Alternate Methods for Device Data Collection
There are alternate methods for device data collection. You can also use the Payer
Authentication Setup service described in Implementing
Direct API Payer Authentication.
IMPORTANT
If you are using tokenization, use the Direct API integration method and Payer Authentication Setup service.
Device Data Collection Overview
The device data collection collects the required browser data elements in order
to make the EMV 3-D Secure 2.x request and to invoke the EMV 3-D Secure Method URL when
it is available.
The Direct API places the required Method URL on the merchant site on behalf of
the merchant. Per EMV 3-D Secure requirements, if the issuing bank uses a Method URL, it
must run on the merchant site. This is done after a merchant passes in the card number
on the POST to the device data collection URL. Options on how to include the BIN are
described below.
The Method URL is a concept in the EMV 3-D Secure protocol that enables an
issuing bank to obtain additional browser information before starting the authentication
session to help facilitate risk-based authentication. The implementation techniques for
obtaining the additional browser information are out of scope of the EMV 3-D Secure
protocol.
Collecting Device Data
The following options are available for device data collection:
- Card BIN in JWT: This option is the recommended approach and allows you to pass the card BIN (first eight digits or full card number) in the JWT.
- Card BIN as a POST parameter plus JWT: This option allows you to pass the card BIN directly from the web front end to the device data collection URL instead of the JWT. However, a JWT is still required in order to authenticate the session.