Step 5: Payer Authentication Validation Service
When you receive the step-up response as discussed in Step 4: Step-Up Iframe, verify that the customer was successfully
authenticated. Note that frictionless authentication does not require this validation
step. Validation is required only for step-up authentication.
Request Fields
The
consumerAuthenticationInformation.authenticationTransactionId
field in this step is
mapped from the consumerAuthenticationInformation.authenticationTransactionId
field in Step 4: Step-Up Iframe.These fields are required:
- clientReferenceInformation.code
- consumerAuthenticationInformation.authenticationTransactionId
- orderInformation.amountDetails.currency
- orderInformation.amountDetails.total AmountororderInformation.lineItems.unitPrice
- paymentInformation.card.expirationMonth
- paymentInformation.card.expirationYear
- paymentInformation.card.number
- paymentInformation.card.type
For examples, see Validating a Challenge.
For further details on individual API fields, refer to the .
Interpreting the Validation Response
If the authentication is rejected (TransStatus R), Visa, American Express, JCB, Diners
Club, Discover, China UnionPay, and Elo recommend not proceeding to authorization.
Instead, ask the customer to use another payment method.
Proceed with the order according to the validation response that you receive. The
possible validation response statuses are the same for all of the card types.
AUTHENTICATION_SUCCESSFUL
AUTHENTICATION_SUCCESSFUL
Successful Step-Up Authentication
- PARes status =Y
Step-up authentication of the customer was successful. If you request the Validate
Authentication and Authorization services separately, you must add the required
payer validate payload values to your authorization request before you can receive
chargeback protection that shifts the liability to the issuer.
Unavailable Step-up Authentication
- PARes status =U
Step-up authentication was unavailable and the customer could not be authenticated.
This status does not necessarily indicate any fraudulent intent from the customer.
Merchants can either attempt to retry authentication or continue to authorization.
If you are making separate validatation and authorization calls, you can still
proceed with the authorization request but there is no liability shift. Without
authentication, the merchant remains liable for any chargeback if it should occur
with the transaction.
AUTHENTICATION_FAILED
AUTHENTICATION_FAILED
Unavailable Step-up Authentication
- PARes status =N
The customer could not be authenticated. Do not submit this transaction for
authorization. Instead ask the customer for another form of payment.
Error
If you receive an error from the payment card company, process the order according to
your business rules. If the error occurs frequently, report it to customer
supportcustomer supportcustomer support. If you receive a system error, determine
the cause of the error and proceed with card authorization only when appropriate.
Redirecting Customers to Pass or Fail Message Page
After authentication is complete, redirect the customer to a page containing a success or
failure message. You must ensure that the messages that display to customers are
accurate and complete, and that the message addresses all possible scenarios for
enrolled and non-enrolled cards. For example, if the authentication fails, display a
message such as this to the customer:
Authentication Failed Your card issuer cannot authenticate this card. Please select another card or form of payment to complete your purchase.