Technical details
About 3D Secure and EMVCo.
EMVCo is the organization that is responsible for creating, maintaining and disseminating PCI DSS standards. In particular, they provide specifications around 3D Secure Protocols and Core Functions so that these terms are understood across the industry.
The latest specification document can be found at: EMVCo 3D Secure Protocol and Core Functions Specification.
3D Secure object field mapping
Our 3D Secure solution uses parameter names that correspond to those that EMVCo uses in its specifications. They apply to all of our 3D Secure integrations (Secure Fields, API or Mobile SDK).
Refer to the latest 3DS specification from EMVCo for more information.
| PCI Proxy | EMVCo | Description |
|---|---|---|
eci | ECI | Electronic Commerce Indicator |
xid | dsTransId for 3D Secure 2. xid for 3D Secure 1. | Transaction ID returned by the directory server. |
cavvAlgorithm | Only required for 3D Secure 1. Deprecated for 3D Secure 2 and beyond. | 3D Algorithm |
cavv | authenticationValue | Card Holder Authentication Verification Value |
threeDSVersion | messageVersion | The 3D specification version |
directoryResponse | transStatus (after ARes) | Transaction status after ARes. |
authenticationResponse | transStatus (after RReq) | Transaction status after RReq. |
threeDSTransactionId | threeDSServerTransID | Universally unique transaction identifier |
cardHolderInfo | cardholderInfo | Optional message provided by the ACS/Issuer to the Cardholder |
transStatusReason | transStatusReason | Provides additional information on the failed 3D Authentication |
Directory response
We return the directory response for any transaction where a 3D Secure verification can take place. This is the status after ARes.
directoryResponse value | 3D Secure 2 meaning | Description |
|---|---|---|
Y | Authenticated | The card or account was authenticated seamlessly with 3D Secure. No challenge flow will take place. |
N | Authentication failed | Not authenticated. |
U | Not available | The authentication or account verification could not be performed. This is usually due to technical problems. |
C | Challenge needed | Further cardholder interaction is required to complete the authentication. |
R | Rejected | Not authenticated because the issuer has rejected the authentication. |
A | Authentication attempt | A proof of authentication attempt was generated. One or more 3D Secure authentication attempts were performed but no authentication or account verification was completed successfully. This may also be returned if a cardholder skips 3D Secure registration. |
Authentication response
For authentications proceeding to RReq, or Challenge flow, we return the response as follows.
authenticationResponse value | 3D Secure 2 meaning | Description |
|---|---|---|
Y | Authenticated | The authentication was successful. |
N | Authentication failed | The authentication or account could not be verified. |
U | Not available | The authentication or account verification could not be performed. This is usually due to technical problems. No liability shift; consider whether to proceed with the transaction. |
A | Authentication attempt | A proof of authentication attempt was generated. One or more 3D Secure authentication attempts were performed but no authentication or account verification was completed successfully. This may also be returned if a cardholder skips 3D Secure registration. |
C | Process incomplete | Further cardholder interaction is required to complete the authentication. |
Updated 8 months ago