Mastercard EMV 3DS 2.x mandatory fields
Mastercard requires additional data in EMV 3D Secure 2.x (3DS2) authentication requests, and merchants must send this data by July 1, 2026 to remain compliant.
To help you meet this requirement, Zuora sends the required data fields during 3D Secure 2.0 authentication for card transactions when the data is available.
The following sections describe the data that Mastercard requires and how to configure Zuora so that the data is collected and sent.
This requirement applies to card transactions that are authenticated with 3D Secure 2.0 through a payment gateway integration that supports 3D Secure 2.0.
To avoid disruption, make sure the data described in this topic is collected and sent for your Mastercard transactions before July 1, 2026.
Supported payment gateways
The following payment gateways support EMV 3DS 2.x authentication with the required Mastercard data fields:
- Adyen Integration v2.0
- BlueSnap
- Braintree
- Braintree v2.0
- Chase (Chase Paymentech / Mobility)
- Checkout.com
- CyberSource
- Ingenico (Worldline)
- Opayo
- Orbital v3
- PayPal Commerce Platform
- Planet
- Stripe Integration v2.0
- Worldpay
Required data fields
Mastercard requires the following data in EMV 3DS 2.x authentication requests.
| Category | Required data |
|---|---|
| Cardholder information | Include the cardholder name. |
| Address and delivery data | Include the full billing address and full shipping address, plus the customer email address or phone number. Billing Address Line 1 (Mandatory) – This is the primary trigger for the Mastercard mandate. City (Mandatory) State / Province (Where applicable) Postal Code / ZIP Code Country (Mandatory) Note: This field is only required when dealt physical goods. |
| Technical information | Include the customer IP address and browser information. |
How Zuora collects and sends the data
When a card transaction is authenticated with 3D Secure 2.0, Zuora assembles the required data from the following sources:
- Cardholder name, billing address, email, and phone: collected from the payment method. When you use Hosted Payment Pages or the Payment SDK, Zuora collects these values from the fields on the page or form. When you use the API, Zuora uses the values that you provide.
- Shipping address: sent from the Ship To contact on the customer account when the
IsPhysicalGoodsoption is enabled on the gateway. If no Ship To contact is available, Zuora falls back to the billing address. - Technical information (IP address, device data): for Hosted Payment Pages, Zuora automatically captures the customer IP address and browser and device information from the customer session. You can also configure Zuora to send the IP address explicitly by enabling the Auto-capture IP Address option on the gateway.