3D Secure Redirect

In this section you will learn how to process a 3D Secure Redirect transaction

Overview:

3D Secure Redirect is a powerful product that encapsulates 3D Secure 1, 3D Secure 2 and SCA Exemptions into a fully managed, easy to integrate product, removing all complexities for a merchant when it comes to complying to the PSD2 rules on Strong Customer Authentication.

Simply pass the payment information securely to PXP via a REST API, redirect to the provided URL from the response and let us handle the rest.
We'll redirect back to your website and let you know what happened.

:white-check-mark: Want the option to check the 3DS state before making a decision on whether to proceed for authorisation? :+1:
:white-check-mark: Want PXP to automatically manage when to proceed for authorisation and do this on your behalf? :+1:
:white-check-mark: Want to know whats going on during the 3D Secure process? :+1:


Above is an overview of the 3D Secure redirect flow & transaction processing (being invoked by the merchant)Above is an overview of the 3D Secure redirect flow & transaction processing (being invoked by the merchant)

Above is an overview of the 3D Secure redirect flow & transaction processing (being invoked by the merchant)



Above is an overview of the 3D Secure Redirect flow & transaction processing (being automatically handled by PXP)Above is an overview of the 3D Secure Redirect flow & transaction processing (being automatically handled by PXP)

Above is an overview of the 3D Secure Redirect flow & transaction processing (being automatically handled by PXP)

STEP 1: Request a Redirect URL

📘

Optional Data Elements

Please note that 3D Secure Redirect comes with many optional data elements which are designed to allow mechants to provide much more data to card issuers up front so they can perform analysis agasint the information received and compare to the information they already have for their cardholder. By doing this, the issuer is able to analyse risk better and maximise the chances of the payment being frictionless rather than challenge the card holder unnecessarily.

The more data elements provided, the higher the chance of Frictionless Authentication

An example of a 3D Secure Redirect request message can be seen below:

{
    "merchantId": "BDD",
    "storeId": "BDD500000005",
    "userId": "BDDTest",
    "type": "ecom.sale",
    "amount": "10.00",
    "currencyCode": "GBP",
    "clientSystemTransactionId": "Unique Transaction Reference",
    "isAutoAuthorisationRequired": "true",
    "details": {
        "providerMerchantId": "12345678"
    },
    "accountDetails": {
        "cardNumber": "4111111111111111",
        "expiryDateMonth": 12,
        "expiryDateYear": 25
    },
    "addressVerificationDetails": {
        "address": "5",
        "zipPostalCode": "123",
        "countryCode": "GBR"
    },
    "cardVerificationDetails": {
        "cardVerificationValue": "123"
    },
    "storedCredentialDetails": {
        "cardOnfileIndicator": "cardDetailsStoredFirstTime"
    },
    "cardholderDetails": {
        "cardholderId": "610246548471-65711",
        "cardholderName": "Joe Bloggs",
        "cardholderEmail": "[email protected]",
        "cardholderMobilePhone": "44-07712345678",
        "cardholderHomePhone": "44-0207123456",
        "cardholderWorkPhone": "44-0207123456"
    },
    "browserDetails": {
        "browserChallengeWindowSize": "5"
    },      
    "addressDetails": {
        "billingAddress": {
            "houseNumber": "97",
            "street": "High Street",
            "city": "London",
            "zipPostalCode": "EN10 7BC",
            "countryCode": "GBR"
        },
        "shippingAddress": {
            "houseNumber": "97",
            "street": "High Street",
            "city": "London",
            "zipPostalCode": "EN10 7BC",
            "countryCode": "GBR"
        }
    },
    "redirectDetails": {
        "successUrl": "http://www.merchantwebsite.com/success?orderID=10203040",
        "errorUrl": "http://www.merchantwebsite.com/error?orderID=10203040"
    },
    "scaDetails": {
        "scaPolicy": "1",
        "scaChallengeIndicator": "requestNoChallenge",
        "scaExemption": null,
        "scaApplyExemptionAt": null
    }
}
{
    "merchantId": "BDD",
    "storeId": "BDD500000005",
    "userId": "BDDTest",
    "type": "ecom.sale",
    "amount": "10.00",
    "currencyCode": "GBP",
    "clientSystemTransactionId": "Unique Transaction Reference",
    "isAutoAuthorisationRequired": "true",
    "details": {
        "providerMerchantId": "12345678"
    },
    "accountDetails": {
        "tokenId": "13c45dc2-56ec-4d7f-a966-50b6c3e93b37"
    },
    "storedCredentialDetails": {
        "cardOnfileIndicator": "cardDetailsStoredFirstTime"
    },
    "addressVerificationDetails": {
        "address": "5",
        "zipPostalCode": "123",
        "countryCode": "GBR"
    },
    "cardVerificationDetails": {
        "cardVerificationValue": "123"
    },
    "cardholderDetails": {
        "cardholderId": "610246548471-65711",
        "cardholderName": "Joe Bloggs",
        "cardholderEmail": "[email protected]",
        "cardholderMobilePhone": "44-07712345678",
        "cardholderHomePhone": "44-0207123456",
        "cardholderWorkPhone": "44-0207123456"
    },
    "browserDetails": {
        "browserChallengeWindowSize": "5"
    },      
    "addressDetails": {
        "billingAddress": {
            "houseNumber": "97",
            "street": "High Street",
            "city": "London",
            "zipPostalCode": "EN10 7BC",
            "countryCode": "GBR"
        },
        "shippingAddress": {
            "houseNumber": "97",
            "street": "High Street",
            "city": "London",
            "zipPostalCode": "EN10 7BC",
            "countryCode": "GBR"
        }
    },
    "redirectDetails": {
        "successUrl": "http://www.merchantwebsite.com/success?orderID=10203040",
        "errorUrl": "http://www.merchantwebsite.com/error?orderID=10203040"
    },
    "scaDetails": {
        "scaPolicy": "1",
        "scaChallengeIndicator": "requestNoChallenge",
        "scaExemption": null,
        "scaApplyExemptionAt": null
    }
}
{
    "merchantId": "BDD",
    "storeId": "BDD500000005",
    "userId": "BDDTest",
    "type": "ecom.sale",
    "amount": "10.00",
    "currencyCode": "GBP",
    "clientSystemTransactionId": "Unique Transaction Reference",
    "isAutoAuthorisationRequired": "true",
    "details": {
        "providerMerchantId": "12345678"
    },
    "accountDetails": {
        "cardNumber": "Z8P+iPI8X4PTyOPQRbUOozDWqExFYaPkXgx6P51MLBc0SRAbYKA35UNiHw9TucgHV1XXTkIiwSDDu5mcJiJjAcUAq51+ybzPH/DB+DVNlkLn7ABaDudkHncRUhKruuWSnNl2OMTOs3C6XzYAB+zLi3hpBAHc7nCJxcQ35nungx0=",
        "expiryDateMonth": 12,
        "expiryDateYear": 25
    },
    "encryptionDetails": {
        "encryptionType": "rsaTwoFourZeroEight",
        "encryptionId": "13c45dc2-56ec-4d7f-a966-50b6c3e93b37"
    },
    "addressVerificationDetails": {
        "address": "5",
        "zipPostalCode": "123",
        "countryCode": "GBR"
    },
    "cardVerificationDetails": {
        "cardVerificationValue": "123"
    },
    "storedCredentialDetails": {
        "cardOnfileIndicator": "cardDetailsStoredFirstTime"
    },
    "cardholderDetails": {
        "cardholderId": "610246548471-65711",
        "cardholderName": "Joe Bloggs",
        "cardholderEmail": "[email protected]",
        "cardholderMobilePhone": "44-07712345678",
        "cardholderHomePhone": "44-0207123456",
        "cardholderWorkPhone": "44-0207123456"
    },
    "browserDetails": {
        "browserChallengeWindowSize": "5"
    },      
    "addressDetails": {
        "billingAddress": {
            "houseNumber": "97",
            "street": "High Street",
            "city": "London",
            "zipPostalCode": "EN10 7BC",
            "countryCode": "GBR"
        },
        "shippingAddress": {
            "houseNumber": "97",
            "street": "High Street",
            "city": "London",
            "zipPostalCode": "EN10 7BC",
            "countryCode": "GBR"
        }
    },
    "redirectDetails": {
        "successUrl": "http://www.merchantwebsite.com/success?orderID=10203040",
        "errorUrl": "http://www.merchantwebsite.com/error?orderID=10203040"
    },
    "scaDetails": {
        "scaPolicy": "1",
        "scaChallengeIndicator": "requestNoChallenge",
        "scaExemption": null,
        "scaApplyExemptionAt": null
    }
}
{
    "merchantId": "BDD",
    "storeId": "BDD500000005",
    "userId": "BDDTest",
    "type": "ecom.sale",
    "amount": "10.00",
    "currencyCode": "GBP",
    "clientSystemTransactionId": "Unique Transaction Reference",
    "isAutoAuthorisationRequired": "true",
    "details": {
        "providerMerchantId": "12345678"
    },
    "accountDetails": {
        "cardTokenizedNumber": "9946000000000090483",
        "expiryDateMonth": 12,
        "expiryDateYear": 25
    },
    "addressVerificationDetails": {
        "address": "5",
        "zipPostalCode": "123",
        "countryCode": "GBR"
    },
    "cardVerificationDetails": {
        "cardVerificationValue": "123"
    },
    "storedCredentialDetails": {
        "cardOnfileIndicator": "cardDetailsStoredFirstTime"
    },
    "cardholderDetails": {
        "cardholderId": "610246548471-65711",
        "cardholderName": "Joe Bloggs",
        "cardholderEmail": "[email protected]",
        "cardholderMobilePhone": "44-07712345678",
        "cardholderHomePhone": "44-0207123456",
        "cardholderWorkPhone": "44-0207123456"
    },
    "browserDetails": {
        "browserChallengeWindowSize": "5"
    },      
    "addressDetails": {
        "billingAddress": {
            "houseNumber": "97",
            "street": "High Street",
            "city": "London",
            "zipPostalCode": "EN10 7BC",
            "countryCode": "GBR"
        },
        "shippingAddress": {
            "houseNumber": "97",
            "street": "High Street",
            "city": "London",
            "zipPostalCode": "EN10 7BC",
            "countryCode": "GBR"
        }
    },
    "redirectDetails": {
        "successUrl": "http://www.merchantwebsite.com/success?orderID=10203040",
        "errorUrl": "http://www.merchantwebsite.com/error?orderID=10203040"
    },
    "scaDetails": {
        "scaPolicy": "1",
        "scaChallengeIndicator": "requestNoChallenge",
        "scaExemption": null,
        "scaApplyExemptionAt": null
    }
}

📘

isAutoAuthorisationRequired element

If isAutoAuthorisationRequired is included and set to true, PXP will automatically analyse the 3D Secure response following authentication and perform the authorisation to the acquirer (STEP 4) on the merchant's behalf. In this scenario, the response you receive in STEP 2 will be an authorisation response and STEP 4 will not be applicable

Note: If the card is not 3DS 2.0 capable and is NotEnrolled for 3D Secure 1.0, then a "NotEnrolled" response will be received and automatic authorisation will not be invoked. If the merchant wishes to continue, then they may do so by sending in a transaction request directly to the Transaction Service at their discretion

An example of a 3D Secure Secure Redirect response message can be seen below:

{
    "id": "51b87ff7-c64a-4455-b0f6-c4b06ac4e3a5",
    "cardType": "card.visa",
    "accountDetails": {
        "tokenizedCardNumber": "9972000000000049216"
    },
    "redirectUrl": "https://api-integration.pxp-solutions.net/ThreeDSecureService/v5/3ds/redirect?id=51b87ff7-c64a-4455-b0f6-c4b06ac4e3a5"
}
{
  "code": "4011930",
  "details": {
    "message": "Merchant id is invalid"
  }
}

STEP 2.1: Merchant redirects browser to redirectUrl

This diagram shows the Merchant's system passing the redirectUrl to the browser and loading the page either in an iFrame, or fully redirecting to PXP. Once complete, PXP will pass back the response to the successUrl or errorUrl depending on the final outcome.This diagram shows the Merchant's system passing the redirectUrl to the browser and loading the page either in an iFrame, or fully redirecting to PXP. Once complete, PXP will pass back the response to the successUrl or errorUrl depending on the final outcome.

This diagram shows the Merchant's system passing the redirectUrl to the browser and loading the page either in an iFrame, or fully redirecting to PXP. Once complete, PXP will pass back the response to the successUrl or errorUrl depending on the final outcome.

Once the 3d Secure Redirect response has been received, you will be required to redirect the customer's browser to the redirectUrl received.

This can be either a full redirect within a full browser page or an iFrame (Either Visible or Hidden)
Below is an iFrame sample showing this

<iframe src="https://api-integration.pxp-solutions.net/ThreeDSecureService/v5/3ds/redirect?id=51b87ff7-c64a-4455-b0f6-c4b06ac4e3a5" style="width: 600px; height: 400px;"></iframe>

📘

Hidden iFrame Support

To offer a truly frictionless and transparent user experience, 3D Secure Redirect supports loading the redirectUrl in hidden iframe using the following methods:

visibility:hidden property using HTML DOM or CSS
The width & height of the iFrame should still be set despite the visibility being hidden so PXP can extract this data to calculate the correct challenge window size to pass onto the Issuer in the event of a challenge.

display:none property using HTML DOM or CSS
As the browser width & height of the iFrame will not be available to PXP on the initial page load, to offer the best user experience, we highly reccomend merchants to pass in their preferred challenge window size on a per transaction basis, based on the size of the iFrame that the merchant is intending to use. To do this, the element browserDetails.browserChallengeWindowSize should be included in STEP 1, with possible values of 1. 250x400 / 2. 390x400 / 3. 500x600 / 4.600x400 / 5. Full Screen. If not supplied, PXP will default to 250x400.

In the event the request requires user interaction due to an issuer challange, 3DS Redirect will notify the parent page using Web API window.postMessage() by sending a JSON message.

In order to react to this, the parent page is required to add an event listener to receive the message, validate the origin and if its a trusted origin, parse the JSON message.

If the "id" matches the "id" in STEP 1, and "userInteractionRequired": true, then it can be used as a trigger to set visibility:visible to show the Challenge window.

If there is no challenge required, then 3D Secure Redirect will continue to STEP 3 and the whole process would be transparent to the end user.

An example of the JSON message that is sent is shown below.

{
    "id": "87a6c92c-642f-4265-bc12-990f9037cb3a",
    "userInteractionRequired": true
}

Below is an interactive page that showcases loading the redirectUrl in an iFrame. The iFrame size can be set accordingly, and you are able to toggle between visibility "hidden" or "visible".

Also shown in this example is the JSON message data that is received from PXP if the redirectUrl was invoked within an iFrame, as well as its origin for validating the authenticity of the message.

Select a screen resolution:

Select a view:

Event Listner Content from postMessage():

Message Origin:


Message Data:



STEP 2.2: PXP redirects back to successUrl or errorUrl

Once all 3D Secure Redirect operations have been completed, PXP will redirect the browser back to the successUrl or errorUrl based on the outcome and provide the response as both POST form data and Query String Parameters, as shown below.

Any query parameter(s) passed in the successUrl or errorUrl in STEP 1, will be passed though as a query string paremeter at this stage. This example contains a custom field of orderID which was passed in the request.

This is an example of what data is passed across during the redirect back to the successUrl or errorUrlThis is an example of what data is passed across during the redirect back to the successUrl or errorUrl

This is an example of what data is passed across during the redirect back to the successUrl or errorUrl

Possible Return Fields:
Please note that more fields will be added as the EMV 3DS protocol evolves so integrators should handle receiving additional fields

Field Name

Description

id

This is the id received in the 3D Secure Redirect Response in STEP 1

state

This is the final state of the 3D Secure Redirect process.
Refer to Elements

threeDSecureDetails.threeDSecureVersion

This is the 3D Secure Version that was used during Authentication (if applicable)

scaDetails.scaExemptionEngineResult

If utilising SCA Exemptions, this will return the potential exemption that could be used.

📘

isAutoAuthorisationRequired

If this was set to true in STEP 1, then PXP will analyse the 3D Secure state on the merchant's behalf and automatically proceed for authorisation with the 3D Secure data if Authentication was achieved / attempted. In this scenario, the transaction is now complete. and STEP 4 is not required.

This applies to the below states:

  • FrictionlessAuthenticated
  • ChallengeAuthenticated
  • Authenticated
  • Attempted
  • Unavailable
  • ExemptionAvailable

👍

successUrl states

The below states are classed as successful and will be redirected back to the successUrl

  • NotEnrolled
  • Authenticated
  • FrictionlessAuthenticated
  • ChallengeAuthenticated
  • ExemptionAvailable
  • Attempted

If isAutoAuthorisationRequired=true, only the below are applicable

  • NotEnrolled
  • Approved
  • Authorised

❗️

errorUrl states

The below states are classed as unsuccessful and will be redirected back to the errorUrl

:x: Do NOT proceed for authorisation :x:

  • NotAuthenticated
  • FrictionlessNotAuthenticated
  • FrictionlessRejected
  • ChallengeNotAuthenticated
  • ChallangeRejected

:warning: Proceed for authorisation at Merchants Discretion :warning:

  • Unavailable
  • Error (Any error occurred at any stage in the process)
  • Timeout (This can be any timeout across the process)

If isAutoAuthorisationRequired=true, the below is also applicable in addition to the above

  • Declined
  • Referred

STEP 3: (OPTIONAL) GET the 3D Secure Redirect Status

As 3D Secure Redirect handles all of the complexities surrounding 3D Secure and PSD2, the merchant will no longer be in control of the process and will not have visibility of what is going on, and what stage of the process the cardholder is at.

Therefore, if this information is required, the Merchant's backend system can send a GET ThreeDSecure Status to request this information at configured intervals so they can monitor the progress and decide if any intervention is required.

curl --request GET \
  --url 'https://api-integration.pxp-solutions.net/threeDSecureService/api/v5/3ds/threeDSecureStatusById?merchantId=BDD&Id=57bc8107-0482-488d-8c0c-5021042124f' \
  --header 'authorization: Basic QkREVGVzdDpCRERUZXN0' \
  --header 'content-type: application/json'
{
    "id": "57bc8107-0482-488d-8c0c-5021042124f2",
    "state": "InProgress",
    "cardType": "card.visa",
    "accountDetails": {
        "tokenizedCardNumber": "9997000000005071111"
    },
    "clientSystemTransactionId": "Unique Transaction Reference",
    "threeDSecureDetails": {
        "threeDSecureVersion": "2.1.0",
        "currentStatus": "Performing 3DS2 Cardholder Challenge"
    }
}
{
    "id": "57bc8107-0482-488d-8c0c-5021042124f2",
    "state": "FrictionlessAuthenticated",
    "cardType": "card.visa",
    "accountDetails": {
        "tokenizedCardNumber": "9997000000005071111"
    },
    "clientSystemTransactionId": "Unique Transaction Reference",
    "threeDSecureDetails": {
        "threeDSecureVersion": "2.1.0",
        "eci": "05",
        "cavv": "MjAwNjI0MDkwMTEwMjA4NjU0MTY=",
        "dsTransId": "f25084f0-5b16-4c0a-ae5d-b24808a95e4b",
        "transactionStatus": "Y"
    }
}
{
    "id": "57bc8107-0482-488d-8c0c-5021042124f2",
    "state": "ChallengeAuthenticated",
    "cardType": "card.visa",
    "accountDetails": {
        "tokenizedCardNumber": "9997000000005071111"
    },
    "clientSystemTransactionId": "Unique Transaction Reference",
    "threeDSecureDetails": {
        "threeDSecureVersion": "2.1.0",
        "eci": "05",
        "cavv": "MjAwNjI0MDkwMTEwMjA4NjU0MTY=",
        "dsTransId": "f25084f0-5b16-4c0a-ae5d-b24808a95e4b",
        "transactionStatus": "Y"
    }
}
{
    "id": "57bc8107-0482-488d-8c0c-5021042124f2",
    "state": "ExemptionAvailable",
    "cardType": "card.visa",
    "accountDetails": {
        "tokenizedCardNumber": "9997000000005071111"
    },
    "clientSystemTransactionId": "Unique Transaction Reference",
    "scaDetails": {
        "scaExemptionEngineResult": "oneLegOut"
    }
}
{
    "state": "ChallengeNotAuthenticated",
    "cardType": "card.visa",
    "accountDetails": {
        "tokenizedCardNumber": "9997000000005071111"
    },
    "clientSystemTransactionId": "Unique Transaction Reference",
    "threeDSecureDetails": {
        "threeDSecureVersion": "2.1.0",
        "eci": null,
        "cavv": null,
        "dsTransId": "f25084f0-5b16-4c0a-ae5d-b24808a95e4b",
        "transactionStatus": "N",
        "transactionStatusReason": "Card authentication failed"
    }
}
{
    "state": "ChallengeRejected",
    "cardType": "card.visa",
    "accountDetails": {
        "tokenizedCardNumber": "9997000000005071111"
    },
    "clientSystemTransactionId": "Unique Transaction Reference",
    "threeDSecureDetails": {
        "threeDSecureVersion": "2.1.0",
        "eci": null,
        "cavv": null,
        "dsTransId": "f25084f0-5b16-4c0a-ae5d-b24808a95e4b",
        "transactionStatus": "R",
        "transactionStatusReason": "Card authentication failed"
    }
}
{
    "state": "Attempted",
    "cardType": "card.visa",
    "accountDetails": {
        "tokenizedCardNumber": "9997000000005071111"
    },
    "clientSystemTransactionId": "Unique Transaction Reference",
    "threeDSecureDetails": {
        "threeDSecureVersion": "2.1.0",
        "eci": "06",
        "cavv": "MjAwNjI0MDkwMTEwMjA4NjU0MTY=",
        "dsTransId": "f25084f0-5b16-4c0a-ae5d-b24808a95e4b",
        "transactionStatus": "A"
    }
}
{
    "state": "Unavailable",
    "cardType": "card.visa",
    "accountDetails": {
        "tokenizedCardNumber": "9997000000005071111"
    },
    "clientSystemTransactionId": "Unique Transaction Reference",
    "threeDSecureDetails": {
        "threeDSecureVersion": "2.1.0",
        "eci": null,
        "cavv": null,
        "dsTransId": "f25084f0-5b16-4c0a-ae5d-b24808a95e4b",
        "transactionStatus": "U"
    }
}
{
    "state": "FrictionlessNotAuthenticated",
    "cardType": "card.visa",
    "accountDetails": {
        "tokenizedCardNumber": "9997000000005071111"
    },
    "clientSystemTransactionId": "Unique Transaction Reference",
    "threeDSecureDetails": {
        "threeDSecureVersion": "2.1.0",
        "eci": null,
        "cavv": null,
        "dsTransId": "f25084f0-5b16-4c0a-ae5d-b24808a95e4b",
        "transactionStatus": "N",
        "transactionStatusReason": "Security failure"
    }
}
{
    "state": "FrictionlessRejected",
    "cardType": "card.visa",
    "accountDetails": {
        "tokenizedCardNumber": "9997000000005071111"
    },
    "clientSystemTransactionId": "Unique Transaction Reference",
    "threeDSecureDetails": {
        "threeDSecureVersion": "2.1.0",
        "eci": null,
        "cavv": null,
        "dsTransId": "f25084f0-5b16-4c0a-ae5d-b24808a95e4b",
        "transactionStatus": "R",
        "transactionStatusReason": "Security failure"
    }
}
{
    "state": "NotEnrolled",
    "cardType": "card.visa",
    "accountDetails": {
        "tokenizedCardNumber": "9997000000005071111"
    },
    "clientSystemTransactionId": "Unique Transaction Reference",
    "threeDSecureDetails": {
        "threeDSecureVersion": "1.0.2"
    },
    "scaDetails": {
        "scaExemptionEngineResult": "noExemptionAvailable"
    }
}
{
    "code": "4087640",
    "details": {
        "message": "Couldn't find transaction for merchantId: BDD, requestId: 57bc8107-0482-488d-8c0c-5021042124f"
    }
}

In the Event that a state of InProgress is returned, the threeDSecureDetails.currentStatus will contain information on what is currently happening.

Below is a list of possible values.

currentStatus

Description

Redirect URL Created

Redirect URL has been created and returned in the API response.

Redirect URL Invoked

The redirectUrl has been invoked and is being validated. Browser information is also being captured.

3D Secure Invoked

All browser information has been collected, and 3D Secure is being invoked.

Performing 3DS2 Device Fingerprinting

The card issuer supports device fingerprinting and is being performed.

Performing 3DS2 Authentication

3D Secure 2.0 authentication is in progress.

Performing 3DS2 Cardholder Challenge

The card was 3DS 2.0 enabled and the card issuer or merchant requested a cardholder challenge which is being performed.

Collecting 3DS2 Challenge Result

The 3DS 2.0 challenge succesfully took place, and the challenge response is being collected and decoded.

Performing 3DS1 Cardholder Challenge

The card was 3DS 1.0 enabled and a challenge is mandatory, is which is currently being performed.

Collecting 3DS1 Challenge Result

The 3DS 1.0 challenge succesfully took place, and the challenge response is being collected and decoded.

3D Secure Complete

3D Secure has been completed and the response is being analysed.

Performing Authorisation

isAutoAuthorisationRequired was set to true and the 3D Secure state has indicated that its is OK to proceed for authorisation, which is currently being performed.

Redirected back to Merchant

The entire 3D Secure Redirect process has been completed, and the end result is being passed back to the merchant to their succesUrl or errorUrl.

STEP 4: (OPTIONAL) Process a Payment with the 3D Secure Authentication Data

An example of a Card Transaction request message with 3DS Data can be seen below:

The merchant will need to either include:

  • threeDsecureDetails.threeDSecureId which is the id from STEP 1
  • include each individual element within threeDSecureDetails obtained from STEP 4

Not: If using isAutoAuthorisationRequired=true, then this is not required.

{
    "merchantId": "PXP",
    "storeId": "PXP000000001",
    "userId": "PxpUser1",
    "type": "ecom.sale",
    "amount": "10.00",
    "currencyCode": "GBP",
    "clientSystemInvoiceId": "UniqueReference1",
    "clientSystemTransactionId": "UniqueReference1",
    "accountDetails": {
        "cardNumber": "4111111111111111",
        "expiryDateMonth": 12,
        "expiryDateYear": 25
    },
    "threeDSecureDetails": {
        "threeDSecureId": "57bc8107-0482-488d-8c0c-5021042124f2"
    },
    "cardVerificationDetails": {
        "cardVerificationValue": "123"
    },
    "addressVerificationDetails": {
        "address": "1",
        "zipPostalCode": "SG12 8XL",
        "countryCode": "GB"
    }
}
{
    "merchantId": "PXP",
    "storeId": "PXP000000001",
    "userId": "PxpUser1",
    "type": "ecom.sale",
    "amount": "10.00",
    "currencyCode": "GBP",
    "clientSystemInvoiceId": "UniqueReference1",
    "clientSystemTransactionId": "UniqueReference1",
    "accountDetails": {
        "cardNumber": "4111111111111111",
        "expiryDateMonth": 12,
        "expiryDateYear": 25
    },
    "threeDSecureDetails": {
        "threeDSecureVersion": "2.1.0",
        "status": "ChallengeAuthenticated",
        "eci": "05",
        "cavv": "MTMwMjQ2MDQxMTAxMTU2OTc5MTc=",
        "dsTransId": "f25084f0-5b16-4c0a-ae5d-b24808a95e4b"
    },
    "cardVerificationDetails": {
        "cardVerificationValue": "123"
    },
    "addressVerificationDetails": {
        "address": "1",
        "zipPostalCode": "SG12 8XL",
        "countryCode": "GB"
    }
}

An example of a Card Transaction response message can be seen below:

{
    "id": "484cecc3-b296-40f5-a7c8-a3d9d8e8a7f2",
    "state": "Authorised",
    "providerStateCode": "A",
    "currencyCode": "GBP",
    "accountDetails": {
        "cardNumber": "411111******1111",
        "tokenizedCardNumber": "9902000000000441111",
        "isVisaCheckout": null
    },
    "details": {
        "providerMerchantId": "542929008043127",
        "providerTerminalId": "00630376"
    },
    "stateDetails": {
        "approvalCode": "415810"
    },
    "cardSecurityResponseCode": null,
    "addressVerificationResponseCode": null
}