Guides
Sub-processorsAbout PismoContact us

Client webhooks for VCAS

Visa Consumer Authentication Service (VCAS) is a Visa-provided service to support 3-D Secure (3DS), a global protocol designed to help issuers authenticate cardholders during card-not-present transactions, such as e-commerce purchases. Issuers need to implement the following webhooks to support VCAS.

For more information, refer to VCAS

VCAS StepUp

Webhook request to issuer to provide authentication method and display text.

Webhook specifications
Request fields
Field Type Description Req
id string Pismo-generated unique authorization ID Y
provider enum
string		 Third-party provider name:
* VCAS		 Y
type enum
string		 Call type:
* stepup
card object Card information object Y
id integer Card ID Y
mode_id integer Card mode ID Y
type enum
string		 Card type:
* PLASTIC
* VIRTUAL
* RECURRING
* TEMPORARY		 Y
hash string Encrypted PAN using 2048 rsa key and base64 encoded. Pismo provides the encrypt/decrypt keys for this field. Y
bin string Card Bank Identification Number (BIN). A 6 or 8 digit value Y
last_four_digits string Card last 4 PAN digits Y
account object Account information object Y
id string Pismo account ID Y
document_number string Cardholder document number. A government document number, such as a Social Security number (US) or Cadastro de Pessoas Físicas number (Brazil). Y
email string E-mail. Y
phones object
array		 Phone objects Y
area_code string Phone area code Y
country_code string Phone number country code Y
number string Phone number without area code Y
type enum
string		 Phone type:
* mobile
* commercial
* residential		 Y
program object Program information object Y
id integer Program ID Y
customer object Customer information object Y
id integer Customer ID Y
raw_provider object All non-PCI information received from provider. Check provider documentation for details. Y
Sample request 
{
  "id": "ff77635e-1cd6-4fda-992d-5ceb71d75644",
  "provider": "VCAS",
  "type": "stepup",
  "card": {
    "id": 869572,
    "mode_id": 102,
    "type": "PLASTIC",
    "hash": "WEPvOQuZvjfYEd0iBmr43bhWyOsylIsW95ebYrLD89App2iEq9IizP+8w73pxKQ4mI47EdhzYHF9RfXjrBOyug==",
    "bin": "885692",
    "last_four_digits": "0153"
  },
  "account": {
    "id": 10045896,
    "document_number": "00011122233",
    "phones": [
      {
        "area_code": "31",
        "country_code": "55",
        "number": "998675309",
        "type": "mobile"
      }
    ],
    "email": "[email protected]"
  },
  "program": {
    "id": 986
  },
  "customer": {
    "id": 867604
  },
  "raw_provider": {
    "ProcessorId": "5723ae630063ac1a9c3ab079",
    "IssuerId": "5723ae630063ac1a9c3ab083",
    "TransactionId": "00ec043e-40b5-4ce4-95c2-9e83b644f412",
    "DSTransactionId": "00ec043e-40b5-4ce4-95c2-9e83b644f987",
    "ThreeDSRequestorAuthenticationInd": "01",
    "StepupRequestId": "878f4751-4140-4881-9e4a-003e83524f22",
    "DeviceLocale": "en-US",
    "DeviceUserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36",
    "MessageVersion": "2.2.0",
    "RDXMessageVersion": "2.2.3",
    "MessageCategory": "01",
    "MerchantInfo": {
      "AcquirerId": "1337",
      "AcquirerCountryCode": "840",
      "MerchantId": "876543210",
      "MerchantName": "Ranier Expeditions",
      "MerchantURL": "https://www.requestor.com",
      "MerchantCategoryCode": "0123",
      "MerchantCountryCode": "840",
      "MerchantAppRedirectURL": "merchantScheme://appName?transID=b2385523-a66c-4907-ac3c-91848e8c0067"
    },
    "TransactionInfo": {
      "TransactionCurrency": "840",
      "Channel": "WEB"
    }
  }
}
Response fields
Field Type Description Req
raw_response object Raw response to VCAS StepUp request, according with VCAS documentation Y
Sample response 
{
    "raw_response": {
        "ProcessorId": "5723ae630063ac1a9c3ab07976",
        "IssuerId": "5723ae630063ac1a9c3ab080",
        "TransactionId": "00ec043e-40b5-4ce4-95c2-9e83b644f412",
        "StepupRequestId": "00ec043e-40b5-4ce4-95c2-9e83b644f412",
        "StepupType": "OTPEMAIL",
        "Language": "en-US",
        "Status": "SUCCESS",
        "RiskIndicator": "string",
        "Credentials": [
            {
                "Id": "d94fd3fd-bef1-49cb-88ab-a6841261cea9",
                "Type": "OTPEMAIL",
                "Text": "[email protected]"
            }
        ],
        "Reason": {
            "ReasonCode": "string",
            "ReasonDescription": "string"
        },
        "Error": {
            "ReferenceNumber": "string",
            "ReasonDescription": "string",
            "Description": "string",
            "Message": "string"
        },
        "WhyInfo": {
            "Label": "string",
            "Text": "string"
        }
    }
}

VCAS Initiate Action

Webhook to notify issuer to take action, such as generating a verification code.

Webhook specifications
Request fields
Field Type Description Req
id string Pismo-generated unique authorization ID Y
provider enum
string		 Third-party provider name:
* VCAS		 Y
type enum
string		 Call type:
* initiate_action
card object Card information object Y
id integer Card ID Y
mode_id integer Card mode ID Y
type enum
string		 Card type:
* PLASTIC
* VIRTUAL
* RECURRING
* TEMPORARY		 Y
hash string Encrypted PAN using 2048 rsa key and base64 encoded. Pismo provides the encryt/decrypt keys for this field. Y
bin string Card Bank Identification Number (BIN). A 6 or 8 digit value Y
last_four_digits string Card last 4 PAN digits Y
account object Account information object Y
id string Pismo account ID Y
document_number string Cardholder document number. A government document number, such as a Social Security number (US) or Cadastro de Pessoas Físicas number (Brazil). Y
email string E-mail. Y
phones object
array		 Phone objects Y
area_code string Phone area code Y
country_code string Phone number country code Y
number string Phone number without area code Y
type enum
string		 Phone type:
* mobile
* commercial
* residential		 Y
program object Program information object Y
id integer Program ID Y
customer object Customer information object Y
id integer Customer ID Y
raw_provider object All non-PCI information received from provider. Check provider documentation for details. Y
Sample request 
{
  "id": "ff77635e-1cd6-4fda-992d-5ceb71d75644",
  "provider": "VCAS",
  "type": "initiate_action",
  "card": {
    "id": 869572,
    "mode_id": 102,
    "type": "PLASTIC",
    "hash": "WEPvOQuZvjfYEd0iBmr43bhWyOsylIsW95ebYrLD89App2iEq9IizP+8w73pxKQ4mI47EdhzYHF9RfXjrBOyug==",
    "bin": "885692",
    "last_four_digits": "0153"
  },
  "account": {
    "id": 10045896,
    "document_number": "00011122233",
    "phones": [
      {
        "area_code": "31",
        "country_code": "55",
        "number": "998675309",
        "type": "mobile"
      }
    ],
    "email": "[email protected]"
  },
  "program": {
    "id": 986
  },
  "customer": {
    "id": 867604
  },
  "raw_provider": {
    "ProcessorId": "5723ae630063ac1a9c3ab079",
    "IssuerId": "5723ae630063ac1a9c3ab083",
    "TransactionId": "00ec043e-40b5-4ce4-95c2-9e83b644f412",
    "DSTransactionId": "00ec043e-40b5-4ce4-95c2-9e83b644f987",
    "ThreeDSRequestorAuthenticationInd": "01",
    "StepupRequestId": "878f4751-4140-4881-9e4a-003e83524f22",
    "DeviceLocale": "en-US",
    "DeviceUserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36",
    "MessageVersion": "2.2.0",
    "RDXMessageVersion": "2.2.3",
    "MessageCategory": "01",
    "MerchantInfo": {
      "AcquirerId": "1337",
      "AcquirerCountryCode": "840",
      "MerchantId": "876543210",
      "MerchantName": "Ranier Expeditions",
      "MerchantURL": "https://www.requestor.com",
      "MerchantCategoryCode": "0123",
      "MerchantCountryCode": "840",
      "MerchantAppRedirectURL": "merchantScheme://appName?transID=b2385523-a66c-4907-ac3c-91848e8c0067"
    },
    "TransactionInfo": {
      "TransactionCurrency": "840",
      "Channel": "WEB"
    }
  }
}
Response fields
Field Type Description Req
raw_response object Raw response to VCAS initiate action request, according with VCAS documentation Y
Sample response 

{
  "raw_response": {
    "ProcessorId": "7723ae630063ac1a9c3ab07976",
    "IssuerId": "5723ae630063ac1a9c3ab080",
    "TransactionId": "00ec043e-40b5-4ce4-95c2-9e83b644f412",
    "StepupRequestId": "00ec043e-40b5-4ce4-95c2-9e83b644f412",
    "StepupType": "OTP",
    "Language": "string",
    "Status": "SUCCESS",
    "TransStatusReason": "string",
    "RiskIndicator": "string",
    "Credentials": [
      {
        "Id": "d94fd3fd-bef1-49cb-88ab-a6841261cea9",
        "Type": "OTPEMAIL",
        "Text": "******@cardinalcommerce.com"
      }
    ],
    "Reason": {
      "ReasonCode": "string",
      "ReasonDescription": "string"
    },
    "Error": {
      "ReferenceNumber": "string",
      "ReasonDescription": "string",
      "Description": "string",
      "Message": "string"
    }
  }
}

VCAS Validate

Webhook request to validate verification code.

Webhook specifications
Request fields
Field Type Description Req
id string Pismo-generated unique authorization ID Y
provider enum
string		 Third-party provider name:
* VCAS		 Y
type enum
string		 Call type:
* validate
raw_provider object All non-PCI information received from provider. Check provider documentation for details. Y
Sample request 
{
  "id": "ff77635e-1cd6-4fda-992d-5ceb71d75644",
  "provider": "VCAS",
  "type": "validate",
  "raw_provider": {
    "ProcessorId": "5723ae630063ac1a9c3ab079",
    "IssuerId": "5723ae630063ac1a9c3ab481",
    "TransactionId": "00ec043e-40b5-4ce4-95c2-9e83b644f412",
    "DSTransactionId": "521fa021-4791-4579-a3e9-76de87c219c0",
    "StepupRequestId": "878f4751-4140-4881-9e4a-003e83524f22",
    "MessageVersion": "2.2.0",
    "RDXMessageVersion": "2.2.3"
  }
}
Response fields
Field Type Description Req
raw_response object Raw response to VCAS initiate action request, according with VCAS documentation Y
Sample response 

{
  "raw_response": {
    "ProcessorId": "5723ae630063ac1a9c3ab079",
    "IssuerId": "5723ae630063ac1a9c3ab671",
    "TransactionId": "00ec043e-40b5-4ce4-95c2-9e83b644f412",
    "StepupRequestId": "00ec043e-40b5-4ce4-95c2-9e83b644f618",
    "Language": "string",
    "CredentialId": "string",
    "Status": "SUCCESS",
    "TransStatusReason": "string",
    "RiskIndicator": "string",
    "Reason": {
      "ReasonCode": "string",
      "ReasonDescription": "string"
    },
    "Error": {
      "ReferenceNumber": "string",
      "ReasonDescription": "string",
      "Description": "string",
      "Message": "string"
    },
    "RReqOverrides": {
      "AuthenticationMethod": "SMS_OTP",
      "TransStatusReason": "CARD_AUTH_FAILED",
      "AuthenticationAttempts": "string",
      "CustomerCancel": true
    }
  }

Updated about 20 hours ago