Testing Payer Authentication
After you complete the necessary changes to your web and API integration, verify that all
components are working correctly by performing all the tests for the cards that you
support. Each test contains the specific input data and the most important result fields
that you receive in the API response.
Testing Process
Use the card number specified in the test with the card’s expiration date set to the
month of December and the current year plus three. For example, for 2024, use 2027. You
also need the minimum required fields for an order.
Test Cases for 3-D Secure 2.x
Use the card number specified in the test with the card expiration date set to the month
of January and the current year plus three. For example, for 2025, use 2028. You also
need the minimum required fields for an order.
Be sure to remove spaces in card numbers when testing.
While the usage of transaction ID (XID) values have declined in importance, they are
still included in 3-D Secure 2.x test cases. Only Mastercard transactions do not return
XIDs.
While the 3-D Secure version and directory server transaction ID fields are returned for
the Check Enrollment and Validate Authentication services, this data is not included in
the 3-D Secure 2.x test cases.
IMPORTANT
Mastercard requires that the 3-D Secure version and directory
server transaction ID be included along with all pertinent data in your
authorization request.
Payer Authentication Exemption Test Cases
These test cases cover payer authentication scenarios that can occur outside of typical
testing. These special use cases might require including additional API fields to
accommodate different data that is necessary for that test.
HTTP Status Codes
These HTTP status codes can appear during payer authentication.
- 201: AUTHENTICATION_FAILED
- Encountered a Payer Authentication problem. Payer could not be authenticated.
- 201: CONSUMER_AUTHENTICATIION_REQUIRED
- Encountered a Payer Authentication problem. Payer could not be authenticated.
- 400: CONSUMER_AUTHENTICATIION_FAILED
- Encountered a Payer Authentication problem. Payer could not be authenticated.
- 400: INVALID_DATA
- Declined: One or more fields in the request contain invalid data.
- 400: INVALID_MERCHANT_CONFIGURATION
- Declined: There is a problem with yourCybersourcemerchant configuration.
- 400: MISSING_FIELD
- Declined: The request is missing one or more fields.
- 502: SYSTEM_ERROR
- Error: General system failure. A system error occurred.
- 502: SYSTEM_TIMEOUT
- Error: The request was received but there was a server timeout. This error does not include timeouts between the client and the server.
- 502: SYSTEM_TIMEOUT
- Error: The request was received, but a service did not finish running in time.