Requesting the Validation Service
For enrolled cards, the next step is to make a back-end, server-to-server call to request
the validation service.
When you make the validation request, you must:
- Send theconsumerAuthenticationInformation.authenticationTransactionIdrequest field.
- Send the credit card information including the PAN, currency, and expiration date (month and year).
The response that you receive contains the validation result.
It is recommended that you request the payer authentication and card authorization
services at the same time. Doing this automatically sends the correct information to
your payment processor and converts the values of these fields to the proper format
required by your payment processor:
- consumerAuthenticationInformation.ecommerceIndicator
- consumerAuthenticationInformation.cavv
- consumerAuthenticationInformation.ucafAuthenticationData
- consumerAuthenticationInformation.xidandconsumerAuthenticationInformation.xid
If you request the services separately, manually include the validation result values
(Validation Check response fields) in the authorization service request (Card
Authorization request fields). To receive liability shift protection, you must ensure
that you pass all pertinent data for the card type and processor in your request.
Failure to do so might invalidate your liability shift for that transaction. Include the
electronic commerce indicator (ECI), the transaction ID (XID), the 3-D Secure version,
the directory server transaction ID, and this card-specific information in your
authorization request.
- For Visa, American Express, JCB, Diners Club, Discover, China UnionPay, and Elo, include the CAVV.
- For Mastercard only, include the collection indicator and the AAV (also known as UCAF).
Identifier | Validation Check Response Field | Card Authorization Request Field |
|---|---|---|
E-commerce
indicator | consumerAuthenticationInformation.indicator | processingInformation.commerceIndicator |
Collection indicator | consumerAuthenticationInforma
tion.ucafCollectionIndicator | consumerAuthenticationInfo
rmation.ucafCollectionIndicator |
CAVV | consumerAuthenticationInformation.cavv | consumerAuthenticationInformation.cavv |
AAV | consumerAuthenticationInforma
tion.ucafAuthenticationData | consumerAuthenticationInfo
rmation.ucafAuthenticationData |
XID | consumerAuthenticationInformation.xid | consumerAuthenticationInformation.xid |
3-D Secure version | consumerAuthenticationInforma
tion.specificationVersion | consumerAuthenticationInfo
rmation.paSpecificationVersion |
Directory server transaction ID | consumerAuthenticationInforma
tion.directoryServerTransactionId | consumerAuthenticationInfo
rmation.directoryServerTransactionId |
Interpreting the Response
IMPORTANT
If the authentication fails, Visa, American Express, JCB, Diners Club, Discover, China UnionPay, and Elo require that you not accept the card. Instead, you must ask the customer to use another payment method.
Proceed with the order according to the validation response received. The responses are similar for all card types:
-
Success: You rejava.io.PrintWriter@12cbda3f ceiveAUTHENTICATION_SUCCESSFUL, and other service requests, including authorization, are processed normally.
-
Failure: You receiveAUTHENTICATION_FAILED, so the other services in your request are not processed.
-
Error: If you receive an error from the payment card company, process the order according to your business rules. If the error occurs frequently, report it to customer support. If you receive a system error, determine the cause, and proceed with card authorization only if appropriate.
To verify that the enrollment and validation checks are for the same transaction, ensure that the XID in the enrollment check and validation responses are identical.
Redirecting Customers to the Message Page
After authentication is complete, redirect the customer to a page containing a success or failure message. Ensure that all messages that display to customers are accurate, complete, and address all possible scenarios for enrolled and non-enrolled cards. For example, if the authentication fails, display a message such as this to the customer:
Authentication Failed Your card issuer cannot authenticate this card. Please select another card or form of payment to complete your purchase.