Purpose

To complete step-up authentication customer must be redirected to the issuing bank. This process is encapsulated within the redirect to stepUpUrl returned in the PA enrollment response.

Implementation

To initiate the redirect merchant must post step-up JWT to the stepUpUrl displayed in an iframe:

Once customer completes the authentication Cardinal will redirect customer to ReturnUrl set in the step-up JWT, this is similar to redirect to Term URL in 3DS1. When this redirect message is received merchant can close the iframe and proceed to PA Validation.

Sequence Diagram