Welcome to Zuora Product Documentation

Explore our rich library of product information

Mastercard EMV 3DS 2.x mandatory fields

Mastercard requires additional data in EMV 3D Secure 2.x (3DS2) authentication requests, and merchants must send this data by July 1, 2026 to remain compliant.

To help you meet this requirement, Zuora sends the required data fields during 3D Secure 2.0 authentication for card transactions when the data is available.

The following sections describe the data that Mastercard requires and how to configure Zuora so that the data is collected and sent.

This requirement applies to card transactions that are authenticated with 3D Secure 2.0 through a payment gateway integration that supports 3D Secure 2.0.

Note:

To avoid disruption, make sure the data described in this topic is collected and sent for your Mastercard transactions before July 1, 2026.

Supported payment gateways

The following payment gateways support EMV 3DS 2.x authentication with the required Mastercard data fields:

  • Adyen Integration v2.0
  • BlueSnap
  • Braintree
  • Braintree v2.0
  • Chase (Chase Paymentech / Mobility)
  • Checkout.com
  • CyberSource
  • Ingenico (Worldline)
  • Opayo
  • Orbital v3
  • PayPal Commerce Platform
  • Planet
  • Stripe Integration v2.0
  • Worldpay

Required data fields

Mastercard requires the following data in EMV 3DS 2.x authentication requests.

Table 1. Required data for EMV 3DS 2.x authentication
CategoryRequired data
Cardholder informationInclude the cardholder name.
Address and delivery dataInclude the full billing address and full shipping address, plus the customer email address or phone number.

Billing Address Line 1 (Mandatory) – This is the primary trigger for the Mastercard mandate.

City (Mandatory) State / Province (Where applicable) Postal Code / ZIP Code

Country (Mandatory)

Note:

This field is only required when dealt physical goods.

Technical informationInclude the customer IP address and browser information.

How Zuora collects and sends the data

When a card transaction is authenticated with 3D Secure 2.0, Zuora assembles the required data from the following sources:

  • Cardholder name, billing address, email, and phone: collected from the payment method. When you use Hosted Payment Pages or the Payment SDK, Zuora collects these values from the fields on the page or form. When you use the API, Zuora uses the values that you provide.
  • Shipping address: sent from the Ship To contact on the customer account when the IsPhysicalGoods option is enabled on the gateway. If no Ship To contact is available, Zuora falls back to the billing address.
  • Technical information (IP address, device data): for Hosted Payment Pages, Zuora automatically captures the customer IP address and browser and device information from the customer session. You can also configure Zuora to send the IP address explicitly by enabling the Auto-capture IP Address option on the gateway.