3D Secure 1
In this section you will learn how to process a 3D Secure 1.0 authenticated transaction
PXP Exemption Engine - Coming soon
PXP will be further enhancing the 3D Secure Service to also include information to merchants about possible exemptions that could be utilised on a per transaction basis. This will be a future enhancement within the scaDetails object as shown below.
PXP will notify merchants once this becomes available.
Overview:
Above is an overview of the 3D Secure 1.0 Flow & transaction processing (being invoked by the merchant)
Above is an overview of the 3D Secure 1.0 Flow & transaction processing (being automatically handled by PXP)
STEP 1: Check the 3DS 1.0 Enrollment Status of a Card
clientSystemTransactionId
The clientSystemTransactionId should be unique per transaction, but maintained for the entire end to end 3D Secure process detailed in STEPS 1-4
An example of a 3D Secure Enrollment request message can be seen below:
{
"merchantId": "PXP",
"storeId": "PXP000000001",
"userId": "PxpUser1",
"type": "ecom.sale",
"amount": "10.00",
"currencyCode": "GBP",
"clientSystemTransactionId": "UniqueReference1",
"isAutoAuthorisationRequired": "true",
"details": {
"providerMerchantId": "12345678"
},
"accountDetails": {
"cardNumber": "4111111111111111",
"expiryDateMonth": 12,
"expiryDateYear": 25
},
"storedCredentialDetails": {
"cardOnfileIndicator": "cardDetailsStoredFirstTime"
},
"addressVerificationDetails": {
"address": "5",
"zipPostalCode": "123",
"countryCode": "GBR"
},
"scaDetails": {
"scaPolicy": "1",
"scaExemption": null
}
}
{
"merchantId": "BDD",
"storeId": "BDD500000005",
"userId": "BDDTest",
"type": "ecom.sale",
"amount": "10.00",
"currencyCode": "GBP",
"clientSystemTransactionId": "UniqueReference1",
"isAutoAuthorisationRequired": "true",
"details": {
"providerMerchantId": "12345678"
},
"accountDetails": {
"tokenId": "13c45dc2-56ec-4d7f-a966-50b6c3e93b37"
},
"storedCredentialDetails": {
"cardOnfileIndicator": "cardDetailsStoredFirstTime"
},
"addressVerificationDetails": {
"address": "5",
"zipPostalCode": "123",
"countryCode": "GBR"
},
"scaDetails": {
"scaPolicy": "1",
"scaExemption": null
}
}
{
"merchantId": "BDD",
"storeId": "BDD500000005",
"userId": "BDDTest",
"type": "ecom.sale",
"amount": "10.00",
"currencyCode": "GBP",
"clientSystemTransactionId": "UniqueReference1",
"isAutoAuthorisationRequired": "true",
"details": {
"providerMerchantId": "12345678"
},
"accountDetails": {
"cardTokenizedNumber": "9946000000000090483",
"expiryDateMonth": 12,
"expiryDateYear": 25
},
"storedCredentialDetails": {
"cardOnfileIndicator": "cardHolderInitiatedCardOnFile"
},
"addressVerificationDetails": {
"address": "5",
"zipPostalCode": "123",
"countryCode": "GBR"
},
"scaDetails": {
"scaPolicy": "1",
"scaExemption": null
}
}
{
"merchantId": "BDD",
"storeId": "BDD500000005",
"userId": "BDDTest",
"type": "ecom.sale",
"amount": "10.00",
"currencyCode": "GBP",
"clientSystemTransactionId": "UniqueReference1",
"isAutoAuthorisationRequired": "true",
"details": {
"providerMerchantId": "12345678"
},
"accountDetails": {
"cardNumber": "Z8P+iPI8X4PTyOPQRbUOozDWqExFYaPkXgx6P51MLBc0SRAbYKA35UNiHw9TucgHV1XXTkIiwSDDu5mcJiJjAcUAq51+ybzPH/DB+DVNlkLn7ABaDudkHncRUhKruuWSnNl2OMTOs3C6XzYAB+zLi3hpBAHc7nCJxcQ35nungx0=",
"expiryDateMonth": 12,
"expiryDateYear": 25
},
"encryptionDetails": {
"encryptionType": "rsaTwoFourZeroEight",
"encryptionId": "13c45dc2-56ec-4d7f-a966-50b6c3e93b37"
},
"storedCredentialDetails": {
"cardOnfileIndicator": "cardDetailsStoredFirstTime"
},
"addressVerificationDetails": {
"address": "5",
"zipPostalCode": "123",
"countryCode": "GBR"
},
"scaDetails": {
"scaPolicy": "1",
"scaExemption": null
}
}
isAutoAuthorisationRequired element
If isAutoAuthorisationRequired is included and set to true, PXP will automatically analyse the 3D Secure response at STEP 3 and perform the authorisation to the acquirer (STEP 4) on the merchant's behalf. In this scenario, the response you receive in STEP 3 will be an authorisation response and STEP 4 will not be applicable
Note: If the card is NotEnrolled for 3D Secure 1.0, then a "NotEnrolled" response will be received and automatic authorisation will not be invoked. If the merchant wishes to continue, then they may do so by sending in a transaction request directly to the Transaction Service at their discretion
An example of a 3D Secure Enrolment response message can be seen below:
{
"state": "Enrolled",
"cardType": "card.visa",
"accountDetails": {
"tokenizedCardNumber": "9997000000005071111"
},
"threeDSecureDetails": {
"threeDSecureVersion": "1.0.2",
"mpiSessionId": "2162d575-d25a-44d7-87b4-68046426c815",
"accessControlServerUrl": "https://api.test.kalixa.com/WebMockProviders/CreditCards/3DSecure/ThreeDSecureAuthentificate.aspx?processingMode=Automatic&useStoredCertificate=false",
"paReq": "eNpdUk1zgjAQ/StM7pIEFdFZ4tDiTD3oMK2HXpmQKo4EhFDpv+8Goa097GTfZrMf7wXWXXFxPlXd5KUOCXcZcZSWZZbrY0ha8zEJiNOYVGfppdQqJLokawGHU61U/KZkWysBO9U06VE5eRaSaOLNGRqf8MD35t6CCEiiV3UVMHQR2MT1gI4Qn9fylGojIJXXp+1ezPzlYhoAHSAUqt7Gwg/4cskwfIeg00KJ5D3hQHsXZNlqU3+JwPOBjgDa+iJOxlQrSm+3m1t11aQpL63B1o0rywKozQD6O0XSWq/Bil2eiV0c3R5tM9uft3x3liFQmwFZapTwGA9YMOUOn63YfMWnQPs4pIUdRXDmMoY73RFUtkk0XtmbvxFAYmvUYVxmRKC6CmXADCTwx4dMNRJXGI7f+Z9fLKfSIF37eNPtDv+tXym0TPdJtnyOpKF89/oWALVl6CAiHcRG7+ETfANFZL/y",
"merchantData": "4q7YszjQRU7OR7ZNyWcKJ0xUP8WuC6sxn7ReAC1HZEzwGltoAzBsit2oYkioIsiKv+Gw0AjijDk="
},
"scaDetails": {
"scaExemptionEngineResult": "noExemptionAvailable"
}
}
{
"state": "Enrolled",
"cardType": "card.maestro",
"accountDetails": {
"tokenizedCardNumber": "9997000000005071111"
},
"threeDSecureDetails": {
"threeDSecureVersion": "1.0.2",
"mpiSessionId": "c088aa00-3ada-4a0d-95e2-3690d6ccf0bf",
"accessControlServerUrl": "https://api.test.kalixa.com/WebMockProviders/CreditCards/3DSecure/ThreeDSecureAuthentificate.aspx?processingMode=Automatic&useStoredCertificate=false",
"paReq": "eNpVUk1zgjAQ/SsMd0mCYtFZ4tjamXoQseVQj0xIFUcCQijqr+9Goa2HTPbtbvbjvcDsnB+tb1nVWaECmznUtqQSRZqpXWA3+mvg21atE5Umx0LJwFaFPeMQ7yspFx9SNJXksJJ1neyklaWBPR+4HsXDBsz3xkNvZHOI5u/yxKHrwrGJ4wLpIT6vxD5RmkMiTs/LkHtD98nzgHQQclktF3zss8mE+kDuEFSSSx59RgzIzQRRNEpXF+67YyA9gKY68r3W5ZSQtm2d8lwO6uLYaGxdO6LIgZgMIH9TRI2xaqx4zlK+Wszbx/M6CuPtNYw3ARCTAWmiJXcp86nvDi3Gpp47ZTj/zQ9JbkbhjDqU4k53BKVpMu9DJvLfA0hshTr0y/QI5LlEGTADCfy1IZW1wBW662/+lzfDqdBIV3gQbB1v6TreXcLD5rpebNiqDQLD8i3BlM6QMJTuXtsAIKYE6QQkndBoPXyAH1Lzvqk=",
"merchantData": "UAzthFdLf4Lt88RbOzMQ/MDZfbWZH5sqrAySPaBpZdpSr/rVSRivH4fyasPCM8wYz7uaZipsOr0="
},
"scaDetails": {
"scaExemptionEngineResult": "noExemptionAvailable"
}
}
{
"state": "Enrolled",
"cardType": "card.mastercard",
"accountDetails": {
"tokenizedCardNumber": "9997000000005071111"
},
"threeDSecureDetails": {
"threeDSecureVersion": "1.0.2",
"mpiSessionId": "e2395c52-e00f-49f1-b35f-8d59e32b6f12",
"accessControlServerUrl": "https://api.test.kalixa.com/WebMockProviders/CreditCards/3DSecure/ThreeDSecureAuthentificate.aspx?processingMode=Automatic&useStoredCertificate=false",
"paReq": "eNpVUsFugzAM/RXEvSSB0dHKpGLrpPVAhTYO2xFB1iJBoCQMtq+fQ2FbD1H8Esd+7zmwG+vK+hSdKhsZ2syhtiVk3hSlPIV2rz9WgW0pnckiqxopQls29o5Deu6E2L+KvO8Eh1golZ2EVRahHa1cn+JiKxb4a8/3bA5J9CIuHOYuHJs4LpAF4vMuP2dSc8jyy8PhyH3Pvfd9IDOEWnSHPV8HbLOhAZArBJnVgidvCQMyhZA3vdTdFw/cNZAFQN9V/Kx1uyVkGAanHduVaqpeY2vl5E0NxGQA+WOR9CZSWHEsCx7vo+F2Pd0d0/fvYxqHQEwGFJkW3KUsoIHrWYxtfbalyH86h6w2VDijDqWo6YqgNU2i5crc/D8BNLbDOSxiFgRibHEMmIEG/sZQCJWjhHn74//4bDzNNdqFdIc4PTCU4M0y/DidJIXG6SnJlC/RNBzftb4BQEwZMg+RzMPG6OYT/AAB9L8T",
"merchantData": "kLZUiYsA/fWaVMOlicPrqRHlRThh/oLqbX0mmBTVB6i8EVnKbdfIgLnpNtVBPS6sJyxiPwAOgqQ="
},
"scaDetails": {
"scaExemptionEngineResult": "noExemptionAvailable"
}
}
{
"state": "NotEnrolled",
"cardType": "card.visa",
"accountDetails": {
"tokenizedCardNumber": "9997000000005071111"
},
"threeDSecureDetails": {
"threeDSecureVersion": "1.0.2"
},
"scaDetails": {
"scaExemptionEngineResult": "noExemptionAvailable"
}
}
{
"code": "4000340",
"details": {
"message": "Unable to verify enrollment status of card"
}
}
PSD2 Exemptions:
Please note that the scaDetails object is not yet available for either the request or response.
PXP will notify merchants once this becomes available.
Enrollment Response State
If the state received in the response is Enrolled, then continue to STEP 2
If the state received in the response is NotEnrolled, then continue to STEP 4 with with a state of "NotEnrolled" in the threeDsecure object.
Please Note:
The {mpiSessionId} and {merchantData} is required later on in STEP 2 and STEP 3 respectively so should be stored for the duration of the process.
STEP 2.1: Authenticate an Enrolled Card via the ACS
Once the Enrollment response has been received, you will be required to create an iFrame and POST the following form data to the accessControlServerUrl obtained from the 3DS Enrollment Response. This will display the card Issuer's Access Control Server where the card holder will be prompted for a password. (Note that MD, PaReq and TermUrl are case sensitive to the ACS)
MD = {merchantData}
PaReq = {paReq}
TermUrl = {URL of Merchants 3D Secure Listener}
The response will be be POSTed from the ACS to the TermUrl (within the iFrame) which was provided above and will be a trigger to continue. This will give the merchant system back control of the iFrame and will enable them to consume the data before continuing.
It is recomended that a "loading" spinner is displayed to the card holder until the authentication or authorisation is completed in STEP 3 / STEP 4.
Below is an iFrame sample showing which data should be posted and to where
<form name="iFramePost" method="POST" action="https://api.test.kalixa.com/WebMockProviders/CreditCards/3DSecure/ThreeDSecureAuthentificate.aspx?processingMode=Automatic&useStoredCertificate=false">
<input name="MD" value="4q7YszjQRU7OR7ZNyWcKJ0xUP8WuC6sxn7ReAC1HZEzwGltoAzBsit2oYkioIsiKv+Gw0AjijDk=" />
<input name="PaReq" value="eNpdUk1zgjAQ/StM7pIEFdFZ4tDiTD3oMK2HXpmQKo4EhFDpv+8Goa097GTfZrMf7wXWXXFxPlXd5KUOCXcZcZSWZZbrY0ha8zEJiNOYVGfppdQqJLokawGHU61U/KZkWysBO9U06VE5eRaSaOLNGRqf8MD35t6CCEiiV3UVMHQR2MT1gI4Qn9fylGojIJXXp+1ezPzlYhoAHSAUqt7Gwg/4cskwfIeg00KJ5D3hQHsXZNlqU3+JwPOBjgDa+iJOxlQrSm+3m1t11aQpL63B1o0rywKozQD6O0XSWq/Bil2eiV0c3R5tM9uft3x3liFQmwFZapTwGA9YMOUOn63YfMWnQPs4pIUdRXDmMoY73RFUtkk0XtmbvxFAYmvUYVxmRKC6CmXADCTwx4dMNRJXGI7f+Z9fLKfSIF37eNPtDv+tXym0TPdJtnyOpKF89/oWALVl6CAiHcRG7+ETfANFZL/y" />
<input name="TermUrl" value="https://anypayqavnapi.pxp-solutions.net/MerchantSystemService/MpiListener/MerchantData" />
</form>
Below is an interactive form that showcases the iFrame Post.
POST the MD, PaReq and TermUrl form data to the accessControlServerUrl obtained from the Enrollment Response
If presented with the 3D Secure Mock ACS screen and prompted for a password, please use "password"
STEP 2.2 Receive the Payer Authentication Response (PARes) from the Access Control Server (ACS)
The ACS will POST the 3D Secure results back to the TermUrl = {URL of Merchants 3D Secure Listener} specified in STEP 2:
The merchant will receive MD = {merchantData} & PARes = {paRes} from the ACS in a URL Encoded format and will need to URL Decode it before submitting in STEP 3:
PXP's 3DS Listener has automatically URL Decoded the data as shown above.
STEP 3: Collect Authentication Results
An example of a 3D Secure Authentication request message can be seen below:
{
"merchantId": "PXP",
"storeId": "PXP000000001",
"userId": "PxpUser1",
"clientSystemTransactionId": "UniqueReference1",
"threeDSecureDetails": {
"mpiSessionId": "2162d575-d25a-44d7-87b4-68046426c815",
"merchantData": "4q7YszjQRU7OR7ZNyWcKJ0xUP8WuC6sxn7ReAC1HZEzwGltoAzBsit2oYkioIsiKv+Gw0AjijDk=",
"paRes": "eNrlWWmPo0iT/iulej96ejgMthm56t1MLmMMNofB8GXFZW6wAYPh12+6qrumuqe1O7MrjTRaS5aTIImM+4kw63/fy+Kpj5o2rauXZ+JX/PkpqoI6TKv45fnWnb+snp/azqtCr6ir6OW5qp///bo2kyaKOCMKbk30ulaitvXi6CkNX57BF5LG0Zf4QqwWBLNinl/XB6BH7dtdtPpPAlG+HviKzvuVXGPfLhGnJki8qntde8EVSuortWCW89Ua+3q5LqNG4l4XK4JhcER+v1xjvz93uD1WLZLqnoavCgeG7788pWY8vefylzX22LEOvS56JXFiha/m+BNB/0YzvxHzNfZGX18e7EBZ3xBvAsfxNfaZskb6N8hc4+uKXKyxj6t1dL8ga6EdSLmP9TqM2gAJ+/Xnd0kvXvWKf/oQ6IMOQtS1eXpdd2n5BwnnSMI3+ho5p7u1r84a+7paB17fvypmTKmTRCqcNqmmNKgTIPbccVS4I9L8bcs6CtJXnEYSot+3p0AR103aJeVD7u8Ja+whCvbmyte1kcYVOqyJnlD4VO3Lc9J1l98wbBiGX4f5r3UTYyRSBMMZDG0I2zT+1/P7U1EoVef6dc16VV2lgVekk9ch3ytRl9Th08eBP2Np6g+uBKbz7BfE9ktAUNWXBwWfE/TzE/ZJrj/D7kcJm9b70iYe8cZJj87Rw5nR01GXXp7/9S1yuTSO2u5/w/6D9TsLyytu0Ssl0NNId7atO/Aa8g6wROiWanAkcOSmzzvX2IdIaP3ZlB9Kv28kKevSYEJ3M5dzgqgnfdkM5sTFyUHeivQRzrDB0XLaO+4Ey4tH2Q3A2VDust2YM/PcpVd5zqbNNFmdK/s+2x22eH9j5O5IU1a6O9SLQTYMYn9K2QOzic+B2h7M9uazebXBjuNBpGgj2EqsAe7sEhS0H6hbB2qWquytZLsh610dXcjcsVeL+uVdkU/Cr+VofNfqROMM53Xe+8q4+VkUdKqHQp5/8cIyrf4jR8Fz934N6vKXJ1Z9+ahJT4A1fnnaH1/ktw1Pkomuvl788rR7sdKoqtDK+FixL8BcYz+e83YwGzVdekaBiqqBIklCybEslNgYDBIEsQQ5Dqgwzq9JnorMgEOgtQLgWJhz/E4BuQiIIw8ThdUs7c5Nj72qhR40YeFeXJu+OSZ/UAD+vu+uiFZZFH5JJ4q2GjjN4SxNk/nB3Tn2/RKJ/J3PgPbOozXZY5f4YkE5BtxaHO8qMHjjA+6KZonJ6NoWfyStTOIFlPmQ00z+rEBcZI2raEj+nNP4LdAdzbH1zrNp4JFC652SZFeqvW+CSBjwO6obpILqx97kJ8UsPEQb32ngg6ZIoqpo7cC+yyvywxYieT70YuFP9dogvWzPtm5+yX+yTW3C/KteJm8oELzzuCtb46t8El8cFd0ZBPDGh+MH4uhttoV71E3XVmLtqJqKvho2mrOVa1dK+kAFWg6FBCauSFz8HDZf7XlzSKZD8p8fsn6yC/LjEQBKVB++TDUZxhpHthgbi+6+V0LoB710Yrl0f8HE/dUVL3l34Emr9OSlTNaSyMY9ZVKnJX2Wic3Yn5JM3ppjNdyjtpYwY7u/RX4SQ5pNTfJKVxV+ljzlTGa6qQwLcg8xOcwPObswY2PLC6HRODEynFQM+eFcyIM+OPJd7oet20o7aSD2cwCigiIicUsWy2CQOKABWFMoUFG8gmoYuIetdNwE2gaDQBoAB/YPe2+0FQTnFVJYYaEHBll721dAVhok4Ejy4ECoHTco3kWWbUVkFwEOCg9R5YMxz6MtczZW+EdcIT+FXKzZEOr+wmY3BGPnMIED5+5uBKtdm16/7zMWDsPbGRmUxCWyPRVD47qlrkSQudRFOtvWMOEMXzeVyNyIqwgL2YC5ycIs+9tz6qTA47ec2n+XU8K29+fafTOB8HP+sxpv86KQ+3Zx08RvvOjMJ0mW1bilRXp7skwyPwP4m/31Fb8zQaOwZbxdgCJJ1Trc6MM+XfXhPJzvys888D4Qu8uOVEefZYiAtMbdBHQYF3GSxzDpExZo/IcvJRT/juQiN/qUFvMqcqTN52r7yLmQhZx72uKe7V4cUsBdE7Iwjh8+FaAWoPjXHr3DoMS/x4ACZHFbJni4AYvdyCDpgtt3NcNgBo/MkYwMOkOld3Nrck9Sj3zsv+lqAD52lSF2wRA7uAiNRzxpEN3nFBb/FF8SFFLhf7bDHPaIlkXGajh+khPV5UHPgCMkguvPrVESmdElhZt3UpNQLHpkew7EPBTTy94fIZJVSD0UC+Emjx1bzdwTxF1bayVRaH0Wjp4dIlmUOCgf+mxJdO8RR59qC7+DGuBixBMI4pI0ldCGrcVybN+aGDoqO7GJQTZVaxsFrtucusrUmaL6yblwyoxrdidrfxx6zg35nb71w6PT62fCEykjhrs+GO+TjqvzC18YVTe3jwmnuQc997daPGMnHUYZvqTpVXer71g0HVyTzrRu7wt6saV8ys2xldiw8W7P8qI8LU5RaUHSY5R2vtpazbzcJtoSO1T15A2kfagYatYWTXwrLAFo54TmsIuEWzpNyq15CDOa5XalGG368GokfLDx81l5ON8oSQbL+3ahuDqLJ6WzYjMqiDbHDX1alprBhgmNDW2wk9hcKpfTOfHjMezGWt6QNMdct02q5uLdjU6OedP3sxkK7E3kM6q+v7AL5eUdnj+j8U/hGXvA8974Bs9bcOhObr30PFG9/Vji2eEIUOjt/37oCgZB+wZd9HfQdSyZPuT+LzANaJXb/gDT7zSkq/b365oPwvBV1zv8A0xLqCr9NaiWoJT92HLxAgB7VPpW4HGfjeVHGQStw8OCwnJKcXP/mu2FW7Tf1MPi4G729YStMmITsXpPCicvnl+98Bgxx/4EJokZ2QaBCFVQk2dfd47st/FGKQ46Qx2V8yzk9lQkCExA0gwenawb2eZObbaGOcbRlIsxUbVhoi1SLlfFpdcLXG1kF3q56CMDLJQcGQsuk8NkzwX/TN+C2VWZk1ks+ctZGNI6cSkOm1XFX5lFct2llqfsK8wVDmyaj2Hg0zwla54kOH6SQOWiFnOeX+wbTlG18kQbqTbG93h2CRNFNytBT7eXQ3qpx4UnzPmrWyin7ew6x+LRmR0i2wi322QRD9qA7ea9FmE1uSCqCWPMsD+thKkt6ptqz1Pg3vkq6ZbR6lNrYU2otSiUgRs+txbHAQw8xKY/thdAcx5+fuzdQ+jwgowmwMYa1SrNE8Y9cQcTN9Jb4JNLG8Xq8h0yFD72EWT4LBDYSlzutWBzvrJZxaKaVuuzVVBDewNrRzxeJFH/x+ezg+qWCfpvrYHMgVJhjVi6gjhJ6D/ZGqwG/nvohyhJHpDHKghiWZsVDSCKMx6NL5oWCcmdQ3wKv9JiDbUUCCJLBN8IKo+xdrJwD8Gnd9Jphdc+QTTiycWD+tbGfLQNA6id2tvoeMDV/Q7JGI70d/mLILvxUJvgk/eLM8/78KQWQakmu4mF5XscxagtNN9qFRorYHx8bzNR+xdPoPt0FotsmPyVsxThcwsrsQrvDCJ0dNtGrVQK+6AME78sJuekX3ySGt4wRK+vZrmKkX0Spyzahx1QW5A5pDWEopXvWIh8MKDWoKiQLJOEfP9oy8LSyn+GN4BCPDVgeYFBY6YAyEV+u42DpfkuzTVkvLrN6kTY9xzV2oRukzMwqDM5me2qxk3uxRRfF8q8SwiRkaXUbOVDPxYZ0StLonO34hDmWhTuKDcgXN7vZAdE2j0Xy2NGJboQXu+7mbBfnf1pI5mi4MbeWJcVtbAarAiYiWHIc4/nDuBWVDadCLMWlitarOLDcuDi3ZTum92RzXCczNgYl2PVyK9mvN2lk0OoeoJVK0Em51vjeGbPk+GfT4tq39Bme71GinaYn6+nHU34MG+mUdlMfC17smDf8kCaHU8n/wxImU0qVmC4MRhVLZlNdnW/lbG2NLtbNXO59njhWWEOcpIOd3cXhLMLpU58rl9ZYmut0j/ZIvSobEE5+pjgUbr9dIL/Z08b+LBJAlUxA5Si/Khw8bTnlMF+0LI32vBBy/75uqLOO/35BI9KHEpkdF8G9SP1OM7LXeizBxpNmqwBooZk+/x4XqinkqOFCnYXre0mNMp3i3srZemirs07PEm20l8sPF5u0w4nqkVdSVwJtWaYog4sdUas/InWr3HAtrVy7ZvQ9hWHVRf0/F5czlclV+FIAI86CYy6KHK44TJdIdyu34QpMba45WRapGHqdT/I6vneVmNLEstsli4b7+CQ01TfHI7xF8FYzA9BGY3zW0zvpz4ObtvI7uRGrU67fNfn3uxGnBetGS70/gDLPmNiZidSLmVlaIrxZoxLsYMsR7lBTZA09UVd9iA5XA9cPbeZOTUaFG6SWnu/jNWF59VwCzWpOSX+VKVyIokeGdXHpDS4yfWZYGltZxZ1BzECRyBmcSzlKMdY1CQc3iFMeYd/E01cqD1QAPX+L8GjRRhQj4ZyEGYPPz9aBYoXUFMoB35LwyGc1fI+2A3eLdks72MsOAGP2oD27XlpMGCLIKOVwH+zX0xi18hjFz3nUHd2Atv3WHRMkAvHTzEr/Rz+g5/GPZso4jf4V3Rp4N//hdrxQ/Et7mMD5Y8wAeudj2JyhV6j6bHQBbVwRmj4JIP/lbb3MVkqkP8OutHk/LAfgBO4fP8PAM5voOO9tR4/TvkGhOFJr/359jHtDvrnf3g0nt9z4DH1/w6TE2CTNPkLkzgzPnRzSP7/19TP3o+7Cu8OLnOiV5a9uOjXiJtMAH35tLJZAx6z/XhINynV4YY14eVMphbRZMcsbghdNL9sz0Ls154WSQu8Hq/G5dZrTVlgMPPKqtwo/ezaK7ueUoi+uM5zJ5H2IRTFfW2db8sGVokx1QjMbNGjxdaLDwaYqrhTr6NksKKf3u6zQq2PWquotiHJzoZb7nh6VS8vLpzhxnJXqC60eb2NYgX39bK9cN11i+eyEZJXRsFMDDuqE4vfmq2ced6yO8+vNFnY6gHn5WvWGEm2mTV7u2VuE5yb4m6W1A02L69sb3gSPo+d8DiKOyegS6mZqQKxKIP92J1rqRtW3nTKpnirBjXj7y45FVYXNl0SK/CzqR/7/cUA9vGy4PfXCG8vA99eRz5eWX1+TflfkAiClQ=="
}
}
isAutoAuthorisationRequired
If this was set to true in STEP 1, then PXP will analyse the 3D Secure state on the merchant's behalf and automatically proceed for authorisation with the 3D Secure data if Authentication was achieved / attempted and return a Card Transaction Response. In this scenario, the transaction is now complete and STEP 4 is not required.
This applies to the below states:
Authenticated
Attempted
Unavailable
An example of a 3D Secure Authentication response message can be seen below:
{
"state": "Authenticated",
"threeDSecureDetails": {
"threeDSecureVersion": "1.0.2",
"eci": "05",
"cavv": "MjAwNjI0MDkwMTEwMjA4NjU0MTY=",
"xid": "MDAwMDAwMDAwMDAwMDE4NTYwNDA="
}
}
{
"state": "Attempted",
"threeDSecureDetails": {
"threeDSecureVersion": "1.0.2",
"eci": "06",
"cavv": "MjAwNjI0MDkwMTEwMjA4NjU0MTY=",
"xid": "MDAwMDAwMDAwMDAwMDE5NjQ4MTA="
}
}
{
"state": "NotAuthenticated",
"threeDSecureDetails": {
"threeDSecureVersion": "1.0.2",
"eci": "07",
"cavv": null,
"xid": "MDAwMDAwMDAwMDAwMDE4NTYwMzY="
}
}
{
"state": "Unavailable",
"threeDSecureDetails": {
"threeDSecureVersion": "1.0.2",
"eci": "07",
"cavv": null,
"xid": "MDAwMDAwMDAwMDAwMDE5NjQ4MTA="
}
}
{
"id": "484cecc3-b296-40f5-a7c8-a3d9d8e8a7f2",
"state": "Authorised",
"providerStateCode": "A",
"currencyCode": "GBP",
"accountDetails": {
"cardNumber": "411111******1111",
"tokenizedCardNumber": "9902000000000441111",
"isVisaCheckout": null
},
"details": {
"providerMerchantId": "542929008043127",
"providerTerminalId": "00630376"
},
"stateDetails": {
"approvalCode": "415810"
},
"cardSecurityResponseCode": null,
"addressVerificationResponseCode": null
}
If the state received is "NotAuthenticated" then the payment should be aborted and should NOT proceed to STEP 4
STEP 4: Process a Payment with the 3D Secure Authentication Data
An example of a Card Transaction request message with 3DS Data can be seen below:
The merchant will need to include the threeDSecureDetails object and corresponding elements.
{
"merchantId": "PXP",
"storeId": "PXP000000001",
"userId": "PxpUser1",
"type": "ecom.sale",
"amount": "10.00",
"currencyCode": "GBP",
"clientSystemInvoiceId": "UniqueReference1",
"clientSystemTransactionId": "UniqueReference1",
"accountDetails": {
"cardNumber": "4111111111111111",
"expiryDateMonth": 12,
"expiryDateYear": 25
},
"threeDSecureDetails": {
"threeDSecureVersion": "1.0.2",
"status": "Authenticated",
"eci": "05",
"cavv": "MTMwMjQ2MDQxMTAxMTU2OTc5MTc=",
"xid": "MDAwMDAwMDAwMDAwMDE5NjQ2MTU="
},
"cardVerificationDetails": {
"cardVerificationValue": "123"
},
"addressVerificationDetails": {
"address": "1",
"zipPostalCode": "SG12 8XL",
"countryCode": "GB"
}
}
{
"merchantId": "PXP",
"storeId": "PXP000000001",
"userId": "PxpUser1",
"type": "ecom.sale",
"amount": "10.00",
"currencyCode": "GBP",
"clientSystemInvoiceId": "UniqueReference1",
"clientSystemTransactionId": "UniqueReference1",
"accountDetails": {
"cardNumber": "4111111111111111",
"expiryDateMonth": 12,
"expiryDateYear": 25
},
"threeDSecureDetails": {
"threeDSecureVersion": "1.0.2",
"status": "Unavailable",
"eci": "07",
"cavv": null,
"xid": "MDAwMDAwMDAwMDAwMDE5NjQ2MTU="
},
"cardVerificationDetails": {
"cardVerificationValue": "123"
},
"addressVerificationDetails": {
"address": "1",
"zipPostalCode": "SG12 8XL",
"countryCode": "GB"
}
}
{
"merchantId": "PXP",
"storeId": "PXP000000001",
"userId": "PxpUser1",
"type": "ecom.sale",
"amount": "10.00",
"currencyCode": "GBP",
"clientSystemInvoiceId": "UniqueReference1",
"clientSystemTransactionId": "UniqueReference1",
"accountDetails": {
"cardNumber": "4111111111111111",
"expiryDateMonth": 12,
"expiryDateYear": 25
},
"threeDSecureDetails": {
"threeDSecureVersion": "1.0.2",
"status": "NotChecked",
"eci": null,
"cavv": null,
"xid": null"
},
"cardVerificationDetails": {
"cardVerificationValue": "123"
},
"addressVerificationDetails": {
"address": "1",
"zipPostalCode": "SG12 8XL",
"countryCode": "GB"
}
}
{
"merchantId": "PXP",
"storeId": "PXP000000001",
"userId": "PxpUser1",
"type": "ecom.sale",
"amount": "10.00",
"currencyCode": "GBP",
"clientSystemInvoiceId": "UniqueReference1",
"clientSystemTransactionId": "UniqueReference1",
"accountDetails": {
"cardNumber": "4111111111111111",
"expiryDateMonth": 12,
"expiryDateYear": 25
},
"threeDSecureDetails": {
"threeDSecureVersion": "1.0.2",
"status": "Attempted",
"eci": "06",
"cavv": "MjAwNjI0MDkwMTEwMjA4NjU0MTY=",
"xid": "MDAwMDAwMDAwMDAwMDE5NjQ4MTA="
},
"cardVerificationDetails": {
"cardVerificationValue": "123"
},
"addressVerificationDetails": {
"address": "1",
"zipPostalCode": "SG12 8XL",
"countryCode": "GB"
}
}
{
"merchantId": "PXP",
"storeId": "PXP000000001",
"userId": "PxpUser1",
"type": "ecom.sale",
"amount": "10.00",
"currencyCode": "GBP",
"clientSystemInvoiceId": "UniqueReference1",
"clientSystemTransactionId": "UniqueReference1",
"accountDetails": {
"cardNumber": "4111111111111111",
"expiryDateMonth": 12,
"expiryDateYear": 25
},
"threeDSecureDetails": {
"threeDSecureVersion": "1.0.2",
"status": "NotEnrolled",
"eci": null,
"cavv": null,
"xid": null
},
"cardVerificationDetails": {
"cardVerificationValue": "123"
},
"addressVerificationDetails": {
"address": "1",
"zipPostalCode": "SG12 8XL",
"countryCode": "GB"
}
}
An example of a Card Transaction response message can be seen below:
{
"id": "484cecc3-b296-40f5-a7c8-a3d9d8e8a7f2",
"state": "Authorised",
"providerStateCode": "A",
"currencyCode": "GBP",
"accountDetails": {
"cardNumber": "411111******1111",
"tokenizedCardNumber": "9902000000000441111",
"isVisaCheckout": null
},
"details": {
"providerMerchantId": "542929008043127",
"providerTerminalId": "00630376"
},
"stateDetails": {
"approvalCode": "415810"
},
"cardSecurityResponseCode": null,
"addressVerificationResponseCode": null
}
Updated over 3 years ago