On This Page
Simple Order API
Which Device Data is Collected
One of the key components to authenticating a cardholder during an online transaction is
to compare information about the device that the buyer is currently using to information
in the bank database about devices the buyer used in past transactions. This information
is maintained in the acess control server (ACS) at the issuing bank. This device
information focuses on the web browser and includes these types of data:
- IP address
- Browser language
- Browser type
- Browser version
- Computer operating system
- System time zone
- Screen dimensions
- Color depth
A successful device data collection process that includes the 11 browser fields listed in
the check enrollment step increases the chances of a frictionless authentication.
Business rules evaluate whether a transaction is risky enough to require the buyer to
authenticate their identity. These business rules are configured in the issuer's risk
analysis software that evaluates each transaction.