/
Payer Authentication

Payer Authentication

Owned by Vanni Sanvincenti
Last updated: 25 Jun 2025 by Mladenka Vukmirovic

Overview

Payer Authentication is the process of verifying a payer’s identity during a payment transaction to ensure that the transaction is valid.

At present, the Payer Authentication concept as defined here is strictly in terms card payment instruments and explicitly references 3D-Secure. Until a new version is released, 3DSv2.x versions are the only accepted version to perform authentication.

The need to authenticate a payer can be determined in one of three ways:

  1. Seller determines that authentication is required prior to payment commitment (or not required but decide to proceed anyway) and sends authentication payload with payment details

  2. Seller determines that authentication is not required prior to payment commitment and sends authentication payload containing a reason for exemption with the payment details

  3. Airline determines that authentication is required while processing payment

 

1. Seller determines that authentication is required

If the Seller determines that authentication is required then:

  1. The Seller triggers the authentication process.

  2. The Seller sends the authentication result to the airline along with the Payer’s card information at time of payment commitment.

  3. The Airline uses the authentication result in their authorization request.

2. Seller determines that authentication exemption applies

If the Seller determines that authentication is not required (e.g. the payment was done through a secure corporate process), it may request an exemption. In this case :

  1. The Seller does not trigger the authentication process.

  2. The Seller sends the Payment Authentication Exemption code to the airline at time of payment commitment

    • AO for Authentication outage

    • DA for Delegated authentication

    • LV for Low value

    • MA for Merchant problem and Major outage

    • ND for None defined

    • SC for Secure corporate

    • TB for Trusted beneficiary

    • TR for Transaction risk analysis

  3. The Airline uses the exemption code in their authorization request.

3. Airline determines that authentication is required

If the Seller has not sent an authentication result or an exemption request isn’t accepted, then an airline may decide to to ask the seller to authenticate the payer:

  1. The Seller sends the Payer’s card information to the airline at time of payment commitment.

  2. The Airline determines that the Payer must authenticate and sends an error in response to the payment commitment.

  3. The seller triggers the authentication process.

  4. Seller sends this authentication result to the airline along with the Payer’s card information to the airline.

  5. The Airline uses the authentication results in their authorization request.

Example

Example of transfer of details for payment card transaction, including payer authentication result

... <PaymentFunctions> <OrderAssociation> <OrderItemRefID>ORDITM-01</OrderItemRefID> <OrderRefID>XB952A1B2C3D4</OrderRefID> </OrderAssociation> <PaymentProcessingDetails> <Amount CurCode="EUR">1000.00</Amount> <PaymentMethod> <PaymentCard> <CardBrandCode>VI</CardBrandCode> <CardHolderName>Mary Smith</CardHolderName> <CardNumber>4111111111111111</CardNumber> <CardSecurityCode>111</CardSecurityCode> <ExpirationDate>0125</ExpirationDate> <SecurePaymentVersion2> <AuthenticationMerchantName>SellerMerchantName</AuthenticationMerchantName> <AuthenticationTokenValue>12345a6c789d225648e</AuthenticationTokenValue> <AuthenticationValue>CAVV</AuthenticationValue> <CardNumberCollectionCode>S</CardNumberCollectionCode> <DirectoryServerTrxID>a28b-4473-a130-3fa5e1c2eef0</DirectoryServerTrxID> <ElectronicCommerceInd>05</ElectronicCommerceInd> <PaymentTrxChannelCode>EC</PaymentTrxChannelCode> <ProgramProtocolText>2.2.0</ProgramProtocolText> <TrxStatusText>A</TrxStatusText> </SecurePaymentVersion2> </PaymentCard> </PaymentMethod> </PaymentProcessingDetails> </PaymentFunctions> ...

Example of transfer of details for payment card transaction, including payer authentication exemption reason code

... <PaymentFunctions> <OrderAssociation> <OrderItemRefID>ORDITM-01</OrderItemRefID> <OrderRefID>XB952A1B2C3D4</OrderRefID> </OrderAssociation> <PaymentProcessingDetails> <Amount CurCode="EUR">1000.00</Amount> <PaymentMethod> <PaymentCard> <CardBrandCode>VI</CardBrandCode> <CardHolderName>Mary Smith</CardHolderName> <CardNumber>4111111111111111</CardNumber> <CardSecurityCode>111</CardSecurityCode> <ExpirationDate>0125</ExpirationDate> <SecurePaymentVersion2> <PayerAuthenticationExemptionCode>SC</PayerAuthenticationExemptionCode> </SecurePaymentVersion2> </PaymentCard> </PaymentMethod> </PaymentProcessingDetails> </PaymentFunctions> ...