Testing Payer Authentication

After you complete the necessary changes to your web and API integration, verify that all components are working correctly by performing all the tests for the cards that you support. Each test contains the specific input data and the most important result fields that you receive in the API response.

Testing Process

Use the card number specified in the test with the card’s expiration date set to the month of December and the current year plus three. For example, for 2024, use 2027. You also need the minimum required fields for an order.
Testing Payer Authentication

Test Cases for 3-D Secure 2.x

Use the card number specified in the test with the card expiration date set to the month of January and the current year plus three. For example, for 2025, use 2028. You also need the minimum required fields for an order.
Be sure to remove spaces in card numbers when testing.
While the usage of transaction ID (XID) values have declined in importance, they are still included in 3-D Secure 2.x test cases. Only Mastercard transactions do not return XIDs.
While the 3-D Secure version and directory server transaction ID fields are returned for the Check Enrollment and Validate Authentication services, this data is not included in the 3-D Secure 2.x test cases.
IMPORTANT
Mastercard requires that the 3-D Secure version and directory server transaction ID be included along with all pertinent data in your authorization request.
Testing Payer Authentication

Payer Authentication Exemption Test Cases

These test cases cover payer authentication scenarios that can occur outside of typical testing. These special use cases might require including additional API fields to accommodate different data that is necessary for that test.
Testing Payer Authentication

HTTP Status Codes

These HTTP status codes can appear during payer authentication.
201: AUTHENTICATION_FAILED
Encountered a Payer Authentication problem. Payer could not be authenticated.
201: CONSUMER_AUTHENTICATIION_REQUIRED
Encountered a Payer Authentication problem. Payer could not be authenticated.
400: CONSUMER_AUTHENTICATIION_FAILED
Encountered a Payer Authentication problem. Payer could not be authenticated.
400: INVALID_DATA
Declined: One or more fields in the request contain invalid data.
400: INVALID_MERCHANT_CONFIGURATION
Declined: There is a problem with your
Cybersource
merchant configuration.
400: MISSING_FIELD
Declined: The request is missing one or more fields.
502: SYSTEM_ERROR
Error: General system failure. A system error occurred.
502: SYSTEM_TIMEOUT
Error: The request was received but there was a server timeout. This error does not include timeouts between the client and the server.
502: SYSTEM_TIMEOUT
Error: The request was received, but a service did not finish running in time.
Testing Payer Authentication