Menu

Verify a customer's account

API v5
Last updated March 2021

To verify your customer's account, you must send a verifications request to one of our supported resources.

Intelligent verification

With an Intelligent verification, Worldpay chooses the amount to use in the verification.

Intelligent verification request

You can POST your intelligent verification request to one of these resources:

oneTime intelligent verification

For a oneTime verification, POST your request to the verifications:oneTime action link received in yourquery the verifications root resourcerequest.

POST https://try.access.worldpay.com/verifications/accounts/intelligent/oneTime


cardOnFile intelligent verification

cardOnFile payments are initiated by the customer using the payment instrument details that have already been stored.

For a cardOnFile verification, POST your request to the verifications:cardOnFile action link received in yourquery the verifications root resourcerequest to become Cardholder Initiated Transaction (CIT) compliant.

POST https://try.access.worldpay.com/verifications/accounts/intelligent/cardOnFile


recurring verification

recurring payments are payments that follow a schedule, such as subscription or installment payments.

For a recurring verification, POST your request to the verifications:recurring action link to become Merchant Initiated Transaction (MIT) compliant.

POST https://try.access.worldpay.com/verifications/accounts/intelligent/recurring


Example request body

Intelligent verification for cardOnFile, recurring and oneTime requests with mandatory fields only:

Copied!
{
    "currency": "GBP",
    "merchant": {
        "entity": "MindPalaceLtd"
    },
    "paymentInstrument": {
        "type": "card/plain",
        "cardNumber": "4444333322221111",
        "cardExpiryDate": {
            "month": 1,
            "year": 2035
        },
        "cardHolderName": "Sherlock Holmes"
    },
    "transactionReference": "Memory265-13/08/1876"
}
{
    "currency": "GBP",
    "merchant": {
        "entity": "MindPalaceLtd"
    },
    "paymentInstrument": {
        "type": "card/tokenized",
        "href": "https://try.access.worldpay.com/tokens/{}"
    },
    "transactionReference": "Memory265-13/08/1876"
}

Descriptions of your mandatory intelligent verification request parameters:

ParameterRequiredDescription
currencyThe 3-digit currency code.
See list ofsupported currencies.
transactionReferenceA unique reference generated by you that is used to identify a payment throughout its lifecycle. Seetransaction reference format, for more details and the best practices.
paymentInstrumentAn object that contains your customer's payment details.
paymentInstrument.typeAn object that contains your customer's payment type. Possible values:
  • card/plain
  • card/tokenized
paymentInstrument.cardNumberAn object that contains your customer's payment card number. Required for paymentInstrument "card/plain.
paymentInstrument.cardExpiryDateAn object that contains your customer's payment card expiry date.
paymentInstrument.hrefAn object that contains your token. Required for paymentInstrument "card/tokenized".
merchantAn object that contains information about the merchant.
merchant.entityDirect your verification to assist with billing, reporting and reconciliation. For more information contact yourRelationship Manager or Implementation Manager.

Optional fields in a verification request

Dynamic verification

Our Dynamic verifications service gives you granular control over the amount that is used for verification.

Dynamic verification request

You can POST your verification request to one of these resources :

dynamicOneTime verification

For a dynamicOneTime verification, POST your request to the verifications:dynamicOneTime action link received in yourquery the verifications root resourcerequest.

POST https://try.access.worldpay.com/verifications/accounts/dynamic/oneTime


dynamicCardOnFile verification

cardOnFile payments are initiated by the customer using the payment instrument details that have already been stored.

For a dynamicCardOnFile verification, POST your request to the verifications:dynamicCardOnFile action link received in yourquery the verifications root resourcerequest to become Cardholder Initiated Transaction (CIT) compliant.

POST https://try.access.worldpay.com/verifications/accounts/dynamic/cardOnFile


dynamicRecurring verification

dynamicRecurring payments are payments that follow a schedule, such as subscription or installment payments.

For a dynamicRecurring verification, POST your request to the verifications:dynamicRecurring action link to become Merchant Initiated Transaction (MIT) compliant.

POST https://try.access.worldpay.com/verifications/accounts/dynamic/recurring


Example request body

Dynamic verification for cardOnFile, recurring and oneTime requests with mandatory fields only:

Copied!
{
    "transactionReference": "Memory265-13/08/1876",
    "merchant": {
        "entity": "MindPalaceLtd"
    },
    "instruction": {
        "value": {
            "currency": "GBP",
            "amount": 250
        },
        "paymentInstrument": {
            "type": "card/plain",
            "cardNumber": "4444333322221111",
            "cardHolderName": "Sherlock Holmes",
            "cardExpiryDate": {
                "month": 12,
                "year": 2023
            }
        }
    }
}
{
    "transactionReference": "Memory265-13/08/1876",
    "merchant": {
        "entity": "MindPalaceLtd"
    },
    "instruction": {
        "value": {
            "currency": "GBP",
            "amount": 250
        },
        "paymentInstrument": {
            "type": "card/tokenized",
            "href": "https://try.access.worldpay.com/tokens/{}"
        }
    }
}

Descriptions of your mandatory dynamic verification request parameters:

ParameterRequiredDescription
instructionAn object that contains all the information related to the payment.
value.currencyThe 3-digit currency code.
See list ofsupported currencies.
value.amountThe payment amount. This is a whole number with an exponent e.g. if exponent is two, 250 is 2.50. You can find the relevant exponent in ourcurrency table.
transactionReferenceA unique reference generated by you that is used to identify a payment throughout its lifecycle. Seetransaction reference format, for more details and the best practices.
instruction.paymentInstrumentAn object that contains your customer's payment details.
paymentInstrument.typeAn object that contains your customer's payment type. Possible values:
  • card/plain
  • card/tokenized
paymentInstrument.cardNumberAn object that contains your customer's payment card number.
paymentInstrument.cardExpiryDateAn object that contains your customer's payment card expiry date.
merchantAn object that contains information about the merchant.
merchant.entityDirect your verification to assist with billing, reporting and reconciliation. For more information contact yourRelationship Manager.

Optional fields in a verification request


3DS

You can optionally submit 3DS parameters for intelligent and dynamic verification requests.

To get the customer authentication object you must complete anauthentication requestusing our3DS API.

The descriptions of parameters from your 3DS authorization request

ParameterRequiredDescription
customerAn object containing the result of your customer's verification. For more details see3DS verification.
authentication.type3DS
authentication.versionThe version of 3DS used to process the transaction.
For 3DS1 - 1.0.2
For 3DS2 - 2.1.0 or 2.2.0

Note: Required for Mastercard's Identity Check transactions in Authorization.

authentication.eciElectronic Commerce Indicator (ECI).
Indicates the outcome of the3DS verification.
  • 02 or 05 - Fully Authenticated Transaction
  • 01 or 06 - Attempted Authentication Transaction
  • 00 or 07 - Non 3-D Secure Transaction
  • Mastercard - 02, 01, 00
  • Visa - 05, 06, 07
  • Amex - 05, 06, 07
  • JCB - 05, 06, 07
  • Diners - 05, 06, 07
authentication.authenticationValueA cryptographic value that provides evidence of the outcome of a 3DS verification.
  • Visa - Cardholder Authentication Verification Value (CAVV)
  • Mastercard - Universal Cardholder Authentication Field (UCAF)
For version 3DS1: authentication.authenticationValue is required if authentication.eci value is 01, 02 or 05.
For version 3DS2: authentication.authenticationValue is required if authentication.eci value is 01, 02, 05 or 06.
authentication.authenticationValue must be 28 digits max and must be base64-encoded.
authentication.transactionIdRequired, if authentication.eci value is 01, 02, 05 or 06.
A unique authentication transaction identifier, generated by the issuer.

For version 3DS1: transactionId must be base64-encoded and 28 digits in length.
For version 3DS2: transactionId must be a UUID and 36 characters in length.

Apple Pay decrypted

You can optionally submit Apple Pay decrypted parameters for intelligent and dynamic cardOnFile requests.

Verification request example:

Copied!
{
   "currency":"EUR",
   "paymentInstrument":{
      "type":"card/networkToken+applepay",
      "cardHolderName":"Sherlock Holmes",
      "cardExpiryDate":{
         "month":1,
         "year":2019
      },
      "dpan":"4444333322221111"
   },
   "narrative":{
      "line1":"The Mind Palace Ltd",
      "line2":"Memory265-13/08/1876"
   },
   "merchant":{
      "entity":"MindPalaceLtd"
   },
   "transactionReference":"Memory265-13/08/1876",
   "customer":{
      "authentication":{
         "type":"card/networkToken",
         "eci":"05",
         "authenticationValue":"MTIzNDU2Nzg5MDEyMzQ1Njc4OTA="
      }
   }
}
{
   "merchant":{
      "entity":"MindPalaceLtd"
   },
   "transactionReference":"Memory265-13/08/1876",
   "instruction":{
      "value":{
         "amount":100,
         "currency":"GBP"
      },
      "paymentInstrument":{
         "type":"card/networkToken+applepay",
         "cardHolderName":"Sherlock Holmes",
         "cardExpiryDate":{
            "month":1,
            "year":2019
         },
         "dpan":"4444333322221111"
      },
      "narrative":{
         "line1":"The Mind Palace Ltd",
         "line2":"Memory265-13/08/1876"
      }
   },
   "customer":{
      "authentication":{
         "type":"card/networkToken",
         "eci":"05",
         "authenticationValue":"MTIzNDU2Nzg5MDEyMzQ1Njc4OTA="
      }
   }
}

The descriptions of parameters from your Apple Pay decrypted authorization request

ParameterRequiredDescription
paymentInstrument.typeAn object that contains your customer's payment type; card/networkToken+applepay.
paymentInstrument.dpanAn object that contains the device primary account number.
customerAn object containing the authentication information required for Apple Pay decrypted.
authentication.typecard/networkToken
authentication.eciElectronic Commerce Indicator (ECI).
Indicates the value contained in the Apple Pay decrypted response.
authentication.authenticationValueA cryptographic value that provides evidence of the outcome of a Apple Pay decrypted verification.

Important: We currently don't return action links in our response for this paymentInstrument. This is still under development. You can use our payments:migrateCardOnFileAuthorize action link totake a paymentin the meantime.

Verifications response

The response is the same for both anIntelligentorDynamicverification.

You receive:

  • a 201 HTTP response code
  • a verification outcome (either verified or not verified)
  • a schemeTransactionReference for card on file and recurring only (not all issuers return this)
  • riskFactors
  • a paymentInstrument

Note: The paymentInstrument contains the paymentInstrument.type sent in the request at minimum. If you wish to receive more card metadata this must be enabled. For more information contact yourImplementation Manager.

Copied!
{
    "outcome": "verified",
    "checkedAt": "2018-09-01T10:37:36.923Z",
    "riskFactors": [{
            "risk": "matched",
            "type": "cvc"
        },
        {
            "risk": "matched",
            "detail": "postcode",
            "type": "avs"
        },
        {
            "risk": "matched",
            "detail": "address",
            "type": "avs"
        }
    ],
    "_links": {
        "verifications:verification": {
            "href": "https://try.access.worldpay.com/verifications/accounts/{resource}"
        },
        "curies": [{
            "name": "verifications",
            "href": "https://try.access.worldpay.com/rels/verifications/accounts/{rel}",
            "templated": true
        }]
    }
}
{
    "outcome": "verified",
    "checkedAt": "2019-11-01T10:37:36.923Z",
    "schemeTransactionReference": "000000000000020005060720116005060",
    "riskFactors": [{
            "risk": "matched",
            "type": "cvc"
        },
        {
            "risk": "matched",
            "detail": "postcode",
            "type": "avs"
        },
        {
            "risk": "matched",
            "detail": "address",
            "type": "avs"
        }
    ],
    "_links": {
        "verifications:verification": {
            "href": "https://try.access.worldpay.com/verifications/accounts/{resource}"
        },
        "payments:cardonFileAuthorize": {
            "href": "https://try.access.worldpay.com/payments/authorizations/cardonFile/{resource}"
        },
        "payments:recurringAuthorize": {
            "href": "http://try.access.worldpay.com/payments/authorizations/recurring/{resource}"
        },
        "payments:recurringSale": {
            "href": "https://try.access.worldpay.com/payments/sales/recurring/{resource}"
        },
        "curies": [{
            "name": "verifications:verification",
            "href": "https://try.access.worldpay.com/rels/verifications/accounts/{rel}",
            "templated": true
        }]
    }
}
{
  "outcome": "verified",
  "checkedAt": "2019-11-01T10:37:36.923Z",
  "schemeTransactionReference": "000000000000020005060720116005060",
  "riskFactors": [
    {
      "risk": "matched",
      "type": "cvc",
    },
    {
      "risk": "matched",
      "detail": "postcode",
      "type": "avs"
    },
    {
      "risk": "matched",
      "detail": "address",
      "type": "avs"
    }
  ],
  "_links": {
    "verifications:verification": {
      "href": "https://try.access.worldpay.com/verifications/accounts/{resource}"
    },
    "payments:recurringAuthorize": {
      "href": "http://try.access.worldpay.com/payments/authorizations/recurring/{resource}"
    },
    "payments:recurringSale": {
      "href": "https://try.access.worldpay.com/payments/sales/recurring/{resource}"
    },
    "curies": [{
      "name": "verifications:verification",
      "href": "https://try.access.worldpay.com/rels/verifications/accounts/{rel}",
      "templated": true
    }]
  }
}
{
    "outcome": "verified",
    "checkedAt": "2018-09-01T10:37:36.923Z",
    "riskFactors": [{
            "risk": "matched",
            "type": "cvc"
        },
        {
            "risk": "matched",
            "detail": "postcode",
            "type": "avs"
        },
        {
            "risk": "matched",
            "detail": "address",
            "type": "avs"
        }
    ],
    "paymentInstrument": {
        "type": "card/plain",
        "card": {
            "number": {
                "bin": "444433",
                "last4Digits": "1111"
            },
            "countryCode": "GB",
            "expiryDate": {
                "month": 12,
                "year": 2029
            },
            "brand": "visa",
            "fundingType": "debit",
            "issuer": {
                "name": "cardIssuer"
            },
            "paymentAccountReference": "reference"
        }
    },
    "_links": {
        "verifications:verification": {
            "href": "https://try.access.worldpay.com/verifications/accounts/{resource}"
        },
        "curies": [{
            "name": "verifications",
            "href": "https://try.access.worldpay.com/rels/verifications/accounts/{rel}",
            "templated": true
        }]
    }
}
{
    "outcome": "not verified",
    "checkedAt": "2019-11-01T10:37:36.923Z",
    "riskFactors": [{
            "risk": "matched",
            "type": "cvc"
        },
        {
            "risk": "matched",
            "detail": "postcode",
            "type": "avs"
        },
        {
            "risk": "matched",
            "detail": "address",
            "type": "avs"
        }
    ],
    "_links": {
        "verifications:verification": {
            "href": "https://try.access.worldpay.com/verifications/accounts/{resource}"
        },
        "curies": [{
            "name": "verifications:verification",
            "href": "https://try.access.worldpay.com/rels/verifications/accounts/{rel}",
            "templated": true
        }]
    }
}

The parameter checkedAt contains a timestamp showing when the verification was performed, and the location of the verification for future access.

Best practice: If you receive an outcome of not verified it means that your customer has failed the verification. We strongly recommend that you refuse the payment made with that payment instrument.

Action Link (resources)Description
verifications:verificationThe link to the outcome of your verification request.
payments:recurringAuthorizeA subsequent payment in a recurring agreement. This resource is returned as a result of a successfulverifications:cardOnFile,verifications:dynamicCardOnFile,verifications:recurring,verifications:dynamicRecurringorpayments:migrateRecurringAuthorizerequest.
payments:CardOnFileAuthorizeA subsequent payment in a card on file agreement. This resource is only returned as a result of a successfulverifications:cardOnFile,verifications:dynamicCardOnFileorpayments:migrateCardOnFileAuthorizerequest.
payments:recurringSaleA subsequent payment in a recurring agreement. This resource is only returned as a result of a successfulverifications:cardOnFile,verifications:dynamicCardOnFile,verifications:recurringorverifications:dynamicRecurringrequest.

Note: In case of any errors, you can get further information in ourerror reference.

Risk Factors

We recommend you supply cvc and verificationAddress to increase probability of a successful verification.

The table below describes the response parameters:

ParameterDescription
riskFactors.typeReturns avs or cvc
riskFactors.detailFor avs only.
Returns postcode or address
riskFactors.riskReturns not_checked, not_matched, not_supplied or matched

Payment Instrument

We only return the paymentInstrument card metadata if you are enabled for this feature.

The table below describes the response parameters:

ParameterDescription
paymentInstrument.typeReturns the paymentInstrument.type provided in your request. Can be either card/plain or card/tokenized.
paymentInstrument.cardAn object containing all the additional metadata for the card/token provided in the request.
paymentInstrument.card.numberAn object containing the bin and last4Digits of the card.
paymentInstrument.card.countryCodeThe country code of the card issuer.
paymentInstrument.card.expiryDateAn object that contains your customer's payment card expiry date.
paymentInstrument.card.brandThe card scheme, e.g. visa or mastercard.
paymentInstrument.card.fundingTypeCan be either debit or credit
paymentInstrument.card.issuer.nameThe name of the card issuer.
paymentInstrument.card.paymentAccountReferenceThe unique reference associated with the card PAN.

Location storing

You must store the returned location information. Failing to store the location information means the outcome of the verification is lost. You are not able to query a historic verification.

The location is stored in the href of the verifications:verification action link received on yourverifications response.

Best practice: We recommend you store all responses.

Query a historic verification

To query a historic verification, submit a query to the location returned in yourinitial response.

Query verifications request

GET https://try.access.worldpay.com/verifications/accounts/{resource}

You can query thelocationthat was returned in theinitial responseto retrieve the outcome of the initial verification. You can only get the location from theinitial response.

Query verifications response

In your response is a 200 HTTP response code and the historic outcome of the verification.

outcome:

  • verified
  • not verified
Copied!
{
    "outcome": "verified",
    "checkedAt": "2018-09-01T10:37:36.923Z",
    "riskFactors": [{
            "risk": "matched",
            "type": "cvc"
        },
        {
            "risk": "matched",
            "detail": "postcode",
            "type": "avs"
        },
        {
            "risk": "matched",
            "detail": "address",
            "type": "avs"
        }
    ],
    "_links": {
        "verifications:verification": {
            "href": "https://try.access.worldpay.com/verifications/accounts/{resource}"
        },
        "curies": [{
            "name": "verifications",
            "href": "https://try.access.worldpay.com/rels/verifications/accounts/{rel}",
            "templated": true
        }]
    }
}
{
    "outcome": "verified",
    "checkedAt": "2019-11-01T10:37:36.923Z",
    "schemeTransactionReference": "000000000000020005060720116005060",
    "riskFactors": [{
            "risk": "matched",
            "type": "cvc"
        },
        {
            "risk": "matched",
            "detail": "postcode",
            "type": "avs"
        },
        {
            "risk": "matched",
            "detail": "address",
            "type": "avs"
        }
    ],
    "_links": {
        "verifications:verification": {
            "href": "https://try.access.worldpay.com/verifications/accounts/{resource}"
        },
        "payments:cardonFileAuthorize": {
            "href": "https://try.access.worldpay.com/payments/authorizations/cardonFile/{resource}"
        },
        "payments:recurringAuthorize": {
            "href": "http://try.access.worldpay.com/payments/authorizations/recurring/{resource}"
        },
        "payments:recurringSale": {
            "href": "https://try.access.worldpay.com/payments/sales/recurring/{resource}"
        },
        "curies": [{
            "name": "verifications:verification",
            "href": "https://try.access.worldpay.com/rels/verifications/accounts/{rel}",
            "templated": true
        }]
    }
}
{
  "outcome": "verified",
  "checkedAt": "2019-11-01T10:37:36.923Z",
  "schemeTransactionReference": "000000000000020005060720116005060",
  "riskFactors": [
    {
      "risk": "matched",
      "type": "cvc",
    },
    {
      "risk": "matched",
      "detail": "postcode",
      "type": "avs"
    },
    {
      "risk": "matched",
      "detail": "address",
      "type": "avs"
    }
  ],
  "_links": {
    "verifications:verification": {
      "href": "https://try.access.worldpay.com/verifications/accounts/{resource}"
    },
    "payments:recurringAuthorize": {
      "href": "http://try.access.worldpay.com/payments/authorizations/recurring/{resource}"
    },
    "payments:recurringSale": {
      "href": "https://try.access.worldpay.com/payments/sales/recurring/{resource}"
    },
    "curies": [{
      "name": "verifications:verification",
      "href": "https://try.access.worldpay.com/rels/verifications/accounts/{rel}",
      "templated": true
    }]
  }
}
{
    "outcome": "not verified",
    "checkedAt": "2019-11-01T10:37:36.923Z",
    "riskFactors": [{
            "risk": "matched",
            "type": "cvc"
        },
        {
            "risk": "matched",
            "detail": "postcode",
            "type": "avs"
        },
        {
            "risk": "matched",
            "detail": "address",
            "type": "avs"
        }
    ],
    "_links": {
        "verifications:verification": {
            "href": "https://try.access.worldpay.com/verifications/accounts/{resource}"
        },
        "curies": [{
            "name": "verifications:verification",
            "href": "https://try.access.worldpay.com/rels/verifications/accounts/{rel}",
            "templated": true
        }]
    }
}

Note: Verifications are accurate at the time of the initial request. Sending anotherintelligentordynamicverification request may return different results.