3D Security
3D Secure functionality allows a merchant to process Verified by Visa and MasterCard SecureCode through a single payment gateway. Use of this functionality provides additional chargeback protection and preferred Interchange rates.
This process involves the additional requirement of posting a URL for the consumer to either register their card or perform the secure code process as part of their transaction request.
Contents
Introduction
3D Secure, also known as Verified by Visa and MasterCard SecureCode are security protocols developed by the associations to allow consumers to shop in a more secure environment on the Internet. These programs allow participating issuers and their cardholders to validate that the online purchaser is the cardholder, reducing overall online fraud.
Merchants are encouraged to participate and may receive Interchange benefits as well as some limited chargeback protection.
Transaction flow
- During the checkout process, information is routed to the appropriate card association to verify their enrollment status.
- If a cardholder is enrolled, the cardholder’s bank will display an authentication form.
- Cardholder completes authentication form and bank validates if the data entered is correct.
- Results are returned to the merchant with data elements that are proof the merchant performed the authentication or attempted to authenticate the cardholder.
- The transaction is then sent for the typical authorization including address verification.
Chargeback Protection
Visa and MasterCard rules related to chargeback protection vary depending on authentication results (authentication versus attempted authentication). For authenticated transactions merchants are generally protected from the “No Cardholder Authorization†or “Cardholder Does Not Recognize Transaction†chargeback reason codes.
Prior to implementation, merchants should obtain the most recent rules and regulations related to this service.
360 One API: 3D Security Interface
Merchants wishing to use this feature must contact their representative to be enrolled in the two programs and will then need to update their check out software to implement the required additional steps.
Usage
3D Security is provided as a value added service to registered payment gateway users. This feature allows merchants to implement Verified By Visa and MasterCard SecureCode programs without requiring use of a separate API.
When processing a 3D transaction, it is acceptable to use the validation data from an initial authorization when a subsequent authorization is needed (such as in the case of a backorder, etc.). They key is that the cardholder validated the initial transaction with the merchant. This validation is good for up to 90 days, therefore authorizations that occur after that timeframe must initiate a new 3D validation with the cardholder.
Request Flow
Merchant check out process must perform the following tasks when performing Verified by Visa or MasterCard SecureCode transactions.
- Execute an enrollment check request (transaction type E) to the 360 One API. \If the enrollment status is N process to last step.
- Store the 3d_transaction_id returned in the response for subsequent use.
- Forward the cardholder to the 3d_acs_url returned in the enrollment check response passing the 3d_payloadfrom the enrollment response in the PaReq parameter. The merchant is also responsible for providing a URL for the issuer to return the cardholder to once validation is complete. The return URL should be passed to the 3d_acs_urlin the TermUrl parameter.
- Execute an authorization request. If 3D security validation completed successfully, pass the PaRes from the issuer result in the 3d_payload request parameter and the 3d_transaction_id stored during step 2.
Request fields
Enrollment Request
Field Name | Description | Required | Length | Format | Comments |
---|---|---|---|---|---|
transaction_type | Transaction Type | Yes | 1 | A/N | Always E |
Immediate Sale or Pre-Authorization with 3D Security
Field Name | Description | Required | Length | Format | Comments |
---|---|---|---|---|---|
transaction_type | Transaction Type | Yes | 1 | A/N | D or P |
3d_payload | 3D Security Type | Yes | vaiable | A/N | Pass the value returned from the card issuer in the PaRes parameter. |
3d_transaction_id | 3D Security Transaction ID | Yes | 1 | A/N | Pass the 3d_transaction_idreturned in the enrollment response. |
Response fields
Field Name | Description | Length | Format | Comments |
---|---|---|---|---|
3d_payload | 3D Security Payload | variable | A/N | Contains the 3D Payload returned from the card issuer verification process. |
3d_transaction_id | 3D Security Transaction ID | 32 | A/N | Returned by the enrollment check process. Must be passed back to the API during the card authorization process. |
3d_order_id | 3D Security Order ID | 17 | A/N | This will contain the purchase_id from the original enrollment request. |
3d_acs_url | 3D Security Validation URL | vaiable | A/N | This field will be URL encoded. Merchants need to forward their customers to this URL to complete the 3D validation process. |
3d_enrollment | 3D Security Enrollment Flag | 1 | A/N | Values:* Y = Card Issuer is enrolled* N = Card Issuer is not enrolled. |
Examples
Enrollment Request
- https://cert.merchante-solutions.com/mes-api/tridentApiprofile_id=xxxxxxxxxxxxxxxxxxxx&pro
file_key=xxxx&transaction_type=E&transaction_amount=1.00&card_number=4012888812348882&card
_exp_date=0210
Response
- transaction_id=f2eb6b9576ea38c8afe27779e2ef05c1&error_code=000&auth_response_text=RequestC
omplete&moto_ecommerce_ind=07&3d_enrolled=Y&3d_transaction_id=IiO6SKBOVanlrv9zgebw&d_order
_id=3338523554448173&3d_acs_url=https%3A%2F%2Ftestcustomer34.cardinalcommerce.co%2FV3DSSta
rt%3Fosb%3Dvisa–3%26VA%3DB&3d_payload=eNpVUtluwjAQfPdXoKpS33BCjAposcRRxBlutepbMFtIASc4DtfX
1w5QWj%2FtrNfjmbFhtlaIzSmKVCGHASZJsMJcuKw%2B9Q7x2Yuak1nZ7%2FluN%2FJidnniKpNc%2FhgCoJI8ndvJ
MvAL1DYiiUWAdScwjEvt7xOWPM8zygN0hgh6rT5GXmOmaVHOaVgV57BGSwQ95Yp2LzkuQ0Jhpo1iIgolRqdeYl5gC9
AwKp2vK11nFSoVSg1KHErT2XF4FahjLYimhnyAXmTQHUjhOgD5Gj1FaJ8X4Kl3zqfR5x5h8mre58OC%2F2Z9%2Bt3u
LiH%2F12VAVqJwgsA4284Dhlp%2Bi85txihbGK6wLN%2BgSCndXGn00wRugNEYjtPbUrcu3O34ZxlyqFUtzt3REBPM
WRNL64Cfm3Ng4euhttG7XQJj9%2FM6zX3o9fxctHOh9jwX3zB%2FGqP1aLo80%2Fm8koQ5OdUXHlDLMgqeWht9elt4
9gqn8f5AfZdbdR
Sale Request
- https://cert.merchante-solutions.com/mes-api/tridentApiprofile_id=xxxxxxxxxxxxxxxxxxxx&pro
file_key=xxxx&transaction_type=D&cardholder_street_address=123&cardholder_zip=55555&cvv2=1
23&transaction_amount=1.00&card_number=4012888812348882&card_exp_date=0210&invoice_number=
11f28b27c8add98b7&3d_payload=(PaRes returned from Cardinal)&3d_transaction_id=IiO6SKBOVanl
rv9zgebwÂ
Response
- transaction_id=9e395f681bd9333a8a9f5720ee4f18c5&error_code=000&auth_response_text=ZipMatch
&avs_result=Y&cvv2_result=M&auth_code=T8311H