> ## Documentation Index
> Fetch the complete documentation index at: https://www.marqeta.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# 3D Secure Risk Engine Schema

> Learn about the Three Domain Secure (3D Secure) risk engine schema.

This page contains the available objects and fields that Marqeta’s Three Domain Secure (3D Secure) Risk Engine provides to card programs for writing 3D Secure decisioning rules.

<h2 id="_about_the_3d_secure_risk_engine">
  About the 3D Secure Risk Engine
</h2>

Marqeta’s 3D Secure Risk Engine allows card programs to perform 3D Secure decisioning within Marqeta’s real-time decisioning product.

Previously, Marqeta supported Delegated Decisioning for 3D Secure decisioning, in which Marqeta would send a request containing details of a flagged transaction to a card program’s endpoint. The card program would then return a response indicating whether to challenge the transaction with Strong Customer Authentication (SCA) or pass the transaction without a challenge.

Marqeta’s new 3D Secure Risk Engine integrates the decisioning workflow into the real-time decisioning product, and uses the same decisioning platform for writing risk rules. The payload previously sent via Delegated Decisioning is now available within the rules engine, allowing you to use a dashboard to write 3D Secure decisioning rules.

The following sections detail the event types associated with Marqeta’s 3D Secure Risk Engine.

<h2 id="_three_ds_decision_rt">
  THREE\_DS\_DECISION\_RT
</h2>

`THREE_DS_DECISION_RT` is a real-time 3D Secure decisioning event used to decide whether or not a 3D Secure transaction should be challenged.

Use the following actions in the dashboard to trigger an SCA challenge or to exempt the transaction from the challenge flow:

* `THREE_DS_AUTHENTICATION_CHALLENGE` - Go to the **Create Rules > Specify Action** dropdown and select this action to trigger an SCA challenge.

* `THREE_DS_AUTHENTICATION_EXEMPT` - Go to the **Create Rules > Specify Action** dropdown and select this action if you prefer to allow for frictionless provisioning and do not want to trigger an SCA challenge.

<h3 id="_the_three_ds_decision_rt_schema">
  The THREE\_DS\_DECISION\_RT schema
</h3>

| Fields                                                              | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
| ------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| acs\_transaction\_id<br /><br />string<br /><br />Required          | Universally unique identifier assigned to a single transaction by the access control server (ACS).<br /><br />**Allowable Values:**<br /><br />36 char max                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        |
| type<br /><br />string<br /><br />Optional                          | Authentication type that determines which action the recipient of the message must take.<br /><br />**Allowable Values:**<br /><br />`authentication.decision`                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |
| state<br /><br />string<br /><br />Required                         | Status of the requested authentication.<br /><br />**Allowable Values:**<br /><br />- `PENDING` - Authentication request is pending processing<br /><br />- `SUCCESS` - Authentication completed successfully<br /><br />- `FAILED` - Authentication failed or was rejected                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
| user\_token<br /><br />string<br /><br />Optional                   | Marqeta-assigned unique identifier of the user.<br /><br />**Allowable Values:**<br /><br />36 char max                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |
| acting\_user\_token<br /><br />string<br /><br />Optional           | Marqeta-assigned unique identifier of the user performing the transaction.<br /><br />**Allowable Values:**<br /><br />36 char max                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
| card\_token<br /><br />string<br /><br />Required                   | Marqeta-assigned unique identifier of the card used in the transaction.<br /><br />**Allowable Values:**<br /><br />36 char max                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
| created\_time<br /><br />string<br /><br />Required                 | Authentication request time and date, in UTC, using ISO-8601 format.<br /><br />**Allowable Values:**<br /><br />Format: yyyy-MM-ddThh:mm:ss.sssZ                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |
| network<br /><br />string<br /><br />Optional                       | Card network associated with the authentication/decision request.<br /><br />**Allowable Values:**<br /><br />- `VISA`<br />- `MASTERCARD`                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        |
| message\_version<br /><br />string<br /><br />Optional              | Version of the 3D Secure protocol used by the 3D Secure requester.<br /><br />**Allowable Values:**<br /><br />minLength: 5<br />maxLength: 8                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
| message\_extension<br /><br />object<br /><br />Optional            | 3DS message extension component.<br /><br />**Allowable Values:**<br /><br />`name`, `id`, `criticality_indicator`, `data`<br /><br />See <a href="/core-api/3ds/#_the_message_extension_object">the message\_extension object</a> for additional details.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        |
| authentication\_request\_type<br /><br />string<br /><br />Optional | Indicates the type of authentication request.<br /><br />**Allowable Values:**<br /><br />- `PAYMENT` - Payment transaction authentication<br /><br />- `RECURRING` - Recurring payment setup or processing<br /><br />- `INSTALLMENT` - Installment payment authentication<br /><br />- `ADD_CARD` - Adding a new card to cardholder account<br /><br />- `MAINTAIN_CARD` - Maintaining or updating existing card information<br /><br />- `EMV_CARDHOLDER_VERIFICATION` - EMV cardholder verification method                                                                                                                                                                                                                                    |
| requester<br /><br />object<br /><br />Optional                     | Requester details.<br /><br />**Allowable Values:**<br /><br />`notification_url`, `challenge_preference`, `decoupled_challenge_preference`, `name`, `customer_care_url`, `request_type`, `cardholder_authentication_by_merchant`, `prior_cardholder_authentication`, `sdk`<br /><br />See <a href="/core-api/3ds/#_the_requester_object">the requester object</a> for additional details.                                                                                                                                                                                                                                                                                                                                                        |
| server<br /><br />object<br /><br />Optional                        | Server details.<br /><br />**Allowable Values:**<br /><br />`reference_number`, `operator_id`<br /><br />See <a href="/core-api/3ds/#_the_server_object">the server object</a> for additional details.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
| client\_browser<br /><br />object<br /><br />Optional               | Client browser details.<br /><br />**Allowable Values:**<br /><br />`accept_headers`, `ip_address`, `is_java_enabled`, `is_javascript_enabled`, `language`, `timezone_offset_in_minutes`, `user_agent`<br /><br />See <a href="/core-api/3ds/#_the_client_browser_object">the client\_browser object</a> for additional details.                                                                                                                                                                                                                                                                                                                                                                                                                  |
| device<br /><br />object<br /><br />Optional                        | Device details.<br /><br />**Allowable Values:**<br /><br />`channel`, `additional_data`<br /><br />See <a href="/core-api/3ds/#_the_device_object">the device object</a> for additional details.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |
| cardholder\_account<br /><br />object<br /><br />Optional           | Contains additional information about the cardholder’s account, as provided by the 3D Secure requester.<br /><br />**Allowable Values:**<br /><br />`identifier`, `name`, `email`, `account_type`, `card_expiry_date`, `account_age`, `last_updated_date`, `last_updated_duration`, `date_created`, `password_changed_date`, `password_changed_duration`, `enrolled_date`, `enrolled_duration`, `shipping_address_first_used_date`, `shipping_address_first_used_duration`, `ship_to_name_is_cardholder_name`, `experienced_suspicious_activity`, `phones`, `statistics`, `billing_address`, `shipping_address`<br /><br />See <a href="/core-api/3ds/#_the_cardholder_account_object">the cardholder\_account object</a> for additional details. |
| directory\_server<br /><br />object<br /><br />Optional             | Describes information from the Directory Server (DS) in the network.<br /><br />**Allowable Values:**<br /><br />`reference_number`, `authentication_result_url`<br /><br />See <a href="/core-api/3ds/#_the_directory_server_object">the directory\_server object</a> for additional details.                                                                                                                                                                                                                                                                                                                                                                                                                                                    |
| transaction<br /><br />object<br /><br />Optional                   | Contains information about how the payment is being made.<br /><br />**Allowable Values:**<br /><br />`transaction_type`, `sub_type`, `amount`, `currency_code`, `exponent`, `date`, `shipping_address_is_billing_address`, `maximum_permitted_installments`, `detokenisation_source`, `recurring`<br /><br />See <a href="/core-api/3ds/#_the_transaction_object">the transaction object</a> for additional details.                                                                                                                                                                                                                                                                                                                             |
| card\_acceptor<br /><br />object<br /><br />Required                | Details about the merchant with which this transaction is being conducted.<br /><br />**Allowable Values:**<br /><br />`acquirer_bin`, `merchant_id`, `merchant_category_code`, `country`, `name`, `risk_indicators`<br /><br />See <a href="/core-api/3ds/#_the_card_acceptor_object">the card\_acceptor object</a> for additional details.                                                                                                                                                                                                                                                                                                                                                                                                      |
| whitelist<br /><br />object<br /><br />Optional                     | Details regarding the allow list.<br /><br />**Allowable Values:**<br /><br />`status`, `source`<br /><br />See <a href="/core-api/3ds/#_the_whitelist_object">the allowlist object (also called the whitelist object)</a> for additional details.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |

<h2 id="_three_ds_challenge_result">
  THREE\_DS\_CHALLENGE\_RESULT
</h2>

`THREE_DS_CHALLENGE_RESULT` is an asynchronous 3D Secure event that informs you about whether the SCA challenge was completed successfully or not. You can use this event to build features that will update the authentication result status, which can then be used in 3D Secure decisioning rules.

<h3 id="_the_three_ds_challenge_result_schema">
  The THREE\_DS\_CHALLENGE\_RESULT Schema
</h3>

| Fields                                                       | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |
| ------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| acs\_transaction\_id<br /><br />string<br /><br />Required   | Universally unique identifier assigned to a single transaction by the access control server (ACS).<br /><br />**Allowable Values:**<br /><br />36 char max                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
| type<br /><br />string<br /><br />Optional                   | Authentication type that determines which action the recipient of the message must take.<br /><br />**Allowable Values:**<br /><br />`authentication.result`                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
| state<br /><br />string<br /><br />Optional                  | Status of the requested authentication.<br /><br />**Allowable Values:**<br /><br />- `PENDING` - Authentication request is pending processing<br /><br />- `SUCCESS` - Authentication completed successfully<br /><br />- `FAILED` - Authentication failed or was rejected                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |
| card\_token<br /><br />string<br /><br />Optional            | Marqeta-assigned unique card token identifying the card being used.<br /><br />**Allowable Values:**<br /><br />36 char max                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |
| user\_token<br /><br />string<br /><br />Optional            | Marqeta-assigned unique identifier of the user.<br /><br />**Allowable Values:**<br /><br />36 char max                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |
| acting\_user\_token<br /><br />string<br /><br />Optional    | Marqeta-assigned unique identifier of the user performing the transaction.<br /><br />**Allowable Values:**<br /><br />36 char max                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |
| authentication\_method<br /><br />string<br /><br />Optional | Method used to authenticate the cardholder.<br /><br />**Allowable Values:**<br /><br />- `BIOMETRIC_FACE` - Facial recognition authentication<br /><br />- `BIOMETRIC_FINGERPRINT` - Fingerprint authentication<br /><br />- `VOICE_RECOGNITION` - Voice pattern recognition authentication<br /><br />- `IN_APP_LOGIN` - Authentication within the issuer’s mobile application<br /><br />- `AUDIO_CALL` - Voice call with human or automated verification<br /><br />- `VIDEO_CALL` - Video call with human verification<br /><br />- `OTP_SMS` - One-time password sent via SMS text message<br /><br />- `OTP_EMAIL` - One-time password sent via email<br /><br />- `KNOWLEDGE_BASED` - Knowledge-based authentication, such as security questions<br /><br />- `OTHER` - Other authentication method not listed above                          |
| authentication\_result<br /><br />string<br /><br />Optional | Result of the authentication performed.<br /><br />**Allowable Values:**<br /><br />- `SUCCESS` - Authentication was successful and the cardholder was verified<br /><br />- `FAILED` - Authentication failed due to incorrect credentials or verification<br /><br />- `CANCELLED` - Authentication was cancelled by cardholder or system timeout<br /><br />- `NOT_AUTHENTICATED` - Authentication could not be performed or completed                                                                                                                                                                                                                                                                                                                                                                                                              |
| interaction\_counter<br /><br />integer<br /><br />Optional  | Indicates the number of authentication cycles attempted by the cardholder. Value to be tracked by the ACS.<br /><br />**Allowable Values:**<br /><br />As provided by the ACS<br /><br />**Default Value:**<br />1                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |
| cancel\_reason<br /><br />string<br /><br />Optional         | Indicates to the ACS and the DS that the authentication has been canceled.<br /><br />**Allowable Values:**<br /><br />- `CARDHOLDER_CANCEL` - Cardholder explicitly cancelled the authentication<br /><br />- `CHALLENGE_CANCELLED_BY_TRANSACTION_ERROR` - Challenge cancelled due to transaction error<br /><br />- `TIMED_OUT_AT_ACS` - ACS timed out during challenge processing<br /><br />- `TIMED_OUT_AT_ACS_NO_CREQ` - ACS timed out before receiving challenge request<br /><br />- `TIMED_OUT_AT_SDK` - 3DS SDK timed out during authentication<br /><br />- `TIMED_OUT_DECOUPLED_AUTHENTICATION` - Decoupled authentication timed out waiting for cardholder response<br /><br />- `TIMED_OUT_OOB_AUTHENTICATION` - OOB authentication timed out waiting for response<br /><br />- `UNKNOWN` - Cancellation reason could not be determined |
