Requesting the Validation Service

For enrolled cards, the next step is to make a back-end, server-to-server call to request the validation service.
When you make the validation request, you must:
  • Send the
    consumerAuthenticationInformation.authenticationTransactionId
    request field.
  • Send the credit card information including the PAN, currency, and expiration date (month and year).
The response that you receive contains the validation result.
It is recommended that you request the payer authentication and card authorization services at the same time. Doing this automatically sends the correct information to your payment processor and converts the values of these fields to the proper format required by your payment processor:
  • consumerAuthenticationInformation.ecommerceIndicator
  • consumerAuthenticationInformation.cavv
  • consumerAuthenticationInformation.ucafAuthenticationData
  • consumerAuthenticationInformation.xid
    and
    consumerAuthenticationInformation.xid
If you request the services separately, manually include the validation result values (Validation Check response fields) in the authorization service request (Card Authorization request fields). To receive liability shift protection, you must ensure that you pass all pertinent data for the card type and processor in your request. Failure to do so might invalidate your liability shift for that transaction. Include the electronic commerce indicator (ECI), the transaction ID (XID), the 3-D Secure version, the directory server transaction ID, and this card-specific information in your authorization request.
  • For Visa, American Express, JCB, Diners Club, Discover, China UnionPay, and Elo, include the CAVV.
  • For Mastercard only, include the collection indicator and the AAV (also known as UCAF).
Validation Check and Response Fields
Identifier
Validation Check Response Field
Card Authorization Request Field
E-commerce indicator
consumerAuthenticationInformation.indicator
processingInformation.commerceIndicator
Collection indicator
consumerAuthenticationInforma tion.ucafCollectionIndicator
consumerAuthenticationInfo rmation.ucafCollectionIndicator
CAVV
consumerAuthenticationInformation.cavv
consumerAuthenticationInformation.cavv
AAV
consumerAuthenticationInforma tion.ucafAuthenticationData
consumerAuthenticationInfo rmation.ucafAuthenticationData
XID
consumerAuthenticationInformation.xid
consumerAuthenticationInformation.xid
3-D Secure version
consumerAuthenticationInforma tion.specificationVersion
consumerAuthenticationInfo rmation.paSpecificationVersion
Directory server transaction ID
consumerAuthenticationInforma tion.directoryServerTransactionId
consumerAuthenticationInfo rmation.directoryServerTransactionId

Interpreting the Response

IMPORTANT
If the authentication fails, Visa, American Express, JCB, Diners Club, Discover, China UnionPay, and Elo require that you not accept the card. Instead, you must ask the customer to use another payment method.
Proceed with the order according to the validation response received. The responses are similar for all card types:
  • Success: You receive
    AUTHENTICATION_SUCCESSFUL
    , and other service requests, including authorization, are processed normally.
  • Failure: You receive
    AUTHENTICATION_FAILED
    , so the other services in your request are not processed.
  • Error: If you receive an error from the payment card company, process the order according to your business rules. If the error occurs frequently, report it to customer support. If you receive a system error, determine the cause, and proceed with card authorization only if appropriate.
To verify that the enrollment and validation checks are for the same transaction, ensure that the XID in the enrollment check and validation responses are identical.
Requesting the Validation Service

Redirecting Customers to the Message Page

After authentication is complete, redirect the customer to a page containing a success or failure message. Ensure that all messages that display to customers are accurate, complete, and address all possible scenarios for enrolled and non-enrolled cards. For example, if the authentication fails, display a message such as this to the customer:
Authentication Failed Your card issuer cannot authenticate this card. Please select another card or form of payment to complete your purchase.
Requesting the Validation Service