3D Secure

3D secure 2 is the latest standard released by EMVCo that allows merchants and payment service providers to send additional data elements to the issuing bank of the cardholder, which in turn, makes it possible for the issuer of the card to perform frictionless authentication and offer an improved, better, user experience to the cardholder. With the additional data elements relating to the cardholder, issuers can apply Frictionless Authentication flows or “Challenged” authentication flows.

Frictionless Authentication Flows: issuers can apply risk-based decisions using the additional data received and trust that the real cardholder is making the purchase and auto authenticate the transaction in the background without requesting any additional information from the cardholder.

Challenged Authentication Flows: When the issuer cannot apply risk-based decision using the data on record, additional information to authenticate the payment is then requested from the cardholder.

Verified by VISA (VbV),
SecureCode by Mastercard,
SafeKey by American Express,
UPOP by UPI
Protect Buy by Diners

Merchant Benefits

Acceptance of authenticated transactions via 3D secure deters unauthorized card use.
Enables the merchants to receive protection, liability shift from fraudulent chargeback activity

Integrate 3D Secure

Integrate 3D Secure functions via the iVeri Gateway

Implement a form post with the required data
When received, the Gateway will process and handle the enrollment lookups, authentication with the 3DS provider on your behalf
On completion, of the authentication, the merchant can submit payment instruction with the 3D 2 authentication data

Integrate 3D Secure directly with the 3DSecure MPI vendor

Contact 3D secure Vendor
Integrate the 3D secure using the 3D secure integration specification from the MPI/3D Secure vendor
On completion of the 3D secure process, merchants, or Payment service Provider (PSP) can include 3D secure authentication data on the payment instructions to the iVeri Gateway.
When received, the Gateway will process the payment to the appropriate acquirer

Integration Prerequisites

Merchant must request a certificate in the merchant portal - Backoffice.
- The generated certificate ID is only applicable on the Authorisation/Debit message not the 3DS process.
The merchants application ID must be enabled for 3DS 2
Merchant Profile
- A merchants test application ID must be enabled for 3DS 2. Contact iVeri support on assist@iveri.com to enable 3D secure.
- Integration testing using should use the test application and corresponding 3D secure test cards

3DS 2 Endpoint

3D secure	https:// [portal base URL]/threedsecure/EnrollmentInitial
Method:	POST
Format:	FormData

Integration Method

Implementation of 3DS 2 to the iVeri Gateway can be done by either using as a form Post or Pop-up

3D Secure Process

Submit 3D secure request in a Form POST or Pop-Up method
1. Post request on /threedsecure/EnrollmentInitial
2. The iVeri Gateway act as proxy and submits the 3D secure request to the 3DS MPI onbehalf of the merchant
3D secure MPI returns the status to the iVeri Gateway
iVeri Gateway posts the status of the 3D secure authentication to the merchant ReturnURL
Depending on the data set returned, the merchant can proceed with the payment instruction ( Debit/Authorisation) or the transaction will have to be terminated to the customer.

3DS 2 Parameters

Request Parameters

Parameter	Description
Merchant ReturnUrl	Mandatory: The URL which the Gateway will post return response parameters to
ApplicationID	Mandatory: Merchant Application ID generated upon the creation of the merchant profile on the iVeri Gateway
MerchantReference	Mandatory: A merchant generated identifier that is unique within a specified time that identifies a transaction sequence.
Amount	Mandatory: The total value of the transaction in the smallest unit of the currency specified (eg in cents)
Currency	Mandatory: The ISO 4217 currency code of the value of the transaction. e.g., USD or ZAR or GBP
PAN	Mandatory: Card number used for transaction
ExpiryDate	Mandatory: The last month of the validity period of the card, formatted as MMYY or MMYYYY
CardSecurityCode	The 3 or 4 digits printed on the card which are not contained on the magnetic strip. Usually printed after the Card number on the signature strip. Corresponds to American Express CIV, MasterCard CVC2 and VISA CVV2

Note:  Depending on the result of 3D secure authentication, the following fields will be returned

Parameter	Description
ApplicationID	Identification of the merchant profile performing the transaction
MerchantReference
Amount
Currency
JWT
PAN
ExpiryDate
ResultCode
ResultDescription
ThreeDSecure_AuthenticationType	Expected Value: 01
CardHolderAuthenticationID	Commonly known XID: Unique identifier generated during the 3DS process
CardHolderAuthenticationData
ElectronicCommerceIndicator	Commonly known as “ECI”: Indicates if the cardholder was fully authenticated, attempted or not. Possible values: ThreeDSecure (ECI “05”, “02”), ThreeDSecureAttempted (“ECI “06” or “01”) or SecureChannel (ECI “07”)
ThreeDSecure_VEResEnrolled	Possible values: Y\|N\|U - Indicates if the card is enrolled.
ThreeDSecure_RequestID
ThreeDSecure_ProtocolVersion	Indicates the version of 3D secure used
ThreeDSecure_DSTransID	Directory Server Transaction ID returned for the transaction

3D Secure 2 implementation using the Pop-Up Method

Mandatory Requirements

jQuery
Bootstrap

Step1: Initialize the popup

Include the following javascript code on your webpage that you want to initiate 3DS from:

$(document).ready(function () {

tdsboxInitialise('[portal domain]',

tdsboxComplete);

});

Step2: Load the popup and shows the modal dialog

function loadModal() {

var jsonObject = {

ApplicationID : $("#ApplicationID").val(),

MerchantReference : $("#MerchantReference").val(),

Amount : $("#Amount").val(),

Currency : $("#Currency").val(),

PAN : $("#PAN").val(),

ExpiryDate : $("#ExpiryDate").val()

};

var data = JSON.stringify(jsonObject);

tdsboxSubmit(data);

}

Step 3: Gets the response back after 3D 2 Completes

function tdsboxComplete(data) {

alert(data);

}

3D Secure 2 implementation using the Form Post

Merchant can POST Form variables to the 3DS 2 endpoint, which is redirect over the browser. On completion of the 3D secure process, the Gateway will return the result to the merchant ReturnURL. The result returned to the merchant will either allow for the continuation of the Authorisation/debit instruction or result in the termination of the transaction by the merchant to the customer.

Format: Form Data

Form Post request Sample

<div>Amount:</div><input type="text" name="Amount" id="Amount" value="2000" /></br>

<div>Reference:</div><input type="text" name="MerchantReference" id="MerchantReference" value="3DS2:20210920.001" /></br>

<div>Expiry:</div><input type="text" name="ExpiryDate" id="ExpiryDate" value="012023" /></br>

<br />

</form>

Authorisation/Debit with 3DS 2 Data

Merchants have the choice of doing 3D secure authentication directly with the 3DS Vendor ("MPI") or via the iVeri Gateway. In any event, when the authentication process is completed successfully, the merchant can POST the payment instruction to the iVeri Gateway with the authentication data using the SOAP or REST webservice.

Debit/Authorisation Payment Parameters

The applicable set of 3DS 2 parameters are expected in the Authorisation/Debit message are as follows

Parameter	Description

CardHolderAuthenticationID	Mandatory for 3DS 1 and 2: Commonly known as an XID: Unique identifier generated during the 3D secure process
CardHolderAuthenticationData	Mandatory for 3DS 1 and 2: Commonly known as UCAF -(universal cardholder authentication field) for Mastercard or CAVV( cardholder authentication verification value), generated on completion of the authentication between cardholder and card issuer
ElectronicCommerceIndicator	Mandatory for 3DS 1 and 2: Commonly known as “ECI”: Indicates if the cardholder was fully authenticated, attempted or not. Possible values: ThreeDSecure (ECI “05”, “02”), ThreeDSecureAttempted (“ECI “06” or “01”) or SecureChannel (ECI “07”)
ThreeDSecure_VEResEnrolled	Optional: Possible values: Y\|N\|U - Indicates if the card is enrolled.
ThreeDSecure_RequestID	Optional: Unique identifier returned by the Gateway on completion of the 3D secure authentication process
ThreeDSecure_AuthenticationType	Optional: Possible values( not limited to) "01", "02", "03". Must be as generated on completion of the 3D secure authentication process. indicates the method of authentication used.
ThreeDSecure_ProtocolVersion	Mandatory: Indicates the version of 3D secure used
ThreeDSecure_DSTransID	Mandatory: Directory Server Transaction ID returned on completion of the 3D secure authentication process

Webservice Service Payment Samples

For submission of transactions to the Gateway the merchant can post to the existing Portal URL's . The Portal URL's are listed in the REST and SOAP sections by acquiring bank. As a note, the submission of the Debit/Authorisation message assumes the following:

3DS 2 authentication was a success.
The merchant is making use of the test application ID with mode "Test" for integration testing

REST Webservice

Format: JSON

Transaction Endpoint - https://[portal domain]/api/transactions

Request
{
"Version": "2.0",
"CertificateID": "{DE3022CE-15A2-4702-A46B-CC9710463135}", //replace with merchant certID
"ProductType": "Enterprise",
"ProductVersion": "WebAPI",
"Direction": "Request",
"Transaction": {
"ApplicationID": "{851282c8-194c-42da-a09b-333160959e39}",
"Command": "Debit",
"Mode": "Test",
"MerchantReference": "20250207_09086789031",
"MerchantTrace":"202500207_4054711",
"Currency": "ZAR",
"Amount": "10000",
"ExpiryDate": "0929",
"PAN": "4069........9137", //tokenised data
"CardHolderPresence": "COF",
"TransactionIndex": "{D4AAEDFC-6C60-4E00-8AF1-67FB760DCF49}",
"PANFormat":"TransactionIndex",
"CardHolderAuthenticationID": "+9z/hOi4392ov0GJd2AEYIPQP8g=",
"CardHolderAuthenticationData": "AAEBApN3IgAAAAPocQNYdISCkYQ=",
"ElectronicCommerceIndicator": "ThreeDSecure",
"ThreeDSecure_DSTransID": "3ee1816c-80b5-4cf3-933a-e5a258019d60",
"ThreeDSecure_AuthenticationType": "01",
"ThreeDSecure_ProtocolVersion": "2.1.0"

}
}

Response

{

"Version": "2.0",

"CertificateID": "{4c96973f-71dd-4044-802d-6e234effe8f2}",

"ProductType": "Enterprise",

"ProductVersion": "WebAPI",

"Direction": "Request",

"Transaction": {

"ApplicationID": "{ca8a6eae-a469-4b39-bef3-aa029ca3a806}",

"Command": "Debit",

"Mode": "Test",

"Amount": "1500",

"ExpiryDate": "0123",

"MerchantReference": "3DS2:20210920.004",

"Currency": "ZAR",

"PAN": "4069425217889137",

"ThreeDSecure_ProtocolVersion": "2.1.0",

"CardHolderAuthenticationID": "xVyRZy0bYuN69j1pZi/zlmC68Vw=",

"CardHolderAuthenticationData": "AJkBCWhygQAAAAEDhXKBAAAAAAA=",

"ElectronicCommerceIndicator": "ThreeDSecure",

"ThreeDSecure_DSTransID": "2e962032-0499-4fb6-9cf3-e640ceebeb63",

"ThreeDSecure_AuthenticationType": "01"

"ThreeDSecure_VEResEnrolled": "Y"

}

SOAP Webservice

Format: XML

Transaction Endpoint - https://[portal domain] /iVeriWebservice/Service.asmx

Request

<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">

<soap:Body>

<validateRequest>false</validateRequest>

<request><V_XML Version="2.0" CertificateID="b2fd980c-f61a-473e-a685-5e8d38595d84" ProductType="Enterprise"

ProductVersion="iVeriWebService" Direction="Request">

<ElectronicCommerceIndicator>ThreeDSecure</ElectronicCommerceIndicator>

<CardHolderAuthenticationID>nhkWtFs6DlxCbpAyOFmjjxTtZOc=</CardHolderAuthenticationID>

<CardHolderAuthenticationData>AJkBCIZ1CQAAAAfQcQADdISCkYQ=</CardHolderAuthenticationData>

<ThreeDSecure_ProtocolVersion>2.1.0</ThreeDSecure_ProtocolVersion>

<ThreeDSecure_DSTransID>c43c9d4a-3461-46e9-be29-3c7a0e033e11</ThreeDSecure_DSTransID>

<ThreeDSecure_AuthenticationType>01</ThreeDSecure_AuthenticationType>

<ThreeDSecure_VEResEnrolled>Y</ThreeDSecure_VEResEnrolled>

</Transaction>

</V_XML>

</request>

</Execute>

</soap:Body>

</soap:Envelope>

Response <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">

<soap:Body>

<ElectronicCommerceIndicator>ThreeDSecure</ElectronicCommerceIndicator>

<Terminal>Default</Terminal>

<MerchantName>iVeri Payment Technology</MerchantName>

<Acquirer>NBPostilionNBSouthAfrica</Acquirer>

<CardType>Unknown Card Type</CardType>

<Issuer>Unknown Issuer</Issuer>

<Jurisdiction>International</Jurisdiction>

<PANMode>Keyed,CVV</PANMode>

<CardHolderPresence>CardNotPresent,eCommerce,ThreeDSecure</CardHolderPresence>

<MerchantAddress>MERCHANT ADDRESS</MerchantAddress>

<MerchantCity>Sandton</MerchantCity>

<MerchantCountry>South Africa</MerchantCountry>

<DistributorName>Nedbank</DistributorName>

</Transaction>

</V_XML></ExecuteResult>

</ExecuteResponse>

</soap:Body>

</soap:Envelope>

3D Secure 2 Test Cases

The MPI test cases that should be used are depended on the acquiring bank that holds the merchant agreement or PSP that will be processing the payments on the Gateway on behalf of the merchant

Things to note about the test cards:

CVV not required
Expiry must be current or future date

BANKSERV

For merchants and acquiring banks in South Africa and Kenya

Frictionless Full authentication
Scenario 1	Authenticated Frictionless Transaction
Test Values	Visa:4069425217889137, 4070426536557386 MC:5163426869252246, 518959787009697 DINERS:36135230403232
Expected results - Lookup	EnrolledStatus: Y paresTxStatus: Y TDS2.transStatus: Y ECI (Visa): 05 ECI (MCI): 02 ECI (DINERS): 05 PARESVERIFIED: true PROTOCOL: 3DS 2.1.0 MD_STATUS: 1 MD_ERROR_MESSAGE: Authenticated
Action: Merchant should proceed with the authorization message Note Pan supplied configured for frictionless authentication

Challenged Full authentication
Scenario 1	Authenticated Challenged Transaction
Test Values	Visa: 4070427646039018 MC: 518935428295934
Expected results - Lookup	EnrolledStatus: Y ECI (Visa): 05 ECI (MCI): 02 PROTOCOL: 3DS 2.3.1 MD_STATUS: 1 MD_ERROR_MESSAGE: Authenticated
Action: Merchant should proceed with the authorization message

Failed Frictionless Authentication
Scenario 2	Failed Frictionless Transaction
Test Values	Visa: 4069421358347845 MC: 5178872338408971 DINERS: 36135234130393
Expected results - Lookup	EnrolledStatus: Y paresTxStatus: N TDS2.transStatus: N ECI (Visa): Blank, (will default to ECI 07) ECI (MCI): Blank, will default to ECI 00) (DINERS): Blank, (will default to ECI 07) PARESVERIFIED: True PROTOCOL: 3DS 2.1.0 MD_STATUS: 0 MD_ERROR_MESSAGE: NOT Authenticated
Action: Merchant should NOT proceed with the authorization message Note Pan supplied configured for frictionless authentication

CYBERSOURCE

Frictionless Full Authentication
Scenario 1	Authenticated Frictionless Transaction
Test Values	Visa: 445653 00 0000 1005 445653 00 0000 0001 007 MC: 520000 00 0000 1005 520000 00 0000 3001
Expected results - Lookup	Reason code = 100 ics_pa_enroll service was successful. VERes enrolled = Y PARes status = Y CAVV = AVV = (Mastercard only)
Action: Merchant should proceed with the authorization message Note Pan supplied configured for frictionless authentication

Failed Frictionless Authentication
Scenario 2	Failed Frictionless Transaction
Test Values	Visa: 445653 00 0000 1013 445653 00 0000 3019 MC: 520000 00 0000 1013 520000 00 0000 3019
Expected results - Lookup	VERes enrolled = Y PARes status = N Reason code = 476 User failed authentication.
Action: Merchant should NOT proceed with the authorization message. Ask the customer for another form of payment