> For the complete documentation index, see [llms.txt](https://docs.payments.thalescloud.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.payments.thalescloud.io/3d-secure/implement-3ds/configure-rulesets-for-3ds-decisioning.md). # Configure rulesets for 3DS decisioning ## Overview During D1 onboarding, the Issuer defines rulesets and associates them with card products in D1. A ruleset is an ordered list of rules. Each rule combines one or more conditions and sets the 3DS action to apply when those conditions are met. ## How evaluation works * Rules are evaluated from top to bottom. * Within a single rule, conditions are combined with AND. * The first matching rule determines the action. * If no rule matches, the ruleset’s default action applies. ## Examples * If the amount is <= 5 USD and `merchantName` = "Trusted Store", apply frictionless authentication. * If the amount is > 5 USD, apply a challenge with OOB authentication. ## Generic rules | Rule | Description | | ------------------------------------------------ | ----------------------------------------------------------------------------------------------- | | Currency | ISO 4217 currency code. | | Minimum amount | The minimum transaction amount required. | | Maximum amount | The maximum transaction amount allowed. | | Same device, same PAN | Checks recent authentications on the same device for the same PAN within a defined time window. | | Device channel | app or browser. | | Acquirer BIN + merchant ID | A BIN + merchant ID pair, or a comma‑separated list of pairs. | | Merchant category code (MCC) | MCC value, or a comma‑separated list of MCC values. | | Merchant country | A two‑letter ISO country code, or a comma‑separated list of ISO country codes. | | Merchant name | Merchant name value. | | Mastercard merchant fraud level | Comma‑separated Mastercard merchant fraud levels. | | Mastercard secure corporate payment exemption | Indicates whether a secure corporate payment exemption applies. | | 3DS requestor challenge indicator | 3DS requestor challenge indicator. | | 3DS requestor authentication indicator | 3DS requestor authentication indicator. | | Mastercard acquirer SCA exemption | Comma‑separated Mastercard acquirer SCA exemption values. | | Cardholder IP address | IP address value or range. | | Cardholder IP country | A two‑letter ISO country code. | | Shipping indicator | Shipping indicator value. | | Transaction type | Transaction type value. | | Message category | Message category value. | | Payment network | Visa or Mastercard. | | Visa DAF authenticated payment credential status | Y (authenticated), N (not authenticated), U (unknown), B (blocked), I (invalid). | | Visa DAF advice | Visa DAF advice indicator. | | Visa secure corporate payment exemption | Visa extension – secure corporate payment. | | PAN count velocity | Count of authentications over a period for a PAN. | | PAN spent velocity | Cumulative amount spent over a period for a PAN. | ## PSD2 rules | Rule | Description | | --------------------------------- | --------------------------------------------------------------------------------- | | Transaction amount since last SCA | Cumulative amount since the last strong customer authentication (SCA) event. | | Transaction count since last SCA | Number of transactions since the last strong customer authentication (SCA) event. | ## 3RI rules | Rule | Description | | --------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Prior authenticated transaction exists | Checks whether the 3DS requestor prior transaction reference refers to the ACS transaction ID of a previous successfully authenticated transaction. | | Check prior authenticated transaction(s) amount | Checks whether the current 3RI transaction amount exceeds the amount of the original/initial transaction. | | 3RI indicator | The type of 3RI request. | | Is recurring transaction expired | Validates that the 3RI recurring/instalment transaction is invoked within the recurring expiry period defined on the initial transaction. | | Is minimum recurring frequency days elapsed | Validates that the 3RI recurring/instalment transaction is invoked per the recurring frequency days defined on the initial transaction. | | Maximum authentications permitted for instalments reached | Validates that the maximum number of payment authentications for 3RI recurring/instalment transactions defined in the initial transaction (purchaseInstalData) has been reached. | | Minimum amount | The minimum transaction amount required. | | Maximum amount | The maximum transaction amount allowed. | | Message category | Payment or non‑payment type. | | Payment network | Visa or Mastercard. | | Acquirer BIN + merchant ID | A BIN + merchant ID pair, or a comma‑separated list of pairs. | | Merchant category code (MCC) | MCC value, or a comma‑separated list of values. | | Merchant country | A two‑letter ISO country code, or a comma‑separated list of ISO country codes. | | Merchant name | Merchant name value. | {% hint style="info" %} Visa DAF‑ and Mastercard‑specific fields are available only when the corresponding Payment Network features are enabled in your configuration. {% endhint %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.payments.thalescloud.io/3d-secure/implement-3ds/configure-rulesets-for-3ds-decisioning.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.