3D Secure

3D Secure is a security protocol used as an additional layer of security for online credit card transactions prior to authorization in order to prevent fraud. 3D Secure comes from the three-domain model used to provide the additional layer of secure authentication between the financial authorization process and online authentication process. The service is provided by Visa and MasterCard under the name Verified by Visa and MasterCard SecureCode.

3D Secure 1.0 enables customers to validate transactions they make over the internet by requesting an authentication method (usually a a password-based method sent over mobile or email address is used), thus reducing the risk of fraudulent use by unauthorized individuals.

Although the introduction of 3D Secure 1.0 has helped merchants fight fraud, it also came with a negative impact on the user experience, adding extra steps and supporting only browser-based transactions.

This is why the new 3D Secure 2.0 has come into effect to answer and to resolve the security issues and to implement the strong customer authentication (SCA).

SCA requires merchants to integrate into the checkout flow a two-factor authentication that is based on the use of two or more elements categorised as:

  • knowledge (something only the user knows, i.e password);
  • possession (something only the user possesses: i.e.,phone, token, certificate tec.);
  • inherence (something the user is: i.e. fingerprint, Face ID).

For more information about the PSD2 Directive and Strong Customer Authentication (SCA) visit our section: PSD2 and Strong Customer Authentication (SCA).

3D Secure 1.0 Payments

For enabling and using 3D Secure service, there are two options:

  • statically, in which we can enable for you the 3D Secure service at SiteID level;
  • dynamically, in which you send the 3DSecure parameter in the payment request.

If you set the 3DSecure parameter to true, the customer will be required to authenticate the card used for that transaction:

Request:

POST https://securetest.smart2pay.com/v1/payments
Authorization: Basic MTAxMDpnYWJp

{
  "Payment": {
    "MerchantTransactionID": "s2ptest_1002",
    "Amount": 100,
    "Currency": "EUR",
    "ReturnURL": "http://demo.smart2pay.com/redirect.php",
    "Description": "S2P 3Dsecure test",    
    "Card": {
      "HolderName": "John Doe",
      "Number": "4548812049400004",
      "ExpirationMonth": "05",
      "ExpirationYear": "2021",
      "SecurityCode": "123"
      },
    "3DSecure": true
  }
}

Response:

HTTP/1.1 201 Created
Content-Type: application/json; charset=utf-8


{
  "Payment": {
    "ID": 203771,
    "ClientIP": null,
    "SkinID": null,
    "Created": "20180509114444",
    "MerchantTransactionID": "s2ptest_1002",
    "OriginatorTransactionID": null,
    "Amount": "100",
    "Currency": "EUR",
    "CapturedAmount": "0",
    "ReturnURL": "http://demo.smart2pay.com/redirect.php",
    "Description": "S2P 3Dsecure test",
    "StatementDescriptor": null,
    "MethodID": 6,
    "MethodOptionID": null,
    "SiteID": 1010,
    "NotificationDateTime": null,
    "Customer": null,
    "BillingAddress": null,
    "ShippingAddress": null,
    "Articles": null,
    "Card": {
      "HolderName": "John Doe",
      "Number": "Ends with 0004",
      "ExpirationMonth": "05",
      "ExpirationYear": "2021",
      "IssuingBankCountry": null
      },
    "CreditCardToken": null,
    "Status": {
      "ID": 1,
      "Info": "Open",
      "Reasons": []
      },
    "MethodTransactionID": null,
    "PaymentTokenLifetime": 10,
    "Capture": false,
    "RedirectURL": "https://securetest.smart2pay.com/v1/Payments/FillCardDetails?PaymentToken=203771.1010.05D9FE3FD0AF7FD3D1C848A82F5F54985&SkipLandingPage=true",
    "3DSecure": true,
    "3DSecureData": {     
      "AuthenticationStatus": "Y",
      "ECI": "05",
      "CAVV": "MDA5ODYyNjQxMzEyNzQxMTQ4NzA=",
      "DSID": "f41f41f-f412f-41f-4321-f4132f4",
      "3DSecureVersion": "1.0.2"
    },
    "Fraud": null
  }
}

Access the RedirectURL received in the payment response and enter an identification code. Please note that the landing page will be different depending on the card issuer.

For test purposes, please enter the identification test code received on the page (123456). For a Success 3D Secure Authentication click on the Acceptar button and for a Failed 3D Secure Authentication click on the Cancelar button.

1 Enter Identification Code

You will receive a payment notification to the Notification URL you setup in the Merchant Dashboard containing the new payment status. For more information on Payment Notifications with Success or Failed 3D Secure Authentication, go to our section 3D Secure Payment 1.0 Notification.

3D Secure 1.0 Payment Notification

We will notify you about the new status of the payment to the Notification URL you setup in the Merchant Dashboard. The format of the received notification has the same structure as the response of the initial request.

  • For a payment with Success 3D Secure Authentication, you will receive the below notification:

    You need to respond with HTTP code 204 (No Content)!

    Payment notification format:

    Authorization: Basic MTAxMDpnYWJp
    
    {
      "Payment": {
        "ID": 203771,
        "ClientIP": null,
        "SkinID": null,
        "Created": "20180509114444",
        "MerchantTransactionID": "s2ptest_1002",
        "OriginatorTransactionID": null,
        "Amount": "100",
        "Currency": "EUR",
        "CapturedAmount": "0",
        "ReturnURL": "http://demo.smart2pay.com/redirect.php",
        "Description": "S2P 3Dsecure test",
        "StatementDescriptor": null,
        "MethodID": 6,
        "MethodOptionID": null,
        "SiteID": 1010,
        "NotificationDateTime": null,
        "Customer": null,
        "BillingAddress": null,
        "ShippingAddress": null,
        "Articles": null,
        "Card": {
          "HolderName": "John Doe",
          "Number": "Ends with 0004",
          "ExpirationMonth": "5",
          "ExpirationYear": "2021",
          "IssuingBankCountry": null
        },
        "CreditCardToken": null,
        "Status": {
          "ID": 9,
          "Info": "Authorized",
          "Reasons": []
        },
        "MethodTransactionID": null,
        "PaymentTokenLifetime": null,
        "Capture": false,
        "RedirectURL": null,
        "3DSecure": true,
        "Fraud": null
      }
    }

    Response:

    204 No Content
  • For a Failed 3D Secure Authentication, you will receive the below notification:

    You need to respond with HTTP code 204 (No Content)!

    Payment notification format:

    Authorization: Basic MTAxMDpnYWJp
    
    {
      "Payment": {
        "ID": 203772,
        "ClientIP": null,
        "SkinID": null,
        "Created": "20180509114626",
        "MerchantTransactionID": "s2ptest_1003",
        "OriginatorTransactionID": null,
        "Amount": "100",
        "Currency": "EUR",
        "CapturedAmount": "0",
        "ReturnURL": "http://demo.smart2pay.com/redirect.php",
        "Description": "S2P 3Dsecure test",
        "StatementDescriptor": null,
        "MethodID": 6,
        "MethodOptionID": null,
        "SiteID": 10101,
        "NotificationDateTime": null,
        "Customer": null,
        "BillingAddress": null,
        "ShippingAddress": null,
        "Articles": null,
        "Card": {
          "HolderName": "John Doe",
          "Number": "Ends with 0004",
          "ExpirationMonth": "5",
          "ExpirationYear": "2021",
          "IssuingBankCountry": null
        },
        "CreditCardToken": null,
        "Status": {
          "ID": 4,
          "Info": "Failed",
          "Reasons": [
            {
              "Code": "5073",
              "Info": "Error in holder authentication"
            }
          ]
        },
        "MethodTransactionID": null,
        "PaymentTokenLifetime": null,
        "Capture": false,
        "RedirectURL": null,
        "3DSecure": true,
        "Fraud": null
      }
    }

    Response:

    204 No Content

3D Secure 2.0 Payments

3D Secure 2.0 is the new authentication protocol that provides an additional layer of verification for card transactions. Strong Customer Authentication (SCA) requires merchants to integrate into the checkout flow a two-factor authentication, requiring their customers to use two out of three elements: something only the user knows like a password, something only the user possesses like the phone and something only the user possesses like a fingerprint.

Checkout the below example of a payment using the 3D Secure 2.0 protocol.

Although 3D Secure 2.0 protocol requires sending much more additional details, it increases the chances for a smooth and frictionless payment flow.

Request:

POST https://securetest.smart2pay.com/v1/payments
Authorization: Basic MTAxMDpnYWJp

{
  "Payment": {
  "MerchantTransactionID": "s2ptest_6a",
  "Amount": "100",
  "Currency": "EUR",
  "ReturnURL": "http://demo.smart2pay.com/redirect.php",
  "Description": "Test Description",
  "StatementDescriptor1": "Dynamic Test Description",
  "BillingAddress": {
    "City": "Iasi",
    "ZipCode": "7000-49",
    "State": "Iasi",
    "Street": "Sf Lazar",
    "StreetNumber": "37",
    "HouseNumber": "5A",
    "HouseExtension": "-",
    "Country": "RO"
    },
  "ShippingAddress": {
    "City": "Iasi",
    "ZipCode": "700049",
    "State": "Iasi",
    "Street": "Sf Lazar",
    "StreetNumber": "37",
    "HouseNumber": "-",
    "HouseExtension": "-",
    "Country": "RO" 
    },
  "Customer": {
    "MerchantCustomerID": "3452342354232",
    "Email": "accept@accept.com",
    "Firstname": "Test",
    "Lastname": "Person",   
    "SocialSecurityNumber": "45908-28324",
    "Phone": "0744-783322",
    "Company": "S2P",
    "Gender": "1"
    },
  "Card": {
    "HolderName": "Test Person",
    "Number": "4548812049400004",
    "ExpirationMonth": "11",
    "ExpirationYear": "2025",
    "SecurityCode": "123",
    "RequireSecurityCode": true
    },
  "Capture": false,
  "GenerateCreditCardToken": false,
  "PaymentTokenLifetime": 10,
  "3DSecure": true,
  "DeviceInfo": {
    "BrowserAcceptHeader": "application/json, text/javascript, */*; q=0.01",
    "BrowserUserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36",
    "BrowserJavaEnabled": false,
    "BrowserJavaScriptEnabled": true,
    "BrowserLanguage": "ro-RO",
    "BrowserColorDepth": "24",
    "BrowserScreenHeight": "1080",
    "BrowserScreenWidth": "1920",
    "BrowserTimeZone": "-180"
    },
  "ScaExemption": "LowValueTransaction",
  "Language": "ro-RO",
  "SkinID": 200
  }
}

Response:

HTTP/1.1 201 Created
Content-Type: application/json; charset=utf-8

{
    "Payment": {
        "ID": 208161,
        "ClientIP": null,
        "SkinID": 200,
        "Created": "20190828091954",
        "MerchantTransactionID": "s2ptest_6a",
        "OriginatorTransactionID": null,
        "Amount": "100",
        "Currency": "EUR",
        "CapturedAmount": "0",
        "ReturnURL": "http://demo.smart2pay.com/redirect.php",
        "Description": "Test Description",
        "StatementDescriptor": "Static Description",
        "MethodID": 6,
        "MethodOptionID": null,
        "SiteID": 1010,
        "NotificationDateTime": null,
        "Customer": {
            "ID": 647,
            "MerchantCustomerID": "3452342354232",
            "Email": "accept@accept.com",
            "FirstName": "Test",
            "LastName": "Person",
            "Gender": "1",
            "SocialSecurityNumber": "45908-28324",
            "Phone": "0744-783322",
            "Company": "S2P"
        },
        "BillingAddress": {
            "ID": 253,
            "City": "Iasi",
            "ZipCode": "7000-49",
            "State": "Iasi",
            "Street": "Sf Lazar",
            "StreetNumber": "37",
            "HouseNumber": "5A",
            "HouseExtension": "-",
            "Country": "RO"
        },
        "ShippingAddress": {
            "ID": 87,
            "City": "Iasi",
            "ZipCode": "700049",
            "State": "Iasi",
            "Street": "Sf Lazar",
            "StreetNumber": "37",
            "HouseNumber": "-",
            "HouseExtension": "-",
            "Country": "RO"
        },
        "Articles": null,
        "Card": {
            "HolderName": "Test Person",
            "Number": "VISA-0004",
            "ExpirationMonth": "11",
            "ExpirationYear": "2025",
            "IssuingBankCountry": null
        },
        "CreditCardToken": null,
        "Status": {
            "ID": 9,
            "Info": "Authorized",
            "Reasons": []
        },
        "MethodTransactionID": null,
        "AuthorizationCode": "591659",
        "PaymentTokenLifetime": 10,
        "Capture": false,
        "RedirectURL": null,
        "3DSecure": true,
        "DeviceInfo": {
            "BrowserAcceptHeader": "application/json, text/javascript, */*; q=0.01",
            "BrowserUserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36",
            "BrowserJavaEnabled": false,
            "BrowserJavaScriptEnabled": true,
            "BrowserLanguage": "ro-RO",
            "BrowserColorDepth": "24",
            "BrowserScreenHeight": "1080",
            "BrowserScreenWidth": "19200",
            "BrowserTimeZone": "-180"
        },
        "ScaExemption": null,
        "Fraud": {
            "Status": "Accept",
            "Score": 31,
            "Reason": "No decision provided"
        }
    }
}

3D Secure 2.0 Pass-Through Payments

You can submit a request to authorize payments using authentication data from your own 3D Secure MPI provider, by sending the necessary 3D Secure parameters listed below in the object 3DSecureData.

Request:

POST https://securetest.smart2pay.com/v1/payments
Authorization: Basic MTAxMDpnYWJp

{
  "Payment": {
    "MerchantTransactionID": "s2ptest_3a",
    "Amount": "100",
    "Currency": "EUR",
    "ReturnURL": "http://demo.smart2pay.com/redirect.php",
    "Description": "Test Description",
    "StatementDescriptor": "Dynamic Test Description",
    "Card": {
      "HolderName": "Test Person",
      "Number": "4548812049400004",
      "ExpirationMonth": "11",
      "ExpirationYear": "2025",
      "SecurityCode": "123",
      "RequireSecurityCode": true
    },
    "Capture": false,
    "GenerateCreditCardToken": false,
    "PaymentTokenLifetime": 10,
    "3DSecure": true,
    "3DSecureData": { 
      "AuthenticationStatus": "Y",
      "ECI": "05",
      "CAVV": "MDA5ODYyNjQxMzEyNzQxMTQ4NzA=",
      "DSID": "c272b04f-6e7b-43a2-bb78-90f4fb94aa25",
      "3DSecureVersion": "2.1.0"
      },
    "ScaExemption": "LowValueTransaction",
    "Language": "ro-RO",
    "SkinID": 200
  }
}

Response:

HTTP/1.1 201 Created
Content-Type: application/json; charset=utf-8

{
    "Payment": {
        "ID": 208158,
        "ClientIP": null,
        "SkinID": 200,
        "Created": "20190828082527",
        "MerchantTransactionID": "s2ptest_3a",
        "OriginatorTransactionID": null,
        "Amount": 100,
        "Currency": "EUR",
        "CapturedAmount": "0",
        "ReturnURL": "http://demo.smart2pay.com/redirect.php",
        "Description": "Test Description",
        "StatementDescriptor": "Dynamic Test Description",
        "MethodID": 6,
        "MethodOptionID": null,
        "SiteID": 1010,
        "NotificationDateTime": null,
        "Customer": null,
        "BillingAddress": null,
        "ShippingAddress": null,
        "Articles": null,
        "Card": {
            "HolderName": "Test Person",
            "Number": "VISA-0004",
            "ExpirationMonth": "11",
            "ExpirationYear": "2025",
            "IssuingBankCountry": null
        },
        "CreditCardToken": null,
        "Status": {
            "ID": 9,
            "Info": "Authorized",
            "Reasons": []
        },
        "MethodTransactionID": null,
        "AuthorizationCode": "143383",
        "PaymentTokenLifetime": 10,
        "Capture": false,
        "RedirectURL": null,
        "3DSecure": true,
        "3DSecureData": {
            "AuthenticationStatus": "Y",
            "ECI": "05",
            "CAVV": "MDA5ODYyNjQxMzEyNzQxMTQ4NzA=",
            "DSID": "c272b04f-6e7b-43a2-bb78-90f4fb94aa25",
            "3DSecureVersion": "2.1.0"
        },
        "DeviceInfo": null,
        "ScaExemption": "LowValueTransaction",
        "Fraud": {
            "Status": "Accept",
            "Score": 31,
            "Reason": "No decision provided"
        }
    }
}