Using Account Check to verify customer’s details


Follow these instructions when using Account Checks to verify the customer’s details prior to processing a payment.




In order to reduce fraud, Visa has mandated that all merchants with a Merchant Category Code (MCC) of 6012 are required to send additional fields in AUTH and ACCOUNTCHECK requests. Click here for further information.


Failure to submit these fields will result in a “60025” (Invalid request) error being returned in the response.



Mandate considerations

Visa and Mastercard have mandated that you must obtain cardholder consent if storing card details for future use, and that these must be flagged at the time of the first authorisation, by submitting the credentialsonfile field in your requests.

You must also flag any subsequent payments that are utilising previously-stored credentials, by including the credentialsonfile field in these requests.

To do so, you will need to update your payload submitted within your JWT to include the additional field credentialsonfile, with value set to “1”:

"credentialsonfile": "1"


Checks performed

All Account Checks processed will perform checks on the cardholder’s first line of address, the cardholder’s postcode and the security code, to ensure the details entered by the customer are valid. Click here to learn more about these checks.




Drop-In View Controller

You can update your Drop-In View Controller to precede the payment with an Account Check by including the list typeDescriptions, as shown in the example below:

let dropInVC = ViewControllerFactory.shared.dropInViewController(
	jwt: jwt,
	typeDescriptions: [.accountCheck, .threeDQuery, .auth],
	payButtonTappedClosureBeforeTransaction: { (controller: DropInController) in},
	successfulPaymentCompletion: {
			jwt: String,
			responses: [JWTResponseObject],
			successMessage: String,
			cardReference: TPCardReference?
	transactionFailure: {
			jwt: String?,
			responses: [JWTResponseObject]?,
			errorMessage: String,
			error: NSError?

Although the Account Check does not reserve funds on the customer’s bank account, it is important to understand that the subsequent AUTH request specified in this example will debit the customer’s bank account, if the payment is authorised by the issuing bank.


Rule manager

You will need to contact our Support Team to configure a rule that prevents the payment from being authorised if the checks performed show discrepancies between the address and security code data entered by the customer and those corresponding values stored on their bank’s records.