Cardholder authentication service (simple mode)
Presentation
The purpose of the Web Service PCI/Authentication/CreateSession is to authenticate the payment cardholder using the authentication protocol supported by the payment method.
The service authenticates the cardholder and returns the authentication information at the end of the process.
Supported protocols
| PROTOCOL | Version |
|---|---|
| 3D Secure | 2.1.0 |
| 3D Secure | 2.2.0 |
Other authentication protocols may be added to this list.
General principle
The service adopts an operating principle that ignores the underlying protocol to provide a unique integration experience, and not integration by protocol.
1. Add , the JavaScript library , to your site: kr-authenticate.umd.js
2. Call the Web Service PCI/Authentication/CreatePayment to create an authentication session.
3. , Initialization , of the JavaScript library by passing , the url , : operationUrl
- This url is generated when the authentication session is created.
4. Executing the JavaScript library
The JavaScript library is responsible for executing all the actions required for authentication. It interacts with the ACS , the cardholder's bank's authentication server.
There are several authentication options, such as :
- 3DS2 - Frictionless Authentication, without the 3DS Method
- 3DS2 - Frictionless authentication, with the 3DS Method
- 3DS2 - Challenge authentication, without the 3DS Method
- 3DS2 - Challenge authentication, with the 3DS Method
More info: Tests and use cases.
5. Analyze the authentication result from the notification: Instant Authentication Notification (IAN).
- The IAN is a server-to-server notification of the authentication result.
Managing timeouts
The duration of the payment session is set at 10 minutes. At the end of this time, use the authentication session identifier with the Web Service PCI/Authentication/GetSession to obtain the authentication result ( recommended ).
Detailed flowchart
The following diagram details a generic payment scenario with authentication: initial call to the service, creation of a session identifier, interaction with the ACS, final authentication result and end of payment.
CLIENT
Browser
iFrame
Merchant server
Payment gateway server
Remote server (e.g.: ACS)
Glossary
| 3DS Method | JavaScript code of the ACS executed in the Buyer’s browser for the purpose of making fingerprints. |
| 3DS Requestor | The requestor upon 3DS authentication, usually the Merchant or their payment gateway. |
| 3DS Server | 3DS Server. Component of the 3DS Requestor domain that initiates the 3DS v2 process and communicates with the DS or the ACS during transaction authentications. It facilitates the interaction between the 3DS Requestor and the DS. |
| ACS | Access Control Server. Component that checks whether authentication is available for a card number and authenticates specific transactions. |
| Application 3DS Requestor | Application on the Buyer’s mobile device that can process a 3DS transaction thanks to the use of 3DS SDK. The application is available by means of integration with 3DS SDK. |
| Challenge | Interactive authentication phase between the Buyer and their bank (ACS). |
| CReq | v2 3DS request message of cardholder authentication, sent to the ACS. |
| DS | Directory Server. Component that maintains the list of intervals for cards with possible authentication allowing MPIs / 3DS Servers / ACS to communicate with each other during authentications. |
| Fingerprinting | Corresponds to getting a fingerprint. Unique Buyer identification using browser data. |
| SDK 3DS | 3D Secure development kit. Software component included in a 3DS Requestor Application. |
| IAN | Server-to-server notification of authentication results (Instant Authentication Notification). |
| operationUrl | Url sent to authentication script initialization methodkr-authenticate.js. |
| operationSessionId | Unique identifier for the authentication session. |
