The Card Validation object

Description

The Card Validation object allows you to validate an user’s card using 3DS authentication without processing a payment.

A Card object’s Validity is automatically set to INVALID after 24 hours unless it is validated through successful authentication with a Card Validation or a payment (Direct Card PayIn, Preauthorization, Recurring Registration).

Note – Card validation only available for CB_VISA_MASTERCARD

The card validation feature is only available for cards with the CardType CB_VISA_MASTERCARD.

Note – Card validation expires after 5 minutes

Because you cannot create two requests at once for the same card, the card validation will expire after 5 minutes, setting the Status of the Card Validation object to FAILED

The Card Validity, however, will remain UNKNOWN, which allows you to request a new Card Validation.

Attributes

AuthorId
stringRequired

The unique identifier of the user at the source of the transaction.
Best practice: When the payout author is different from the bank account owner, the Payout AuthorId value must be different from the Bank Account UserId value as well. Otherwise, Mangopay’s Compliance team will reject the payout.

SecureModeReturnURL
stringRequired

Max. length: 255 characters
The URL to which users are automatically returned after 3DS2 if it is triggered (i.e., if the SecureModeNeeded parameter is set to true).

SecureModeRedirectURL
string

Max. length: 255 characters
The URL to which to redirect the user to proceed to 3DS2 validation.

Caution: This variable URL is specific to each payment. You must rely on the returned URL in full (host, path, and queries) and not hardcode any part of it.

SecureModeNeeded
boolean

Whether or not the SecureMode was used.

IpAddress
stringRequired

The IP address of the end user initiating the transaction, in IPV4 or IPV6 format.

Tag
string

Max. length: 255 characters
Custom data that you can add to this object.
For transactions (pay-in, transfer, payout), you can use this parameter to identify corresponding information regarding the user, transaction, or payment methods on your platform.

BrowserInfo
objectRequired

Information about the browser used by the end user (author) to perform the payment.

AcceptHeader
stringRequired

The exact content of the HTTP accept headers as sent to the platform from the end user’s browser.

JavaEnabled
booleanRequired

Whether or not the end user’s browser has the ability to execute Java.

Language
stringRequired

Format: Two-letter language code (ISO 639-1 alpha-2) followed by two-letter country code (ISO 3166-1 alpha-2), separated by a hyphen (example: en-US; pattern:^[a-zA-Z]{2}(-[a-zA-Z]{2})?$)

The language of the browser.

ColorDepth
integerRequired

The value representing the depth of the screen’s color palette for displaying images, in bits per pixel.

ScreenHeight
integerRequired

Max. length: 6 characters
The height of the screen in pixels.

ScreenWidth
integerRequired

Max. length: 6 characters
The width of the screen in pixels.

TimeZoneOffset
integerRequired

The difference in minutes between the browser’s timezone and UTC.

UserAgent
stringRequired

Max. length: 255 characters
The exact content of the HTTP User-Agent header.

JavascriptEnabled
booleanRequired

Whether or not the end user’s browser has the ability to execute JavaScript.

Status
string

Returned values: CREATED, SUCCEEDED, FAILED

The status of the transaction.

Type
stringRequired

Allowed values: IDENTITY_PROOF, REGISTRATION_PROOF, ARTICLES_OF_ASSOCIATION, SHAREHOLDER_DECLARATION, ADDRESS_PROOF

The type of the document for the user verification.

PreferredCardNetwork
string

Allowed values: VISA, MASTERCARD, CB, MAESTRO

The card network to use, as chosen by the cardholder, in case of co-branded cards.

SecureMode
string

Allowed values: DEFAULT, FORCE, NO_CHOICE

Default value: DEFAULT

The mode applied for the 3DS2 protocol for CB, Visa, and Mastercard. The options are:

  • DEFAULT – Requests an exemption to strong customer authentication (SCA), and thus a frictionless payment experience, if allowed by your Mangopay contract and accepted by the issuer.
  • FORCE – Requests SCA.
  • NO_CHOICE – Leaves the choice to the issuer whether to allow for a frictionless payment experience or to enforce SCA.

Note: Sending the FORCE value automatically sets the ValidationUsage value to MIT.

PaymentCategory
string

Default value: ECommerce

Allowed values: ECommerce, TelephoneOrder

The channel through which the user provided their card details, used to indicate mail-order and telephone-order (MOTO) payments:

  • ECommerce – Payment received online.
  • TelephoneOrder – Payment received via mail order or telephone order (MOTO).
ValidationUsage
string

Default value: MIT
Allowed values: MIT, CIT

Indicates the intended usage of the card:

  • CIT – For customer-initiated transactions (CITs), meaning 3DS is less likely to be required on the card validation.
  • MIT – For merchant-initiated transactions (MITs), meaning 3DS is more likely to be required on the card validation.

Note: The MIT value is returned automatically if the SecureMode value is FORCE, even if CIT is sent.

Validity
string

Returned values: UNKNOWN, VALID, INVALID

Whether the card is valid or not.

  • UNKNOWN – No payment or card validation has been processed, so the validity of the card remains unknown.
  • VALID – The first payment or card validation using the card was processed successfully within 24 hours of the initial card registration.
  • INVALID – The first payment or card validation using the card was attempted and failed, or the status of the corresponding card registration was CREATED for more than 24 hours.
    Once a card is set to INVALID, it cannot be set back to VALID. A new card registration will be necessary to make a payment.
CreationDate
Unix timestamp

The date and time at which the object was created.

AuthorizationDate
Unix timestamp

The date and time at which successful authorization occurred. If authorization failed, the value is null.

Applied3DSVersion
string

Returned values: V1, V2_1

The 3DS protocol version applied to the transaction.

ResultCode
string

The code indicating the result of the operation. This information is mostly used to handle errors or for filtering purposes.

ResultMessage
string

The explanation of the result code.

Tag
string

Max. length: 255 characters
Custom data that you can add to this object.
For transactions (pay-in, transfer, payout), you can use this parameter to identify corresponding information regarding the user, transaction, or payment methods on your platform.

CardInfo
string

Information about the card used for the transaction. 
If the information or data is not available, null is returned.

BIN
string

The 6-digit bank identification number (BIN) of the card issuer.

IssuingBank
string

The name of the card issuer.

IssuerCountryCode
string

Format: Two-letter country code (ISO 3166-1 alpha-2 format)
The country where the card was issued.

Type
string

Returned values: DEBIT, CREDIT, CHARGE CARD.

The type of card product.

Brand
string

The card brand. Examples include: AMERICAN EXPRESS, DISCOVER, JCB, MASTERCARD, VISA, etc.
Note: The possible returned values are numerous and liable to evolve over time.

SubType
string

The subtype of the card product. Examples include: CLASSIC, GOLD, PLATINUM, PREPAID, etc.

Note: The possible returned values are numerous and liable to evolve over time.

ProfilingAttemptReference
string

The unique reference generated for the profiling session, used by the fraud prevention solution to produce recommendations for the transaction using the profiling data.

Note: Parameter not returned by the API. Profiling feature available on request – contact Mangopay via the Dashboard for more information.