3DS Authentication
Description of the 3DS Authentication Process
The 3D Secure (3DS) authentication in our payment gateway is an essential component designed to enhance the security of online transactions. This process focuses on verifying the cardholder's identity during transactions, adding an extra layer of fraud protection. Below is a detailed description of how the 3DS authentication is carried out on our platform.
There are two possible flows to evaluate the outcome of an authentication: the "frictionless" flow and the "challenge" flow:
Frictionless: The cardholder can complete the transaction without noticeable interruptions or additional steps that may cause friction or inconvenience.
Challenge: The cardholder is required to provide additional information or complete more advanced authentication steps.
3DS Authentication Initiation Process
- Request
- The merchant sends a request to the 3DS Authentication Initiation Endpoint, providing the parameters listed in the JSON below.
- Generation of Authentication Data
- The payment gateway uses the provided information to generate the necessary data for 3D Secure authentication.
- Authentication Result
- If the result of the authentication process indicates "isFrictionless: true", meaning the flow is frictionless, the necessary parameters for step 4 will be provided.
- If the result indicates "isFrictionless: false", signaling a "challenge" flow that requires additional cardholder authentication, a URL will be returned. This URL will allow the user to complete the challenge step. Subsequently, the result will be sent to the endpoint specified in the "urlNotification" parameter.
- Payment Processing
- Once the authentication is complete, a response is generated indicating the outcome of the process.
- If the authentication includes an ECI that provides liability shift for the transaction, the merchant sends the received data along with additional transaction data to the “MakePayment” endpoint.
Important Notes
- It is crucial that “server-to-server” payment implementations comply with PCI DSS security standards to ensure the adequate protection of sensitive credit card information and to prevent potential security breaches.
- Transaction authentication via 3DS may incur additional costs.
The 3DS Authentication Initiation Endpoint is responsible for receiving the necessary data to initiate the 3D Secure authentication process for a specific transaction. This process is triggered in situations that require additional authentication, such as high-risk transactions or those that meet certain predefined criteria.
Request Example
Method: post
URL: http://{environment-domain}/api/v1/begin-threeds
HTTP Headers:Content-Type: application/json
Include authentication headers.
Example:
{
"transactionType": "sale",
"merchantId": "3ae25846-d5fe-40cc-a311-eb2de5174c29",
"terminalId": "3ae25846-d5fe-40cc-a311-eb2de5174c29",
"urlNotification": "https://comercio.shop/api/notificationResultd3ds",
"order": {
"merchantOrderId": "9a6ecf36-8265-11ee-b962-0242ac120002",
"amount": "100.00",
"currency": "484"
},
"card": {
"cardNumber": "4111111111111111",
"expiryMonth": "01",
"expiryYear": "2025",
"cvv2": "123",
"holderName": "Clark Parker",
"email": "[email protected]"
},
"aditionalDataToThreeds": {
"ip": "192.168.0.1",
"browserAcceptHeader": "text/html",
"browserScreenColorDepth": "36",
"browserJavaEnabled": false,
"browserLanguage": "es/mx",
"browserScreenHeight": "1920",
"browserScreenWith": "1080",
"browserTimezone": "60",
"browserChallengeWindows": "4",
"browserUserAgent": "Mozilla/4.0 (MSIE 6.0; Windows NT 5.0)"
}
}Field Description
| Field | Description~~~~ |
|---|---|
transactionType | Unique identifier for the terminal, assigned when creating the account. |
merchantId | Unique identifier for the merchant in the payment gateway, assigned when creating the account. |
terminalId | Unique identifier for the terminal, assigned when creating the account. |
urlNotification | URL where the result will be notified if the flow is an "additional step." |
order | Contains details about the purchase order. |
merchantOrderId | Unique identifier for the order assigned by the merchant. |
amount | Total amount of the order. |
currency | Currency code according to the ISO 4217 standard. |
card | Information related to the client's card. |
cardNumber | Card number. |
expiryMonth | Card expiration month. |
expiryYear | Card expiration year. |
cvv2 | Card security code. |
holderName | Cardholder's name. |
email | Email address associated with the card. |
aditionalDataToThreeds | Additional data required for threeDS transactions. |
ip | Indicates if the card should be saved on file for future transactions. |
browserAcceptHeader | This data should be extracted from the browser. |
browserScreenColorDepth | This data should be extracted from the browser. |
browserJavaEnabled | This data should be extracted from the browser. |
browserLanguage | This data should be extracted from the browser. |
browserScreenHeight | This data should be extracted from the browser. |
browserScreenWith | This data should be extracted from the browser. |
browserTimezone | This data should be extracted from the browser. |
browserChallengeWindows | This data should be extracted from the browser. |
browserUserAgent | This data should be extracted from the browser. |
Example of a successful “frictionless” flow response and notification of the result in the “additional step” flow:
Http code 200
{
"id": "5c51bebd-5b21-4ef3-b980-d41eb0b83568",
"order": {
"merchantOrderId": "9a6ecf36-8265-11ee-b962-0242ac120002",
"amount": "100.00",
"currency": "484"
},
"isFrictionless": true,
"consumerAuthenticationInformation": {
"acsTransactionId": "72f84fb0-9800-4961-b3b6-f9ced353deb5",
"authenticationResult": "0",
"authenticationStatusMsg": "Success",
"cavv": "AAAAAAAAAAAAAAAAAAAAAAAAAAA=",
"indicator": "vbv",
"eci": "05",
"eciRaw": "05",
"paresStatus": "Y",
"specificationVersion": "2.2.0",
"threeDSServerTransactionId": "60408358-4aec-4e67-bd53-3bacf7bfd8d4",
"xid": "AAIBBYl3AgAAAMNQSEMgdQAAAAA=",
"directoryServerTransactionId": "4890d3d3-b584-4a4d-84f0-1e820b924e7a"
"submitTimeUtc": "2023-11-16T18:26:46Z",
"status": "AUTHENTICATION_SUCCESSFUL",
"clientReferenceInformation": {
"code": "9205066"
}
}
} Field Description
| Field | Description |
|---|---|
id | Unique ID of the transaction assigned by the payment gateway. |
order | Contains details about the purchase order. |
merchantOrderId | Unique identifier for the order assigned by the merchant. |
amount | Total amount of the order. |
currency | Currency code following the ISO 4217 standard. |
isFrictionLess | Transaction flow response. |
consumerAuthenticationInformation | Authentication result information. |
acsTransactionId | Unique identifier of the transaction on the Issuer Authentication Server (ACS). |
authenticationResult | Authentication result, where "0" indicates success. |
authenticationStatusMsg | Message indicating the status of the authentication, in this case, "Success." |
cavv | Cryptographic value of cardholder authentication. |
indicator | Indicator used in authentication, in this case, "vbv" Verified by Visa. |
eci | Authentication information indicator. |
eciRaw | Indicator of authentication information in raw format. |
paresStatus | Card authentication status. |
specificationVersion | Version of the 3DS specification used in the transaction. |
threeDSServerTransactionId | Unique identifier of the transaction on the 3DS server. |
xid | Merchant transaction identifier. |
directoryServerTransactionId | Unique identifier of the transaction on the directory server. |
submitTimeUtc | Date and time in UTC format of when the transaction was sent for validation. |
status | Transaction authentication status. In this case, "AUTHENTICATION_SUCCESSFUL" indicates that the 3DS authentication was successful. |
clientReferenceInformation | Customer reference information |
code | Customer reference code associated with the transaction. |
Example successful response in the “additional step” flow:
Http code 200
{
"id": "5c51bebd-5b21-4ef3-b980-d41eb0b83568",
"order": {
"merchantOrderId": "9a6ecf36-8265-11ee-b962-0242ac120002",
"amount": "100.00",
"currency": "484"
},
"isFrictionless": false,
"urlRedirect": "https://{TODO domain}/threeds/1c128bb3-f8ca-4732-a91b-13a0db5a3272"
} Field Description
| Field | Description |
|---|---|
id | Unique ID of the transaction assigned by the payment gateway. |
order | Contains details about the purchase order. |
merchantOrderId | Unique identifier for the order assigned by the merchant. |
amount | Total amount of the order. |
currency | Currency code following the ISO 4217 standard. |
isFrictionLess | Transaction flow response. |
urlRedirect | URL for Client Redirection or Iframe Embedding |
Updated 5 months ago