New API Version | Last Updated: 21 November 2024 | Change Log

Verify a customer's account

To verify your customer's account, you must send a verifications request to one of our supported resources.

Intelligent verification

With an Intelligent verification, Worldpay chooses the amount to use in the verification. We cancel the applied nominal authorization amount before your customer is charged.

Intelligent verification request

You can POST your intelligent verification request to one of these resources:

`oneTime` intelligent verification

For a oneTime verification, POST your request to the verifications:oneTime action link received in your root resource response.

POST https://try.access.worldpay.com/verifications/accounts/intelligent/oneTime

`cardOnFile` intelligent verification

cardOnFile payments are initiated by the customer using the payment instrument details that have already been stored.

For a cardOnFile verification, POST your request to the verifications:cardOnFile action link received in your verifications root resource response to become Cardholder Initiated Transaction (CIT) compliant.

POST https://try.access.worldpay.com/verifications/accounts/intelligent/cardOnFile

Example request body

Intelligent verification for cardOnFile and oneTime requests with mandatory fields only:

{
    "currency": "GBP",
    "merchant": {
        "entity": "default"
    },
    "paymentInstrument": {
        "type": "card/plain",
        "cardNumber": "4444333322221111",
        "cardExpiryDate": {
            "month": 1,
            "year": 2035
        },
        "cardHolderName": "Sherlock Holmes"
    },
    "transactionReference": "Memory265-13/08/1876"
}

Descriptions of your mandatory intelligent verification request parameters:

Parameter	Required	Description
`currency`	✅	The 3-digit currency code. See list of supported currencies.
`transactionReference`	✅	A unique reference generated by you that is used to identify a payment throughout its lifecycle. See transaction reference format, for more details and the best practices.
`paymentInstrument`	✅	An object that contains your customer's payment details.
`paymentInstrument.type`	✅	An object that contains your customer's payment type. Possible values: `card/plain` `card/tokenized`
`paymentInstrument.cardNumber`	✅	An object that contains your customer's payment card number. Required for `paymentInstrument` `card/plain`.
`paymentInstrument.cardExpiryDate`	✅	An object that contains your customer's payment card expiry date.
`paymentInstrument.href`	✅	An object that contains your token. Required for `paymentInstrument` `"card/tokenized"`.
`merchant`	✅	An object that contains information about the merchant.
`merchant.entity`	✅	Direct your verification to assist with billing, reporting and reconciliation. For more information contact your Relationship Manager or Implementation Manager.

Optional fields in a verification request

Optional fields and descriptions

Intelligent verification for cardOnFile and oneTime requests with optional and mandatory fields:

{
    "transactionReference": "Memory265-13/08/1876",
    "currency": "GBP",
    "merchant": {
        "entity": "default",
        "mcc": "6012",
        "paymentFacilitator": {
            "pfId": "12345678901",
            "isoId": "4101",
            "subMerchant": {
                "merchantId": "873674903278364",
                "name": "Example Shop",
                "street": "123 Street",
                "state": "CA",
                "city": "San Francisco",
                "countryCode": "840",
                "postalCode": "94101",
                "taxId": "987-65-4321",
                "telephone": "800-555-9999",
                "email": "contact@example.com"
            }
        }
    },
    "narrative": {
        "line1": "The Mind Palace Ltd",
        "line2": "Memory265-13/08/1876"
    },
    "paymentInstrument": {
        "type": "card/plain",
        "cardHolderName": "Sherlock Holmes",
        "cardNumber": "4444333322221111",
        "cardExpiryDate": {
            "month": 5,
            "year": 2035
        },
        "verificationAddress": {
            "address1": "221B Baker Street",
            "countryCode": "GB",
            "postalCode": "NW1 6XE",
            "city": "London"
        },
        "cvc": "321"
    },
    "storedCredentials": {
        "reason": "recurring"
    },
    "recipient": {
        "accountReference": "azAZ0123",
        "lastName": "Moriarty",
        "address": {
            "postalCode": "DH1 3LE"
        },
        "dateOfBirth": {
            "day": 1,
            "month": 2,
            "year": 2000
        }
    },
    "channel": "moto",
    "consumerBillPayment": true
}

Descriptions of your optional intelligent verification request parameters:

Parameter	Required	Description
`paymentInstrument.verificationAddress`	❌	An object containing the verification address information. Applicable for `paymentInstrument` "card/plain" only. If included you must send at least: `city` `countryCode` `postalCode`
`narrative`	❌	The text that appears on your customer's statement. Used to identify the merchant. See narrative format for more details and best practices. If not supplied, the default is "Active Card Check".
`narrative.line1`	❌	The first line of the narrative which appears on your customer's statement (24 characters max.) See narrative `line1` format for more details. You must send this if you provide `narrative`.
`narrative.line2`	❌	Additional details about the payment e.g. order number, telephone number.
`paymentInstrument.cardHolderName`	❌	An object that contains your customer's name. This is not a mandatory field however it is recommended you supply this to improve authorization rates. If not sent, the default is "Not Supplied".
`cvc`	❌	CVC is a unique set of 3 or 4 numbers on the back of your customer's card. Including the CVC in your request increases the chances of the verification request `outcome` being `verified`. Our API checks to see if the CVC supplied matches the CVC held by the issuing bank.
`merchant.mcc`	❌	A Merchant Category Code (`mcc`) can be applied to an individual request. An `mcc` can only be provided if the dynamic `mcc` feature has been enabled during boarding. If enabled but not provided, `merchant.mcc` defaults to a configured value. For more information contact your Relationship Manager or Implementation Manager.
`merchant.paymentFacilitator`	❌	An object containing your payment facilitator information. If required you must send: pfId subMerchant.merchantId subMerchant.postalcode subMerchant.street subMerchant.city subMerchant.countryCode See our formatting page for further details. This parameter is only required for verification if you are a payment facilitator.
`storedCredentials`	❌	A stored credential is Visa, Mastercard, or AMEX information (such as a card number) that a customer has opted for you, as the merchant, to store and use to process future transactions. Note This field is only applicable for our `cardOnFile` endpoint, including Apple Pay decrypted requests.
`storedCredentials.reason`	❌	Gives the reason for a merchant initiated transaction using stored credentials. Possible values: `unscheduled`: A transaction using a stored credential for a fixed or variable amount that does not occur on a scheduled or regularly occurring transaction date. This includes account top-ups triggered by balance thresholds. `instalment`: A single purchase of goods or services billed to a cardholder in multiple transactions, over a period of time agreed by the cardholder and you. `recurring`: Transactions processed at fixed, regular intervals not to exceed one year between transactions, representing an agreement between a cardholder and you to purchase goods or services provided over a period of time. `reauth`: Reauthorization - a purchase made after the original purchase. A common scenario is delayed/split shipments. `delayed`: A delayed charge is typically used in hotel, cruise lines and vehicle rental environments to perform a supplemental account charge after original services are rendered. `incremental`: An incremental authorization is typically found in hotel and car rental environments, where the cardholder has agreed to pay for any service incurred during the duration of the contract. An incremental authorization is where you need to seek authorization of further funds in addition to what you have originally requested. A common scenario is additional services charged to the contract, such as extending a stay in a hotel. `resubmission`: When the original purchase occurred, but you were not able to get authorization at the time the goods or services were provided. It should only be used where the goods or services have already been provided, but the post-event authorization request is declined for insufficient funds. `noshow`: A no-show is a transaction where you are enabled to charge for services which the cardholder entered into an agreement to purchase, but the cardholder did not meet the terms of the agreement.
`recipient`	❌	An object that contains the details of the recipient of the payment. `accountReference`: Partial account number `lastName` `dateOfBirth.day` `dateOfBirth.month` `dateOfBirth.year` `address.postalCode` Recommendation We highly recommend you supply this, if your MCC is 6012 or 6051. Sending this field ensures you remain PSD2 compliant and avoid potential acquirer refusals.
`channel`	❌	The payment channel indicates the interaction of the cardholder with the merchant. Possible value : `moto` Supply a value of `moto` to process an authorization as a Mail Order or Telephone Order (MOTO) transaction. If channel is not provided, the authorization will be processed as ecommerce by default. Note 3DS `authentication` data cannot be supplied for MOTO payments.
`consumerBillPayment`	❌	If you are registered with Visa as a Consumer Bill Payment Service (CBPS), you must set this to `true` for any payments associated with the CBPS.

Dynamic verification

Our Dynamic verifications service gives you granular control over the amount that is used for verification. We cancel the applied nominal authorization amount before your customer is charged.

Dynamic verification request

You can POST your verification request to one of these resources :

`dynamicOneTime` verification

For a dynamicOneTime verification, POST your request to the verifications:dynamicOneTime action link received in your verifications root respource response.

POST https://try.access.worldpay.com/verifications/accounts/dynamic/oneTime

`dynamicCardOnFile` verification

cardOnFile payments are initiated by the customer using the payment instrument details that have already been stored.

For a dynamicCardOnFile verification, POST your request to the verifications:dynamicCardOnFile action link received in your query the verifications root resource request to become Cardholder Initiated Transaction (CIT) compliant.

POST https://try.access.worldpay.com/verifications/accounts/dynamic/cardOnFile

Example request body

Dynamic verification for cardOnFile and oneTime requests with mandatory fields only:

{
    "transactionReference": "Memory265-13/08/1876",
    "merchant": {
        "entity": "default"
    },
    "instruction": {
        "value": {
            "currency": "GBP",
            "amount": 250
        },
        "paymentInstrument": {
            "type": "card/plain",
            "cardNumber": "4444333322221111",
            "cardHolderName": "Sherlock Holmes",
            "cardExpiryDate": {
                "month": 12,
                "year": 2023
            }
        }
    }
}

Descriptions of your mandatory dynamic verification request parameters:

Parameter	Required	Description
`instruction`	✅	An object that contains all the information related to the payment.
`value.currency`	✅	The 3-digit currency code. See list of supported currencies.
`value.amount`	✅	The payment amount. This is a whole number with an exponent e.g. if exponent is two, 250 is 2.50. You can find the relevant exponent in our currency table.
`transactionReference`	✅	A unique reference generated by you that is used to identify a payment throughout its lifecycle. See transaction reference format, for more details and the best practices.
`instruction.paymentInstrument`	✅	An object that contains your customer's payment details.
`paymentInstrument.type`	✅	An object that contains your customer's payment type. Possible values: `card/plain` `card/tokenized`
`paymentInstrument.cardNumber`	✅	An object that contains your customer's payment card number.
`paymentInstrument.cardExpiryDate`	✅	An object that contains your customer's payment card expiry date.
`merchant`	✅	An object that contains information about the merchant.
`merchant.entity`	✅	Direct your verification to assist with billing, reporting and reconciliation. For more information contact your Relationship Manager.

Optional fields in a verification request

Optional fields and descriptions

Dynamic verification for cardOnFile and oneTime requests with optional and mandatory fields:

{
    "transactionReference": "Memory265-13/08/1876",
    "merchant": {
        "entity": "default",
        "mcc": "6012",
        "paymentFacilitator": {
            "pfId": "12345678901",
            "isoId": "4101",
            "subMerchant": {
                "merchantId": "873674903278364",
                "name": "Example Shop",
                "street": "123 Street",
                "state": "CA",
                "city": "San Francisco",
                "countryCode": "840",
                "postalCode": "94101",
                "taxId": "987-65-4321",
                "telephone": "800-555-9999",
                "email": "contact@example.com"
            }
        }
    },
    "instruction": {
        "value": {
            "currency": "GBP",
            "amount": 250
        },
        "narrative": {
            "line1": "The Mind Palace Ltd",
            "line2": "Memory265-13/08/1876"
        },
        "paymentInstrument": {
            "type": "card/plain",
            "cardHolderName": "Sherlock Holmes",
            "cardNumber": "4444333322221111",
            "cardExpiryDate": {
                "month": 5,
                "year": 2035
            },
            "verificationAddress": {
                "address1": "221B Baker Street",
                "countryCode": "GB",
                "postalCode": "NW1 6XE",
                "city": "London"
            },
            "cvc": "321"
        },
        "storedCredentials": {
            "reason": "instalment"
        },
        "consumerBillPayment": true
    },
    "recipient": {
        "accountReference": "azAZ0123",
        "lastName": "Moriarty",
        "address": {
            "postalCode": "DH1 3LE"
        },
        "dateOfBirth": {
            "day": 1,
            "month": 2,
            "year": 2000
        }
    },
    "channel": "moto"
}

Descriptions of your optional dynamic verification request parameters:

Parameter	Required	Description
`paymentInstrument.cardHolderName`	❌	An object that contains your customer's name. This is not a mandatory field however it is recommended you supply this to improve authorization rates. If not sent, the default is "Not Supplied".
`paymentInstrument.verificationAddress`	❌	An object containing the verification address information. Applicable for `paymentInstrument` "card/plain" only. If included you must send at least: `city` `countryCode` `postalCode`
`narrative`	❌	The text that appears on your customer's statement. Used to identify the merchant. See narrative format for more details and best practices. If not supplied, the default is "Active Card Check".
`narrative.line1`	❌	The first line of the narrative which appears on your customer's statement (24 characters max.) See narrative `line1` format for more details. You must send this if you provide `narrative`.
`narrative.line2`	❌	Additional details about the payment e.g. order number, telephone number.
`paymentInstrument.cvc`	❌	CVC is a unique set of 3 or 4 numbers on the back of your customer's card. Including the CVC in your request increases the chances of the verification request `outcome` being `verified`. Our API checks to see if the CVC supplied matches the CVC held by the issuing bank.
`merchant.paymentFacilitator`	❌	An object containing your payment facilitator information. If required you must send: pfId subMerchant.merchantId subMerchant.postalcode subMerchant.street subMerchant.city subMerchant.countryCode See our formatting page for further details. This parameter is only required for verification if you are a payment facilitator.
`storedCredentials`	❌	A stored credential is Visa, Mastercard, or AMEX information (such as a card number) that a customer has opted for you, as the merchant, to store and use to process future transactions. Note This field is only applicable for our `cardOnFile` endpoint, including Apple Pay decrypted requests.
`storedCredentials.reason`	❌	Gives the reason for a merchant initiated transaction using stored credentials. Possible values: `unscheduled`: A transaction using a stored credential for a fixed or variable amount that does not occur on a scheduled or regularly occurring transaction date. This includes account top-ups triggered by balance thresholds. `instalment`: A single purchase of goods or services billed to a cardholder in multiple transactions, over a period of time agreed by the cardholder and you. `recurring`: Transactions processed at fixed, regular intervals not to exceed one year between transactions, representing an agreement between a cardholder and you to purchase goods or services provided over a period of time. `reauth`: Reauthorization - a purchase made after the original purchase. A common scenario is delayed/split shipments. `delayed`: A delayed charge is typically used in hotel, cruise lines and vehicle rental environments to perform a supplemental account charge after original services are rendered. `incremental`: An incremental authorization is typically found in hotel and car rental environments, where the cardholder has agreed to pay for any service incurred during the duration of the contract. An incremental authorization is where you need to seek authorization of further funds in addition to what you have originally requested. A common scenario is additional services charged to the contract, such as extending a stay in a hotel. `resubmission`: When the original purchase occurred, but you were not able to get authorization at the time the goods or services were provided. It should only be used where the goods or services have already been provided, but the post-event authorization request is declined for insufficient funds. `noshow`: A no-show is a transaction where you are enabled to charge for services which the cardholder entered into an agreement to purchase, but the cardholder did not meet the terms of the agreement.
`recipient`	❌	An object that contains the details of the recipient of the payment. `accountReference`: Partial account number `lastName` `dateOfBirth.day` `dateOfBirth.month` `dateOfBirth.year` `address.postalCode` Recommendation We highly recommend you supply this, if your MCC is 6012 or 6051. Sending this field ensures you remain PSD2 compliant and avoid potential acquirer refusals.
`channel`	❌	The payment channel indicates the interaction of the cardholder with the merchant. Possible value : `moto` Supply a value of `moto` to process an authorization as a Mail Order or Telephone Order (MOTO) transaction. If channel is not provided, the authorization will be processed as ecommerce by default. Note 3DS `authentication` data cannot be supplied for MOTO payments.
`consumerBillPayment`	❌	If you are registered with Visa as a Consumer Bill Payment Service (CBPS), you must set this to `true` for any payments associated with the CBPS.

3DS

You can optionally submit 3DS parameters for intelligent and dynamic verification requests.

To get the customer authentication object you must complete an authentication request using our 3DS API.

Intelligent verification example request

{
    "transactionReference": "Memory265-13/08/1876",
    "currency": "GBP",
    "merchant": {
        "entity": "default",
        "mcc": "6012",
        "paymentFacilitator": {
            "pfId": "12345678901",
            "isoId": "4101",
            "subMerchant": {
                "merchantId": "873674903278364",
                "name": "Example Shop",
                "street": "123 Street",
                "state": "CA",
                "city": "San Francisco",
                "countryCode": "840",
                "postalCode": "94101",
                "taxId": "987-65-4321",
                "telephone": "800-555-9999",
                "email": "contact@example.com"
            }
        }
    },
    "narrative": {
        "line1": "The Mind Palace Ltd"
    },
    "paymentInstrument": {
        "type": "card/plain",
        "cvc": "321",
        "cardHolderName": "Sherlock Holmes",
        "cardNumber": "4444333322221111",
        "cardExpiryDate": {
            "month": 5,
            "year": 2035
        },
        "verificationAddress": {
            "address1": "221B Baker Street",
            "countryCode": "GB",
            "postalCode": "NW1 6XE",
            "city": "London"
        }
    },
    "customer": {
        "authentication": {
            "version": "1.0.2",
            "type": "3DS",
            "eci": "05",
            "authenticationValue": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=",
            "transactionId": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTA="
        }
    },
    "recipient": {
        "accountReference": "azAZ0123",
        "lastName": "Moriarty",
        "address": {
            "postalCode": "DH1 3LE"
        },
        "dateOfBirth": {
            "day": 1,
            "month": 2,
            "year": 2000
        }
    }
}

Dynamic verification example request

{
    "transactionReference": "Memory265-13/08/1876",
    "merchant": {
        "entity": "default",
        "mcc": "6012",
        "paymentFacilitator": {
            "pfId": "12345678901",
            "isoId": "4101",
            "subMerchant": {
                "merchantId": "873674903278364",
                "name": "Example Shop",
                "street": "123 Street",
                "state": "CA",
                "city": "San Francisco",
                "countryCode": "840",
                "postalCode": "94101",
                "taxId": "987-65-4321",
                "telephone": "800-555-9999",
                "email": "contact@example.com"
            }
        }
    },
    "instruction": {
        "narrative": {
            "line1": "The Mind Palace Ltd"
        },
        "value": {
            "currency": "GBP",
            "amount": 20
        },
        "paymentInstrument": {
            "type": "card/plain",
            "cvc": "321",
            "cardHolderName": "Sherlock Holmes",
            "cardNumber": "4444333322221111",
            "cardExpiryDate": {
                "month": 5,
                "year": 2035
            },
            "verificationAddress": {
                "address1": "221B Baker Street",
                "countryCode": "GB",
                "postalCode": "NW1 6XE",
                "city": "London"
            }
        }
    },
    "customer": {
        "authentication": {
            "version": "1.0.2",
            "type": "3DS",
            "eci": "05",
            "authenticationValue": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=",
            "transactionId": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTA="
        }
    },
    "recipient": {
        "accountReference": "azAZ0123",
        "lastName": "Moriarty",
        "address": {
            "postalCode": "DH1 3LE"
        },
        "dateOfBirth": {
            "day": 1,
            "month": 2,
            "year": 2000
        }
    }
}

The descriptions of parameters from your 3DS authorization request

Parameter	Required	Description
`customer`	✅	An object containing the result of your customer's verification. For more details see 3DS verification.
`authentication.type`	✅	3DS
`authentication.version`	✅	The version of 3DS used to process the transaction. For 3DS1 - `1.0.2` For 3DS2 - `2.1.0` or `2.2.0` Note Required for Mastercard's Identity Check transactions in Authorization.
`authentication.eci`	✅	Electronic Commerce Indicator (ECI). Indicates the outcome of the 3DS verification. 02 or 05 - Fully Authenticated Transaction 01 or 06 - Attempted Authentication Transaction 00 or 07 - Non 3-D Secure Transaction Mastercard - 02, 01, 00 Visa - 05, 06, 07 Amex - 05, 06, 07 JCB - 05, 06, 07 Diners - 05, 06, 07
`authentication.authenticationValue`	✅	A cryptographic value that provides evidence of the outcome of a 3DS verification. Visa - Cardholder Authentication Verification Value (CAVV) Mastercard - Universal Cardholder Authentication Field (UCAF) For version 3DS1: `authentication.authenticationValue` is required if `authentication.eci` value is 01, 02 or 05. For version 3DS2: `authentication.authenticationValue` is required if `authentication.eci` value is 01, 02, 05 or 06. `authentication.authenticationValue` must be 28 digits max and must be base64-encoded.
`authentication.transactionId`	✅	Required, if `authentication.eci` value is 01, 02, 05 or 06. A unique authentication transaction identifier, generated by the issuer. For version 3DS1: `transactionId` must be base64-encoded and 28 digits in length. For version 3DS2: `transactionId` must be a UUID and 36 characters in length.
`authentication.cryptogramAlgorithm`	❌	Indicates the algorithm used to generate the cryptogram. For Cartes Bancaires authorizations only.
`authentication.challengePreference`	❌	Indicates the preferred challenge behavior. noPreference noChallengeRequested challengeRequested challengeMandated For Cartes Bancaires authorizations only.
`authentication.authenticationFlow`	❌	`challenge` - Your customer was redirected to their bank to complete authentication `frictionless` - Your customer completed authentication without needing to be redirected to their bank For Cartes Bancaires authorizations only.
`authentication.statusReason`	❌	Provides further information relating to the outcome of the authentication. Returned for failed authentications only. For Cartes Bancaires authorizations only.
`authentication.cancellationIndicator`	❌	An indicator as to why the authentication was cancelled. - `01` - Cardholder selected cancel - `02` - Reserved for future use - `03` - Authentication timed out - `04` & `05` - Authentication timed out at ACS provider - `06` - Transaction error - `07` - Unknown - `08` - Transaction timed out at SDK For Cartes Bancaires authorizations only.
`authentication.networkScore`	❌	The global score calculated by the Cartes Bancaires scoring platform. For Cartes Bancaires authorizations only.
`authentication.brand`	❌	The card brand used in the authentication. For Cartes Bancaires authorizations only.

Apple Pay decrypted

You can optionally submit Apple Pay decrypted parameters for intelligent and dynamic cardOnFile requests.

Verification example request:

{
   "currency":"EUR",
   "paymentInstrument":{
      "type":"card/networkToken+applepay",
      "cardHolderName":"Sherlock Holmes",
      "cardExpiryDate":{
         "month":1,
         "year":2019
      },
      "dpan":"4444333322221111"
   },
   "narrative":{
      "line1":"The Mind Palace Ltd",
      "line2":"Memory265-13/08/1876"
   },
   "merchant":{
      "entity":"default"
   },
   "transactionReference":"Memory265-13/08/1876",
   "customer":{
      "authentication":{
         "type":"card/networkToken",
         "eci":"05",
         "authenticationValue":"MTIzNDU2Nzg5MDEyMzQ1Njc4OTA="
      }
   },
   "recipient": {
      "accountReference": "azAZ0123",
      "lastName": "Moriarty",
        "address": {
            "postalCode": "DH1 3LE"
      },
      "dateOfBirth": {
         "day": 1,
         "month": 2,
         "year": 2000
      }
   },
   "consumerBillPayment": true
}

The descriptions of parameters from your Apple Pay decrypted authorization request

Parameter	Required	Description
`paymentInstrument.type`	✅	An object that contains your customer's payment type; `card/networkToken+applepay`.
`paymentInstrument.dpan`	✅	An object that contains the device primary account number.
`customer`	✅	An object containing the authentication information required for Apple Pay decrypted.
`authentication.type`	✅	`card/networkToken`
`authentication.eci`	❌	Electronic Commerce Indicator (ECI). Indicates the value contained in the Apple Pay decrypted response.
`authentication.authenticationValue`	✅	A cryptographic value that provides evidence of the outcome of a Apple Pay decrypted verification.

Important

We currently don't return action links in our response for this paymentInstrument. This is still under development. You can use our payments:migrateCardOnFileAuthorize action link to take a payment in the meantime.

Verifications response

The response is the same for both an Intelligent or Dynamic verification.

You receive:

Best Practice

Access Worldpay returns a WP-CorrelationId in the headers of service responses. We highly recommend you log this. The WP-CorrelationId is used by us to examine individual service requests.

a 201 HTTP response code
a verification outcome (either verified or not verified)
an issuer response code and description (not verified result only), and a refusalAdvice code (not verified result only and MasterCard is the only card that may return this)
a schemeTransactionReference for card on file only (not all issuers return this)
riskFactors
a paymentInstrument

Note

The paymentInstrument contains the paymentInstrument.type sent in the request at minimum. If you wish to receive more card metadata this must be enabled. For more information contact your Implementation Manager.

{
    "outcome": "verified",
    "checkedAt": "2018-09-01T10:37:36.923Z",
    "riskFactors": [{
            "risk": "matched",
            "type": "cvc"
        },
        {
            "risk": "matched",
            "detail": "postcode",
            "type": "avs"
        },
        {
            "risk": "matched",
            "detail": "address",
            "type": "avs"
        }
    ],
    "_links": {
        "verifications:verification": {
            "href": "https://try.access.worldpay.com/verifications/accounts/{resource}"
        },
        "curies": [{
            "name": "verifications",
            "href": "https://try.access.worldpay.com/rels/verifications/accounts/{rel}",
            "templated": true
        }]
    }
}

The parameter checkedAt contains a timestamp showing when the verification was performed, and the location of the verification for future access.

Best Practice

If you receive an outcome of not verified it means that your customer has failed the verification. We strongly recommend that you refuse the payment made with that payment instrument.

Action Link (resources)	Description
`verifications:verification`	The link to the outcome of your verification request.
`payments:recurringAuthorize`	A subsequent payment in a recurring agreement. This resource is returned as a result of a successful `verifications:cardOnFile`, `verifications:dynamicCardOnFile` or `payments:migrateRecurringAuthorize` request.
`payments:CardOnFileAuthorize`	A subsequent payment in a card on file agreement. This resource is only returned as a result of a successful `verifications:cardOnFile`, `verifications:dynamicCardOnFile` or `payments:migrateCardOnFileAuthorize` request.
`payments:recurringSale`	A subsequent payment in a recurring agreement. This resource is only returned as a result of a successful `verifications:cardOnFile` or `verifications:dynamicCardOnFile` request.

Note

In case of any errors, you can get further information in our error reference.

Risk Factors

We recommend you supply cvc and verificationAddress to increase probability of a successful verification.

The table below describes the response parameters:

Parameter	Description
`riskFactors.type`	Returns `avs` or `cvc`
`riskFactors.detail`	For `avs` only. Returns `postcode` or `address`
`riskFactors.risk`	Returns `not_checked`, `not_matched`, `not_supplied` or `matched`

Payment Instrument

We only return the paymentInstrument card metadata if you are enabled for this feature.

The table below describes the response parameters:

Parameter	Description
`paymentInstrument.type`	Returns the `paymentInstrument.type` provided in your request. Can be either `card/plain` or `card/tokenized`.
`paymentInstrument.card`	An object containing all the additional metadata for the card/token provided in the request.
`paymentInstrument.card.number`	An object containing the `bin` and `last4Digits` of the card.
`paymentInstrument.card.countryCode`	The country code of the card issuer.
`paymentInstrument.card.expiryDate`	An object that contains your customer's payment card expiry date.
`paymentInstrument.card.brand`	The card scheme, e.g. `visa` or `mastercard`.
`paymentInstrument.card.fundingType`	Can be either `debit`, `credit`, `chargeCard`, `prepaid`, or `deferredDebit`.
`paymentInstrument.card.issuer.name`	The name of the card issuer.
`paymentInstrument.card.category`	Can be either `consumer` or `commercial`.
`paymentInstrument.card.paymentAccountReference`	The unique reference associated with the card PAN.

Location storing

You must store the returned location information. Failing to store the location information means the outcome of the verification is lost. You are not able to query a historic verification.

The location is stored in the href of the verifications:verification action link received on your verifications response.

Best Practice

We recommend you store all responses.

Query a historic verification

To query a historic verification, submit a query to the location returned in your initial response.

Query verifications request

GET https://try.access.worldpay.com/verifications/accounts/{resource}

You can query the location that was returned in the initial response to retrieve the outcome of the initial verification. You can only get the location from the initial response.

Query verifications response

In your response is a 200 HTTP response code and the historic outcome of the verification.

outcome:

verified
not verified

{
    "outcome": "verified",
    "checkedAt": "2018-09-01T10:37:36.923Z",
    "riskFactors": [{
            "risk": "matched",
            "type": "cvc"
        },
        {
            "risk": "matched",
            "detail": "postcode",
            "type": "avs"
        },
        {
            "risk": "matched",
            "detail": "address",
            "type": "avs"
        }
    ],
    "_links": {
        "verifications:verification": {
            "href": "https://try.access.worldpay.com/verifications/accounts/{resource}"
        },
        "curies": [{
            "name": "verifications",
            "href": "https://try.access.worldpay.com/rels/verifications/accounts/{rel}",
            "templated": true
        }]
    }
}

Note

Verifications are accurate at the time of the initial request. Sending another intelligent or dynamic verification request may return different results.

ACH verification

ACH verification gives you the ability to perform an account verification against a US bank account.

ACH verification request

For a ACH verification, POST your request to the verifications:ach action link received in your verifications root resource response.

POST https://try.access.worldpay.com/verifications/accounts/ach

Example request body

ACH verification requests with mandatory fields only:

{
  "merchant": {
    "entity": "default"
  },
  "transactionReference": "1234567",
  "paymentInstrument": {
    "type": "bankAccountUS",
    "accountType": "checking",
    "accountNumber": "1234567890",
    "routingNumber": "011400495",
    "billToAddress": {
      "firstName": "John",
      "lastName": "Smith",
      "address1": "address1",
      "city": "city",
      "region": "state",
      "postalCode": "postalCode",
      "countryCode": "US",
      "telephoneNumber": "4085551212"
    }
  }
}

Descriptions of your mandatory ACH verification request parameters:

Parameter	Required?	Description
`merchant.entity`	✅	Direct your verification to assist with billing, reporting and reconciliation. For more information contact your Relationship Manager.
`transactionReference`	✅	A unique reference generated by you that is used to identify a payment throughout its lifecycle. It can be up to 25 characters. Spaces, code brackets (< and >), quotation marks and pipes (\|) are not allowed. Please note that the format is different than the one used for card verifications.
`paymentInstrument`	✅	An object that contains your customer's payment details.
`paymentInstrument.type`	✅	An object that contains your customer's payment type. The only allowed value is: `bankAccountUS`
`paymentInstrument.accountType`	✅	An object that contains your customer's payment account type. For Personal Account possible values: `checking` `savings` For Corporate Account possible values: `corporate` `corporateSavings`
`paymentInstrument.accountNumber`	✅	An object that contains your customer's bank account number.
`paymentInstrument.routingNumber`	✅	An object that contains your customer's bank routing number.
`paymentInstrument.companyName`	✅	An object that contains your customer's company name. This is a mandatory field for Corporate Account and must not be supplied for Personal Account.
`paymentInstrument.billToAddress`	✅	An object containing the bill to address information. Mandatory fields include: `address1` `city` `region` `postalCode` `countryCode` `telephoneNumber`
`billToAddress.firstName`	✅	An object that contains your customer's first name. This is a mandatory field for Personal Account.
`billToAddress.lastName`	✅	An object that contains your customer's last name. This is a mandatory field for Personal Account.

Optional fields in an ACH verification request

Optional fields and descriptions

ACH verification requests with optional and mandatory fields:

{
  "merchant": {
    "entity": "default"
  },
  "transactionReference": "1234567",
  "paymentInstrument": {
    "type": "bankAccountUS",
    "accountType": "checking",
    "accountNumber": "1234567890",
    "routingNumber": "011400495",
    "billToAddress": {
      "firstName": "John",
      "lastName": "Smith",
      "address1": "address1",
      "address2": "address2",
      "address3": "address3",
      "city": "city",
      "region": "state",
      "postalCode": "postalCode",
      "countryCode": "US",
      "telephoneNumber": "4085551212"
    }
  }
}

Descriptions of your optional ACH verification request parameters:

Parameter	Required	Description
`paymentInstrument.billToAddress`	❌	An object containing the bill to address information. Optional fields includes: `address2` `address3`
`billToAddress.firstName`	❌	An object that contains your customer's first name. This is an optional field for Corporate Account.
`billToAddress.lastName`	❌	An object that contains your customer's last name. This is an optional field for Corporate Account.

ACH verification response

In your response is a 201 HTTP response code and the historic outcome of the verification.

outcome:

verified
not verified

{
  "outcome": "verified",
  "checkedAt": "2021-09-27T18:02:16.475Z",
  "_links": {
    "curies": [
      {
        "name": "verifications",
        "href": "https://try.access.worldpay.com/rels/verifications/accounts/{rel}",
        "templated": true
      }
    ]
  }
}

Verify a customer's account

Intelligent verification

Intelligent verification request

oneTime intelligent verification

cardOnFile intelligent verification

Example request body

Optional fields in a verification request

Dynamic verification

Dynamic verification request

dynamicOneTime verification

dynamicCardOnFile verification

Example request body

Descriptions of your mandatory dynamic verification request parameters:

Optional fields in a verification request

Descriptions of your optional dynamic verification request parameters:

3DS

The descriptions of parameters from your 3DS authorization request

Apple Pay decrypted

Verification example request:

The descriptions of parameters from your Apple Pay decrypted authorization request

Verifications response

Risk Factors

Payment Instrument

Location storing

Query a historic verification

Query verifications request

Query verifications response

ACH verification

ACH verification request

Example request body

Descriptions of your mandatory ACH verification request parameters:

Optional fields in an ACH verification request

ACH verification response

Do you like our page?

`oneTime` intelligent verification

`cardOnFile` intelligent verification

`dynamicOneTime` verification

`dynamicCardOnFile` verification