Zero Value Authorisation (ZVA)

On this page:

What is Zero Value Authorisation?

Zero value authorisation (ZVA) is the ability to authenticate a card holder and perform an authorisation against that card. Performing a ZVA allows you to check that the card details are correct and perform an EMV 3DS check (via ecommerce) to authenticate the cardholder. The authorisation will be for a zero value amount and won't impact the available funds balance on the customer's card.

Why do I need to use it?

Under PSD2 rules, if you wish to store a card holders credentials, you will need to complete a 3DS authentication and perform an authorisation against that card. This includes storing a token with Opayo. 

If you are using our standalone token endpoints, these will become non-compliant with the September 2021 SCA deadline and have been deprecated by Opayo. You will need to upgrade to protocol 4.00 and ZVA in order to continue capturing tokens without capturing funds.

Using Opayo's ZVA service won't cost you anything, you'll just pay when you take a transaction which we settle (generally by using the stored token), or for the storage of the token, which can be removed from the Opayo system after you take a payment using that token.

How do I use it?

Opayo have opted to make the process of taking ZVA transactions as simple and reliable as possible.

First, you'll need to upgrade your integration to protocol 4.00. There is an overview of the major changes that you will need to make here.

Important: If you haven't already, you'll also need to make changes to your integration to support 3DSv2.
Important: For ZVA and token capture, you'll need to have our token service enabled on your account

Once your integration is ready:

  • Submit a transaction request, with a transaction type of AUTHENTICATE.
  • Ensure the amount submitted is zero.
  • Flag the transaction as a token creation - submit CreateToken=1 with the transaction request.
  • Submit the transaction as normal

Opayo will carry out a standard authenticate transaction, and automatically authorise the transaction for a zero amount. If requested by the card issuer, your customer may be challenged for their 3D authentication credentials.
We will then return the transaction response to you. You should capture the values returned for further transaction processing

When it comes to using the token, you can process your transaction using a standard payment transaction, remembering to substitute the token for any cardholder information. 

If you wish to send an amount for authentication, using the AUTHENTICATE / AUTHORISE flow as previously, you won't need to post CreateToken=1.

We will however carry out a zero value authorisation transaction anyway for your peace of mind. This won't affect your process in any way - you'll still be able to authorise up to 115% of the authenticated amount.