Alternate Methods for Device Data Collection

There are alternate methods for device data collection. You can also use the Payer Authentication Setup service described in Implementing Direct API Payer Authentication.
IMPORTANT
If you are using tokenization, use the Direct API integration method and Payer Authentication Setup service.

Device Data Collection Overview

The device data collection collects the required browser data elements in order to make the EMV 3-D Secure 2.x request and to invoke the EMV 3-D Secure Method URL when it is available.
The Direct API places the required Method URL on the merchant site on behalf of the merchant. Per EMV 3-D Secure requirements, if the issuing bank uses a Method URL, it must run on the merchant site. This is done after a merchant passes in the card number on the POST to the device data collection URL. Options on how to include the BIN are described below.
The Method URL is a concept in the EMV 3-D Secure protocol that enables an issuing bank to obtain additional browser information before starting the authentication session to help facilitate risk-based authentication. The implementation techniques for obtaining the additional browser information are out of scope of the EMV 3-D Secure protocol.
Alternate Methods for Device Data Collection

Collecting Device Data

The following options are available for device data collection:
  • Card BIN in JWT: This option is the recommended approach and allows you to pass the card BIN (first eight digits or full card number) in the JWT.
  • Card BIN as a POST parameter plus JWT: This option allows you to pass the card BIN directly from the web front end to the device data collection URL instead of the JWT. However, a JWT is still required in order to authenticate the session.
Alternate Methods for Device Data Collection