Identity Check Insights

Identity Check Insights / Data Only - MasterCard's authentication message category

Mastercard has defined a custom authentication message category called Identity Check Insights, formerly called Data Only. It provides the merchant with the flexibility to share cardholder data through the EMV® 3DS rails to influence an issuer’s decision to approve a transaction without requesting authentication and thus with no risk of cardholder challenge and added latency.

A normal authentication request is represented by message category 01 (payment) or 02 (non-payment), which result in the message to the ACS provider with liability shift. Identity Check Insights is requested using Mastercard message category 80 and it is not sent to the ACS provider, it is the MasterCard's Smart Authentication engine who generates the authnetication data, such as ECI, AAV, dsTransactionId and provides back to the 3DS Server in the authentication response message.

Identity Check Insights transactions must not be used for Card Add transactions. Adding Card on file requires SCA and, therefore, need to be sent to the issuer ACS for authentication. An Insights transaction does not support that.

Regardless if the merchant has requested authentication or is sending Identity Check Insights, Mastercard will run all EMV 3DS transactions through the Mastercard Smart Authentication (RBA) engine and generate DTI (Digital Transaction Insights) - 3 bytes of risk assessment data which MasterCard submits in authorization message to the issuer for a better approval decision with less risk and higher conversion rate. In an Identity Check Insights transaction message, because the issuer is not receiving an authentication request, there is no fraud liability shift to the issuer.

To request an Identity Check Insights as a merchant, send the following field with the API request: threeDSecure.messageCategory=MASTERCARD_IDCI