Overview

Mastercard has defined a custom authentication message category called Identity Check Insights, formerly known as Data Only. This provides merchants the flexibility to share cardholder data through the EMV 3DS infrastructure to influence an issuer's decision to approve a transaction without requesting authentication, thereby avoiding cardholder challenges and added latency.

A standard authentication request includes:

• Message category 01: Payment.
• Message category 02: Non-payment.

These result in a message sent to the ACS provider with liability shift.

In contrast, request Identity Check Insights using Mastercard message category 80. It is not sent to the ACS provider. Instead, Mastercard's Smart Authentication engine generates the authentication data, such as ECI, AAV, and dsTransactionId, and provides this data back to the 3DS server in the authentication response message.

🚧

• You must not use Identity Check Insights for "Card Add" transactions (adding a card on file). Such transactions require SCA and the issuer ACS must authenticate them. Insights transactions do not support SCA.
• Regardless of whether the merchant requests authentication or sends Identity Check Insights, Mastercard processes all EMV 3DS transactions through its Smart Authentication (RBA) engine. This generates DTI (Digital Transaction Insights), a 3-byte risk assessment data, which Mastercard submits in the authorisation message to the issuer. This enhances the approval decision process, reduces risk, and improves conversion rates. In an Identity Check Insights transaction message, because the issuer does not receive an authentication request, there is no fraud liability shift to the issuer.

Request Identity Check Insights

To request an Identity Check Insights transaction, include the threeDSecure.messageCategory=MASTERCARD_IDCI parameter in your API request.