Skip to main content
If you have enabled Gateway Just-in-Time (JIT) Funding for your program, the Marqeta platform sends funding requests to your system for each transaction. Some transaction types, such as authorizations, are actionable, meaning your system must respond programmatically to the request and approve or deny the funding. Other transaction types, such as refunds or reversals, are informative only, meaning your system receives a funding notification but does not need to send a response. To aid in your system’s decisioning process, the Marqeta platform includes data in the request about the transaction being funded. This data describes aspects of the transaction that indicate to your system whether it is advisable to approve or deny the funding request. The message sent to your JIT Funding gateway endpoint includes the following key objects for decisioning:
  • jit_funding
  • fraud
  • cardholder_authentication_data
  • card_security_code_verification
  • transaction_metadata
In addition to your system’s programmatic responses to JIT Funding requests, you can configure the following restrictions for your program on the Marqeta platform:
  • Spend controls — Limits when, where, and how much a user can spend with their card. For more information, see Controlling Spending.
  • Address Verification System (AVS) — Verifies that the address provided by the cardholder matches the address on file. For more information, see About Address Verification.
The Marqeta platform processes these restrictions before sending a JIT Funding request to your gateway endpoint.

JIT Funding

The jit_funding object contains information about the funding event, including the associated user token and transaction amount. The method field indicates the type of transaction and whether the message is an actionable funding request sent to your gateway endpoint or an informative message sent to your webhook endpoint.

Actionable transaction types

Your system must programmatically approve or deny JIT Funding requests for the following types of transactions:
  • pgfs.authorization
  • pgfs.authorization.incremental
  • pgfs.auth_plus_capture
  • pgfs.billpayment
  • pgfs.billpayment.capture
  • pgfs.original.credit.authorization
  • pgfs.original.credit.auth_plus_capture
For more information about the jit_funding object, as well as the differences between actionable and informative transaction types, see Gateway JIT Funding Messages.

Fraud

The fraud object contains fraud-related data elements from the card network and the Marqeta platform when Real-Time Decisioning is enabled.

issuer_processor object

The issuer_processor object is part of the fraud object in the /transactions endpoint.
FieldsDescription
score

integer

Conditionally returned		The risk score generated by RiskControl. This is either the Mastercard Decision Intelligence or Visa Advance Authorization transaction risk score, which is identical to the network_transaction_risk_score field.

Allowable Values:

0 - 99
risk_level

string

Conditionally returned		The fraud rating, or level of risk for the transaction.

Allowable Values:

high, low
rule_violations

array of strings

Conditionally returned		The rules violated by the transaction.

Allowable Values:

Valid array of one or more rule violations
recommended_action

string

Conditionally returned		The action recommended based on the fraud score.

Allowable Values:

APPROVE, DECLINE, NOT_PERFORMED
riskcontrol_tags

array of objects

Conditionally returned		The RiskControl tags triggered by the transaction.

Allowable Values:

See the riskcontrol_tags object.
triggered_rules

array of objects

Conditionally returned		Rules triggered by the event.

Allowable Values:

See the triggered_rules object.

riskcontrol_tags object

Note
This object will be deprecated in the future. Instead, use the triggered_rules object.
When a rule from your own custom-defined operational models is triggered, it generates a tag for your downstream actions. This information, including the tag, rule name, and associated multiple values, is contained in the riskcontrol_tags object as part of the fraud object in the /transactions endpoint.
FieldsDescription
values

array of strings

Conditionally returned		Values associated with the tag.

Allowable Values:

Valid array of one or more tag values
tag

string

Conditionally returned		Tag name defined in the rule definition in the Real-Time Decisioning dashboard.

Allowable Values:

255 char max
rule_name

array of strings

Conditionally returned		Name of the rule as defined in the Real-Time Decisioning dashboard that was triggered.

Allowable Values:

255 char max

triggered_rules object

This object provides a list of rules triggered by a fraud event along with the information on tags and rule characteristics.
FieldsDescription
rule_name

string

Conditionally returned		Name of the rule as defined in the Real-Time Decisioning dashboard that was triggered.

Allowable Values:

255 char max
tags

array of objects

Conditionally returned		All the tags defined in the triggered rule.

Allowable Values:

See the tags object.
alert

boolean

Conditionally returned		Indicates if the rule triggered an alert.

Allowable Values:

true, false
entity_type

string

Conditionally returned		The entity type where the triggered rule was defined.

Allowable Values:

Valid entity type
suppress_alert

boolean

Conditionally returned		Indicates if the triggered rule has suppress_alert in the definition.

Allowable Values:

true, false

tags object

This object provides a list of tags along with the names and values defined in the triggered rules.
FieldsDescription
name

string

Conditionally returned		Name of the tag.

Allowable Values:

255 char max
value

string

Conditionally returned		Value of the tag.

Allowable Values:

255 char max
The following code block shows a sample fraud object as it would appear in a JIT Funding request:
JSON
"fraud": {
    "issuer_processor": {
        "score": 0,
        "risk_level": "low",
        "rule_violations": [
            "Three_Tag_Rule"
        ],
        "recommended_action": "APPROVE",
        "riskcontrol_tags": [
          {
            "values": [
                "false"
            ],
            "tag": "risk",
                "rule_name": "Three_Tag_Rule"
          },
          {
            "values": [
                "authorization",
                "testing webhook 2"
            ],
            "tag": "tag",
            "rule_name": "Three_Tag_Rule"
          }
        ],
        "triggered_rules": [
          {
            "rule_name": "Three_Tag_Rule",
            "tags": [
              {
                "name": "tag",
                "value": "authorization"
              },
              {
                "name": "tag",
                "value": "testing webhook 2"
              },
              {
                "name": "risk",
                "value": "false"
              }
        ],
        "alert": true,
        "entity_type": "ACTING_USER",
        "suppress_alert": false
      }
    ]
  }
}

Cardholder authentication data

The cardholder_authentication_data object contains information about additional authentication performed for e-commerce transactions. For example, a transaction participant (such as the card network) can request additional verification during the transaction process, such as the cardholder’s name or date of birth.
FieldsDescription
acquirer_exemption

array of strings

Conditionally returned		Indicates 3D Secure authentication exemptions from the acquirer. This array is returned if it is included in the transaction data from the card network.

Allowable Values:

MERCHANT_INITIATED_TRANSACTION, TRANSACTION_RISK_ANALYSIS, RECURRING_PAYMENT, LOW_VALUE_PAYMENT, SCA_PERFORMED, SECURE_CORPORATE_PAYMENT, AUTHENTICATION_OUTAGE_EXCEPTION
authentication_method

string

Conditionally returned		Specifies the 3D Secure authentication method.

Allowable Values:

null, AUDIO_CALL, BEHAVIORAL_BIOMETRICS, BIOMETRIC, BIOMETRIC_FACE, BIOMETRIC_FINGERPRINT, DECOUPLED, DELEGATED_TRUSTED_AUTHENTICATION, FRICTIONLESS, IN_APP_LOGIN, KNOWLEDGE_BASED, OOB, OOB_OTHER, OTHER, OTP, OTP_SMS, OTP_EMAIL, SECURE_PAYMENT_CONFM, VIDEO_CALL, VOICE_RECOGNITION, WEB_AUTHN, OTHER
authentication_status

string

Conditionally returned		Specifies the status of the 3D Secure authentication.

- ATTEMPTED: Indicates that 3D Secure authentication was requested and processed by the card network.
- DATA_SHARE_EXEMPTION: Indicates that 3D Secure authentication was for information only and exempted.
- EXEMPTED: Indicates that 3D Secure authentication was requested but the challenge was exempted.
- EXEMPTION_CLAIMED: Indicates that 3DS Secure authentication was exempted because acquirer transaction risk analysis (TRA) was already performed.
- SCA_EXEMPTION: Indicates that 3D Secure authentication was exempted because strong customer authentication (SCA) was already performed.
- SUCCESSFUL: Indicates that 3D Secure authentication was successful.
- SUCCESSFUL_NON_PAYMENT: Indicates that 3D Secure non-payment authentication was successful.
- THREEDS_REQUESTER_DATA_SHARE_EXEMPTION: Status is deprecated and will be removed from a future release of the Marqeta platform. After June 2023, use DATA_SHARE_EXEMPTION instead.
- THREEDS_REQUESTER_SCA_EXEMPTION: Status is deprecated and will be removed in a June 2023 release of the Marqeta platform. After June 2023, use SCA_EXEMPTION instead.
- THREEDS_REQUESTER_TRA_EXEMPTION: Status is deprecated and will be removed in a June 2023 release of the Marqeta platform. After June 2023, use EXEMPTION_CLAIMED instead.
- UNAVAILABLE:

- For Visa transactions, this status indicates that 3D Secure authentication was requested, but Marqeta’s access control server (ACS) was not available.
- For Mastercard transactions, this status indicates that 3D Secure authentication was not available.

Allowable Values:

ATTEMPTED, DATA_SHARE_EXEMPTION, EXEMPTION_CLAIMED``EXEMPTED, SCA_EXEMPTION, SUCCESS, SUCCESSFUL_NON_PAYMENT, THREEDS_REQUESTER_DATA_SHARE_EXEMPTION, THREEDS_REQUESTER_SCA_EXEMPTION, THREEDS_REQUESTER_TRA_EXEMPTION, UNAVAILABLE
electronic_commerce_indicator

string

Conditionally returned		Status of the 3D Secure authentication attempt, as provided by a transaction participant.

- authentication_attempted: Merchant attempted to authenticate, but either the issuer or the cardholder does not participate in 3D Secure.
- authentication_successful: Cardholder authentication successful.
- no_authentication: Non-authenticated e-commerce transaction.

Allowable Values:

authentication_attempted, authentication_successful, no_authentication
issuer_exemption

string

Conditionally returned		Indicates a 3D Secure authentication exemption from the issuer. This field is returned if it is included in the transaction data from the card network.

Allowable Values:

SCA_LOW_VALUE_PAYMENT
three_ds_message_version

string

Conditionally returned		Specifies the 3D Secure message version used for authentication.

Allowable Values:

1.0.2, 2.1.0, 2.2.0
verification_result

string

Conditionally returned		Result of the cardholder authentication verification value (CAVV) or accountholder authentication value (AAV) verification performed by the card network.

- failed
- not_present
- not_provided
- not_verified
- not_verified_authentication_outage
- verified
- verified_amount_greater_than_20_percent: For Mastercard AAV verification, indicates that the original authentication amount and final authorization amount are mismatched, and that the final authorization amount is greater than 20% of the original authentication amount. This 20% margin falls outside Mastercard’s suggested tolerance for what a European cardholder might reasonably expect when the total transaction amount is not known in advance.
- verified_amount_greater_than_20_percent: For Mastercard AAV verification, indicates that the original authentication amount and final authorization amount are mismatched, and that the final authorization amount exceeds the original authentication amount by more than 20%. This 20% margin falls outside Mastercard’s suggested tolerance for what a European cardholder might reasonably expect when the total transaction amount is not known in advance.
- verified_amount_less_than_20_percent: For Mastercard AAV verification, indicates that the original authentication amount and final authorization amount are mismatched, and that the final authorization amount exceeds the original authentication amount by 20% or less. This 20% margin falls within Mastercard’s suggested tolerance for what a European cardholder might reasonably expect when the total transaction amount is not known in advance.

Allowable Values:

failed, not_present, not_provided, not_verified, not_verified_authentication_outage, verified, verified_amount_greater_than_20_percent, verified_amount_less_than_20_percent
verification_value_created_by

string

Conditionally returned		Transaction participant who determined the verification result.

Allowable Values:

issuer_acs, issuer_attempts_server, network, network_attempts_server
cavv_authentication_amount

string

Conditionally returned		Authentication amount from the cardholder authentication verification value (CAVV) used to validate an authorization. This field is returned if it is included in the transaction data from the card network.

To enable this field, contact your Marqeta representative.

Allowable Values:

255 char max
raw_cavv_data

string

Conditionally returned		Raw cardholder authentication verification value provided by the card network. This field is returned if it is included in the transaction data from the card network.

To enable this field, contact your Marqeta representative.

Allowable Values:

255 char max
cash_back_amount

decimal

Conditionally returned		Amount of cash back requested by the cardholder during the transaction. Included in the total transaction amount.

Allowable Values:

decimal

Format:
0.00
The following code block shows a sample cardholder_authentication_data object as it would appear in a JIT Funding request:
JSON
"cardholder_authentication_data": {
  "electronic_commerce_indicator": "authentication_successful",
  "verification_result": "verified",
  "verification_value_created_by": "issuer_acs"
}

Card network field data for cardholder authentication

We include these tables of cardholder authentication field data for the Mastercard and Visa card networks to help clarify the cardholder authentication data results you may see in JIT Funding transactions.

Mastercard field data

This table shows cardholder authentication field data from the Mastercard network.
Security Level Indicator (SLI)Secure Payment Application Version 2 (SPA2)Electronic Commerce IndicatorVerification
210N/Ano_authenticationMethod: N/A
Status:UNAVAILABLE
Value Created By: N/A
211kEauthentication_attemptedMethod: N/A
Status:ATTEMPTED
Value Created By:network_attempts_server
211kFauthentication_attemptedMethod: N/A
Status:ATTEMPTED
Value Created By:network_attempts_server
211kLauthentication_attemptedMethod: N/A
Status:ATTEMPTED
Value Created By:network_attempts_server
211kMauthentication_attemptedMethod: N/A
Status:ATTEMPTED
Value Created By:network_attempts_server
212kAauthentication_successfulMethod:FRICTIONLESS
Status:EXEMPTED
Value Created By:issuer_acs
212kCauthentication_successfulMethod:STANDIN_FRICTIONLESS
Status:EXEMPTED
Value Created By:network
212kBauthentication_successfulMethod:CHALLENGE
Status:SUCCESSFUL
Value Created By:issuer_acs
212kHauthentication_successfulMethod:CHALLENGE
Status:SUCCESSFUL
Value Created By:issuer_acs
212kRauthentication_successfulMethod:FRICTIONLESS
Status:EXEMPTED
Value Created By:issuer_acs
212kSauthentication_successfulMethod:OOB_OTHER
Status:SUCCESSFUL
Value Created By:issuer_acs
212kTauthentication_successfulMethod: N/A
Status:SUCCESSFUL
Value Created By:network
212kDauthentication_successfulMethod:IDENTITY_CHECK_EXPRESS
Status:SUCCESSFUL
Value Created By:network
212kQauthentication_successfulMethod:FRICTIONLESS
Status:EXEMPTED
Value Created By:issuer_acs
214N/Ano_authenticationMethod: N/A
Status:THREEDS_REQUESTER_DATA_SHARE_EXEMPTION
Value Created By: N/A
216kNno_authenticationMethod: N/A
Status:THREEDS_REQUESTER_SCA_EXEMPTION
Value Created By:issuer_acs
216kVno_authenticationMethod: N/A
Status:THREEDS_REQUESTER_EXEMPTION
Value Created By:network
216kWno_authenticationMethod: N/A
Status:THREEDS_REQUESTER_DATA_SHARE_EXEMPTION
Value Created By:issuer_acs
217kOauthentication_successfulMethod:FRICTIONLESS
Status:EXEMPTED
Value Created By:issuer_acs
217kPauthentication_successfulMethod:CHALLENGE
Status:SUCCESSFUL
Value Created By:issuer_acs
242N/Aauthentication_successfulMethod:MDES
Status:SUCCESSFUL
Value Created By:network

Visa field data

This table shows cardholder authentication field data from the Visa network.
CAVVDescriptionConsiderationVerification
BlankCAVV not present in authorization messageField 126.9 is emptyResult:not_present
Value Created By: N/A
BlankCAVV not verified, issuer has not selected CAVV verification optionField 126.9 is not emptyResult:not_verified
Value Created By: N/A
0CAVV could not be verifiedField 126.9 is not emptyResult:not_verified
Value Created By: N/A
0CAVV data was not provided when expectedField 126.9 is emptyResult:not_provided
Value Created By: N/A
1CAVV failed verification – cardholder authenticationCAVV was created by the issuer’s Attempts ServerResult:failed
Value Created By:issuer_acs
2CAVV passed verification – cardholder authenticationCAVV was created by the issuer’s Attempts ServerResult:verified
Value Created By:issuer_acs
3CAVV passed verification – attempted authenticationCAVV was created by the issuer’s Attempts ServerResult:verified
Value Created By:issuer_attempts_server
4CAVV failed verification – attempted authenticationCAVV was created by the issuer’s Attempts ServerResult:failed
Value Created By:issuer_attempts_server
5Reserved – not in useN/AResult: N/A
Value Created By: N/A
6CAVV not verified, issuer not participating in CAVV verificationCAVV can be created by the issuer’s ACS, issuer’s Attempts Server, or Visa Attempts ServiceResult:not_verified
Value Created By:network
7CAVV failed verification – attempted authenticationCAVV was created by Visa’s Attempts ServiceResult:failed
Value Created By:network_attempts_server
8CAVV passed verification – attempted authenticationCAVV was created by Visa’s Attempts Service—Non-participating issuer or cardholderResult:verified
Value Created By:network_attempts_server
9CAVV failed verification – attempted authenticationCAVV was created by Visa’s Attempts Service—Issuer ACS was not availableResult:failed
Value Created By:network_attempts_server
ACAVV passed verification – attempted authenticationCAVV was created by Visa’s Attempts Service—Issuer ACS was not availableResult:verified
Value Created By:network_attempts_server
BCAVV passed verification – no liability shiftCAVV was processed but the transaction does not qualify for Visa’s 3-D Secure programResult:verified
Value Created By:network
CCAVV was not verified - attempted authenticationCAVV was created by the issuer’s Attempts ServerResult:not_verified
Value Created By:issuer_attempts_server
DCAVV was not verified – cardholder authenticationCAVV was created by the issuer’s ACSResult:not_verified
Value Created By:issuer_acs

Card security code verification

The card_security_code_verification object contains information about a verification check performed on the card’s security code. The type field indicates the type of security code and can have the following possible values:
  • CVV1 – The security code stored in the magnetic stripe on the card.
  • CVV2 – The security code printed on the card.
  • ICVV – The security code stored on the chip of the card.
  • DCVV – A dynamic security code used in some contactless payments when a card or device is tapped on the card reader.
The response.code field indicates whether the verification check passed and can have one of the following values:
  • 0000 – Passed
  • 0001 – Did not pass
FieldsDescription
type

string

Returned		Type of security code verified.

Allowable Values:

CVV1, CVV2, ICVV, DCVV
response.code

string

Returned		Indicates whether the verification check passed.

Allowable Values:

0000, 0001
response.memo

string

Conditionally returned		Free-form description of the verification result, as provided by a transaction participant.

Allowable Values:

99 char max
The following code block shows a sample card_security_code_verification object as it would appear in a JIT Funding request:
JSON
"card_security_code_verification": {
  "type": "CVV1",
  "response": {
    "code": "0000",
    "memo": "Card security code match"
  }
}

Transaction metadata

The transaction_metadata object contains additional merchant-provided details about a transaction. It also includes sub-objects for more detailed information about transit and air travel purchases.
Note
Transaction metadata is only included when provided by the merchant.
FieldsDescription
airline

object

Conditionally returned		Contains information about airline-related transactions.

Allowable Values:

Existing airline object
authorization_life_cycle

integer

Conditionally returned		Number of days until pre-authorization expires, if provided by the merchant.

Allowable Values:

Any integer
cross_border_transaction

boolean

Conditionally returned		Whether the transaction is cross-border, i.e., when the merchant and the cardholder are located in two different countries.

Allowable Values:

true, false
is_deferred_transaction

boolean

Conditionally returned		Indicates an offline authorization made during an interruption of card network connectivity, such as a purchase on a flight.

Allowable Values:

true, false
is_lodging_auto_rental

boolean

Conditionally returned		Whether the transaction is a lodging or vehicle rental.

Allowable Values:

true, false
lodging_auto_rental_start_date

datetime

Conditionally returned		Date and time when the lodging check-in or vehicle rental began.

Allowable Values:

datetime

Format:
MM-dd-yyyy
moto_indicator

string

Conditionally returned		Indicates the type of mail or telephone order transaction.

Allowable Values:

UNKNOWN, MANUAL, RECURRING, INSTALLMENT, OTHERS
payment_channel

string

Conditionally returned		Channel from which the transaction was originated.

Allowable Values:

OTHER, ATM, ECOMMERCE, MAIL, PHONE, MOTO
transaction_category

string

Conditionally returned		Type of product or service being purchased, if provided by the merchant.

Allowable Values:

RETAIL_SALE, BILL_PAY, HOTEL, RESTAURANT, AUTO_RENTAL, AIRLINE, PAYMENT, HOSPITALIZATION_COLLEGE, PHONE_MAIL_ECOMMERCE, ATM, HEALTH_CARE, TRANSIT, EXTENDED_AUTHORIZATION
transit

object

Conditionally returned		Contains merchant-provided, transit-related metadata related to the transaction.

Allowable Values:

Existing transit object
The transaction_metadata.transit object can contain the following fields related to transportation other than air travel:
FieldsDescription
transaction_type

string

Conditionally returned		Type of transit transaction performed, if provided by the merchant.

Allowable Values:

PRE_FUNDED, REAL_TIME_AUTHORIZED, POST_AUTHORIZED_AGGREGATED, AUTHORIZED_AGGREGATED_SPLIT_CLEARING, OTHER, DEBIT_RECOVERY
transportation_mode

string

Conditionally returned		Mode of transportation purchased, if provided by the merchant.

Allowable Values:

BUS, TRAIN, WATER_BORNE_VEHICLE, TOLL, PARKING, TAXI, PARA_TRANSIT, SELF_DRIVE_VEHICLE, COACH, LOCOMOTIVE, POWERED_MOTOR_VEHICLE, TRAILER, INTER_CITY, CABLE_CAR
The transaction_metadata.airline object can contain the following fields related to air travel:
FieldsDescription
passenger_name

string

Conditionally returned		Name of passenger for air travel, if provided by the merchant.

Allowable Values:

Format: forename surname
depart_date

date

Conditionally returned		Date of departure for air travel, if provided by the merchant.

Allowable Values:

Format: dd/mm/yyyy
origination_city

string

Conditionally returned		Three-letter airport code for the city of departure, if provided by the merchant.

Allowable Values:

Format: SFO
The following code block shows a sample of the transaction_metadata object as it would appear in a JIT Funding request:
JSON
"transaction_metadata": {
  "transaction_category": "AUTO_RENTAL",
  "authorization_life_cycle": "10",
  "lodging_auto_rental_start_date": "10/19/2022"
  "transit": {
    "transaction_type": "PRE_FUNDED",
    "transportation_mode": "BUS"
  },
  "airline": {
    "passenger_name": "Madison Aguilar",
    "depart_date": "10/19/2022",
    "origination_city": "SJC"
  }
}

Marqeta state and territorial identifiers

Marqeta may send you a numeric United States state or territorial identifier rather than an alpha-2 abbreviations in your JIT Funding requests. The following table maps the numeric identifiers to their corresponding alpha-2 abbreviations and state or territorial names.
Marqeta state identifierAlpha-2 abbreviationUS state or territory
1ALAlabama
2AKAlaska
4AZArizona
5ARArkansas
6CACalifornia
8COColorado
9CTConnecticut
10DEDelaware
11DCDistrict of Columbia
12FLFlorida
13GAGeorgia
15HIHawaii
16IDIdaho
17ILIllinois
18INIndiana
19IAIowa
20KSKansas
21KYKentucky
22LALouisiana
23MEMaine
24MDMaryland
25MAMassachusetts
26MIMichigan
28MSMississippi
29MOMissouri
30MTMontana
31NENebraska
32NVNevada
33NHNew Hampshire
34NJNew Jersey
35NMNew Mexico
36NYNew York
37NCNorth Carolina
38NDNorth Dakota
39OHOhio
40OKOklahoma
41OROregon
42PAPennsylvania
44RIRhode Island
45SCSouth Carolina
46SDSouth Dakota
47TNTennessee
48TXTexas
49UTUtah
50VTVermont
51VAVirginia
53WAWashington
54WVWest Virginia
55WIWisconsin
56WYWyoming
60ASAmerican Samoa
66GUGuam
72PRPuerto Rico
78VIU.S. Virgin Islands

Related topics

About Just-in-Time FundingJust-in-Time Funding OverviewGateway JIT Funding ScenariosJIT Funding ReportsLedger Management with JIT Funding