Mastercard updated its minimum data requirements for 3D Secure earlier this year.
At this time, Mastercard has not announced any non-compliance fees or plans to decline transactions that don’t include the minimum data. We recommend providing this data to improve authentication performance across all supported schemes.
What new data does Mastercard require?
Mastercard now requires at least one field from three minimum data categories to be sent when making an authentication request.
Cardholder identifier
You must provide at least one of the following data elements - name, email, or all phone fields:
| Required field | Example input |
| source.name string <= 254 characters | “John Smith” |
| source.email string [2..45 characters] | “john.smith@email.com” |
| source.home_phone* object | |
| source.home_phone.country_code* string [1..3] characters | “44” |
| source.home_phone.number* string <= 15 characters | “204567895” |
| source.mobile_phone* object | |
| source.mobile_phone.country_code* string [1..3] characters | “44” |
| source.mobile_phone.number* string <= 15 characters | “204567895” |
| source.work_phone* object | |
| source.work_phone.country_code* string [1..3] characters | “44” |
| source.work_phone.number* string <= 15 characters | “204567895” |
* You can provide one or more of the three phone fields (home phone, mobile phone, or work phone).
Address / delivery
You must provide at least one of the following data elements:
| Required field | Example input |
| source.billing_address.address_line1 string <= 200 characters | “Wenlock Works” |
| shipping.address.address_line1 string <= 200 characters | “Wenlock Works” |
Technical information
| Required field | Example input |
| risk.device.network.ipv4* or risk.device.network.ipv6* string | “1.12.123.255” |
* Only for Mobile SDK App flow transactions using Common Device Identification. If you use our Mobile SDK solution, we’ll collect and submit the device_ip_address on your behalf.