Cardholder authentication service
The purpose of this Web Service is to authenticate the holder of the payment card using v1 3DS or v2 3DS protocols (other authentication protocols can be potentially added to this list). The service offers automatic selection of protocol, with transparent fallback to v1 3DS if v2 3DS is not possible.
The service authenticates the cardholder and returns the authentication information at the end of the process.
General principle
The service adopts an operating principle that ignores the underlying protocol to provide a unique integration experience, and not integration by protocol.
The generic process of complete authentication consists of several stages:
- An initial call to the PCI/Charge/Authenticate service with a response of AuthenticationResult or AuthenticationInstruction type.
- If the return belongs to the AuthenticationInstruction type, the operation must be performed on the merchant side:
- Creation of a visible or invisible iFrame.
- In the iFrame, browser redirection to a target page after submitting a form that respects the definition specified in the instruction.
- Potential interaction with the cardholder or the browser.
- Return page of the remote server that will emit a JavaScript event containing the result of the instruction.
- Interception of the instruction result in the form of a JavaScript event in the parent window.
- New call to the PCI/Charge/Authenticate service with the signed result of the instruction obtained via the browser.
- Then, the PCI/Charge/Authenticate service once again returns either an instruction or a result.
- If the return is of AuthenticationResult type, it will contain the final authentication result and the process is complete.
Detailed flowchart
The following flowchart presents a generic payment scenario with authentication: the initial call to the service, an instruction, an interaction, the final authentication result and the end of payment.
Client
Browser
iFrame
Merchant server
Payment gateway server
Remote server (e.g.: ACS)
We will present the different steps of the integration in the following paragraphs.
| Integration | Steps |
|---|---|
| Actions to perform on the merchant server side | Steps 3 , 4 , 16 and 17 |
| Actions to perform on the JavaScript side | Steps 5 , 6 , 7 and 15 |
Steps 1 and 2: Initiation (payment or adding a card)
A payment or card registration action has been initiated and requires authentication. The PCI/Charge/Authenticate service is now ready to be called.
Step 3: Call to the PCI/Charge/Authenticate service
The initial request allows to transmit the data required for authentication.
Among this information, it is necessary to fill in some information about the client's browser or mobile device in the device object.
This information is mostly technical and must be retrieved from the browser or the mobile device (in JavaScript for example).
The goal is to facilitate customer identification (IP address) and their payment medium (browser size) for a more suitable authentication process.
See the integration documentation of the PCI/Charge/Authenticate service for more information on this field.
Here is an example describing the initial request:
{
"amount": 1230,
"currency": "EUR",
"transactionCategory": "PAYMENT",
"productType": "GOODS_OR_SERVICE_PURCHASE",
"merchant": {
"mid": "1234567"
},
"paymentForm":{
"pan": "4970110000000013",
"expiryMonth": "02",
"expiryYear": "24",
"networkPreference": "VISA"
},
"device": {
"deviceType": "BROWSER",
"acceptHeader": "application/json",
"ip": "89.249.65.28",
"javaEnabled": true,
"language": "en",
"colorDepth": "1",
"screenHeight": 1024,
"screenWidth": 768,
"timeZoneOffset": 0,
"userAgent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0"
},
"protocolRequest": {
"name": "THREEDS",
"version": "2",
"challengePreference": "NO_PREFERENCE"
}
}
/**
* I initialize the PHP SDK
*/
require_once __DIR__ . '/vendor/autoload.php';
require_once __DIR__ . '/keys.php';
require_once __DIR__ . '/helpers.php';
/**
* Initialize the SDK
* see keys.php
*/
$client = new Lyra\Client();
/**
* I create a formToken
*/
$store = array("amount" => 250,
"currency" => "EUR",
"orderId" => uniqid("MyOrderId"),
"customer" => array(
"email" => "sample@example.com"
));
$response = $client->post("V4/Charge/CreatePayment", $store);
/* I check if there are some errors */
if ($response['status'] != 'SUCCESS') {
/* an error occurs, I throw an exception */
display_error($response);
$error = $response['answer'];
throw new Exception("error " . $error['errorCode'] . ": " . $error['errorMessage']);
}
/* everything is fine, I extract the formToken */
$formToken = $response["answer"]["formToken"];
?>
Step 4: Full response with an instruction
The response will contain an instruction presented as follows (this example presents v1 3DS authentication):
{
"answer": {
"id": "c82794e9-9c20-44a8-9297-b70e1e7c4006",
"protocol": {
"name": "THREEDS",
"version": "1.0.2",
"network": "VISA",
"challengePreference":"NO_PREFERENCE",
"simulation":false,
"_type": "V4/PCI/Charge/Authenticate/Protocol"
},
"value": {
"instructionType": "FORM",
"name": "CHALLENGE",
"timeout" : "15",
"target": {
"element": "IFRAME",
"visible": true,
"width": 400,
"height": 400,
"_type": "V4/PCI/Charge/Authenticate/InstructionTarget"
},
"http": {
"method": "POST",
"url": "https://acs.sg.com/1.0.2",
"headers": {
"Accept": "text/html"
},
"body": {
"termUrl": "https://pass.sample-acs.net/v1/notify/threeds/v1/pares",
"MD": "eJwljEmSokAAAL8yd2O6imLVCA+oINAKCLLekALZd2ggePz0dF/ylJnEB/xAG8GQLLcRiKRoZgtWnHtkwniZfw2qontZg4mvIv2SrOOGIMERCDJ/CHSg2QMkNpqEcNt/52iDEP1/bdVYFFsyDM0BgKIOgyKp++HAQQ6CKcD93yZYyqgawK/4A6VlbYPzWv0OZu3Gj04+rf6LMlQP8db81Tm7JXBxyrM3cKIYaV7GedZVQdLkWAo6W+ufqbUMjQxLQvkUIG8k384FpmsJfG2fQ0qzI3rulyLFqkPMYD9No8B48rkcrmI59ar3Yk29l6k8EQJPDlc9p+OqPzuxhul33WZx2TvmyNBxswb2U9OmCHFhelH8WI6e3nV2xVACYrHwadbjVpKbxxjWjywfgi7EK3ZWGTMnsSl2baxnlWKWhmXuqpOXX2JBhDDUebZccWyNOagnJHKm+kgz//4OF8oyrWig5hIAw1LL7jNTTkiw76DgJDl2VXKxGc4h0O1W9e4k1b4LPeRfzsh6H4//ANdloIQ=",
"paReq": "eJxVUslu2zAQ/RVBd5mLLZk2RgzSBlkOCYLGPqSXgss4VmNJDkkHdr4+pKosPXHezPDN4xvC2bHdZa/ofNN3dc4mNM+wM71tuqc6X68uC5FnPqjOql3fYZ2f0OdnElZbh3jxgObgUMIteq+eMGtsnf8RSghqDS0st7yY0WpeaKNZoamwrFpQzSvMJdyf/8IXCeNoGSdPOJAPGCmd2aouSFDm5cfNnWTVdC6AjAhadDcXkvHprKyA/EPQqRblrRpu2hX6AGRIgekPXXAnyUsK5APAwe3kNoS9XxLSjrcmpm+BpAqQLw33hxT5yHRsrFRv9vlxuq0e//6+Ut3O6XV4sFeXpb5e10BSB1gVUHLKBOO0yhhflvMlZUCGPKg2SZDllEY5I4B9mnH+vfI9A9FpFzdzkotkwycCPO7jYmJHdO8zBovexBeMx5f8n9fJUBOSdxsurFa0VJrPNqg0ZTjb2LnhJU8+D02JvoleMUEXA38CQBINGTdIxu3H6L9f8Q7HNMYj"
},
"_type": "V4/PCI/Charge/Authenticate/HttpRequest"
},
"_type": "V4/PCI/Charge/Authenticate/AuthenticationInstruction"
}
}
}
It consists of:
| Object | Function |
|---|---|
| id | Unique identifier of authentication transaction in progress. It must be transmitted upon each new call. |
| protocol | Indicates which protocol will be eventually applied during the authentication. |
| value | Represents the authentication result or the instruction to follow. If value is of AuthenticationInstruction type, it is an instruction to be executed, if it is of AuthenticationResult type, it is the authentication result. |
Step 5: Preparation of the instruction handling page
If an instruction was returned in the previous step, the page displayed in this step must allow:
- To set up a listener for the type of event returned by the iFrame, which will trigger a POST to the merchant server with the instruction result (see step 15 ).
- To create a hidden or visible iFrame (see steps 6 and 7 ).
Step 6: Creation of an iFrame
The instruction received in step 4 is as follows:
{
"instructionType": "FORM",
"name": "CHALLENGE",
"timeout" : "15",
"target": {
"element": "IFRAME",
"visible": true,
"width": 400,
"height": 400,
"_type": "V4/PCI/Charge/Authenticate/InstructionTarget"
},
"http": {
"method": "POST",
"url": "https://acs.sg.com/1.0.2",
"headers": {
"Accept": "text/html"
},
"body": {
"termUrl": "https://pass.sample-acs.net/v1/notify/threeds/v1/pares",
"MD": "eJwljEmSokAAAL8yd2O6imLVCA+oINAKCLLekALZd2ggePz0dF/ylJnEB/xAG8GQLLcRiKRoZgtWnHtkwniZfw2qontZg4mvIv2SrOOGIMERCDJ/CHSg2QMkNpqEcNt/52iDEP1/bdVYFFsyDM0BgKIOgyKp++HAQQ6CKcD93yZYyqgawK/4A6VlbYPzWv0OZu3Gj04+rf6LMlQP8db81Tm7JXBxyrM3cKIYaV7GedZVQdLkWAo6W+ufqbUMjQxLQvkUIG8k384FpmsJfG2fQ0qzI3rulyLFqkPMYD9No8B48rkcrmI59ar3Yk29l6k8EQJPDlc9p+OqPzuxhul33WZx2TvmyNBxswb2U9OmCHFhelH8WI6e3nV2xVACYrHwadbjVpKbxxjWjywfgi7EK3ZWGTMnsSl2baxnlWKWhmXuqpOXX2JBhDDUebZccWyNOagnJHKm+kgz//4OF8oyrWig5hIAw1LL7jNTTkiw76DgJDl2VXKxGc4h0O1W9e4k1b4LPeRfzsh6H4//ANdloIQ=",
"paReq": "eJxVUslu2zAQ/RVBd5mLLZk2RgzSBlkOCYLGPqSXgss4VmNJDkkHdr4+pKosPXHezPDN4xvC2bHdZa/ofNN3dc4mNM+wM71tuqc6X68uC5FnPqjOql3fYZ2f0OdnElZbh3jxgObgUMIteq+eMGtsnf8RSghqDS0st7yY0WpeaKNZoamwrFpQzSvMJdyf/8IXCeNoGSdPOJAPGCmd2aouSFDm5cfNnWTVdC6AjAhadDcXkvHprKyA/EPQqRblrRpu2hX6AGRIgekPXXAnyUsK5APAwe3kNoS9XxLSjrcmpm+BpAqQLw33hxT5yHRsrFRv9vlxuq0e//6+Ut3O6XV4sFeXpb5e10BSB1gVUHLKBOO0yhhflvMlZUCGPKg2SZDllEY5I4B9mnH+vfI9A9FpFzdzkotkwycCPO7jYmJHdO8zBovexBeMx5f8n9fJUBOSdxsurFa0VJrPNqg0ZTjb2LnhJU8+D02JvoleMUEXA38CQBINGTdIxu3H6L9f8Q7HNMYj"
},
"_type": "V4/PCI/Charge/Authenticate/HttpRequest"
},
"_type": "V4/PCI/Charge/Authenticate/AuthenticationInstruction"
}
The different properties of the iFrame to be created can be found in the target element:
"target": {
"element": "IFRAME",
"visible": true,
"width": 400,
"height": 400
}
If it must be visible ( value.target.visible attribute set to true ), create the iFrame with these parameters (using width and height ) and display it, or create a hidden iFrame.
Handling the iframe display timeout
It is also necessary to manage the maximum display time of the iframe if the value.timeout attribute is present in the instruction (timeout defined in seconds). To do so, it will be necessary to allow to trigger an event of LYRA_AUTH_INSTRUCTION_RESULT type populated as follows:
{
eventName: 'LYRA_AUTH_INSTRUCTION_RESULT',
value: {
name: "Add here the instruction name you have received in the answer",
value: 'TIMEOUT',
protocol: "Add here the protocol object you have received in the answer"
}
}
Example of implementation:
function createInstructionIframe(instruction) {
// Get instruction container element
container = document.getElementById('instructionContainer');
// Clean instruction container
container.innerHTML = '';
// Create iframe element
var iframe = document.createElement('iframe');
iframe.id = 'instructionIframe';
iframe.name = 'instructionIframe';
iframe.src = 'about:blank';
iframe.style.width = instruction.value.target.width+"px";
iframe.style.height = instruction.value.target.height+"px";
iframe.style.visibility = instruction.value.target.visible ? 'visible' : 'hidden';
// Handle timeout
if(instruction.value.timeout){
setTimeout(() => {
const instructionResultTimeout = {
eventName: 'LYRA_AUTH_INSTRUCTION_RESULT',
value: {
name: instruction.value.name,
value: 'TIMEOUT',
protocol: {
name: instruction.protocol.name,
version: instruction.protocol.version,
network: instruction.protocol.network,
challengePreference: instruction.protocol.challengePreference,
simulation: instruction.protocol.simulation
},
},
};
window.postMessage(JSON.stringify(instructionResultTimeout), '*');
}, instruction.value.timeout * 1000);
}
// Add iframe to container
container.appendChild(iframe);
// Create form to post
var form = document.createElement('form');
form.id = 'instructionForm';
form.name = 'instructionForm';
form.target = 'instructionIframe';
form.method = instruction.value.http.method;
form.action = instruction.value.http.url;
form.style = 'visibility: hidden';
// Create form body
Object.keys(instruction.value.http.body).forEach(function (name) {
form.innerHTML += '<input name="' + name + '" value="' + instruction.value.http.body[name] + '">';
});
var body = document.createElement('form');
// Add form to container
container.appendChild(form);
// Triger form submit
form.submit();
}
Step 7: Form submission
Once the iFrame has been created, it must be filled with a form following the instructions of the ‘http’ tag:
"http": {
"method": "POST",
"url": "https://acs.sg.com/1.0.2",
"headers": {
"Accept": "text/html"
},
"body": {
"termUrl": "https://pass.sample-acs.net/v1/notify/threeds/v1/pares",
"MD": "eJwljEmSokAAAL8yd2O6imLVCA+oINAKCLLekALZd2ggePz0dF/ylJnEB/xAG8GQLLcRiKRoZgtWnHtkwniZfw2qontZg4mvIv2SrOOGIMERCDJ/CHSg2QMkNpqEcNt/52iDEP1/bdVYFFsyDM0BgKIOgyKp++HAQQ6CKcD93yZYyqgawK/4A6VlbYPzWv0OZu3Gj04+rf6LMlQP8db81Tm7JXBxyrM3cKIYaV7GedZVQdLkWAo6W+ufqbUMjQxLQvkUIG8k384FpmsJfG2fQ0qzI3rulyLFqkPMYD9No8B48rkcrmI59ar3Yk29l6k8EQJPDlc9p+OqPzuxhul33WZx2TvmyNBxswb2U9OmCHFhelH8WI6e3nV2xVACYrHwadbjVpKbxxjWjywfgi7EK3ZWGTMnsSl2baxnlWKWhmXuqpOXX2JBhDDUebZccWyNOagnJHKm+kgz//4OF8oyrWig5hIAw1LL7jNTTkiw76DgJDl2VXKxGc4h0O1W9e4k1b4LPeRfzsh6H4//ANdloIQ=",
"paReq": "eJxVUslu2zAQ/RVBd5mLLZk2RgzSBlkOCYLGPqSXgss4VmNJDkkHdr4+pKosPXHezPDN4xvC2bHdZa/ofNN3dc4mNM+wM71tuqc6X68uC5FnPqjOql3fYZ2f0OdnElZbh3jxgObgUMIteq+eMGtsnf8RSghqDS0st7yY0WpeaKNZoamwrFpQzSvMJdyf/8IXCeNoGSdPOJAPGCmd2aouSFDm5cfNnWTVdC6AjAhadDcXkvHprKyA/EPQqRblrRpu2hX6AGRIgekPXXAnyUsK5APAwe3kNoS9XxLSjrcmpm+BpAqQLw33hxT5yHRsrFRv9vlxuq0e//6+Ut3O6XV4sFeXpb5e10BSB1gVUHLKBOO0yhhflvMlZUCGPKg2SZDllEY5I4B9mnH+vfI9A9FpFzdzkotkwycCPO7jYmJHdO8zBovexBeMx5f8n9fJUBOSdxsurFa0VJrPNqg0ZTjb2LnhJU8+D02JvoleMUEXA38CQBINGTdIxu3H6L9f8Q7HNMYj"
},
"_type": "V4/PCI/Charge/Authenticate/HttpRequest"
}
- The method property indicates the HTTP verb to be associated with the form.
- url indicates which server is targeted by the form action.
- The HTTP request headers in headers .
- The form parameters in body (e.g. termUrl, MD and paReq).
Once the form has been generated and placed in the iFrame, all you need to do is trigger it when the page is loading.
In case the timeout configured in the iframe creation code is triggered, the event of LYRA_AUTH_INSTRUCTION_RESULT type will be captured by the listener described in step 15 . This will allow to continue the process and to have a final result.
Steps 8 to 14: User authentication
Once the form has been posted, the code of the issuing bank will take over the process to allow secure authentication (silent or interactive). At the end of this step, the LYRA_AUTH_INSTRUCTION_RESULT event will be issued from the iFrame to indicate the end of the process. Example:
{
"eventName": "LYRA_AUTH_INSTRUCTION_RESULT",
"value" : {
"value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
"name": "CHALLENGE",
"protocol": {
"name": "THREEDS",
"version": "2.1.0",
"network": "VISA",
"challengePreference" : "NO_PREFERENCE",
"simulation": "false"
}
}
}
Step 15: Retrieval of the JavaScript event emitted in step 14
In order to interpret the LYRA_AUTH_INSTRUCTION_RESULT event, it is necessary to implement a listener on the main page. It must be capable of parsing JSON code and must be written as follows:
window.addEventListener('message', function (messageEvent) {
var data = messageEvent.data;
try {
var messageData = JSON.parse(data);
if (messageData.eventName === 'LYRA_AUTH_INSTRUCTION_RESULT') {
try {
// callback call with messageData.value content
container = document.getElementById('instructionContainer');
var form = document.createElement('form');
form.method = 'POST';
form.action = "https://myhost.com/payment/authentication/result.php";
form.style = 'visibility: hidden';
form.innerHTML += "<input name='messageData' value='" + data + "'>";
var body = document.createElement('form');
container.appendChild(form);
form.submit();
} catch (err) {
// error callback call
} finally {
// always close the iFrame/popin
container = document.getElementById('instructionContainer');
container.remove();
}
}
} catch (err) {
// process eventual exceptions during callbacks
}
}, false);
After that, you must return this data to the merchant server.
Step 16: Returning the instruction result to the merchant server
Once the instruction result is retrieved on the merchant server side, it must be sent via a new call to the PCI/Charge/Authenticate service. The instructionResult object must be added to the initial request:
{
"amount": 1230,
"currency": "EUR",
"transactionCategory": "PAYMENT",
"productType": "GOODS_OR_SERVICE_PURCHASE",
"merchant": {
"mid": "1234567"
},
"paymentForm":{
"pan": "4970110000000013",
"expiryMonth": "02",
"expiryYear": "24",
"networkPreference": "VISA"
},
"device": {
"deviceType": "BROWSER",
"acceptHeader": "application/json",
"ip": "89.249.65.28",
"javaEnabled": true,
"language": "en",
"colorDepth": "1",
"screenHeight": 1024,
"screenWidth": 768,
"timeZoneOffset": 0,
"userAgent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0"
},
"protocolRequest": {
"name": "THREEDS",
"version": "2",
"challengePreference": "NO_PREFERENCE"
},
"id": "c82794e9-9c20-44a8-9297-b70e1e7c4006",
"instructionResult": {
"name" : "CHALLENGE",
"protocol" : {
"name" : "THREEDS",
"version" : "1.0.2",
"network" : "VISA",
"challengePreference": "NO_PREFERENCE",
"simulation": false
},
"value": "eyJhbGciOiJIUz..."
}
}
/**
* I initialize the PHP SDK
*/
require_once __DIR__ . '/vendor/autoload.php';
require_once __DIR__ . '/keys.php';
require_once __DIR__ . '/helpers.php';
/**
* Initialize the SDK
* see keys.php
*/
$client = new Lyra\Client();
/**
* I create a formToken
*/
$store = array("amount" => 250,
"currency" => "EUR",
"orderId" => uniqid("MyOrderId"),
"customer" => array(
"email" => "sample@example.com"
));
$response = $client->post("V4/Charge/CreatePayment", $store);
/* I check if there are some errors */
if ($response['status'] != 'SUCCESS') {
/* an error occurs, I throw an exception */
display_error($response);
$error = $response['answer'];
throw new Exception("error " . $error['errorCode'] . ": " . $error['errorMessage']);
}
/* everything is fine, I extract the formToken */
$formToken = $response["answer"]["formToken"];
?>
Step 17: Receiving the response from the payment gateway server
As in step 4 , the merchant server receives a new response, which can either be final ( AuthenticationResult ) or request a new instruction ( AuthenticationInstruction ). In the latter case, the flow resumes at step 5 . Here is an example of the final message:
{
"answer": {
"id": "c82794e9-9c20-44a8-9297-b70e1e7c4006",
"protocol": {
"name": "THREEDS",
"version": "1.0.2",
"network": "VISA",
"challengePreference":"NO_PREFERENCE",
"simulation":false
},
"value": {
"authenticationId":{
"authenticationIdType":"xid",
"value":"c82794e99c2044a89297b70e1e7c4006",
"_type": "V4/PCI/Charge/Authenticate/AuthenticationId"
},
"status": "SUCCESS",
"authenticationType": "CHALLENGE",
"authenticationValue":{
"authenticationValueType": "CAVV",
"value": "FsXD4Ox0VEI2MseoR0VhN5pX952I",
"_type": "V4/PCI/Charge/Authenticate/AuthenticationValue"
},
"commerceIndicator": "05",
"extension": {
"enrolled": "Y",
"algorithm": "2",
"signatureValid": true,
"_type": "V4/PCI/Charge/Authenticate/AuthenticationResultExtensionThreedsV1"
},
"_type": "V4/PCI/Charge/Authenticate/AuthenticationResult"
},
"_type": "V4/Charge/AuthenticationResponseData"
}
}
Step 18: The merchant server resumes operations
If the previous response is a final result, the merchant server must analyze the status of the result (‘value.status’ property) in order to resume the operation in progress (e.g. authorization if ‘SUCCESS’ of end of payment or card registration if ‘FAILED’ …).
Appendix
Example: v1 3DS authentication with ACS authentication
- An initial call to the PCI/Charge/Authenticate service with a card enrolled to v1 3DS.
- A return with a CHALLENGE instruction of redirection to the ACS with a paReq (visible iFrame).
- A redirection to the ACS in the iFrame, cardholder authentication.
- A return via the browser with an instruction result.
- A new call to the PCI/Charge/Authenticate service by transmitting this result.
- A return of the payment gateway server with the final authentication result.
Example: v2 3DS authentication with ACS authentication
- An initial call to the PCI/Charge/Authenticate service with a card enrolled to v2 3DS.
- A return with a FINGERPRINT instruction (3DS Method).
- A redirection to the ACS in the invisible iFrame, loading and execution of the JavaScript code of the ACS fingerprint.
- A return via the browser with an instruction result.
- A new call to the PCI/Charge/Authenticate service by transmitting this result.
- A return of the payment gateway server with a CHALLENGE instruction of redirection to the ACS with a CReq (visible iFrame).
- The instruction has occurred (redirection to the ACS with a CReq and user interaction).
- The browser return is an instruction result: new call to the PCI/Charge/Authenticate service by transmitting this result.
- The server return is the final result of the authentication.
Glossary
| 3DS Method | JavaScript code of the ACS executed in the Buyer’s browser for the purpose of making fingerprints. |
| 3DS Requestor | The requestor upon 3DS authentication, usually the Merchant or their payment gateway. |
| 3DS Server | 3DS Server. Component of the 3DS Requestor domain that initiates the 3DS v2 process and communicates with the DS or the ACS during transaction authentications. It facilitates the interaction between the 3DS Requestor and the DS. |
| ACS | Access Control Server. Component that checks whether authentication is available for a card number and authenticates specific transactions. |
| Application 3DS Requestor | Application on the Buyer’s mobile device that can process a 3DS transaction thanks to the use of 3DS SDK. The application is available by means of integration with 3DS SDK. |
| Challenge | Interactive authentication phase between the Buyer and their bank (ACS). |
| CReq | v2 3DS request message of cardholder authentication, sent to the ACS. |
| DS | Directory Server. Component that maintains the list of intervals for cards with possible authentication allowing MPIs / 3DS Servers / ACS to communicate with each other during authentications. |
| Fingerprinting | Corresponds to getting a fingerprint. Unique Buyer identification using browser data. |
| MPI | Merchant Plug-In. Component that initiates the v1 3DS process and communicates with the DS or the ACS during transaction authentications. |
| paReq | v1 3DS request message of cardholder authentication, sent to the ACS. |
| SDK 3DS | 3D Secure development kit. Software component included in a 3DS Requestor Application. |
List of supported protocols
| Protocol | Version |
|---|---|
| 3D Secure | 1.0.2 |
| 3D Secure | 2.1.0 |
| Procesos Diners | 1.0.0 |
Test cards
The test card reference page can be found here .
