month":1, "year":2019 }, "dpan":"4444333322221111" }, "merchant":{ "entity":"default" }, "transactionReference":"transactionReference", "customer":{ "authentication":{ "type":"card/networkToken", "eci":"05", "authenticationValue":"MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=" } }, "recipient": { "accountReference": "azAZ0123", "lastName": "Moriarty", "address": { "postalCode": "DH1 3LE" }, "dateOfBirth": { "day": 1, "month": 2, "year": 2000 } } } ``` Dynamic verification with Apple Pay decrypted ```json { "merchant":{ "entity":"default" }, "transactionReference":"transactionReference", "instruction":{ "value":{ "amount":100, "currency":"GBP" }, "paymentInstrument":{ "type":"card/networkToken+applepay", "cardHolderName":"Joe Bloggs", "cardExpiryDate":{ "month":1, "year":2019 }, "dpan":"4444333322221111" } }, "customer":{ "authentication":{ "type":"card/networkToken", "eci":"05", "authenticationValue":"MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=" } }, "recipient": { "accountReference": "azAZ0123", "lastName": "Moriarty", "address": { "postalCode": "DH1 3LE" }, "dateOfBirth": { "day": 1, "month": 2, "year": 2000 } } } ``` Dynamic verification with 3DS1 and token ```json { "transactionReference": "unique-transactionReference", "merchant": { "entity": "default" }, "instruction": { "value": { "currency": "GBP", "amount": 20 }, "paymentInstrument": { "type": "card/tokenized", "href": "https://try.access.worldpay-bsh.securedataplatform.com/tokens/{}}" } }, "customer": { "authentication": { "version": "1.0.2", "type": "3DS", "eci": "05", "authenticationValue": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=", "transactionId": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=" } }, "recipient": { "accountReference": "azAZ0123", "lastName": "Moriarty", "address": { "postalCode": "DH1 3LE" }, "dateOfBirth": { "day": 1, "month": 2, "year": 2000 } } } ``` Dynamic verification with 3DS2 and token ```json { "transactionReference": "unique-transactionReference", "merchant": { "entity": "default" }, "instruction": { "value": { "currency": "GBP", "amount": 20 }, "paymentInstrument": { "type": "card/tokenized", "href": "https://try.access.worldpay-bsh.securedataplatform.com/tokens/{}}" } }, "customer": { "authentication": { "version": "2.1.0", "type": "3DS", "eci": "05", "authenticationValue": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=", "transactionId": "683001f5-3805-423a-b580-638e4b2093b3" } }, "recipient": { "accountReference": "azAZ0123", "lastName": "Moriarty", "address": { "postalCode": "DH1 3LE" }, "dateOfBirth": { "day": 1, "month": 2, "year": 2000 } } } ``` #### The descriptions of parameters from your Apple Pay decrypted authorization request | Parameter | Required | Description | | --- | --- | --- | | `paymentInstrument.type` | ✅ | An object that contains your customer's payment type; `card/networkToken+applepay`. | | `paymentInstrument.dpan` | ✅ | An object that contains the device primary account number. | | `customer` | ✅ | An object containing the authentication information required for Apple Pay decrypted. | | `authentication.type` | ✅ | `card/networkToken` | | `authentication.eci` | ❌ | Electronic Commerce Indicator (ECI).Indicates the value contained in the Apple Pay decrypted response. | | `authentication.authenticationValue` | ✅ | A cryptographic value that provides evidence of the outcome of a Apple Pay decrypted verification. | Important We currently don't return action links in our response for this `paymentInstrument`. This is still under development. You can use our `payments:migrateCardOnFileAuthorize` action link to [take a payment](/access/products/card-payments/v6/authorise-a-cardonfile-payment#-migratecardonfile-authorization-request) in the meantime. ## Verifications response The response is the same for both an [Intelligent](#intelligent-verification) or [Dynamic](#dynamic-verification) verification. You receive: * a `201` HTTP response code * a verification `outcome` (either `verified` or `not verified`) * [riskFactors](#risk-factors) * a `paymentInstrument` Note The `paymentInstrument` contains the `paymentInstrument.type` sent in the request at minimum. If you wish to receive more card metadata this must be enabled. For more information contact your Implementation Manager. Verified (oneTime) ```json { "outcome": "verified", "checkedAt": "2018-09-01T10:37:36.923Z", "riskFactors": [{ "risk": "matched", "type": "cvc" }, { "risk": "matched", "detail": "postcode", "type": "avs" }, { "risk": "matched", "detail": "address", "type": "avs" } ], "_links": { "verifications:verification": { "href": "https://try.access.worldpay-bsh.securedataplatform.com/verifications/accounts/{resource}" }, "curies": [{ "name": "verifications", "href": "https://try.access.worldpay-bsh.securedataplatform.com/rels/verifications/accounts/{rel}", "templated": true }] } } ``` Not verified (oneTime) ```json { "outcome": "not verified", "code": "106", "rawCode": "N7", "description": "INVALID ACCOUNT", "checkedAt": "2019-11-01T10:37:36.923Z", "riskFactors": [{ "risk": "matched", "type": "cvc" }, { "risk": "matched", "detail": "postcode", "type": "avs" }, { "risk": "matched", "detail": "address", "type": "avs" } ], "_links": { "verifications:verification": { "href": "https://try.access.worldpay-bsh.securedataplatform.com/verifications/accounts/{resource}" }, "curies": [{ "name": "verifications:verification", "href": "https://try.access.worldpay-bsh.securedataplatform.com/rels/verifications/accounts/{rel}", "templated": true }] } } ``` Verified (cardOnFile) ```json { "outcome": "verified", "checkedAt": "2019-11-01T10:37:36.923Z", "schemeTransactionReference": "000000000000020005060720116005060", "riskFactors": [{ "risk": "matched", "type": "cvc" }, { "risk": "matched", "detail": "postcode", "type": "avs" }, { "risk": "matched", "detail": "address", "type": "avs" } ], "_links": { "verifications:verification": { "href": "https://try.access.worldpay-bsh.securedataplatform.com/verifications/accounts/{resource}" }, "payments:cardonFileAuthorize": { "href": "https://try.access.worldpay-bsh.securedataplatform.com/payments/authorizations/cardonFile/{resource}" }, "payments:recurringAuthorize": { "href": "http://try.access.worldpay-bsh.securedataplatform.com/payments/authorizations/recurring/{resource}" }, "payments:recurringSale": { "href": "https://try.access.worldpay-bsh.securedataplatform.com/payments/sales/recurring/{resource}" }, "curies": [{ "name": "verifications:verification", "href": "https://try.access.worldpay-bsh.securedataplatform.com/rels/verifications/accounts/{rel}", "templated": true }] } } ``` Not verified (cardOnFile) ```json { "outcome": "not verified", "code": "106", "rawCode": "N7", "description": "INVALID ACCOUNT", "checkedAt": "2019-11-01T10:37:36.923Z", "riskFactors": [{ "risk": "matched", "type": "cvc" }, { "risk": "matched", "detail": "postcode", "type": "avs" }, { "risk": "matched", "detail": "address", "type": "avs" } ], "_links": { "verifications:verification": { "href": "https://try.access.worldpay-bsh.securedataplatform.com/verifications/accounts/{resource}" }, "curies": [{ "name": "verifications:verification", "href": "https://try.access.worldpay-bsh.securedataplatform.com/rels/verifications/accounts/{rel}", "templated": true }] } } ``` Verified with metadata (oneTime) ```json { "outcome": "verified", "checkedAt": "2018-09-01T10:37:36.923Z", "riskFactors": [{ "risk": "matched", "type": "cvc" }, { "risk": "matched", "detail": "postcode", "type": "avs" }, { "risk": "matched", "detail": "address", "type": "avs" } ], "paymentInstrument": { "type": "card/plain", "card": { "number": { "bin": "444433", "last4Digits": "1111" }, "countryCode": "GB", "expiryDate": { "month": 12, "year": 2029 }, "brand": "visa", "fundingType": "debit", "issuer": { "name": "cardIssuer" }, "category": "consumer", "paymentAccountReference": "reference" } }, "_links": { "verifications:verification": { "href": "https://try.access.worldpay-bsh.securedataplatform.com/verifications/accounts/{resource}" }, "curies": [{ "name": "verifications", "href": "https://try.access.worldpay-bsh.securedataplatform.com/rels/verifications/accounts/{rel}", "templated": true }] } } ``` The parameter `checkedAt` contains a timestamp showing when the verification was performed, and the location of the verification for future access. Best practice If you receive an `outcome` of `not verified` it means that your customer has failed the verification. We **strongly recommend that you refuse the payment** made with that payment instrument. | Action Link (resources) | Description | | --- | --- | | `verifications:verification` | The link to the outcome of your verification request. | | [`payments:recurringAuthorize`](/access/products/card-payments/v6/authorise-a-recurring-payment) | A subsequent payment in a recurring agreement. This resource is only returned as a result of a successful [`verifications:cardOnFile`](/access/products/card-verifications/v4/verifications#-recurring-verification), [`verifications:dynamicCardOnFile`](/access/products/card-verifications/v4/verifications#dynamic-verification) or [`payments:migrateRecurringAuthorize`](/access/products/card-payments/v6/authorise-a-recurring-payment#recurring-authorization-without-verification) request. | | [`payments:cardOnFileAuthorize`](/access/products/card-payments/v6/authorise-a-cardonfile-payment) | A subsequent payment in a card on file agreement. This resource is only returned as a result of a successful [`verifications:cardOnFile`](/access/products/card-verifications/v4/verifications#-cardonfile-verification), [`verifications:dynamicCardOnFile`](/access/products/card-verifications/v4/verifications#dynamic-verification) or [`payments:migrateCardOnFileAuthorize`](/access/products/card-payments/v6/authorise-a-cardonfile-payment#card-on-file-without-verification-authorization-request) request. | | [`payments:recurringSale`](/access/products/card-payments/v6/take-a-sale) | A subsequent payment in a recurring agreement. This resource is only returned as a result of a successful [`verifications:cardOnFile`](/access/products/card-verifications/v4/verifications#-cardonfile-verification) or [`verifications:dynamicCardOnFile`](/access/products/card-verifications/v4/verifications#dynamic-verification) request. | #### Risk Factors We recommend you supply `cvc` and `verificationAddress` to increase probability of a successful verification. The table below describes the response parameters: | Parameter | Description | | --- | --- | | `riskFactors.type` | Returns `avs` or `cvc` | | `riskFactors.detail` | For `avs` only. Returns `postcode` or `address` | | `riskFactors.risk` | Returns `not_checked`, `not_matched`, `not_supplied` or `matched` | #### Payment Instrument We only return the `paymentInstrument` card metadata if you are enabled for this feature. The table below describes the response parameters: | Parameter | Description | | --- | --- | | `paymentInstrument.type` | Returns the `paymentInstrument.type` provided in your request. Can be either `card/plain` or `card/tokenized`. | | `paymentInstrument.card` | An object containing all the additional metadata for the card/token provided in the request. | | `paymentInstrument.card.number` | An object containing the `bin` and `last4Digits` of the card. | | `paymentInstrument.card.countryCode` | The country code of the card issuer. | | `paymentInstrument.card.expiryDate` | An object that contains your customer's payment card expiry date. | | `paymentInstrument.card.brand` | The card scheme, e.g. `visa` or `mastercard`. | | `paymentInstrument.card.fundingType` | Can be either `debit`, `credit`, `chargeCard`, `prepaid`, or `deferredDebit`. | | `paymentInstrument.card.issuer.name` | The name of the card issuer. | | `paymentInstrument.card.category` | Can be either `consumer` or `commercial`. | | `paymentInstrument.card.paymentAccountReference` | The unique reference associated with the card PAN. | #### Location storing You **must** store the returned location information. Failing to store the location information means the outcome of the verification is lost. You are not able to query a historic verification. The location is stored in the `href` of the `verifications:verification` action link received on your [verifications response](#verifications-response). Best practice We recommend you store all responses. ## Query a historic verification To query a historic verification, submit a query to the location returned in your [initial response](#verifications-response). ### Query verifications request `GET` `https://try.access.worldpay-bsh.securedataplatform.com/verifications/accounts/{resource}` You can query the [location](#location-storing) that was returned in the [initial response](#verifications-response) to retrieve the `outcome` of the initial verification. You can **only** get the location from the [initial response](#verifications-response). ### Query verifications response In your response is a `200` HTTP response code and the historic `outcome` of the verification. `outcome`: - `verified` - `not verified` Verified (oneTime) ```json { "outcome": "verified", "checkedAt": "2018-09-01T10:37:36.923Z", "riskFactors": [{ "risk": "matched", "type": "cvc" }, { "risk": "matched", "detail": "postcode", "type": "avs" }, { "risk": "matched", "detail": "address", "type": "avs" } ], "_links": { "verifications:verification": { "href": "https://try.access.worldpay-bsh.securedataplatform.com/verifications/accounts/{resource}" }, "curies": [{ "name": "verifications", "href": "https://try.access.worldpay-bsh.securedataplatform.com/rels/verifications/accounts/{rel}", "templated": true }] } } ``` Not verified (oneTime) ```json { "outcome": "not verified", "code": "106", "rawCode": "N7", "description": "INVALID ACCOUNT", "checkedAt": "2019-11-01T10:37:36.923Z", "riskFactors": [{ "risk": "matched", "type": "cvc" }, { "risk": "matched", "detail": "postcode", "type": "avs" }, { "risk": "matched", "detail": "address", "type": "avs" } ], "_links": { "verifications:verification": { "href": "https://try.access.worldpay-bsh.securedataplatform.com/verifications/accounts/{resource}" }, "curies": [{ "name": "verifications:verification", "href": "https://try.access.worldpay-bsh.securedataplatform.com/rels/verifications/accounts/{rel}", "templated": true }] } } ``` Verified (cardOnFile) ```json { "outcome": "verified", "checkedAt": "2019-11-01T10:37:36.923Z", "schemeTransactionReference": "000000000000020005060720116005060", "riskFactors": [{ "risk": "matched", "type": "cvc" }, { "risk": "matched", "detail": "postcode", "type": "avs" }, { "risk": "matched", "detail": "address", "type": "avs" } ], "_links": { "verifications:verification": { "href": "https://try.access.worldpay-bsh.securedataplatform.com/verifications/accounts/{resource}" }, "payments:cardonFileAuthorize": { "href": "https://try.access.worldpay-bsh.securedataplatform.com/payments/authorizations/cardonFile/{resource}" }, "payments:recurringAuthorize": { "href": "http://try.access.worldpay-bsh.securedataplatform.com/payments/authorizations/recurring/{resource}" }, "payments:recurringSale": { "href": "https://try.access.worldpay-bsh.securedataplatform.com/payments/sales/recurring/{resource}" }, "curies": [{ "name": "verifications:verification", "href": "https://try.access.worldpay-bsh.securedataplatform.com/rels/verifications/accounts/{rel}", "templated": true }] } } ``` Not verified (cardOnFile) ```json { "outcome": "not verified", "code": "106", "rawCode": "N7", "description": "INVALID ACCOUNT", "checkedAt": "2019-11-01T10:37:36.923Z", "riskFactors": [{ "risk": "matched", "type": "cvc" }, { "risk": "matched", "detail": "postcode", "type": "avs" }, { "risk": "matched", "detail": "address", "type": "avs" } ], "_links": { "verifications:verification": { "href": "https://try.access.worldpay-bsh.securedataplatform.com/verifications/accounts/{resource}" }, "curies": [{ "name": "verifications:verification", "href": "https://try.access.worldpay-bsh.securedataplatform.com/rels/verifications/accounts/{rel}", "templated": true }] } } ``` Note Verifications are accurate at the time of the initial request. Sending another [intelligent](#intelligent-verification) or [dynamic](#dynamic-verification) verification request may return different results.