API Overview

Recent Revisions to This Document

Payer Authentication Developer Guide
- VISA Platform Connect: Specifications and Conditions for Resellers/Partners

Introduction to Payer Authentication
- Why Payer Authentication Is Needed
- EMV 3-D Secure 2.0
- Payer Authentication Customer Workflow
- Payer Authentication Merchant Workflow
- Acquirer Information
- Enable Merchant Account for EMV 3-D Secure
- Payer Authentication Configuration Testing
- Request Endpoints
- Payer Authentication Integrations

Implementing Direct API for Payer Authentication
- Prerequisites
- After Implementation and Before Go Live

Step 1: Setup Service
- Request Fields
- Important Response Fields

Step 2: Device Data Collection
- Which Device Data is Collected
- Building the Iframe
- Initiating the Device Data Collection Iframe
- Submitting the Device Data Collection Iframe
- Receiving the Device Data Collection URL Response

Step 3: Payer Authentication Check Enrollment Service
- Request Fields
- Interpreting the Check Enrollment Response
- Important Response Fields

Step 4: Step-Up Iframe
- Building the Iframe Parameters
- Creating the Iframe
- Invoking the Iframe
- Receiving the Step-Up Results

Step 5: Payer Authentication Validation Service
- Request Fields
- Interpreting the Validation Response
- Redirecting Customers to Pass or Fail Message Page

Combining the Authentication and the Authorization Services
- Combining Check Enrollment and the Authorization Services
- Combining the Validation and the Authorization Services

Implementing SDK Payer Authentication
- Implementation Overview
- Process Flow for SDK Integration
- Prerequisites for SDK Implementation
- Mobile Device Data Collected
- Using the Android SDK
- Using the iOS SDK
- Running Payer Authentication with SDK

Authentication Examples Using Primary Account Numbers
- Setting Up Device Data Collection
- Checking Enrollment in Payer Authentication
- Validating a Challenge
- Validating and Authorizing a Transaction
- Non-Payment Authentication

Examples Using 3-D Secure Data Only
- Visa Data Only
- Mastercard Data Only

Authentication Examples Using Digital Payment (Google Pay)
- Setting Up Device Data Collection Using Digital Payment (Google Pay)
- Checking Enrollment in Payer Authentication Using Digital Payment (Google Pay)
- Validating a Challenge Using Digital Payment (Google Pay)

Authentication Examples Using TMS Tokens
- Setting Up Device Data Collection with a TMS Token
- Checking Enrollment When Using a TMS Token
- Validating a Challenge When Using a TMS Token

Authentication Examples Using Flex Microform Tokens
- Setting Up Device Data Collection When Using a Flex Microform Token
- Checking Enrollment When Using a Flex Microform Token
- Validating a Challenge When Using a Flex Microform Token

Authentication Examples Using Network Token/Tokenized Cards
- Setting Up Device Data Collection with a Network Token/Tokenized Card
- Checking Enrollment with a Network Token/Tokenized Card

Authentication Examples of Merchant-Initiated Transactions
- Challenge Reponses to 3RI Transactions
- Network-Specific Values for 3RI
- 1a: Initial Recurring Transaction
- 1b: Recurring Payments - Subsequent Transaction (Mastercard)
- 2a: Installment - Customer Initiated Transaction (Mastercard)
- 3a: Split/Partial Shipment (Mastercard)
- 3b: Split/Delayed Shipment (Visa)
- 4a: Multi-Party Commerce or OTA (Visa)
- 4b: Multi-Party Commerce or OTA (MasterCard)
- 4c: Multi-Party Commerce or OTA (MasterCard)

Testing Payer Authentication
- Testing Process
- Test Cases for 3-D Secure 2.x
- Additional Test Cases
- HTTP Status Codes

Website Modification Reference
- Website Modification Checklist
- EMV 3-D Secure Service Logos
- Informational Message Examples

Upgrading Your Payer Authentication Implementation
- Benefits
- PSD2 Impact
- Recommended Integration
- Migrating from EMV 3-D Secure 1.x to 2.x FAQ

Finding Payer Authentication Transaction Details in the Business Center
- Searching for Transactions
- Storing Payer Authentication Data
- Searching for Payer Authentication Details

Payer Authentication Reports
- Payer Authentication Summary Report
- Payer Authentication Detail Report

Glossary

Receiving the Device Data Collection URL Response

Receiving the response indicates that the device data collection URL completed its processing. The response is an event callback that contains a message with the status of the device data collection process.

Use the

event.origin

URL that corresponds to your environment:

Test:

https://centinelapistag.cardinalcommerce.com

Production:

https://centinelapi.cardinalcommerce.com

Study the example below to understand how to subscribe to the event. Add JavaScript to receive the response from the device data collection iframe. Place the JavaScript after the closing

</body>

element.

Listen for Device Data Collection Response

window.addEventListener("message", function(event) {
  if (event.origin === https://centinelapistag.cardinalcommerce.com) {
    console.log(event.data);
  }
}, false);

This example shows a response payload from the event. None of the returned data needs to be stored for future use.

Event Listener Callback Payload

{
  "MessageType": "profile.completed",
  "Session Id": "f54ea591-51ac-48de-b908-eecf4ff6beff",
  "Status": true
}