# Test Cards

Use these card numbers to test 3-D Secure scenarios in the sandbox environment. All cards use any future expiration date.

{% hint style="info" %}
These test cards are provided by CyberSource and trigger specific authentication scenarios in the Cardinal Commerce test environment. They have no effect in production.
{% endhint %}

***

#### How to Read the Results

Each scenario produces a specific combination of `status`, `pares_status`, and `eci_raw` in the Check Enrollment (and Validate) response:

<table><thead><tr><th width="90">ECI (Visa/Amex)</th><th width="90">ECI (Mastercard)</th><th width="130">pares_status</th><th>Meaning</th></tr></thead><tbody><tr><td><code>05</code>, <code>06</code></td><td><code>01</code>, <code>02</code></td><td><code>Y</code></td><td>Authentication successful — liability shift applies</td></tr><tr><td><code>07</code></td><td><code>00</code></td><td><code>N</code>, <code>R</code></td><td>Authentication failed or rejected</td></tr><tr><td><code>06</code></td><td><code>01</code></td><td><code>A</code></td><td>Attempts processing — partial liability shift</td></tr><tr><td>N/A</td><td>N/A</td><td><code>C</code></td><td>Challenge required — proceed to Validate after challenge</td></tr><tr><td>N/A</td><td>N/A</td><td><code>U</code></td><td>Authentication unavailable</td></tr></tbody></table>

***

#### 2.1 — Frictionless Authentication Successful

Card is enrolled and authentication succeeds without a challenge.

**Expected result:** `status: Authentication_successful` / `pares_status: Y`

<table><thead><tr><th width="130">Network</th><th width="220">Card Number</th><th>Expiration</th></tr></thead><tbody><tr><td>Visa</td><td><code>4000000000002701</code></td><td>Any future date</td></tr><tr><td>Mastercard</td><td><code>5200000000002235</code></td><td>Any future date</td></tr><tr><td>Amex</td><td><code>340000000002708</code></td><td>Any future date</td></tr></tbody></table>

***

#### 2.2 — Frictionless Authentication Unsuccessful

Card is enrolled but authentication fails without a challenge.

**Expected result:** `status: Authentication_failed` / `pares_status: N`

<table><thead><tr><th width="130">Network</th><th width="220">Card Number</th><th>Expiration</th></tr></thead><tbody><tr><td>Visa</td><td><code>4000000000002925</code></td><td>Any future date</td></tr><tr><td>Mastercard</td><td><code>5200000000002276</code></td><td>Any future date</td></tr><tr><td>Amex</td><td><code>340000000002096</code></td><td>Any future date</td></tr></tbody></table>

***

#### 2.3 — Stand-In Frictionless (Attempts Processing)

Issuer is unavailable; Cardinal stand-in processing generates an attempts response.

**Expected result:** `status: Authentication_successful` / `pares_status: A` / ECI `06` (Visa) or `01` (MC)

<table><thead><tr><th width="130">Network</th><th width="220">Card Number</th><th>Expiration</th></tr></thead><tbody><tr><td>Visa</td><td><code>4000000000002719</code></td><td>Any future date</td></tr><tr><td>Mastercard</td><td><code>5200000000002482</code></td><td>Any future date</td></tr><tr><td>Amex</td><td><code>340000000002872</code></td><td>Any future date</td></tr></tbody></table>

***

#### 2.4 — Frictionless Authentication Unavailable

Issuer does not return an authentication response.

**Expected result:** `status: Authentication_failed` / `pares_status: U`

<table><thead><tr><th width="130">Network</th><th width="220">Card Number</th><th>Expiration</th></tr></thead><tbody><tr><td>Visa</td><td><code>4000000000002313</code></td><td>Any future date</td></tr><tr><td>Mastercard</td><td><code>5200000000002268</code></td><td>Any future date</td></tr><tr><td>Amex</td><td><code>340000000002922</code></td><td>Any future date</td></tr></tbody></table>

***

#### 2.5 — Frictionless Authentication Rejected

Issuer rejects the authentication request.

**Expected result:** `status: Authentication_failed` / `pares_status: R`

<table><thead><tr><th width="130">Network</th><th width="220">Card Number</th><th>Expiration</th></tr></thead><tbody><tr><td>Visa</td><td><code>4000000000002537</code></td><td>Any future date</td></tr><tr><td>Mastercard</td><td><code>5200000000002185</code></td><td>Any future date</td></tr><tr><td>Amex</td><td><code>340000000002062</code></td><td>Any future date</td></tr></tbody></table>

***

#### 2.6 — Authentication Not Available on Lookup

Card is not enrolled or directory server returns unavailable.

**Expected result:** `status: Authentication_failed`

<table><thead><tr><th width="130">Network</th><th width="220">Card Number</th><th>Expiration</th></tr></thead><tbody><tr><td>Visa</td><td><code>4000000000002990</code></td><td>Any future date</td></tr><tr><td>Mastercard</td><td><code>5200000000002409</code></td><td>Any future date</td></tr><tr><td>Amex</td><td><code>340000000002468</code></td><td>Any future date</td></tr></tbody></table>

***

#### 2.7 — Check Enrollment Error

Directory server returns an error during enrollment check.

**Expected result:** `status: error` from Check Enrollment

<table><thead><tr><th width="130">Network</th><th width="220">Card Number</th><th>Expiration</th></tr></thead><tbody><tr><td>Visa</td><td><code>4000000000002446</code></td><td>Any future date</td></tr><tr><td>Mastercard</td><td><code>5200000000002037</code></td><td>Any future date</td></tr><tr><td>Amex</td><td><code>340000000002732</code></td><td>Any future date</td></tr></tbody></table>

***

#### 2.8 — Time-Out

Authentication process times out.

**Expected result:** `status: Authentication_failed`

<table><thead><tr><th width="130">Network</th><th width="220">Card Number</th><th>Expiration</th></tr></thead><tbody><tr><td>Visa</td><td><code>4000000000002354</code></td><td>Any future date</td></tr><tr><td>Mastercard</td><td><code>5200000000002326</code></td><td>Any future date</td></tr></tbody></table>

***

#### 2.9 — Step-Up Authentication Successful

Card requires a challenge; cardholder completes it successfully.

**Expected result:** Check Enrollment returns `status: Pending_authentication` / `pares_status: C` → after Validate: `status: Authentication_successful`

<table><thead><tr><th width="130">Network</th><th width="220">Card Number</th><th>Expiration</th></tr></thead><tbody><tr><td>Visa</td><td><code>4000000000002503</code></td><td>Any future date</td></tr><tr><td>Mastercard</td><td><code>5200000000002151</code></td><td>Any future date</td></tr><tr><td>Amex</td><td><code>340000000002534</code></td><td>Any future date</td></tr></tbody></table>

***

#### 2.10 — Step-Up Authentication Unsuccessful

Card requires a challenge; authentication fails after challenge.

**Expected result:** Check Enrollment returns `status: Pending_authentication` → after Validate: `status: Authentication_failed`

<table><thead><tr><th width="130">Network</th><th width="220">Card Number</th><th>Expiration</th></tr></thead><tbody><tr><td>Visa</td><td><code>4000000000002370</code></td><td>Any future date</td></tr><tr><td>Mastercard</td><td><code>5200000000002490</code></td><td>Any future date</td></tr><tr><td>Amex</td><td><code>340000000002237</code></td><td>Any future date</td></tr></tbody></table>

***

#### 2.11 — Step-Up Authentication Unavailable

Challenge is triggered but the ACS is unavailable to complete it.

**Expected result:** Check Enrollment returns `status: Pending_authentication` → challenge fails to complete

<table><thead><tr><th width="130">Network</th><th width="220">Card Number</th><th>Expiration</th></tr></thead><tbody><tr><td>Visa</td><td><code>4000000000002420</code></td><td>Any future date</td></tr><tr><td>Mastercard</td><td><code>5200000000002664</code></td><td>Any future date</td></tr><tr><td>Amex</td><td><code>340000000002484</code></td><td>Any future date</td></tr></tbody></table>

***

#### 2.12 — Error During Authentication

An error occurs at the ACS during the challenge.

**Expected result:** `status: Authentication_failed` / `status: error`

<table><thead><tr><th width="130">Network</th><th width="220">Card Number</th><th>Expiration</th></tr></thead><tbody><tr><td>Visa</td><td><code>4000000000002644</code></td><td>Any future date</td></tr><tr><td>Mastercard</td><td><code>5200000000002656</code></td><td>Any future date</td></tr><tr><td>Amex</td><td><code>340000000002351</code></td><td>Any future date</td></tr></tbody></table>

***

#### 2.13 — Authentication Bypassed

Authentication is bypassed by the issuer.

**Expected result:** `status: Authentication_successful` with bypass indicators

<table><thead><tr><th width="130">Network</th><th width="220">Card Number</th><th>Expiration</th></tr></thead><tbody><tr><td>Visa</td><td><code>4000000000002560</code></td><td>Any future date</td></tr><tr><td>Mastercard</td><td><code>5200000000002508</code></td><td>Any future date</td></tr></tbody></table>

***

#### 2.14 — Require Method URL

Tests the Method URL step in the 3DS 2.x flow.

<table><thead><tr><th width="130">Network</th><th width="220">Card Number</th><th>Expiration</th></tr></thead><tbody><tr><td>Visa</td><td><code>4000100000000000</code></td><td>Any future date</td></tr></tbody></table>

***

#### Data-Only Test Cards

These cards are used exclusively with `"mode": "data_only"` in the Check Enrollment request. Data-Only is always frictionless — there is no challenge and no Validate step.

{% hint style="info" %}
Use these cards only with `"mode": "data_only"` in the `authentication` object. Using them in a standard 3DS request will produce different results.
{% endhint %}

**5a — Visa Data Only**

<table><thead><tr><th width="130">Network</th><th width="220">Card Number</th><th>Expiration</th></tr></thead><tbody><tr><td>Visa</td><td><code>4000000000002024</code></td><td>Any future date</td></tr></tbody></table>

**Expected result:** `status: Authentication_successful` / `authentication_mode: "data_only"` / `pares_status: "I"` / `eci_raw: "07"`

***

**5b — Mastercard Data Only**

<table><thead><tr><th width="130">Network</th><th width="220">Card Number</th><th>Expiration</th></tr></thead><tbody><tr><td>Mastercard</td><td><code>5200000000002805</code></td><td>Any future date</td></tr></tbody></table>

**Expected result:** `status: Authentication_successful` / `authentication_mode: "data_only"` / `pares_status: "I"` / `eci_raw: "06"`

{% hint style="info" %}
CyberSource defines two Mastercard Data-Only variants — **Data Only** (AReq reaches issuer) and **Identity Check Insights / IDCI** (Mastercard generates a risk score at the Directory Server). Both use the same card and the same `mode: "data_only"` request in Firstoken. The distinction is handled internally by Mastercard and does not affect the integration on your end.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://firstoken.gitbook.io/api-docs/api-reference/risk/payer-authentication-3d-secure/test-cards.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.