> For the complete documentation index, see [llms.txt](https://docs.payments.thalescloud.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.payments.thalescloud.io/nfc-wallet/nfc-wallet-backend/card-enrollment/build-authentication-token/provide-additional-wallet-data.md). # Provide additional wallet data ## Overview The digital wallet can provide additional data during enrollment. This data is then included in the TSP Tokenization approval request sent to the issuer backend. The issuer backend can use this data with other signals to refine risk scoring and make the final Tokenization decision. The issuer Tokenization decision can be: * **Green**: Approve Tokenization without step-up authentication. * **Yellow**: Approve Tokenization with step-up authentication (**ID\&V**). * **Red**: Decline Tokenization. Include additional wallet data in the `wallet` object of the authentication token payload. This page describes the supported `wallet` payload format. ## Wallet payload format The `wallet` payload uses JSON. The table below summarizes the supported fields. All fields are optional. {% hint style="warning" %} Some `wallet` fields are not forwarded by every payment network TSP. The issuer backend may not receive them. {% endhint %} ### `wallet` payload fields | Field | Scheme support | Type | Description | | -------------------------- | ---------------- | --------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------- | | `recommendedFlow` | Mastercard | Enum: `Green`, `Yellow`, `Orange` | Digital wallet recommendation based on wallet scoring. | | `reasonCodes` | Mastercard | Array of strings | List of codes that explain `recommendedFlow`. | | `deviceScore` | Mastercard, Visa | Integer | Digital wallet score that indicates the device confidence level. See [Score definition](#score-definition). | | `accountScore` | Mastercard, Visa | Integer (`1` to `5`) | Digital wallet score that indicates the account confidence level. See [Score definition](#score-definition). | | `fourLastDigitPhoneNumber` | Mastercard, Visa | String (`1` to `4` digits) | Last four digits of the end user's phone number. | | `accountIdHash` | Mastercard | String, up to 48 characters | Base64-encoded SHA-256 hash of the end user's account ID with the Token requestor. If the value is an email address, use `emailHash` instead. | | `emailHash` | Mastercard, Visa | String, up to 48 characters | Base64-encoded SHA-256 hash of the email address. | ### Score definition The score is an integer from `1` to `5`. It indicates the confidence level of the account (`accountScore`) or device (`deviceScore`): * `1` indicates **high risk** * `2` indicates **risky** * `3` indicates **neutral** * `4` indicates **trusted** * `5` indicates **highly trusted** ### Reason codes The `reasonCodes` field explains the `recommendedFlow` value. The digital wallet can provide multiple reason codes. {% hint style="warning" %} `reasonCodes` and `recommendedFlow` apply only to Mastercard (`MDES`). {% endhint %} #### **Reason codes for Green recommendation** | Code | Description | | ---- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | A3 | Account has existed for at least one year. A Token requestor can require a longer tenure. | | A4 | Financial activity exists on the account for at least six months. No suspicious activity is linked to the account for at least one year. | | A5 | Digitization is requested for an additional device for the same account PAN and consumer account. A token must already be active and not suspended on another device for the same account PAN and consumer account. | | A6 | Digitization is requested after an authenticated operating system or software update wiped mobile payment data and prevented recovery. The request must use the same `paymentAppInstanceId` as a previously digitized and activated token for the same account PAN and consumer account. | #### **Reason codes for Yellow recommendation** | Code | Description | | ---- | ------------------------------------------------------------------------------------------- | | 01 | Wallet account ID is too new relative to launch. | | 02 | Wallet account ID is too new relative to the provisioning request. | | 03 | Wallet account ID and card pair are newer than the threshold date. | | 04 | Account data changed within the threshold period. | | 05 | Suspicious transactions are linked to this account. | | 06 | The account has had no activity in the last year. | | 07 | Cards in the secure element are suspended. | | 08 | The device entered lost mode in the last 7 days for longer than the threshold. | | 09 | The number of provisioning attempts on this device in 72 hours exceeds the threshold. | | 0A | More than the threshold number of different cards were attempted on this phone in 24 hours. | | 0B | The provisioning request contains a distinct name above the permitted threshold. | | 0C | Device score is lower than 3. | | 0D | Account score is lower than 4. | | 0E | Device provisioning location is outside the OEM marketplace home country. | | 0F | Model rules are unavailable at this time, for example because backend systems timed out. | | 0G | Orange path flag is set. | --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.payments.thalescloud.io/nfc-wallet/nfc-wallet-backend/card-enrollment/build-authentication-token/provide-additional-wallet-data.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.