Requesting the Validation Service
For enrolled cards, the next step is to make a back-end, server-to-server call to request
the validation service.
When you make the validation request, you must:
- Send thepayerAuthValidateService_authenticationTransactionIDrequest field.
- Send the credit card information including the PAN, currency, and expiration date (month and year).
The response that you receive contains the validation result.
It is recommended that you request the payer authentication and card authorization
services at the same time. Doing this automatically sends the correct information to
your payment processor and converts the values of these fields to the proper format
required by your payment processor:
- payerAuthEnrollReply_commerceIndicator
- payerAuthValidateReply_cavv
- payerAuthValidateReply_ucafAuthenticationData
- payerAuthEnrollReply_xidandpayerAuthValidateReply_xid
If you request the services separately, manually include the validation result values
(Validation Check response fields) in the authorization service request (Card
Authorization request fields). To receive liability shift protection, you must ensure
that you pass all pertinent data for the card type and processor in your request.
Failure to do so might invalidate your liability shift for that transaction. Include the
electronic commerce indicator (ECI), the transaction ID (XID), the 3-D Secure version,
the directory server transaction ID, and this card-specific information in your
authorization request.
- For Visa, American Express, JCB, Diners Club, Discover, China UnionPay, and Elo, include the CAVV.
- For Mastercard only, include the collection indicator and the AAV (also known as UCAF).
Identifier | Validation Check Response Field | Card Authorization Request Field |
|---|---|---|
E-commerce
indicator | payerAuthValidateReply_commerceIndicator | e_commerce_indicator |
Collection indicator | payerAuthValidateReply_ucafCollectionIndicator | ucaf_collection_indicator |
CAVV | payerAuthValidateReply_cavv | ccAuthService_cavv |
AAV | payerAuthValidateReply_ucafAuthenticationData | ucaf_authenticationData |
XID | payerAuthValidateReply_xid | ccAuthService_xid |
3-D Secure version | payerAuthValidateReply_specifi cationVersion | ccAuthService_paSpecificationVersion |
Directory server transaction ID | payerAuthValidateReply_directory
ServerTransactionID | ccAuthService_directoryServerTransactionID |
Interpreting the Response
If the authentication fails, Visa, American Express, JCB, Diners
Club, Discover, China UnionPay, and Elo require that you not accept the card.
Instead, you must ask the customer to use another payment method.
Proceed with the order according to the validation response received. The
responses are similar for all card types:
- Success: You receivereason code 100, and other service requests, including authorization, are processed normally.
- Failure: You receivereason code 476 indicating that the authentication failed, so the other services in your request are not processed.
- Error: If you receive an error from the payment card company, process the order according to your business rules. If the error occurs frequently, report it to customer support. If you receive a system error, determine the cause, and proceed with card authorization only if appropriate.
To verify that the enrollment and validation checks are for the same
transaction, ensure that the XID in the enrollment check and validation responses are
identical.
Redirecting Customers to the Message Page
After authentication is complete, redirect the customer to a page containing a success or
failure message. Ensure that all messages that display to customers are accurate,
complete, and address all possible scenarios for enrolled and non-enrolled cards. For
example, if the authentication fails, display a message such as this to the
customer:
Authentication Failed Your card issuer cannot authenticate this card. Please select another card or form of payment to complete your purchase.