Context
EMV® Three-Domain Secure (3DS) is a messaging protocol developed by EMVCo. It allows consumers to authenticate themselves with their card issuer.
Our solution uses 3DS check to:
- Protect merchants from exposure to fraud and prevent unauthorized transactions.
- Shift liability for chargebacks for fraudulent transactions from merchants onto the card issuer.
- Help merchants (in UK) wanting PSD2 compliant Strong Customer Authentication (SCA) management and exception handling.
3D Secure 2 is an extra security layer defined by EMVCo and major credit card schemes for CNP (card-not-present) transactions. As an e-commerce authentication protocol, it enables the secure processing of payment, non-payment, and account confirmation of card transactions.
Using 3D Secure 2, the issuer inspects over 100 data parameters to:
- verify the cardholder’s authenticity
- assess the risk level of the transaction
It acts as a protocol to authenticate a cardholder or verify an account during an e-commerce transaction:
- When the issuer determines the authentication is successful, the merchant can process the transaction without any cardholder interaction.
- If the issuer classifies the transaction as risky it challenges the customer to confirm their identity using Strong Customer Authentication (SCA) mechanisms.
This is a working document created for functioning of a standalone plug-in system for 3DS2 Authentication.
Features
Authentication workflows
- Frictionless
- challenge
- 3RI
Server Integration
- Use the Web SDK to handle the 3D Secure check on your behalf
Workflow
Implementation
A lightweight javascript to be placed on the website. Basic data related to payment is to be passed in the Javascript SDK. The SDK will return Authentication Tokens, Directory Server Transaction IDs & ECI (Electronic Commerce Indicator) to be passed to the Payment Processor to get the Liability Shift on the Transaction.
Information Fields
The information that is sent to the 3DS2 system for authentication is as below
- purchaseAmount
Amount to be authenticated For eg. 295.98 - acctNumber
Credit Card Number. For eg. 4111111111111111 - cardExpiryDate
Credit Card Expiry Date in YYMM Format. For eg. 2502 - cardholderName
Full Name of the card holder. For eg. Frida Samuels - billAddrLine1
Billing Address Line. For eg. 931 Beverly Dr. - billAddrCity
Billing Address City. For eg. Corpus Christi - billAddrState
Billing Address State Code. For eg. TX - billAddrCountry
Billing Address Country Code. For eg. US for United States - billAddrPostCode
Billing Address Postal Code. For eg. 78413 - deliveryEmailAddress
Customer Email Address. For eg. fridasamuel@yahoo.com - purchaseCurrency
Purchase Currency. For eg. USD for United States Dollar - browserIP
Customer’s IP address. For eg. 166.205.209.43 - homePhone
- cc
This is a calling country code of the user’s home phone. For eg. 1 for US - subscriber
This is for sending the customer’s phone number. For eg. 2131231231
- cc
- mobilePhone
- Cc
This is a calling country code of the user’s mobile phone. For eg. 1 for US - subscriber
This is for sending the customer’s mobile phone number. For eg. 2131231231
- Cc
Sample Request and Response
The request looks something like below:
The response generated by 3DS2 Authenticator looks something like below:
In the response, the fields that needs to be sent to the payment processor are:
- authenticationValue
- dsTransID
- eci
Presence of transStatus value as Y or A represents the Liability Shift.
