Recent Revisions to This Document

About This Guide

Introducing Payer Authentication
- Overview of Chargeback Protection
  - PSD2
  - EMV 3-D Secure
  - Strong Customer Authentication
  - Prerequisites for Implementing Payer Authentication
- Payer Authentication Process Flow Overview
- Integrating Payer Authentication into Your Business
  - Host Names
  - Endpoints
  - Tokenization and Digital Payment Options
  - Overview of 3-D Secure 2.x Implementation
- Using Secure Acceptance with Payer Authentication
- Required Merchant Information

Implementing Cardinal Cruise Direct Connection API Payer Authentication
- Prerequisites
- After Implementation and Before Go Live
- Step 1: Payer Authentication Setup Service
  - Request Fields
  - Important Response Fields
- Step 2: Device Data Collection Iframe
  - Build the Iframe
  - Initiate the Device Data Collection Iframe
  - Submit the Device Data Collection Iframe
  - Listen for the Device Data Collection URL Response
- Step 3: Payer Authentication Check Enrollment Service
  - Request Fields
  - Combining Services
  - Interpreting the Response
  - Important Response Fields
- Step 4: Step-Up IFrame
  - Building the Iframe Parameters
  - Creating the Iframe
  - Invoke the Iframe
  - Receiving the Step-Up Results
- Step 5: Payer Authentication Validation Service
  - Request Fields
  - Combining Services or Mapping Authorization Fields
  - Interpreting the Response
  - Redirecting Customers to Pass or Fail Message Page
- Cardinal Cruise Direct Connection Integration Examples
  - Setup Service Request and Response Examples
  - Check Enrollment Request and Response Examples
  - Validate Authentication Request and Response
  - Authorization with Enroll
  - Authorization with Validation

Hybrid Payer Authentication
- Implementation Overview
- Process Flow for Hybrid Integration
  - Payer Authentication Setup
  - Add the JavaScript
  - BIN Detection
  - Requesting the Check Enrollment Service
    - Interpreting the Response
  - Authenticating Enrolled Cards
    - Receiving the Authentication Results
  - Requesting the Validation Service
    - Interpreting the Response
    - Redirecting Customers to Pass or Fail Message Page
  - Hybrid Integration Examples
    - Check Enrollment
    - Validate
    - Enrollment and Authorization
    - Validation and Authorization Request

API Fields
- Required Fields for Setting Up Payer Authentication
  - Optional Fields for Setting Up Payer Authentication
- Required Fields for Checking Enrollment in Payer Authentication
  - Optional Fields for Enrolling in Payer Authentication
- Required Fields for Validating Payer Authentication
  - Optional Fields for Validating Payer Authentication

Testing Payer Authentication
- Testing Process
  - Enrollment Check
  - Enrollment Check Response Fields
  - Authentication Validation Test Case Fields
- Expected Results
- 3-D Secure 1.0 Testing
  - Visa Secure 3-D Secure 1.0 Test Cases
    - Visa Secure Test Cases for 3-D Secure 1.0
  - Mastercard Identity Check 3-D Secure 1.0 Test Cases
    - Mastercard Identity Check Test Cases for 3-D Secure 1.0
  - Maestro 3-D Secure 1.0 Test Cases
    - Maestro Test Cases for 3-D Secure 1.0
  - American Express SafeKey 3-D Secure 1.0 Test Cases
    - American Express SafeKey Test Cases for 3-D Secure 1.0
  - JCB J/Secure 3-D Secure 1.0 Test Cases
    - JCB J/Secure Test Cases for 3-D Secure 1.0
  - Diners Club Protect Buy 3-D Secure 1.0 Test Cases
    - Diners Club Protect Buy Test Cases for 3-D Secure 1.0
  - Discover Protect Buy 3-D Secure 1.0 Test Cases
    - Discover Protect Buy Test Cases for 3-D Secure 1.0
- Test Cases for 3-D Secure 2.x
  - Test Case 2.1: Successful Frictionless Authentication
  - Test Case 2.2: Unsuccessful Frictionless Authentication
  - Test Case 2.3: Attempts Processing Frictionless Authentication
  - Test Case 2.4: Unavailable Frictionless Authentication
  - Test Case 2.5: Rejected Frictionless Authentication
  - Test Case 2.6: Authentication not Available on Lookup
  - Test Case 2.7: Enrollment Check Error
  - Test Case 2.8: Time-Out
  - Test Case 2.9: Bypassed Authentication
  - Test Case 2.10a: Successful Step-Up Authentication
  - Test Case 2.11a: Unsuccessful Step-Up Authentication
  - Test Case 2.12a: Unavailable Step-Up Authentication
  - Test Case 2.14: Require MethodURL
- Payer Authentication Exemption Test Cases
  - Test Case 1a: Initial/First Recurring Transaction - Fixed Amount
  - Test Case 2a: Card Authentication Failed
  - Test Case 2b: Suspected Fraud
  - Test Case 2c: Cardholder Not Enrolled in Service
  - Test Case 2d: Transaction Timed Out at the ACS
  - Test Case 2e: Non-Payment Transaction Not Supported
  - Test Case 2f: 3RI Transaction Not Supported
  - Test Case 3a: Transaction Risk Analysis Exemption - Low Value - Mastercard
  - Test Case 3a: Transaction Risk Analysis Exemption - Low Value - Mastercard EMV 3-D Secure 2.1 and 2.2
  - Test Case 3b-Transaction Risk Analysis Low Value - Visa
  - Test Case 3c: Transaction Risk Analysis-Low Value-Discover
  - Test Case 3d: Acquirer Transaction Risk Analysis-Cartes Bancaires
  - Test Case 4a: Trusted Beneficiary Prompt for Trustlist
  - Test Case 4b: Utilize Trusted Beneficiary Exemption
  - Test Case 5a-1: Identity Check Insights (ScoreRequest = N)
  - Test Case 5a-2: Identity Check Insights (ScoreRequest = Y)

Website Modification Reference
- Website Modification Checklist
- 3-D Secure Services Logos
- Informational Message Examples

Alternate Methods for Device Data Collection
- Device Data Collection Overview
  - Prerequisites
  - Endpoints
- Collecting Device Data
  - Card BIN in JWT
  - Card BIN as a POST Parameter Plus JWT

Upgrading Your Payer Authentication Implementation
- Benefits
- PSD2 Impact
  - Mandates
- Recommended Integration
- Migration FAQ

Payer Authentication Transaction Details in the Gateway Portal
- Payer Authentication Search
- Storing Payer Authentication Data
- Searching for Payer Authentication Details
  - Enrolled Card
    - Enrollment Check
    - Authentication Validation
  - Card Not Enrolled
    - Transaction Details

Payer Authentication Reports
- Payer Authentication Summary Report
  - Downloading the Report
  - Matching the Report to the Transaction Search Results
  - Interpreting the Report
  - Comparing Payer Authentication and Payment Reports
- Payer Authentication Detail Report
  - Report
  - PayerAuthDetail
  - ProofXML
  - VEReq
  - VERes
  - PAReq
  - PARes
  - AuthInfo
  - Report Examples

Glossary

On This Page

REST API

Combining Services

You can use the enrollment check and card authorization services in the same request or in separate requests. Using the same request is recommended.

Same request: Attempts to authorize the card after authentication are made if step-up payer authentication is not required. In this case, the field values that are required to prove that you attempted to check enrollment are passed automatically to the authorization service. With same request transactions, a different endpoint must be referenced and an additional element must be added to the JSON. If step-up authentication is required, processing stops to allow completion, and authorization is not called. This integration method is recommended.

Separate requests: You must manually include the enrollment check result values (Enrollment Check Response Fields) in the authorization service request (Card Authorization Request Fields).

Depending on your card type and whether it is a 3-D Secure 1.0 or 2.x transaction, you might not receive the XID. If you receive this field back under a frictionless scenario, it is required for authorization.

The following table lists these fields.

Enrollment Check and Response Fields
Identifier	Enrollment Check Response Field	Card Authorization Request Field
E-commerce indicator	consumerAuthenticationInformation.indicator	processingInformation.commerceIndicator
Collection indicator (Mastercard only)	consumerAuthenticationInformation.ucafCollectionIndicator	consumerAuthenticationInformation.ucafCollectionIndicator
CAVV	consumerAuthenticationInformation.cavv	consumerAuthenticationInformation.cavv
AAV	consumerAuthenticationInformation.ucafAuthenticationData	consumerAuthenticationInformation.ucafAuthenticationData
XID	consumerAuthenticationInformation.xid and	consumerAuthenticationInformation.xid
Result of the enrollment check for Asia, Middle East, and Africa Gateway	consumerAuthenticationInformation.veresEnrolled	consumerAuthenticationInformation.veresEnrolled
3-D Secure version	consumerAuthenticationInformation.specificationVersion	consumerAuthenticationInformation.paSpecificationVersion
Directory server transaction ID (Not required for 3-D Secure 1.0.)	consumerAuthenticationInformation.directoryServerTransactionId	consumerAuthenticationInformation.directoryServerTransactionId