API Overview

Payer Authentication
- Recent Revisions to This Document
- VISA Platform Connect: Specifications and Conditions for Resellers/Partners

Introduction to Payer Authentication
- Why Payer Authentication Is Needed
- EMV 3-D Secure 2.0
- Payer Authentication Customer Workflow
- Payer Authentication Merchant Workflow
- Acquirer Information
- Enable Merchant Account for EMV 3-D Secure
- Payer Authentication Configuration Testing
- Request Endpoints
- Payer Authentication Integrations

Implementing Direct API for Payer Authentication
- Prerequisites
- After Implementation and Before Go Live

Step 1: Setup Service
- Request Fields
- Important Response Fields

Step 2: Device Data Collection
- Which Device Data is Collected
- Building the Iframe
- Initiating the Device Data Collection Iframe
- Submitting the Device Data Collection Iframe
- Receiving the Device Data Collection URL Response

Step 3: Payer Authentication Check Enrollment Service
- Request Fields
- Interpreting the Check Enrollment Response
- Important Response Fields

Step 4: Step-Up Iframe
- Building the Iframe Parameters
- Creating the Iframe
- Invoking the Iframe
- Receiving the Step-Up Results

Step 5: Payer Authentication Validation Service
- Request Fields
- Interpreting the Validation Response
- Redirecting Customers to Pass or Fail Message Page

Combining the Authentication and the Authorization Services
- Combining Check Enrollment and the Authorization Services
  - Check Enrollment Response Fields and Their Equivalent Authorization Request Fields
- Combining the Validation and the Authorization Services
  - Validation Fields and their Equivalent Authorization Fields

Testing Payer Authentication
- Testing Process
  - Enrollment Check Response Fields
  - Authentication Validation Response Fields
- Test Cases for 3-D Secure 2.x
  - Test Case 2.1: Successful Frictionless Authentication
  - Test Case 2.2: Unsuccessful Frictionless Authentication
  - Test Case 2.3: Attempts Processing Frictionless Authentication
  - Test Case 2.4: Unavailable Frictionless Authentication
  - Test Case 2.5: Rejected Frictionless Authentication
  - Test Case 2.6: Authentication not Available on Lookup
  - Test Case 2.7: Enrollment Check Error
  - Test Case 2.8: Time-Out
  - Test Case 2.9: Bypassed Authentication
  - Test Case 2.10a: Successful Step-Up Authentication
  - Test Case 2.11a: Unsuccessful Step-Up Authentication
  - Test Case 2.12a: Unavailable Step-Up Authentication
  - Test Case 2.14: Require Method URL
- Payer Authentication Exemption Test Cases
  - Test Case 1a: Initial/First Recurring Transaction: Fixed Amount
  - Test Case 2a: Card Authentication Failed
  - Test Case 2b: Suspected Fraud
  - Test Case 2c: Cardholder Not Enrolled in Service
  - Test Case 2d: Transaction Timed Out at the ACS
  - Test Case 2e: Non-Payment Transaction Not Supported
  - Test Case 2f: 3RI Transaction Not Supported
  - Test Case 3a: Transaction Risk Analysis Exemption: Low Value: Mastercard EMV 3-D Secure 2.1 and 2.2
  - Test Case 3b: Transaction Risk Analysis: Low Value: Visa
  - Test Case 3c: Transaction Risk Analysis: Low Value: Discover
  - Test Case 3d: Acquirer Transaction Risk Analysis: Cartes Bancaires
  - Test Case 4a: Trusted Beneficiary Prompt for Trustlist
  - Test Case 4b: Utilize Trusted Beneficiary Exemption
  - Test Case 5a-1: Identity Check Insights (ScoreRequest = N)
  - Test Case 5a-2: Identity Check Insights (ScoreRequest = Y)
  - HTTP Status Codes

Payer Authentication Use Cases
- Use Case: Setting Up Payer Authentication
  - Required Fields for Setting Up Payer Authentication
  - Optional Fields for Setting Up Payer Authentication
  - REST Example: Setting Up Payer Authentication
- Use Case: Setting Up Payer Authentication with Google Pay
  - Required Fields for Setting Up Payer Authentication
  - Optional Fields for Setting Up Payer Authentication
  - REST Example: Setting Up Payer Authentication Using Google Pay
- Use Case: Collecting Device Data Using a Stored Payment Credential (TMS Token)
  - Required Fields for Collecting Device Data Using a Stored Payment Credential (TMS Token)
  - Optional Fields for Setting Up Payer Authentication
  - REST Example: Collecting Device Data Using a Stored Payment Credential (TMS Token)
- Use Case: Checking Enrollment in Payer Authentication
  - Required Fields for Checking Enrollment in Payer Authentication
  - Optional Fields for Checking Enrollment in Payer Authentication
  - REST Example: Check Enrollment
- Use Case: Checking Enrollment in Payer Authentication While Using a Stored Payment Credential (TMS Token)
  - Required Fields for Checking Enrollment in Payer Authentication While Using a Stored Payment Credential (TMS Token)
  - Optional Fields for Checking Enrollment in Payer Authentication
  - REST Example: Checking Enrollment While Using a Token
  - Simple Order Example: Checking Enrollment Using a Token
- Use Case: Checking Enrollment in Payer Authentication Using Google Pay
  - Required Fields for Checking Enrollment in Payer Authentication
  - Optional Fields for Checking Enrollment in Payer Authentication
  - REST Example: Checking Enrollment in Payer Authentication Using Google Pay
- Use Case: Validating Payer Authentication
  - Required Fields for Validating Payer Authentication
  - Optional Fields for Validating Step-Up
  - REST Example: Validating the Challenge
- Use Case: Validating Payer Authentication Using Google Pay
  - Required Fields for Validating Payer Authentication
  - Optional Fields for Validating Step-Up
  - REST Example: Validating the Challenge While Using Google Pay
- Use Case: Validating and Authorizing a Transaction
  - Required Fields for Processing an Authorization Using Visa Secure
  - Optional Fields for Validating Step-Up
  - REST Example: Validating and Authorizing a Transaction

Website Modification Reference
- Website Modification Checklist
- EMV 3-D Secure Services Logos
- Informational Message Examples

Alternate Methods for Device Data Collection
- Device Data Collection Overview
  - Prerequisites
  - Endpoints
- Collecting Device Data
  - Card BIN in JWT
  - Card BIN as a POST Parameter Plus JWT

Upgrading Your Payer Authentication Implementation
- Benefits
- PSD2 Impact
  - Mandates
- Recommended Integration
- Migrating from EMV 3-D Secure 1.x to 2.x FAQ

Payer Authentication Transaction Details in the Business Center
- Payer Authentication Search
- Storing Payer Authentication Data
- Searching for Payer Authentication Details
  - Enrolled Card
    - Enrollment Check
    - Authentication Validation
  - Card Not Enrolled
    - Transaction Details

Payer Authentication Reports
- Payer Authentication Summary Report
  - Downloading the Report
  - Matching the Report to the Transaction Search Results
  - Interpreting the Report
  - Comparing Payer Authentication and Payment Reports
- Payer Authentication Detail Report
  - Report Element
  - PayerAuthDetail Element
  - ProofXML Element
  - VEReq Element
  - VERes Element
  - PAReq Element
  - PARes Element
  - AuthInfo Element
  - Report Examples

Glossary

Step 1: Setup Service

Request the Setup service before selecting the button to submit payment. Request the Setup service separately without including other services. The Setup service response will include a JSON Web Token (JWT) that contains credentials to create a secure channel with the merchant. The Setup response also includes a reference ID to use during the authentication and a URL to use when transferring the device data that is collected in the next step.

Run the Setup service as soon as the customer enters their card number, to avoid any delay in the customer experience. The next step in the process, device data collection, cannot start until the Setup response is received since the response has the URL where the device data will be sent.

Process Flow for Setup for Payer Authentication

Process Flow Diagram for Setup for Payer Authentication

Best Practices

This practice should be followed for this step to achieve optimal performance and to minimize potential operating issues.

After the customer credit card is entered, immediately begin device data collection.

Request Fields

When requesting the Setup service, you must send the customer’s card number, encrypted payment data, transient token, or a TMS token or some other equivalent of card data used by your integration. Besides the required fields, the request might also include any of these fields:

paymentInformation.card.numberpaymentInformation.tokenizedCard.number

paymentInformation.customer.customerId

tokenInformation.transientToken

The

paymentInformation.card.type

field is required when the card type is Cartes Bancaires, JCB, or UPI.

Important Response Fields

The response from the issuing bank might include these API fields.

consumerAuthenticationInformation.accessToken

is used in Step 2: Device Data Collection.

consumerAuthenticationInformation.deviceDataCollectionUrl

is used in Step 2: Device Data Collection.

consumerAuthenticationInformation.referenceId

is used in Step 3: Payer Authentication Check Enrollment Service.

For further details on examples, see Use Case: Setting Up Payer Authentication.