Account checks

An ACCOUNTCHECK request allows a card to be validated by checking the cardholder’s first line of address, the cardholder’s postcode and the security code, to ensure the details entered by the customer are valid.


Process overview


No funds are reserved by ACCOUNTCHECK requests

The customer’s account is not debited when an ACCOUNTCHECK request is performed.

Similar to standard AUTH requests, AVS and Security Code Checks are performed on ACCOUNTCHECK requests. We recommend reading our documentation on these checks before proceeding.



In order to reduce fraud, Visa has mandated that all merchants with a Merchant Category Code (MCC) of 6012 are required to send additional fields in AUTH and ACCOUNTCHECK requests, if provided by the customer making the payment.


Failure to submit these fields will result in a “60025” errorcode being returned in the response.

Click here for further information.



The fields required in an ACCOUNTCHECK request are the same as a standard AUTH request. The difference is that the baseamount can be “0”. You can also submit any field that you can submit in an AUTH request and these will be inherited by any subsequent child requests.


The following is an example of an ACCOUNTCHECK request:

import securetrading

stconfig = securetrading.Config()
stconfig.username = "[email protected]"
stconfig.password = "Password1^"
st = securetrading.Api(stconfig)

accountcheck= {
    "currencyiso3a": "GBP",
    "requesttypedescriptions": ["ACCOUNTCHECK"],
    "sitereference": "test_site12345",
    "baseamount": "0",
    "orderreference": "My_Order_123",
    "accounttypedescription": "ECOM",
    "cachetoken": "token_posted_by_st.js",
    "billingpremise": "789",
    "billingpostcode": "TE45 6ST"

strequest = securetrading.Request()
stresponse = st.process(strequest) #stresponse contains the transaction response

if (!($autoload = realpath(__DIR__ . '/../../../autoload.php')) && !($autoload = realpath(__DIR__ . '/../vendor/autoload.php'))) {
  throw new Exception('Composer autoloader file could not be found.');

$configData = array(
'username' => '[email protected]',
'password' => 'Password1^',

$requestData = array(
'currencyiso3a' => 'GBP',
'requesttypedescriptions' => array('ACCOUNTCHECK'),
'sitereference' => 'test_site12345',
'baseamount' => '0',
'orderreference' => 'My_Order_123',
'accounttypedescription' => 'ECOM',
'cachetoken' => 'token_posted_by_st.js',
'billingpremise' => '789',
'billingpostcode' => 'TE45 6ST'

$api = Securetradingapi($configData);
$response = $api->process($requestData);

curl --user [email protected]:Password1^ -H "Content-type: application/json" -H "Accept: application/json" -X POST -d '{
"alias": "[email protected]",
"version": "1.00",
"request": [{
  "currencyiso3a": "GBP",
  "requesttypedescriptions": ["ACCOUNTCHECK"],
  "sitereference": "test_site12345",
  "baseamount": "0",
  "orderreference": "My_Order_123",
  "accounttypedescription": "ECOM",
  "cachetoken": "token_posted_by_st.js",
  "billingpremise": "789",
  "billingpostcode": "TE45 6ST"



The ACCOUNTCHECK response has the same structure as a standard AUTH response, except for the requesttypedescription value returned being “ACCOUNTCHECK”.



It is possible to take the value of the transactionreference field returned in the ACCOUNTCHECK response and submit this in the parenttransactionreference field of a new request, such as an AUTH. The new request will inherit billing and delivery details from the ACCOUNTCHECK (including the card details required for the payment), which means you are not required to submit this information again.

When reading the following specification, please ensure that you reference the relevant code examples for your chosen language.

  u 'requestreference': u 'Ar2xj1hjr',
    u 'version': u '1.00',
    u 'responses': [{
      u 'transactionstartedtimestamp': u '2016-12-07 16:12:00',
        u 'livestatus': u '0',
        u 'issuer': u 'SecureTrading Test Issuer1',
        u 'dccenabled': u '0',
        u 'settleduedate': u '2016-12-07',
        u 'errorcode': u '0',
        u 'orderreference': u 'My_Order_123',
        u 'tid': u '27882788',
        u 'merchantnumber': u '00000000',
        u 'merchantcountryiso2a': u 'GB',
        u 'transactionreference': u '23-9-80023',
        u 'merchantname': u 'Test Merchant',
        u 'paymenttypedescription': u 'VISA',
        u 'baseamount': u '0',
        u 'accounttypedescription': u 'ECOM',
        u 'acquirerresponsecode': u '00',
        u 'requesttypedescription': u 'ACCOUNTCHECK',
        u 'securityresponsesecuritycode': u '2',
        u 'currencyiso3a': u 'GBP',
        u 'authcode': u 'TEST46',
        u 'errormessage': u 'Ok',
        u 'operatorname': u '[email protected]',
        u 'securityresponsepostcode': u '2',
        u 'maskedpan': u '411111######1111',
        u 'securityresponseaddress': u '2',
        u 'issuercountryiso2a': u 'US',
        u 'settlestatus': u '0'
array(3) {
  ["requestreference"] => string(9) "A4cenptwx"
  ["version"] => string(4) "1.00"
  ["responses"] => array(1) {
    [0] => array(27) {
      ["transactionstartedtimestamp"] => string(19) "2016-12-09 11:04:29"
      ["livestatus"] => string(1) "0"
      ["issuer"] => string(26) "SecureTrading Test Issuer1"
      ["dccenabled"] => string(1) "0"
      ["settleduedate"] => string(10) "2016-12-09"
      ["errorcode"] => string(1) "0"
      ["baseamount"] => string(1) "0"
      ["tid"] => string(8) "27882788"
      ["merchantnumber"] => string(8) "00000000"
      ["securityresponsepostcode"] => string(1) "2"
      ["transactionreference"] => string(10) "72-9-80018"
      ["merchantname"] => string(13) "Test Merchant"
      ["paymenttypedescription"] => string(4) "VISA"
      ["orderreference"] => string(12) "My_Order_123"
      ["accounttypedescription"] => string(4) "ECOM"
      ["acquirerresponsecode"] => string(2) "00"
      ["requesttypedescription"] => string(12) "ACCOUNTCHECK"
      ["securityresponsesecuritycode"] => string(1)"2"
      ["currencyiso3a"] => string(3) "GBP"
      ["authcode"] => string(6) "TEST39"
      ["errormessage"] => string(2) "Ok"
      ["operatorname"] => string(23) "[email protected]"
      ["merchantcountryiso2a"] => string(2) "GB"
      ["maskedpan"] => string(16) "411111######1111"
      ["securityresponseaddress"] => string(1) "2"
      ["issuercountryiso2a"] => string(2) "US"
      ["settlestatus"] => string(1) "0"
  "requestreference": "W23-q3wa45ge",
  "version": "1.00",
  "response": [{
    "transactionstartedtimestamp": "2016-12-07 16:16:39",
    "livestatus": "0",
    "issuer": "SecureTrading Test Issuer1",
    "dccenabled": "0",
    "settleduedate": "2016-12-07",
    "errorcode": "0",
    "baseamount": "0",
    "tid": "27882788",
    "merchantnumber": "00000000",
    "securityresponsepostcode": "2",
    "transactionreference": "23-9-80024",
    "merchantname": "Test Merchant",
    "paymenttypedescription": "VISA",
    "orderreference": "My_Order_123",
    "accounttypedescription": "ECOM",
    "acquirerresponsecode": "00",
    "requesttypedescription": "ACCOUNTCHECK",
    "securityresponsesecuritycode": "2",
    "currencyiso3a": "GBP",
    "authcode": "TEST53",
    "errormessage": "Ok",
    "operatorname": "[email protected]",
    "merchantcountryiso2a": "GB",
    "maskedpan": "411111######1111",
    "securityresponseaddress": "2",
    "issuercountryiso2a": "US",
    "settlestatus": "0"
  "secrand": "NunVEQ"


The results of account checks are returned in the securityresponseaddress, securityresponsepostcode and securityresponsesecuritycode fields. The specification of these fields are outlined in the table below.

It is strongly recommended that you check the security fields returned in the response, and manually investigate transactions where the returned securityresponsesecuritycode is “4” (indicating the customer entered a security code that doesn’t match the value found on the back of the card).



Field name Type Length Response Description
securityresponseaddress Numeric 1 “0” Not given – Your system did not provide the acquiring bank the information required to perform this check.

“1” Not checked – The acquiring bank did not perform this check on the information you provided in the request.

“2” Matched – The information you provided in the request matches the information obtained by the acquiring bank, from the customer’s payment issuer.

“4” Not matched – The information you provided in the request does not match the information obtained by the acquiring bank, from the customer’s payment issuer.

securityresponsepostcode Numeric 1
securityresponsesecuritycode Numeric 1