3-D Secure with 3rd-Party Merchant Plug-ins
Last updated: Aug 15th, 7:40am
Merchants can use a 3rd-party Merchant Plug-in (MPI), such as Cardinal Commerce, to perform the 3-D Secure authentication and verification of the credit card. Once authenticated, you pass this data to Payflow in your standard authorization or sale transaction.
How 3-D Secure works with an MPI
When you, as a merchant, have 3-D Secure enabled on your website and your customer uses the card that is enrolled in the 3-D Secure program, the authentication and transaction process looks as follows:
- The customer enters their credit or debit card information on your checkout page.
- Your website uses your Merchant Plug-In (MPI) to call a directory server and determine whether the card is registered in the 3-D Secure program.
- The customer sees the 3-D Secure page where they authenticate themselves to the card-issuing bank by entering the password or a one-time PIN.
- You send the result of the 3-D Secure authentication to Payflow in the authorization or sale request, then PayPal submits transaction details to your processor.
- The transaction is authorized or declined by the acquirer.
- The customer can see the response about whether the transaction is successful or failed.
How to send 3-D Secure authentication data
After you've integrated with an MPI and can use the plug-in for cardholder authentication, you send the data you receive back from the MPI to Payflow during a sale or authorization request. The information you pass to Payflow varies depending on whether the cardholder is enrolled in a 3-D Secure program or not. Use the developer documentation provided by your MPI to map the Payflow fields to the MPI-returned fields.
Supported 3D-Secure 2.0 processors
- Braintree
- FISERV North
- Paymentech Salem
- PayPal
- TSYS
Payflow fields
| Field | Description | Data type/max length |
|---|---|---|
AUTHENTICATION_STATUS | Value returned by MPI indicating if authentication was successful, attempted or failed. | alphanumeric, 1 |
CAVV | Cardholder authentication verification value, also known as AAV. The value generated by the card-issuing bank proving the cardholder has been authenticated with a particular transaction. Returned if the AUTHENTICATION_STATUS is Successful or Attempted. | alphanumeric, 64 |
ECI | E-Commerce Indicator. The ECI value indicates the level of security supported by the merchant when the cardholder provides payment card data for online purchase. | numeric, 1 |
XID | 3-D Secure transaction ID. Returned if Successful or Attempted. Required. | alphanumeric, 64 |
THREEDSVERSION | This field is for 3-D Secure 2.0. Contains the 3-D Secure version that was used to process the transaction. Possible values:
| alphanumeric, 10 |
DSTRANSACTIONID | This field is for 3-D Secure 2.0. Unique transaction identifier assigned by the Directory Server (DS) to identify a single transaction. Conditional. Note: Required for Mastercard Identity Check transaction in Authorization. | alphanumeric, 36 |
| Cardholder is enrolled | Cardholder is not enrolled |
|---|---|
AUTHENTICATION_ID | AUTHENTICATION_ID |
AUTHENTICATION_STATUS | AUTHENTICATION_STATUS |
CAVV | |
ECI | ECI |
XID | |
THREEDSVERSON | THREEDSVERSON |
DSTRANSACTIONID |
Sample request - cardholder is enrolled
Note: Set VERBOSITY to HIGH to make sure you receive all the data returned in the response.
1VENDOR=MerchantUserID&PARTNER=PayPal&USER=UserIDIfAvailOrSameAsVendor&PWD=Pwd4Payflow&TENDER=C&TRXTYPE=S&TENDER=C&ACCT=5555555555554444&EXPDATE=0325&AMT=123.00&AUTHENTICATION_ID[20]=8d4d5ed66ac6e6faac6d&CAVV[28]=OTJlMzViODhiOTllMjBhYmVkMGU=&AUTHENTICATION_STATUS[1]=1&ECI[1]=5&XID[28]=YjM0YTkwNGFkZTI5YmZmZWE1ZmY&THREEDSVERSION[5]=1.0.2&VERBOSITY=HIGH&VERBOSITY=HIGH
Sample request - cardholder is not enrolled
1VENDOR=MerchantUserID&PARTNER=PayPal&USER=UserIDIfAvailOrSameAsVendor&PWD=Pwd4Payflow&TENDER=C&TRXTYPE=S&ACCT=5555555555554444&EXPDATE=0308&AMT=123.00&AUTHENTICATION_ID[20]=8d4d5ed66ac6e6faac6d&AUTHENTICATION_STATUS[1]=O&ECI[1]=7&THREEDSVERSION[5]=1.0.2&VERBOSITY=HIGH
Sample request - 3D-Secure 2.0
1VENDOR=MerchantUserID&PARTNER=PayPal&USER=UserIDIfAvailOrSameAsVendor&PWD=Pwd4Payflow&TRXTYPE=S&TENDER=C&ACCT=5434XXXXXXXX5556&EXPDATE=1225&AMT=122.27&CAVV[28]=AAABBhBxKAAAAAAAAAAAAAAAAAA=BILLTO&STREET=12115 LACKLAND&BILLTOZIP=63146&ECI=6&DSTRANSACTIONID=f38e6948-5388-41a6-bca4-b49723c19437&THREEDSVERSION=2.0&VERBOSITY=HIGH