-
Introduction
-
Commands & Actions
-
Transaction Sequence
-
MasterPass
-
Visa Checkout
-
Foreign Exchange
-
Parameter Description & Action
-
Gateway Domain Knowledge
-
Transaction Result Codes
-
Out Of Band
-
Payment Facilitator
-
Tokenization
-
SOAP API
-
Pos Device Intergration
-
Acquire Contact Information
-
3D Secure
-
Enterprise API Samples
-
Card on File
-
Additional Data Transactions
3D secure 2 is the latest standard released by EMVCo that allows merchants and payment service providers to send additional data elements to the issuing bank of the cardholder, which in turn, makes it possible for the issuer of the card to perform frictionless authentication and offer an improved, user experience to the cardholder. With the additional data elements relating to the cardholder, issuers can apply "Frictionless" Authentication flows or “Challenged” authentication flows
Frictionless Authentication Flows: issuers can apply risk-based decisions using the additional data received and trust that the real cardholder is making the purchase and auto authenticate the transaction in the background without requesting any additional information from the cardholder.
Challenged Authentication Flows: When the issuer cannot apply risk-based decision using the data on record, additional information to authenticate the payment is then requested from the cardholder.
Integrating 3DS 2 via the iVeri Gateway
The following information is crucial before starting an integration to the iVeri Gateway,
Generate a certificate ID in the the merchant portal - Backoffice
- The use of the certificate ID is only applicable on the Debit or Authorisation messages
- The Auth/Debit payment instructions can be contrusted in JSON or XML using the REST and SOAP API
Merchant Profile
A merchants test application ID must be enabled for 3DS 2. Contact iVeri support on assist@iveri.com to enable 3D secure.
Integration testing and scenarios can be referenced on 3D secure test cards
3DS 2 Endpoint
Method: POST 3D secure requests on - https://[portal base domain]/threedsecure/EnrollmentInitial
Format: FormData
3D Secure Process
- Submit 3D secure request in a Form POST or Pop-Up method
- Post request on /threedsecure/EnrollmentInitial
- The iVeri Gateway act as proxy and submits the 3D secure request to the 3DS MPI onbehalf of the merchant
- 3D secure MPI returns the status to the iVeri Gateway
- iVeri Gateway posts the status of the 3D secure authentication to the merchant ReturnURL
- Depending on the data set returned, the merchant can proceed with the payment instruction ( Debit/Authorisation) or the transaction will have to be terminated to the customer.
Parameter |
Description |
Merchant ReturnUrl |
Mandatory: The URL which the Gateway will post return response parameters to |
ApplicationID |
Mandatory: Merchant Application ID generated upon the creation of the merchant profile on the iVeri Gateway, serves as a unique identifer for the merchant. |
MerchantReference |
Mandatory: A merchant generated identifier that is unique within a specified time that identifies a transaction sequence. |
Amount |
Mandatory: The total value of the transaction in the smallest unit of the currency specified (eg in cents) |
Currency |
Mandatory: The ISO 4217 currency code of the value of the transaction. e.g., USD or ZAR or GBP |
PAN |
Mandatory: Card number used for transaction |
ExpiryDate |
Mandatory: The last month of the validity period of the card, formatted as MMYY or MMYYYY |
CardSecurityCode |
Optional: The 3 or 4 digits printed on the card which are not contained on the magnetic strip. Usually printed after the Card number on the signature strip. Corresponds to American Express CIV, MasterCard CVC2 and VISA CVV2 |
Parameter |
Description |
ApplicationID |
Merchant Application ID generated upon the creation of the merchant profile on the iVeri Gateway, serves as a unique identifer for the merchant. |
MerchantReference |
A merchant generated identifier that is unique within a specified time that identifies a transaction sequence. |
Amount |
The total value of the transaction in the smallest unit of the currency specified (eg in cents) |
Currency |
The ISO 4217 currency code of the value of the transaction. e.g., USD or ZAR or GBP |
JWT |
|
PAN |
Card number used for transaction |
ExpiryDate |
The last month of the validity period of the card, formatted as MMYY or MMYYYY |
ResultCode |
The numeric Result Code of the completed execution. |
ResultDescription |
A description of the results of the completed execution. Only relevant where ResultStatus is Unsuccessful |
ThreeDSecure_AuthenticationType | Possible values( not limited) to "01", "02", "03". Must be as generated on completion of the authentication process. indicates the method of authentication used. |
CardHolderAuthenticationID | Commonly known as an XID: Unique identifier generated during the 3DS process |
CardHolderAuthenticationData | Commonly known as UCAF -(universal cardholder authentication field) for Mastercard or CAVV( cardholder authentication verification value), generated on completion of the authentication by between cardholder and card issuer |
ElectronicCommerceIndicator | Commonly known as “ECI”: Indicates if the cardholder was fully authenticated, attempted or not. Possible values: ThreeDSecure (ECI “05”, “02”), ThreeDSecureAttempted (“ECI “06” or “01”) or SecureChannel (ECI “07”) |
ThreeDSecure_VEResEnrolled | Possible values: Y|N|U - Indicates if the card is enrolled. |
ThreeDSecure_RequestID | Unique identifier retured by the Gateway on completion of the 3DS process |
ThreeDSecure_ProtocolVersion | Indicates the version of 3D secure used |
ThreeDSecure_DSTransID | Directory Server Transaction ID returned on completion of the 3DS process |