Overview

A 3DS 3-D Secure 2.0 payment sequence may comprise the following distinct activities:

Versioning
- Request ACS and DS Protocol Version(s) that correspond to card account range as well as an optional 3DS 3-D Secure Method URL

3DS 3-D Secure Method
- Connect the cardholder browser to the issuer ACS to obtain additional browser data
Authentication
- Submit authentication request to the issuer ACS
Challenge
- Challenge the carholder if mandated
Authorization
- Authorize the authenticated transaction with the acquirer

Server-2-Server Sequence Diagram

Multiexcerpt

MultiExcerptName	Server-2-Server Sequence Diagram
shouldDisplayInlineCommentsInIncludes	false

Server-2-Server Sequence Diagram Image Modified

Info

Please note that the the communication between client and Access Control Server (ACS) is implemented through iframes. Thus, responses arrive in an HTML subdocument and you may establish correspondent event listeners in your root document.

Alternatively you could solely rely on asynchronous notifications delivered to your backend. In those cases you may have to consider methods such as long polling, SSE or websockets to update the client.

Table of Contents

column

Payment Initiation

The initial request to

Section

width	900px

Multiexcerpt include

SpaceWithExcerpt	EN
MultiExcerptName	Platform-Name
PageWithExcerpt	Wording

will be the same regardless of the underlying

3DS

3-D Secure Protocol.

Multiexcerpt

MultiExcerptName	Payment Initiation
shouldDisplayInlineCommentsInIncludes	false

Image Modified

In order to start a server-to-server 3-D Secure card payment sequence please post the following key-value-pairs to

Multiexcerpt include

SpaceWithExcerpt	EN
MultiExcerptName	BaseURL
PageWithExcerpt	Wording

direct.aspx.

Request Elements

Notice: In case of a merchant initiated recurring transaction the JSON objects (besides credentialOnFile and card), the URLNotify and TermURL are not mandatory parameters, because no 3D Secure and no risk evaluation is done by the card issuing bank and the payment result is directly returned within the response.

1624620574623-1753927259

Table Filter

id
default	Beschreibung
isFirstTimeEnter	false
hideColumns	true
sparkName	Sparkline
hidePane	true
datepattern	dd M yy

1625492202584_

1683736465
worklog	365\|5\|8\|y w d h m\|y w d h m
isOR	AND
separator	Point (.)
order	0

Multiexcerpt

MultiExcerptName	request_elements

16246205746251046994414

Table Transformer

id
dateFormat	dd M yy
export-word	false
show-source	false
export-csv	false

1625492202586_-

1877872023
transpose	false
worklog	365\|5\|8\|y w d h m\|y w d h m
separator	.
export-pdf	false
sql	SELECT * FROM T*

Table Excerpt Include

static	true
name	MerchantID
page	MerchantID
type	page

Key Format CND Description Beschreibung

MsgVer

ans..5

M

Message version.

Values accepted:

2.0

Message-Version.

Zulässige Werte:

2.0

Table Excerpt Include

static	true
name	TransID
page	TransID
type	page

Key

Format

CND

Description

Beschreibung

RefNr

ans..30

O

Merchant’s unique reference number, which serves as payout reference in the acquirer EPA file. Please note, without the own shop reference delivery you cannot read out the EPA transaction and regarding the additional

Multiexcerpt include

SpaceWithExcerpt	EN
MultiExcerptName	Partner-Name
PageWithExcerpt	Wording

settlement file (CTSF) we cannot add the additional payment data.

Eindeutige Referenznummer des Händlers, welche als Auszahlungsreferenz in der entsprechenden Acquirer EPA-Datei angegeben wird. Bitte beachten Sie, ohne die Übergabe einer eigenen Auszahlungsreferenz können Sie die EPA-Transaktionen nicht zuordnen, zusätzlich kann das

Multiexcerpt include

SpaceWithExcerpt	DE
MultiExcerptName	Partner-Name
PageWithExcerpt	DE:Wording

Settlement File (CTSF) auch nicht zusätzlich angereichert werden.

schemeReferenceID

ans..64

C

Card scheme specific transaction ID required for subsequent credential-on-file payments, delayed authorizations and resubmssions.

Mandatory: CredentialOnFile – initial false – unschedule MIT / recurring

Kartensystemspezifische Transaktions-ID, die für nachfolgende Zahlungen mit hinterlegten Daten, verzögerte Autorisierungen und Wiedereinreichungen erforderlich ist.

Pflicht: CredentialOnFile – initial false – unschedule MIT / recurring

industrySpecificTxType

ans..20

C

This parameter is required whenever an industry specific transaction is processed according to the card brands MIT (Merchant Initiated Transactions) Framework.

Values accepted:

Values	Comments
Resubmission	A merchant performs a re-submission in cases where it requested an authorization, but received a decline due to insufficient funds; however, the goods or services were already delivered to the cardholder. Merchants in such scenarios can resubmit the request to recover outstanding debt from cardholders.
Reauthorization	A merchant initiates a re-authorization when the completion or fulfillment of the original order or service extends beyond the authorization validity limit set by Visa. There are two common re-authorization scenarios: • *Split or delayed shipments* at eCommerce retailers. A split shipment occurs when not all the goods ordered are available for shipment at the time of purchase. If the fulfillment of the goods takes place after the authorization validity limit set by Visa, eCommerce merchants perform a separate authorization to ensure that consumer funds are available. • Extended stay hotels, car rentals, and cruise lines. A re-authorization is used for stays, voyages, and/or rentals that extend beyond the authorization validity period set by Visa.
DelayedCharges	Delayed charges are performed to process a supplemental account charge after original services have been rendered and respective payment has been processed.
NoShow	Cardholders can use their Visa cards to make a guaranteed reservation with certain merchant segments. A guaranteed reservation ensures that the reservation will be honored and allows a merchant to perform a No Show transaction to charge the cardholder a penalty according to the merchant’s cancellation policy. Note: For merchants that accept token-based payment credentials to guarantee a reservation, it is necessary to perform a CIT (Account Verification Service) at the time of reservation to be able perform a No Show transaction later.

Note: It is always submitted in conjunction with the "schemeReferenceID" parameter. Please contact

Multiexcerpt include

SpaceWithExcerpt	EN
MultiExcerptName	Helpdesk-Name
PageWithExcerpt	Wording

for the supported Acquirer and card brands.

Dieser Parameter ist erforderlich, wenn eine branchenspezifische Transaktion entsprechend dem Kartenmarken MIT-Framework (Merchant Initiated Transactions) verarbeitet wird.

Zulässige Werte:

Werte	Anmerkungen
Resubmission	Ein Händler führt eine erneute Einreichung durch, wenn er eine Autorisierung angefordert hat, diese aber aufgrund unzureichender Mittel abgelehnt wurde; die Waren oder Dienstleistungen wurden jedoch bereits an den Karteninhaber geliefert. In solchen Szenarien können Händler den Antrag auf Beitreibung ausstehender Forderungen von Karteninhabern erneut einreichen.
Reauthorization	Ein Händler leitet eine erneute Autorisierung ein, wenn Abschluss oder Erfüllung der ursprünglichen Bestellung oder Dienstleistung die von Visa festgelegte Gültigkeitsdauer der Autorisierung überschreitet. Es gibt zwei gängige Szenarien für die erneute Autorisierung: • *Geteilte oder verzögerte Lieferung* be E-Commerce-Händlern. Eine Teillieferung liegt vor, wenn zum Zeitpunkt des Kaufs nicht alle bestellten Waren versandbereit sind. Erfolgt die Lieferung der Ware nach der von Visa festgelegten Gültigkeitsdauer der Autorisierung, führen E-Commerce-Händler eine separate Autorisierung durch, um sicherzustellen, dass Kundengelder verfügbar sind. • Verlängerte Hotelaufenthaltens, Autovermietungen und Keuzfahrten. Eine erneute Autorisierung wird für Aufenthalte, Reisen und/oder Anmietungen verwendet, die über die von Visa festgelegte Gültigkeitsdauer der Autorisierung hinausgehen.
DelayedCharges	Verzögerte Gebühren dienen dazu, um eine zusätzliche Kontogebühr zu verarbeiten, nachdem die ursprünglichen Dienstleistungen erbracht und die entsprechende Zahlung verarbeitet wurde.
NoShow	Karteninhaber können mit ihren Visa-Karten eine garantierte Reservierung bei bestimmten Händlersegmenten vornehmen. Eine garantierte Reservierung stellt sicher, dass die Reservierung berücksichtigt wird und ermöglicht es einem Händler, eine No-Show-Transaktion durchzuführen, um dem Karteninhaber eine Strafe gemäß den Stornierungsbedingungen des Händlers zu berechnen. Hinweis: Für Händler, die tokenbasierte Zahlungsinformationen akzeptieren, um eine Reservierung zu garantieren, ist es zum Zeitpunkt der Reservierung erforderlich, einen CIT (Kontoverifizierungsservice) durchzuführen, um später eine No-Show-Transaktion durchführen zu können.

Hinweis: Das wird immer zusammen mit dem Parameter "schemeReferenceID" übermittelt. Bezüglich unterstützer Acquirer und Kartenmarken wenden Sie sich bitte an den

Multiexcerpt include

SpaceWithExcerpt	EN
MultiExcerptName	Helpdesk-Name
PageWithExcerpt	Wording

.

Table Excerpt Include

static	true
name	Amount
page	Amount
type	page

Table Excerpt Include

static	true
name	Currency
page	Currency
type	page

Key	Format	CND	Description	Beschreibung
card	JSON	M	Card data	Kartendaten

Table Excerpt Include

static	true
name	Capture
page	Capture
type	page

Key	Format	CND	Description	Beschreibung
channel	a..20	C	Indicates the type of channel interface being used to initiate the transaction. Values accepted: `Browser` `App` `3RI` If not present the value `Browser` is implied.	Gibt die Art der verwendeten Schnittstelle zur Initiierung der Transaktion an. Zulässige Werte: `Browser` `App` `3RI` Wenn nicht angegeben, wird der Wert `Browser` verwendet.
billingDescriptor	ans..22	O	A descriptor to be printed on a cardholder’s statement. Please also refer to the additional comments made elswhere for more information about rules and regulations.	Ein auf dem Kontoauszug des Karteninhabers zu druckender Beschreiber. Beachten Sie bitte auch die andernorts gemachten zusätzlichen Hinweise für weitere Informationen über Regeln und Vorschriften.
OrderDesc	ans..768	O	Order description	Beschreibung der Bestellung
TermURL	ans..256	M	In case of

3DS

3-D Secure 1.0 fallback: the URL the customer will be returned to at the end of the

3DS

3-D Secure 1.0 authentication process.

Im Falle des

3DS

3-D Secure 1.0 Fallback: die URL, zu der der Kunde am Ende des

3DS

3-D Secure 1.0 Authentisierungsprozesses zurückgeleitet wird
AccVerify	a3	O	Indicator to request an account verification (aka zero value authorization). If an account verification is requested the submitted amount will be optional and ignored for the actual payment transaction (e.g. authorization). Values accepted: `Yes`	Indikator zur Anforderung einer Konto-Verifizierung (alias Nullwert-Autorisierung). Wenn eine Konto-Verifizierung angefordert wird, ist der übermittelte Betrag optional und wird für die tatsächliche Zahlungstransaktion (d.h. Autorisierung) ignoriert. Zulässige Werte: `Yes`
threeDSPolicy	JSON	O	Object specifying authentication policies and excemption handling strategies	Objekt, dass die Authentisierungs-Richtlinien und Strategien zur Behandlung von Ausnahmen angibt
threeDSData	JSON	C	Object detailing authentication data in case authentication was performed through a third party or by the merchant	Objekt mit Details der Authentisierungsdaten, falls die Authentisierung durch Dritte oder durch den Händler durchgeführt wurde
priorAuthenticationInfo	JSON	O	Prior Transaction Authentication Information contains optional information about a

3DS

3-D Secure cardholder authentication that occurred prior to the current transaction

Das Objekt Prior Transaction Authentication Information enthält optionale Informationen über eine

3DS

3-D Secure-Authentisierung eines Karteninhabers, die vor der aktuellen Transaktion erfolgt ist
browserInfo	JSON	C	Accurate browser information are needed to deliver an optimized user experience. Required for

3DS

3-D Secure 2.0 transactions.

Exakte Browserinformationen sind nötig, um eine optimierte Nutzererfahrung zu liefern. Erforderlich für

3DS

3-D Secure 2.0 Transaktionen.
accountInfo	JSON	O	The account information contains optional information about the customer account with the merchant. Optional for

3DS

3-D Secure 2.0 transactions.	Die Kontoinformationen enthalten optionale Informationen über das Kundenkonto beim Händler
billToCustomer	JSON	C	The customer that is getting billed for the goods and / or services. Required unless market or regional mandate restricts sending this information.	Der Kunde, dem die Waren und / oder Dienstleistungen in Rechnung gestellt werden. Erforderlich, sofern nicht Markt- oder regionale Mandate das Senden dieser Informationen beschränken.
shipToCustomer	JSON	C	The customer that the goods and / or services are sent to. Required (if available and different from billToCustomer) unless market or regional mandate restricts sending this information.	Der Kunde, an den die Waren und / oder Dienstleistungen gesendet werden. Erforderlich (falls verfügbar und von billToCustomer abweichend), sofern nicht Markt- oder regionale Mandate das Senden dieser Informationen beschränken.
billingAddress	JSON	C	Billing address. Required for

3DS

3-D Secure 2.0 (if available) unless market or regional mandate restricts sending this information.

Rechnungsadresse. Erforderlich für

3DS

3-D Secure 2.0 (falls verfügbar), sofern nicht Markt- oder regionale Mandate das Senden dieser Informationen beschränken.
shippingAddress	JSON	C	Shipping address. If different from billingAddress, required for

3DS

3-D Secure 2.0 (if available) unless market or regional mandate restricts sending this information.

Lieferadresse. Falls abweichend von billingAddress, erforderlich für

3DS

3-D Secure 2.0 (falls verfügbar), sofern nicht Markt- oder regionale Mandate das Senden dieser Informationen beschränken.
credentialOnFile	JSON	C	Object specifying type and series of transactions using payment account credentials (e.g. account number or payment token) that is stored by a merchant to process future purchases for a customer. Required if applicable.	Objekt, dass Art und Reihe der Transaktionen angibt, die unter Verwendung von beim Händler hinterlegten Zahlungsdaten (z.B. Kontonummer oder Zahlungs-Token) zur Verarbeitung künftiger Käufe eines Kunden erfolgen. Erforderlich, falls zutreffend.
merchantRiskIndicator	JSON	O	The Merchant Risk Indicator contains optional information about the specific purchase by the customer	Der Händler-Risikoindikator enthält optionale Informationen über den bestimmten Einkauf des Kunden
subMerchantPF	JSON	O	Object specifying SubMerchant (Payment Facilitator) details	Objekt, das die Details des SubMerchant (Payment Facilitator) angibt
URLNotify	an..256	M	The merchant URL that receive asynchrounous reqeusts during the authentication process	Die Händler-URL, die asynchrone Anfragen während des Authentisierungsprozesses empfängt

Table Excerpt Include

static	true
name	UserData
page	UserData
type	page

Table Excerpt Include

static	true
name	MAC
page	MAC
type	page

Response Elements

16246228067131753927259

Table Filter

id
default	Beschreibung
isFirstTimeEnter	false
hideColumns	true
sparkName	Sparkline
hidePane	true
datepattern	dd M yy

1625492202587_-

170864224
worklog	365\|5\|8\|y w d h m\|y w d h m
isOR	AND
separator	Point (.)
order	0

Multiexcerpt

MultiExcerptName	response_elements

1624622806717-1046994414

Table Transformer

id
dateFormat	dd M yy
export-word	false
show-source	false
export-csv	false

1625492202588_

221028620
transpose	false
worklog	365\|5\|8\|y w d h m\|y w d h m
separator	.
export-pdf	false
sql	SELECT * FROM T*

Table Excerpt Include

static	true
name	MID
page	MID
type	page

Table Excerpt Include

static	true
name	PayID
page	PayID
type	page

Table Excerpt Include

static	true
name	XID
page	XID
type	page

Table Excerpt Include

static	true
name	TransID
page	TransID
type	page

Key Format CND Description Beschreibung

Status

a..20

M

Status of the transaction.

Values accepted:

AUTHENTICATION_REQUEST
PENDING
FAILED

Status der Transaktion.

Zulässige Werte:

AUTHENTICATION_REQUEST
PENDING
FAILED

Table Excerpt Include

static	true
name	Description
page	Description
type	page

Table Excerpt Include

static	true
name	Code
page	Code
type	page

Table Excerpt Include

static	true
name	UserData
page	UserData
type	page

Key	Format	CND	Description	Beschreibung
versioningData	JSON	M	The Card Range Data data element contains information that indicates the most recent EMV 3-D Secure version supported by the ACS that hosts that card range. It also may optionally contain the ACS URL for the

3DS

3-D Secure Method if supported by the ACS and the DS Start and End Protocol Versions which support the card range.

Das Datenelement Card Range Data enthält Informationen, welche die jüngste vom ACS, der den Kartenbereich hostet, unterstützte EMV 3-D Secure-Version angeben. Es kann optional auch die ACS URL für die

3DS

3-D Secure Methode enthalten, falls vom ACS unterstützt, sowie die DS Start- und End-Protokoll-Versionen, die den Kartenbereich unterstützen.
threeDSLegacy	JSON	M	Object containing the data elements required to construct the Payer Authentication request in case of a fallback to

3DS

3-D Secure 1.0.

Objekt, dass die erforderlichen Datenelemente für die Konstruktion der Anfrage zur Zahler-Authentisierung im Falle eines Fallbacks auf

3DS

3-D Secure 1.0 enthält.

The versioningData object will indicate the EMV

3DS

3-D Secure protocol versions (i.e. 2.1.0 or higher) that are supported by Access Control Server of the issuer.

If the corresponding protocol version fields are NULL it means that the BIN range of card issuer is not registered for

3DS

3-D Secure 2.0 and a fallback to

3DS

3-D Secure 1.0 is required for transactions that are within the scope of PSD2 SCA.

When parsing versioningData please also refer to the subelement errorDetails which will specify the reason if some fields are not pupoluated (e.g. Invalid cardholder account number passed, not available card range data, failure in encoding/serialization of the

3DS

3-D Secure Method data etc).

versioningData

BASEURL=

Multiexcerpt include

SpaceWithExcerpt	EN
MultiExcerptName	BaseURL
PageWithExcerpt	Wording

Multiexcerpt

MultiExcerptName	versioningdata

Code Block

language	json
linenumbers	true

{
	"threeDSServerTransID": "14dd844c-b0fc-4dfe-8635-366fbf43468c",
	"acsStartProtocolVersion": "2.1.0",
	"acsEndProtocolVersion": "2.1.0",
	"dsStartProtocolVersion": "2.1.0",
	"dsEndProtocolVersion": "2.1.0",
	"threeDSMethodURL": "http://www.acs.com/script",
	"threeDSMethodDataForm": "eyJ0aHJlZURTTWV0aG9kTm90aWZpY2F0aW9uVVJMIjoiaHR0cHM6Ly93d3cuY29tcHV0b3AtcGF5Z2F0ZS5jb20vY2JUaHJlZURTLmFzcHg_YWN0aW9uPW10aGROdGZuIiwidGhyZWVEU1NlcnZlclRyYW5zSUQiOiIxNGRkODQ0Yy1iMGZjLTRkZmUtODYzNS0zNjZmYmY0MzQ2OGMifQ==",
	"threeDSMethodData": {
		"threeDSMethodNotificationURL": "BASEURLcbThreeDS.aspx?action=mthdNtfn",
		"threeDSServerTransID": "14dd844c-b0fc-4dfe-8635-366fbf43468c"
	}
}

3DS

3-D Secure Method

The

3DS

3-D Secure Method allows for additional browser information to be gathered by an ACS prior to receipt of the authentication request message (AReq) to help facilitate the transaction risk assessment. Support of

3DS

3-D Secure Method is optional and at the discretion of the issuer.

The versioningData object contains a value for threeDSMethodURL . The merchant is supposed to invoke the

3DS

3-D Secure Method via a hidden HTML iframe in the cardholder browser and send a form with a field named threeDSMethodData via HTTP POST to the ACS

3DS

3-D Secure Method URL.

3DS

3-D Secure Method: threeDSMethodURL

Multiexcerpt

MultiExcerptName	threeDSMethodURL
shouldDisplayInlineCommentsInIncludes	false

Image Modified

Please not that the threeDSMethodURL will be populated by

Multiexcerpt include

SpaceWithExcerpt	EN
MultiExcerptName	Platform-Name
PageWithExcerpt	Wording

if the issuer does not support the

3DS

3-D Secure Method. The

3DS

3-D Secure Method Form Post as outlined below must be performed independently from whether it is supported by the issuer. This is necessary to facilitate direct communication between the browser and

Multiexcerpt include

SpaceWithExcerpt	EN
MultiExcerptName	Platform-Name
PageWithExcerpt	Wording

in case of a mandated challenge or a frictionless flow.

3DS

3-D Secure Method: No issuer threeDSMethodURL

Multiexcerpt

MultiExcerptName	No issuer threeDSMethodURL
shouldDisplayInlineCommentsInIncludes	false

Image Modified3DS

3-D Secure Method Form Post

Multiexcerpt

MultiExcerptName	3ds_method

Code Block

language	xml
linenumbers	true

<form name="frm" method="POST" action="Rendering URL">
    <input type="hidden" name="threeDSMethodData" value="eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6IjNhYzdjYWE3LWFhNDItMjY2My03OTFiLTJhYzA1YTU0MmM0YSIsInRocmVlRFNNZXRob2ROb3RpZmljYXRpb25VUkwiOiJ0aHJlZURTTWV0aG9kTm90aWZpY2F0aW9uVVJMIn0">
</form>

The ACS will intercat with the Cardholder browser via the HTML iframe and then store the applicable values with the

3DS

3-D Secure Server Transaction ID for use when the subsequent authentication message is received containing the same

3DS

3-D Secure Server Transaction ID.

Info

title	Netcetera 3DS Web SDK

You may use the operations init3DSMethod or createIframeAndInit3DSMethod at your discreation from the nca3DSWebSDK in order to iniatiate the

3DS
3-D Secure Method. Please refer to the Integration Manual at https://mpi.netcetera.com/3dsserver/doc/current/integration.html#Web_Service_API.

Once the

3DS

3-D Secure Method is concluded the ACS will instruct the the cardholder browser through the iFrame response document to submit threeDSMethodData as a hidden form field to the

3DS

3-D Secure Method Notification URL.

ACS Response Document

Multiexcerpt

MultiExcerptName	acs_response

Code Block

language	xml
linenumbers	true

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8"/>
    <title>Identifying...</title>
</head>
<body>
<script>
    var tdsMethodNotificationValue = 'eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6ImUxYzFlYmViLTc0ZTgtNDNiMi1iMzg1LTJlNjdkMWFhY2ZhMiJ9';

    var form = document.createElement("form");
    form.setAttribute("method", "post");
    form.setAttribute("action", "notification URL");

    addParameter(form, "threeDSMethodData", tdsMethodNotificationValue);

    document.body.appendChild(form);
    form.submit();

    function addParameter(form, key, value) {
        var hiddenField = document.createElement("input");
        hiddenField.setAttribute("type", "hidden");
        hiddenField.setAttribute("name", key);
        hiddenField.setAttribute("value", value);
        form.appendChild(hiddenField);
    }
</script>
</body>
</html>

3DS

3-D Secure Method Notification Form

Multiexcerpt

MultiExcerptName	3ds_method_notification_form

Code Block

language	xml
linenumbers	true

<form name="frm" method="POST" action="3DS Method Notification URL">
    <input type="hidden" name="threeDSMethodData" value="eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6ImUxYzFlYmViLTc0ZTgtNDNiMi1iMzg1LTJlNjdkMWFhY2ZhMiJ9">
</form>

Note

Please note that the threeDSMethodNotificationURL as embedded in the Base64 encoded threeDSMethodData value points to

Multiexcerpt include

SpaceWithExcerpt	EN
MultiExcerptName	Platform-Name
PageWithExcerpt	Wording

and must not be modified. The merchant notification is delivered to the URLNotify as provided in the original request or as configured for the MerchantID in

Multiexcerpt include

SpaceWithExcerpt	EN
MultiExcerptName	Platform-Name
PageWithExcerpt	Wording

.

Authentication

If

3DS

3-D Secure Method is supported by the issuer ACS and was invoked by the merchant

Multiexcerpt include

SpaceWithExcerpt	EN
MultiExcerptName	Platform-Name
PageWithExcerpt	Wording

will automatically continue with the authentication request once the

3DS

3-D Secure Method has completed (i.e.

3DS

3-D Secure Method Notification).

The authentication result will be transferred via HTTP POST to the URLNotify . It may indicate that the Cardholder has been authenticated, or that further cardholder interaction (i.e. challenge) is required to complete the authentication.

In case a cardholder challenge is deemed necessary

Multiexcerpt include

SpaceWithExcerpt	EN
MultiExcerptName	Platform-Name
PageWithExcerpt	Wording

will transfer a JSON object within the body of HTTP browser response with the elements acsChallengeMandated , challengeRequest , base64EncodedChallengeRequest and acsURL . Otherwise, in a frictionless flow,

Multiexcerpt include

SpaceWithExcerpt	EN
MultiExcerptName	Platform-Name
PageWithExcerpt	Wording

will automatically continue and respond to the cardholder browser once the authorization completed.

Cardholder Challenge: Browser Response

Multiexcerpt

MultiExcerptName	Challenge - Browser Response
shouldDisplayInlineCommentsInIncludes	false

Browser Challenge Response

Data Elements

16246238252451753927259

Table Filter

id
default	Beschreibung
isFirstTimeEnter	false
hideColumns	true
sparkName	Sparkline
hidePane	true
datepattern	dd M yy

1625492202590_-

863270165
worklog	365\|5\|8\|y w d h m\|y w d h m
isOR	AND
separator	Point (.)
order	0

Multiexcerpt

MultiExcerptName	challenge_response

1624623825247-1046994414

Table Transformer

id
dateFormat	dd M yy
export-word	false
show-source	false
export-csv	false

1625492202591_

1231229094
transpose	false
worklog	365\|5\|8\|y w d h m\|y w d h m
separator	.
export-pdf	false
sql	SELECT * FROM T*

Key	Format	CND	Description	Beschreibung
acsChallengeMandated	boolean	M	Indication of whether a challenge is required for the transaction to be authorised due to local/regional mandates or other variable	Zeigt an, ob für die Autorisierung der Transaktion eine Challenge erforderlich ist wegen örtlicher/regionaler Vorgaben oder anderen Variablen
challengeRequest	object	M	Challenge request object	Objekt Challenge-Anfrage
base64EncodedChallengeRequest	string	M	Base64-encoded Challenge Request object	Base64-codiertes Objekt Challenge-Anfrage
acsURL	string	M	Fully qualified URL of the ACS to be used to post the Challenge Request	Vollständige URL des ACS, die für das Posten der Challenge-Anfrage verwendet werden soll

Schema: Browser Challenge Response

Multiexcerpt

MultiExcerptName	schema

Code Block

language	json
linenumbers	true

{
	"$schema": "http://json-schema.org/draft-07/schema#",
	"type": "object",
	"properties": {
		"acsChallengeMandated": {"type": "boolean"},
		"challengeRequest": {"type": "object"},
		"base64EncodedChallengeRequest": {"type": "string"},
		"acsURL": {"type": "string"}
	},
	"required": ["acsChallengeMandated", "challengeRequest", "base64EncodedChallengeRequest", "acsURL"],
	"additionalProperties": false
}

Sample: Browser Challenge Response

Multiexcerpt

MultiExcerptName	sample

Code Block

language	json
linenumbers	true

{
	"acsChallengeMandated": true,
	"challengeRequest": {
		"threeDSServerTransID": "8a880dc0-d2d2-4067-bcb1-b08d1690b26e",
		"acsTransID": "d7c1ee99-9478-44a6-b1f2-391e29c6b340",
		"messageType": "CReq",
		"messageVersion": "2.1.0",
		"challengeWindowSize": "01",
		"messageExtension": [
			{
				"name": "emvcomsgextInChallenge",
				"id": "tc8Qtm465Ln1FX0nZprA",
				"criticalityIndicator": false,
				"data": "messageExtensionDataInChallenge"
			}
		]
	},
	"base64EncodedChallengeRequest": "base64-encoded-challenge-request",
	"acsURL": "acsURL-to-post-challenge-request"
}

Authentication Notification

The data elements of the authentication notification are listed in the table below.

1624624101917-1753927259

Table Filter

id
default	Beschreibung
isFirstTimeEnter	false
hideColumns	true
sparkName	Sparkline
hidePane	true
datepattern	dd M yy

1625492202592_

69706183
worklog	365\|5\|8\|y w d h m\|y w d h m
isOR	AND
separator	Point (.)
order	0

Multiexcerpt

MultiExcerptName	authentification_notification

1624624101918-1046994414

Table Transformer

id
dateFormat	dd M yy
export-word	false
show-source	false
export-csv	false

1625492202593_

815229849
transpose	false
worklog	365\|5\|8\|y w d h m\|y w d h m
separator	.
export-pdf	false
sql	SELECT * FROM T*

Table Excerpt Include

static	true
name	MID
page	MID
type	page

Table Excerpt Include

static	true
name	PayID
page	PayID
type	page

Table Excerpt Include

static	true
name	TransID
page	TransID
type	page

Table Excerpt Include

static	true
name	Code
page	Code
type	page

Table Excerpt Include

static	true
name	MAC
page	MAC
type	page

Key	Format	CND	Description	Beschreibung
authenticationResponse	JSON	M	Response object in return of the authentication request with the ACS	Antwort-Objekt als Rückgabe zur Authentisierungs-Anfrage beim ACS

Browser Challenge

If a challenge is deemed necessary (see challengeRequest) the browser challenge will occur within the cardholder browser. To create a challenge it is required to post the value base64EncodedChallengeRequest via an HTML iframe to the ACS URL.

Challenge Request

Multiexcerpt

MultiExcerptName	challenge_request

Code Block

language	xml
linenumbers	true

<form name="challengeRequestForm" method="post" action="acsChallengeURL">
	<input type="hidden" name="creq" value="ewogICAgInRocmVlRFNTZXJ2ZXJUcmFuc0lEIjogIjhhODgwZGMwLWQyZDItNDA2Ny1iY2IxLWIwOGQxNjkwYjI2ZSIsCiAgICAiYWNzVHJhbnNJRCI6ICJkN2MxZWU5OS05NDc4LTQ0YTYtYjFmMi0zOTFlMjljNmIzNDAiLAogICAgIm1lc3NhZ2VUeXBlIjogIkNSZXEiLAogICAgIm1lc3NhZ2VWZXJzaW9uIjogIjIuMS4wIiwKICAgICJjaGFsbGVuZ2VXaW5kb3dTaXplIjogIjAxIiwKICAgICJtZXNzYWdlRXh0ZW5zaW9uIjogWwoJCXsKCQkJIm5hbWUiOiAiZW12Y29tc2dleHRJbkNoYWxsZW5nZSIsCgkJCSJpZCI6ICJ0YzhRdG00NjVMbjFGWDBuWnByQSIsCgkJCSJjcml0aWNhbGl0eUluZGljYXRvciI6IGZhbHNlLAoJCQkiZGF0YSI6ICJtZXNzYWdlRXh0ZW5zaW9uRGF0YUluQ2hhbGxlbmdlIgoJCX0KICAgIF0KfQ==">
</form>

You may use the operations init3DSChallengeRequest or createIFrameAndInit3DSChallengeRequest from the nca3DSWebSDK in order submit the challenge message through the cardholder browser.

Init

3DS

3-D Secure Challenge Request - Example

Multiexcerpt

MultiExcerptName	init_challenge_request

Code Block

language	xml
linenumbers	true

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <script src="nca-3ds-web-sdk.js" type="text/javascript"></script>
    <title>Init 3-D

3DS

Secure Challenge Request - Example</title>
</head>
<body>
<!-- This example will show how to initiate Challenge Reqeuests for different window sizes. -->
<div id="frameContainer01"></div>
<div id="frameContainer02"></div>
<div id="frameContainer03"></div>
<div id="frameContainer04"></div>
<div id="frameContainer05"></div>
<iframe id="iframeContainerFull" name="iframeContainerFull" width="100%" height="100%"></iframe>
  
<script type="text/javascript">
    // Load all containers
    iFrameContainerFull = document.getElementById('iframeContainerFull');
    container01 = document.getElementById('frameContainer01');
    container02 = document.getElementById('frameContainer02');
    container03 = document.getElementById('frameContainer03');
    container04 = document.getElementById('frameContainer04');
    container05 = document.getElementById('frameContainer05');
  
  
    // nca3DSWebSDK.init3DSChallengeRequest(acsUrl, creqData, container);
    nca3DSWebSDK.init3DSChallengeRequest('http://example.com', 'base64-encoded-challenge-request', iFrameContainerFull);
  
    // nca3DSWebSDK.createIFrameAndInit3DSChallengeRequest(acsUrl, creqData, challengeWindowSize, frameName, rootContainer, callbackWhenLoaded);
    nca3DSWebSDK.createIFrameAndInit3DSChallengeRequest('http://example.com', 'base64-encoded-challenge-request', '01', 'threeDSCReq01', container01);
    nca3DSWebSDK.createIFrameAndInit3DSChallengeRequest('http://example.com', 'base64-encoded-challenge-request', '02', 'threeDSCReq02', container02);
    nca3DSWebSDK.createIFrameAndInit3DSChallengeRequest('http://example.com', 'base64-encoded-challenge-request', '03', 'threeDSCReq03', container03);
    nca3DSWebSDK.createIFrameAndInit3DSChallengeRequest('http://example.com', 'base64-encoded-challenge-request', '04', 'threeDSCReq04', container04);
    nca3DSWebSDK.createIFrameAndInit3DSChallengeRequest('http://example.com', 'base64-encoded-challenge-request', '05', 'threeDSCReq05', container05, () => {
        console.log('Iframe loaded, form created and submitted');
    });
</script>
  
</body>
</html>

Once the cardholder challenge is completed, was cancelled or timed out the ACS will instruct the browser to post the results to the notfication URL as specified in the challenge request and to send a Result Request (RReq) via the Directory Server to the

3DS

3-D Secure Server.

Note

Please note that the notification URL submited in the challenge request points to

Multiexcerpt include

SpaceWithExcerpt	EN
MultiExcerptName	Platform-Name
PageWithExcerpt	Wording

and must not be changed.

Authorization

After succefull cardholder authentication or proof of attempted authentication/verification is provided

Multiexcerpt include

SpaceWithExcerpt	EN
MultiExcerptName	Platform-Name
PageWithExcerpt	Wording

will automatically continue with the payment authorization.

In case the cardholder authentication was not succesfull or proof proof of attempted authentication/verification can not be provided

Multiexcerpt include

SpaceWithExcerpt	EN
MultiExcerptName	Platform-Name
PageWithExcerpt	Wording

will not continue with an authorization request.

In both cases

Multiexcerpt include

SpaceWithExcerpt	EN
MultiExcerptName	Platform-Kurz
PageWithExcerpt	Wording

will deliver a final notification to the merchant specified URLNotify with the data elements as listed in the table below.

Payment Notification

16246245451761753927259

Table Filter

id
default	Beschreibung
isFirstTimeEnter	false
hideColumns	true
sparkName	Sparkline
hidePane	true
datepattern	dd M yy

1625492202594_-

398328237
worklog	365\|5\|8\|y w d h m\|y w d h m
isOR	AND
separator	Point (.)
order	0

Multiexcerpt

MultiExcerptName	payment_notification

16246245451791046994414

Table Transformer

id
dateFormat	dd M yy
export-word	false
show-source	false
export-csv	false

1625492202596_-

1528328090
transpose	false
worklog	365\|5\|8\|y w d h m\|y w d h m
separator	.
export-pdf	false
sql	SELECT * FROM T*

Table Excerpt Include

static	true
name	MID
page	MID
type	page

Key Format CND Description Beschreibung

MsgVer

ans..5

M

Message version.

Accepted values:

2.0

Message-Version.

Zulässige Werte:

2.0

Table Excerpt Include

static	true
name	PayID
page	PayID
type	page

Table Excerpt Include

static	true
name	XID
page	XID
type	page

Table Excerpt Include

static	true
name	TransID
page	TransID
type	page

Key Format CND Description Beschreibung

schemeReferenceID

ans..64

C

Card scheme specific transaction ID required for subsequent credential-on-file payments, delayed authorizations and resubmssions.

Kartensystemspezifische Transaktions-ID, die für nachfolgende Zahlungen mit hinterlegten Daten, verzögerte Autorisierungen und Wiedereinreichungen erforderlich ist

TrxTime

an21

M

Transaction time stamp in format DD.MM.YYYY HH:mm:ssff

Zeitstempel der Transaktion im Format DD.MM.YYYY HH:mm:ssff

Status

a..20

M

Status of the transaction.

Values accepted:

Authorized
OK (Sale)
PENDING
FAILED

In case of Authentication-only the Status will be either OK or FAILED .

Status der Transaktion.

Zulässige Werte:

Authorized
OK (Sale)
PENDING
FAILED

Im Falle von nur Authentisierung ist der Status entweder OK oder FAILED.

Table Excerpt Include

static	true
name	Description
page	Description
type	page

Table Excerpt Include

static	true
name	Code
page	Code
type	page

Table Excerpt Include

static	true
name	MAC
page	MAC
type	page

Key	Format	CND	Description	Beschreibung
card	JSON	M	Card data	Kartendaten
ipInfo	JSON	O	Object containing IP information	Objekt mit IP-Informationen
threeDSData	JSON	M	Authentication data	Authentisierungsdaten
resultsResponse	JSON	C	In case the authentication process included a cardholder challenge additional information about the challenge result will be provided.	Falls der Authentisierungsprozess eine Challenge des Karteninhabers enthalten hat, werden zusätzliche Informationen über das Ergebnis der Challenge bereitgestellt

Browser Payment Response

Additionally the JSON formated data elements as listed below are trasferred in the HTTP response body to the cardholder browser. Please note that the data elements (i.e. MID , Len , Data ) are base64 encoded.

Data Elements

1624624936892-1753927259

Table Filter

id
default	Beschreibung
isFirstTimeEnter	false
hideColumns	true
sparkName	Sparkline
hidePane	true
datepattern	dd M yy

1625492202597_

2129413440
worklog	365\|5\|8\|y w d h m\|y w d h m
isOR	AND
separator	Point (.)
order	0

Multiexcerpt

MultiExcerptName	payment_response

16246249368931046994414

Table Transformer

id
dateFormat	dd M yy
export-word	false
show-source	false
export-csv	false

1625492202598_-

100517279
transpose	false
worklog	365\|5\|8\|y w d h m\|y w d h m
separator	.
export-pdf	false
sql	SELECT * FROM T*

Table Excerpt Include

static	true
name	MID
page	MID
type	page

Key	Format	CND	Description	Beschreibung
Len	integer	M	Length of the unencrypted `Data` string	Länge des unverschlüsselten Strings `Data`
Data	string	M	Blowfish encrypted string containg a JSON object with `MID` , `PayID` and `TransID`	Blowfish-verschlüsselter String, der ein JSON-Objekt mit `MID`, `PayID` und `TransID` enthält

Schema

Multiexcerpt

MultiExcerptName	response_schema

Code Block

language	json
linenumbers	true

{
	"$schema": "http://json-schema.org/draft-07/schema#",
	"type": "object",
	"properties": {
		"MID": {
			"type": "string"
		},
		"Len": {
			"type": "integer"
		},
		"Data": {
			"type": "string"
		}
	},
	"required": ["MID", "Len", "Data"],
	"additionalProperties": false
}

Merchants are supposed to forward these data elements to their server for decryption and mapping agianst the payment notification. Based on the payment results the merchant server may deliver an appropriate response to the cardholder browser (e.g. success page).

Decrypted `Data`

16246253632601408212006

Table Filter

id
default	Beschreibung
isFirstTimeEnter	false
hideColumns	true
sparkName	Sparkline
hidePane	true
datepattern	dd M yy

1625492202599_-

528830725
worklog	365\|5\|8\|y w d h m\|y w d h m
isOR	AND
separator	Point (.)
order	0

Multiexcerpt

MultiExcerptName	decrypted_data

16246253632621135786172

Table Transformer

id
dateFormat	dd M yy
export-word	false
show-source	false
export-csv	false

1625492202600_

2070509802
transpose	false
worklog	365\|5\|8\|y w d h m\|y w d h m
separator	.
export-pdf	false
sql	SELECT * FROM T*

Table Excerpt Include

static	true
name	MID
page	MID
type	page

Table Excerpt Include

static	true
name	PayID
page	PayID
type	page

Table Excerpt Include

static	true
name	TransID
page	TransID
type	page

Sample decrypted `Data`

column

Multiexcerpt

MultiExcerptName	sample_decrypted_data

Code Block

language	xml
linenumbers	true

MID=YourMID&PayID=PayIDassignedbyPlatform&TransID=YourTransID

Space shortcuts

Page tree

Versions Compared

Old Version 10

New Version 11

Key

Overview

Payment Initiation

Request Elements

Response Elements

3-D Secure Method

Authentication

Browser Challenge Response

Data Elements

Schema: Browser Challenge Response

Sample: Browser Challenge Response

Authentication Notification

Browser Challenge

Authorization

Payment Notification

Browser Payment Response

Data Elements

Schema

Decrypted `Data`

Sample decrypted `Data`

Paygate

Computop

Help

Intranet Tools

Space shortcuts

Page tree

Page History

Versions Compared

Old Version 10

New Version 11

Key

Overview

Payment Initiation

Request Elements

Response Elements

3-D Secure Method

Authentication

Browser Challenge Response

Data Elements

Schema: Browser Challenge Response

Sample: Browser Challenge Response

Authentication Notification

Browser Challenge

Authorization

Payment Notification

Browser Payment Response

Data Elements

Schema

Decrypted Data

Sample decrypted Data

Decrypted `Data`

Sample decrypted `Data`