Effective from October 1, 2025, JCB will require more data fields to meet their minimum requirements for 3D Secure (J/Secure) checks.
Note that at this time, JCB will not assess non-compliance fees or decline transactions that don’t include this data. We recommend providing the minimum data to improve authentication performance across all supported schemes, not just JCB.
What data will JCB require?
JCB will require the following data fields in their authentication requests:
| Required field | Example input |
| risk.device.network.ipv4* or risk.device.network.ipv6* string | “1.12.123.255” |
| source.name string <= 254 characters | "John Smith" |
| source.email** string [2..45 characters] | "john.smith@email.com" |
| source.home_phone**: object | |
| source.home_phone.country_code string [1..3] characters | "44" |
| source.home_phone.number string <= 15 characters | “204567895” |
| source.mobile_phone** object | |
| Source.mobile_phone.country_code string [1..3] characters | “234” |
| Source.mobile_phone.number string <=15 characters | "204567895" |
| Source.work_phone** object | |
| Source.work_phone.country_code string [1..3] characters | "234" |
| Source.work_phone.number String <= 15 characters | "204567895" |
* Only for Mobile SDK App flow transactions using Common Device Identification. If you use our Mobile SDK solution, we’ll collect and submit the device_ip_address on your behalf.
If you use a third-party SDK provider, please contact them directly.
** You must provide EITHER the cardholder email address OR at least one phone number (work, home, or mobile).
The following information is only required if already collected from the cardholder:
| Required field | Example input |
| source.billing_address.city string <= 50 characters | “London” |
| source.billing_address.country string = 2 characters | “GB” |
| source.billing_address.address_line1 string <= 200 characters | “Wenlock Works” |
| source.billing_address.zip string <= 50 characters | “N1 7BQ” |
| source.billing_address.state string <= 3 characters | “ISL” |
| risk.device.screen_height string [1..6] characters | “720” |
| risk.device.screen_width string [1..6] characters | “1280” |
| risk.device.timezone string [ 1 .. 5 ] characters | “UTC” |
| risk.device.language string [ 1 .. 12 ] characters | “en” |
Please ensure that you continue to send any existing mandatory or optional fields you already provide.
Using the 3DS method URL to provide device data
The 3DS method URL is also known as the issuer fingerprint. It lets the issuer collect cardholder device data when authenticating cardholders shopping on a web browser. This is done to increase confidence in decision-making and optimize performance.
As a merchant using our non-hosted standalone integration, you must call the 3DS Method URL whenever available, updating the session with the outcome using the three_ds_method_completion field.