3-D Secure with 3rd-Party Merchant Plug-ins
Last updated: May 14th 2021, @ 4:07:58 pm
Merchants can use a 3rd-party Merchant Plug-in (MPI), such as Cardinal Commerce, to perform the 3-D Secure authentication and verification of the credit card. Once authenticated, you pass this data to Payflow in your standard authorization or sale transaction.
How 3-D Secure works with an MPI
When you, as a merchant, have 3-D Secure enabled on your website and your customer uses the card that is enrolled in the 3-D Secure program, the authentication and transaction process looks as follows:
- The customer enters their credit or debit card information on your checkout page.
- Your website uses your Merchant Plug-In (MPI) to call a directory server and determine whether the card is registered in the 3-D Secure program.
- The customer sees the 3-D Secure page where they authenticate themselves to the card-issuing bank by entering the password or a one-time PIN.
- You send the result of the 3-D Secure authentication to Payflow in the authorization or sale request, then PayPal submits transaction details to your processor.
- The transaction is authorized or declined by the acquirer.
- The customer can see the response about whether the transaction is successful or failed.
How to send 3-D Secure authentication data
After you've integrated with an MPI and can use the plug-in for cardholder authentication, you send the data you receive back from the MPI to Payflow during a sale or authorization request. The information you pass to Payflow varies depending on whether the cardholder is enrolled in a 3-D Secure program or not. Use the developer documentation provided by your MPI to map the Payflow fields to the MPI-returned fields.
Supported 3D-Secure 2.0 processors
- FISERV North
- Paymentech Salem
|Field||Description||Data type/max length|
|Value returned by MPI indicating if authentication was successful, attempted or failed.||alphanumeric, 1|
|Cardholder authentication verification value, also known as AAV. The value generated by the card-issuing bank proving the cardholder has been authenticated with a particular transaction. Returned if the ||alphanumeric, 64|
|E-Commerce Indicator. The ECI value indicates the level of security supported by the merchant when the cardholder provides payment card data for online purchase.||numeric, 1|
|3-D Secure transaction ID. Returned if Successful or Attempted. Required.||alphanumeric, 64|
|This field is for 3-D Secure 2.0. Contains the 3-D Secure version that was used to process the transaction. Possible values: ||alphanumeric, 10|
|This field is for 3-D Secure 2.0. Unique transaction identifier assigned by the Directory Server (DS) to identify a single transaction. Conditional. |
Note: Required for Mastercard Identity Check transaction in Authorization.
|Cardholder is enrolled||Cardholder is not enrolled|
Sample request - cardholder is enrolled
VERBOSITYto HIGH to make sure you receive all the data returned in the response.
Sample request - cardholder is not enrolled
Sample request - 3D-Secure 2.0