The 3DS V2 protocol supports 150 data points transmitted to the issuer. However, the processing of data by issuers may take time, so it is recommended to send some essential data to the issuer in order to benefit of frictionless payment.

In a payment request, the merchant must submit the following data:

• Data according to PCI DSS requirements
  
• Data on transactions: identification numbers, currency and amount.
• Browser data: Location and user connection system (language, screen size, IP address…)
• Cardholder data: Name and first name of the user
• Data on recurrent payments (if use of recurrent payments)

To encourage frictionless payments, the merchant can :

• add additional data
• request a frictionless payment
  
• request an exemption

Add additional data

Some additional data are strongly recommended to improve the issuer’s risk analysis of the transaction:

• Delivery address: city, postal code, country…
• Delivery details (date of delivery)
• Data on the user’s account (date of creation of the account with the trader, date of reset of password, etc.)
• The basket data (Number of items in the basket)
• The merchant scoring

The following JSON objects may be added to requests for payment:

• accountInfo
• billToCustomer
• shipToCustomer
• billingAddress
• shippingAddress
• merchantRiskIndicator
• browserInfo

The recommended data are as follows:

• Information to the cardholder

• Name and forename
• Email Address
• Fixed telephone number
• Mobile phone number
• Billing address
• Delivery address

• Browser information/ Browser (depends on integration)

• IP address

Note: All data will be used to secure the on-line route with a view to combating fraud. Issuing banks are regulated on the management of these confidential data.

Request a frictionless payment

The JSON object threeDSPolicy EN allows the merchant to indicate his request of a frictionless payment

The parameter challengePreference indicates the merchant’s preference for authentication:

• noPreference: The merchant leaves the choice to the issuer to authenticate the buyer
• noChallenge: The merchants request a frictonless payment (no authentication)
  
• requests Challenge: The merchants wishes to authenticate the buyer.
• mandateChallenge : The merchant requires the issuer to authenticate the cardholder (e.g. for the first transaction of a subscription)

In all cases, the final choice is defined by the issuing bank (cardholder's bank).

Example : Request frictionless payment

{
	"challengePreference": "noChallenge"
}

Request an exemption

The JSON obect threeDSPolicy EN allows the merchant to request an exemption.

The parameter threeDSExemption – exemptionReason indicates the exemption wished by the merchant :

• lowValue: Low-value transactions (below 30€ )

• However, banks must request authentication if the exemption has been used five times since the cardholder’s last successful authentication or if the sum of the previously exempted payments exceeds 100€.

• Low Risk Transactions (TRA: Transaction Risk Analysis)

• a derogation for the strong authentication may be granted. This requires the prior agreement of the acquirer (based on a real-time risk analysis of each transaction).
• To benefit from this exemption, the trader must contact his BNPP sales.
  

Example: Low amount exemption

{
	"threeDSExemption": {
		"exemptionReason": "lowValue"
	}
}