Data Only
What is Data Only?
Data Only is an optional parameter that can be used to contribute to the card brand and issuer’s database, improving authentication performance. Data Only transactions are part of the 3DS protocol but exclude the challenge authentication request step. Thus, the Data Only transaction flow will always be frictionless and without liability shift (the risk in case of chargeback remains with the store).
When to use Data Only?
Data Only can be used to share transaction data with the issuer, frictionless. If the Data Only field is parameterized in the script, the card brand will receive the data and share this information with the issuer. Over time, the issuer will have more transaction data from that card and cardholder, providing more elements for authentication.
Data Only Benefits
- Frictionless for the shopper, as there is no challenge;
- Improve conversion by enriching the issuer’s database.
How to use Data Only?
1. Parameterize the bpmpi_auth_notifyonly field in the script
bpmpi_auth_notifyonly field in the scriptTo use Data Only, follow all the steps in the Script Integration, parameterizing the bpmpi_auth_notifyonly field described in the item Authentication Step – step 3 – Class Mapping.
In the Data Only model, the additional 3DS fields are mapped in the same way and sent to the card network.
| Field | Description | Type/Size | Mandatory |
|---|---|---|---|
bpmpi_auth_notifyonly | Boolean indicating whether the card transaction will be submitted in "notification only" mode. In this mode, the authentication process will not be triggered, but the data will be submitted to the card network. Valid for Mastercard and Visa cards | Boolean: true – notification only mode; false – authentication mode | Required for Data Only transactions |
2. In the authorization step, send DataOnly as true
DataOnly as trueIn the authorization of Data Only transactions, set the DataOnly field to true in the ExternalAuthentication node.
"ExternalAuthentication":{
"Eci":"4",
"ReferenceID":"a24a5d87-b1a1-4aef-a37b-2f30b91274e6",
"Xid":"Uk5ZanBHcWw2RjRCbEN5dGtiMTB=",
"Version":"2.2.0",
"DataOnly":true
}
See the complete example of the authorization request with DataOnly.
Which brands accept Data Only?
Data Only is valid for Mastercard and Visa brands. 3DS protocol version 2.2 is required for Data Only authentication.
For Data Only Mastercard, the ECI will always be 4;
For Data Only Visa, the ECI will always be 7.
Visa is currently not accepting Data Only transactions for credit and debit cards from the issuer Caixa. Therefore, Visa Data Only authentication for Caixa is deactivated.
What are the differences between 3DS full transactions and 3DS Data Only?
| Feature | 3DS full | 3DS Data Only |
|---|---|---|
| Frictionless experience | With challenge or frictionless | Always frictionless (no challenge) |
| Transaction latency | Higher | Lower or none |
| Liability shift (in case of chargeback) | Brand or issuer, if successfully authenticated* | Merchant |
| Influence on issuer approval | Yes | Yes |
| Authentication cycle | Yes | No |
*It is important to check the ECI value to ensure whether the transaction was authenticated or not.
Is there a liability shift in Data Only transactions?
In Data Only transactions there is no liability shift; the merchant is responsible if there is a chargeback.
It is possible to use Antifraud in 3DS Authentication transactions with Data Only.
Updated about 1 month ago