Payer Authentication Examples
These examples list the API fields that are required or optional for the Setup, Check
Enrollment, and Validate Authentication services. An example of a request payload and a
successful response that occur with each service are provided. There are three types of
examples when working with payer authentication:
- Primary Account Number (PAN): Illustrates how the payer authentication services work with customer PANs during transactions.
- Tokens: Illustrates how the payer authentication services work when using different types of tokens.
- 3RI: Illustrates how the payer authentication services work with merchant initiated transactions.
In certain circumstances, some payment card companies and some countries require that
additional information than the normal information be collected when authenticating the
customer. These circumstances, and the API fields to use in those circumstances, are
noted for each use case.
Setting Up Device Data Collection
Running the Setup service identifies the customer's bank and prepares for collecting data
about the device that the customer is using to place the order.
Card-Specific Requirements
Some payment cards require specific information to be collected during a
transaction.
- This field is required when the card type is Cartes Bancaires, JCB, UnionPay International, or Meeza.
Country-Specific Requirements
These fields are required for transactions in specific countries.
- This field is required for transactions in the US, Canada, and Mainland China.
- This field is required when thebillTo_countryfield value isUSorCA.
- For Meeza transactions, this value must be set toEGif Egypt was not set as the country in the merchant configuration during merchant onboarding.
- For Meeza transactions, this value must be set toEGif Egypt was not set as the country in the merchant configuration during merchant onboarding.
Endpoint
Set the
payerAuthSetupService_run
field to
true
.Send the request to:
Production:
https://ics2ws.ic3.com/commerce/1.x/transactionProcessor
Test:
https://ics2wstest.ic3.com/commerce/1.x/transactionProcessor
Setting Up Device Data Collection Using Digital Payment
(Google Pay)
Running the Setup service identifies the customer's bank and prepares for collecting data
about the device that the customer is using to place the order. This use case
demonstrates how the service works using a digital payment method like Google Pay.
Card-Specific Requirements
Some payment cards require specific information to be collected during a
transaction.
- This field is required when the card type is Cartes Bancaires, JCB, UnionPay International, or Meeza.
Country-Specific Requirements
These fields are required for transactions in specific countries.
- This field is required for transactions in the US, Canada, and Mainland China.
- This field is required when thebillTo_countryfield value isUSorCA.
- For Meeza transactions, this value must be set toEGif Egypt was not set as the country in the merchant configuration during merchant onboarding.
- For Meeza transactions, this value must be set toEGif Egypt was not set as the country in the merchant configuration during merchant onboarding.
Endpoint
Set the
payerAuthSetupService_run
field to
true
.Send the request to:
Production:
https://ics2ws.ic3.com/commerce/1.x/transactionProcessor
Test:
https://ics2wstest.ic3.com/commerce/1.x/transactionProcessor
Checking Enrollment in Payer Authentication
Running the Check Enrollment service identifies the customer's bank and collects data
about the device that the customer is using to place the order.
Card-Specific Requirements
Some payment cards require information to be collected during a transaction.
- This field is required when the card type is Cartes Bancaires, JCB, UPI, or Meeza.
- This field is recommended for Discover ProtectBuy.
- This field is required when the card type is Cartes Bancaires.
- This field is required for Visa Secure travel.
- This field is required for American Express SafeKey (U.S.) when the product code isAIRfor an airline purchase.
- This field is required only for American Express SafeKey (US).
- This field is required only for American Express SafeKey (US).
- This field is required for American Express SafeKey (US).
- This field is required only for American Express SafeKey (US).
- This field is required only for American Express SafeKey (US.)
Country-Specific Requirements
These fields are required for transactions in specific countries.
- This field is required for transactions processed in France.
- For Meeza transactions, this value must be set toEGwhen Egypt is not set as the country in the merchant configuration during merchant onboarding.
- For Meeza transactions, this value must be set toEGwhen Egypt is not set as the country in the merchant configuration during merchant onboarding.
- This field is required for transactions in the US and Canada.
- This field is required for transactions in the US and Canada.
- This field is required when thebillTo_countryfield value isUSorCA.
- This field is required when theshipTo_countryfield value isCA,US, orChina.
- This field is required when theshipTo_countryfield value isUSorCA.
Processor-Specific Requirements
These fields are required by specific processors for transactions.
- This field is required only for merchants in Saudi Arabia.
Endpoint
Set the
ccAuthService_run
field to
true
.Send the request to:
Production:
https://ics2ws.ic3.com/commerce/1.x/transactionProcessor
Test:
https://ics2wstest.ic3.com/commerce/1.x/transactionProcessor
Checking Enrollment in Payer Authentication Using Digital
Payment (Google Pay)
Running the Check Enrollment service collects data about the device that the customer is
using to place the order and verifies that the customer is enrolled in a payer
authentication program. This use case demonstrates how the service works with a digital
payment method like Google Pay.
Card-Specific Requirements
Some payment cards require information to be collected during a transaction.
- This field is required when the card type is Cartes Bancaires, JCB, UPI, or Meeza.
- This field is recommended for Discover ProtectBuy.
- This field is required when the card type is Cartes Bancaires.
- This field is required for Visa Secure travel.
- This field is required for American Express SafeKey (U.S.) when the product code isAIRfor an airline purchase.
- This field is required only for American Express SafeKey (US).
- This field is required only for American Express SafeKey (US).
- This field is required for American Express SafeKey (US).
- This field is required only for American Express SafeKey (US).
- This field is required only for American Express SafeKey (US.)
Country-Specific Requirements
These fields are required for transactions in specific countries.
- This field is required for transactions processed in France.
- For Meeza transactions, this value must be set toEGwhen Egypt is not set as the country in the merchant configuration during merchant onboarding.
- For Meeza transactions, this value must be set toEGwhen Egypt is not set as the country in the merchant configuration during merchant onboarding.
- This field is required for transactions in the US and Canada.
- This field is required for transactions in the US and Canada.
- This field is required when thebillTo_countryfield value isUSorCA.
- This field is required when theshipTo_countryfield value isCA,US, orChina.
- This field is required when theshipTo_countryfield value isUSorCA.
Processor-Specific Requirements
These fields are required by specific processors for transactions.
- This field is required only for merchants in Saudi Arabia.
Endpoint
Set the
ccAuthService_run
field to
true
.Send the request to:
Production:
https://ics2ws.ic3.com/commerce/1.x/transactionProcessor
Test:
https://ics2wstest.ic3.com/commerce/1.x/transactionProcessor
Validating a Challenge
Running the Validation service compares the customer's response to the challenge from the issuing bank to
validate the customer identity.
Card-Specific Requirements
Some payment cards require additional information to be collected during a
transaction.
- This field is recommended for Discover ProtectBuy.
- This field is required when the card type is Cartes Bancaires.
- This field is required for Visa Secure travel.
- This field is required for American Express SafeKey (US) when the product code isAIRfor an airline purchase).
- This field is required only for American Express SafeKey (US).
- This field is required only for American Express SafeKey (US)
Country-Specific Requirements
These fields are required for transactions in specific countries.
- TThis field is required for transactions in the US and Canada.
- This field is required when thebillTo_countryfield value isUSorCA.
- This field is required for transactions in the US and Canada.
- This field is required for transactions processed in France.
Endpoint
Set the
payerAuthValidateService_run
fields to
true
.Send the request to:
Production:
https://ics2ws.ic3.com/commerce/1.x/transactionProcessor
Test:
https://ics2wstest.ic3.com/commerce/1.x/transactionProcessor
Validating a Challenge Using Digital Payment (Google
Pay)
Running the Validation service compares the customer's response to the challenge from the issuing bank to
validate the customer identity.
Card-Specific Requirements
Some payment cards require additional information to be collected during a
transaction.
- This field is recommended for Discover ProtectBuy.
- This field is required when the card type is Cartes Bancaires.
- This field is required for Visa Secure travel.
- This field is required for American Express SafeKey (US) when the product code isAIRfor an airline purchase).
- This field is required only for American Express SafeKey (US).
- This field is required only for American Express SafeKey (US)
Country-Specific Requirements
These fields are required for transactions in specific countries.
- TThis field is required for transactions in the US and Canada.
- This field is required when thebillTo_countryfield value isUSorCA.
- This field is required for transactions in the US and Canada.
- This field is required for transactions processed in France.
Endpoint
Set the
payerAuthValidateService_run
fields to
true
.Send the request to:
Production:
https://ics2ws.ic3.com/commerce/1.x/transactionProcessor
Test:
https://ics2wstest.ic3.com/commerce/1.x/transactionProcessor
Validating and Authorizing a Transaction
The Validation service can be combined with the Authorization service so that when a
customer's authentication is validated, the transaction is automatically submitted for
authorization.
Fields Specific to the Visa Secure Use Case
These API fields are required specifically for this use case.
- Set this field tovbvfor a successful authentication (EMV 3-D Secure value of05),vbv_attemptedif authentication was attempted but did not succeed (EMV 3-D Secure value of06), orvbv_failureif authentication failed (EMV 3-D Secure value of07).
- This field is required when payer authentication is successful.
Card-Specific Requirements
Some payment cards require information to be collected during a transaction.
- This field is recommended for Discover ProtectBuy.
- This field is required when the card type is Cartes Bancaires.
- This field is required for American Express SafeKey (US) when the product code isAIRfor an airline purchase.
- This field is required for Visa Secure travel.
- This field is required only for American Express SafeKey (US).
- This field is required only for American Express SafeKey (US)
Country-Specific Requirements
These fields are required for transactions in specific countries.
- This field is required for transactions processed in France.
- This field is required for transactions in the US and Canada.
- This field is required when thebillTo_countryfield value isUSorCA.
- This field is required for transactions in the US and Canada.
Endpoint
Set the
payerAuthValidateService_run
and ccAuthService_run
fields to true
.Send the request to
https://ics2ws.ic3.com/commerce/1.x/transactionProcessor
.Non-Payment Authentication
Non-Payment Authentication (NPA) requests enable a merchant to authenticate a customer
without a transaction. A non-payment use case can be used for such tasks as adding a
card to a merchant website, updating cardholder information on file, or to verify a
cardholder's identity when creating a token for future use. The same authentication used
during the checking enrollment process is used for NPA. Non-payment use cases are
enabled using a combination of the
payerAuthEnrollService_messageCategory
and payerAuthEnrollService_authenticationIndicator
values. For
example to add a card to a loyalty program, set the Message Category value to
02
and the Authentication Indicator value to 04
.
For other possible NPA use cases, refer to the other possible values for payerAuthEnrollService_messageCategory
value must be set to
02
(non-payment authentication) to specify that the authentication
is not for a transaction.Card-Specific Requirements
Some payment cards require information to be collected during a transaction.
- This field is required when the card type is Cartes Bancaires, JCB, UPI, or Meeza.
- This field is recommended for Discover ProtectBuy.
- This field is required when the card type is Cartes Bancaires.
- This field is required for Visa Secure travel.
- This field is required for American Express SafeKey (U.S.) when the product code isAIRfor an airline purchase.
- This field is required only for American Express SafeKey (US).
- This field is required only for American Express SafeKey (US).
- This field is required for American Express SafeKey (US).
- This field is required only for American Express SafeKey (US).
- This field is required only for American Express SafeKey (US.)
Country-Specific Requirements
These fields are required for transactions in specific countries.
- This field is required for transactions processed in France.
- For Meeza transactions, this value must be set toEGwhen Egypt is not set as the country in the merchant configuration during merchant onboarding.
- For Meeza transactions, this value must be set toEGwhen Egypt is not set as the country in the merchant configuration during merchant onboarding.
- This field is required for transactions in the US and Canada.
- This field is required for transactions in the US and Canada.
- This field is required when thebillTo_countryfield value isUSorCA.
- This field is required when theshipTo_countryfield value isCA,US, orChina.
- This field is required when theshipTo_countryfield value isUSorCA.
Processor-Specific Requirements
These fields are required by specific processors for transactions.
- This field is required only for merchants in Saudi Arabia.
Endpoint
Set the
ccAuthService_run
field to
true
.Send the request to:
Production:
https://ics2ws.ic3.com/commerce/1.x/transactionProcessor
Test:
https://ics2wstest.ic3.com/commerce/1.x/transactionProcessor
Authentication with TMS Tokens
Authentication with Flex Microform Tokens
A Flex Microform token is valid for 15 minutes. After 15 minutes, a new Flex Microform
token is needed.
Authentication with Tokenized Cards
Merchant-Initiated Transactions
A 3RI transaction is an EMV 3-D Secure transaction that is initiated by the merchant
instead of the cardholder. The merchant keeps the payment data from the initial payment
so that the cardholder does not have to be present for subsequent 3RI transactions.
Having the payment details from a previous transaction enables the merchant to obtain a
new Cardholder Authentication Verification Value (CAVV) to authenticate when authorizing
future payments.
The authorization request contains the
payerAuthEnrollService_deviceChannel
field. This process can be applied
to these types of transactions:- Recurring payments: payments occur at regular intervals for an indefinite interval like subscription services.
- Installment payments: payments occur at regular intervals for a fixed interval.
- Refunded purchases: the cost of an item is refunded before the item is received. Any charges for damage or missing items can be charged back to the customer using a 3RI transaction.
- Delayed shipments: an ordered item is out of stock delaying the shipment until the item is back in stock.
- Split payments: an order is fulfilled in split shipments rather than in a single shipment because one of multiple items in the order is temporarily out of stock.
- Multiple party commerce: a single entity or party makes multiple transactions with different merchants, for example, a travel agent booking flights, hotels, and tour excursions.
- Unknown final transaction amount: extra charges are made to the customer for items such as hotel services, driving citations, or tips.