Recent Revisions to This Document

About This Guide

Introducing Payer Authentication
- Overview of Chargeback Protection
  - PSD2
  - EMV 3-D Secure
  - Strong Customer Authentication
  - Prerequisites for Implementing Payer Authentication
- Payer Authentication Process Flow Overview
- Integrating Payer Authentication into Your Business
  - Host Names
  - Endpoints
  - Tokenization and Digital Payment Options
  - Overview of 3-D Secure 2.x Implementation
- Using Secure Acceptance with Payer Authentication
- Required Merchant Information

Implementing Cardinal Cruise Direct Connection API Payer Authentication
- Prerequisites
- After Implementation and Before Go Live
- Step 1: Payer Authentication Setup Service
  - Request Fields
  - Important Response Fields
- Step 2: Device Data Collection Iframe
  - Build the Iframe
  - Initiate the Device Data Collection Iframe
  - Submit the Device Data Collection Iframe
  - Listen for the Device Data Collection URL Response
- Step 3: Payer Authentication Check Enrollment Service
  - Request Fields
  - Combining Services
  - Interpreting the Response
  - Important Response Fields
- Step 4: Step-Up IFrame
  - Building the Iframe Parameters
  - Creating the Iframe
  - Invoke the Iframe
  - Receiving the Step-Up Results
- Step 5: Payer Authentication Validation Service
  - Request Fields
  - Combining Services or Mapping Authorization Fields
  - Interpreting the Response
  - Redirecting Customers to Pass or Fail Message Page
- Cardinal Cruise Direct Connection Integration Examples
  - Setup Service Request and Response Examples
  - Check Enrollment Request and Response Examples
  - Validate Authentication Request and Response
  - Authorization with Enroll
  - Authorization with Validation

Hybrid Payer Authentication
- Implementation Overview
- Process Flow for Hybrid Integration
  - Payer Authentication Setup
  - Add the JavaScript
  - BIN Detection
  - Requesting the Check Enrollment Service
    - Interpreting the Response
  - Authenticating Enrolled Cards
    - Receiving the Authentication Results
  - Requesting the Validation Service
    - Interpreting the Response
    - Redirecting Customers to Pass or Fail Message Page
  - Hybrid Integration Examples
    - Check Enrollment
    - Validate
    - Enrollment and Authorization
    - Validation and Authorization Request

API Fields
- Required Fields for Setting Up Payer Authentication
  - Optional Fields for Setting Up Payer Authentication
- Required Fields for Checking Enrollment in Payer Authentication
  - Optional Fields for Enrolling in Payer Authentication
- Required Fields for Validating Payer Authentication
  - Optional Fields for Validating Payer Authentication

Testing Payer Authentication
- Testing Process
  - Enrollment Check
  - Enrollment Check Response Fields
  - Authentication Validation Test Case Fields
- Expected Results
- 3-D Secure 1.0 Testing
  - Visa Secure 3-D Secure 1.0 Test Cases
    - Visa Secure Test Cases for 3-D Secure 1.0
  - Mastercard Identity Check 3-D Secure 1.0 Test Cases
    - Mastercard Identity Check Test Cases for 3-D Secure 1.0
  - Maestro 3-D Secure 1.0 Test Cases
    - Maestro Test Cases for 3-D Secure 1.0
  - American Express SafeKey 3-D Secure 1.0 Test Cases
    - American Express SafeKey Test Cases for 3-D Secure 1.0
  - JCB J/Secure 3-D Secure 1.0 Test Cases
    - JCB J/Secure Test Cases for 3-D Secure 1.0
  - Diners Club Protect Buy 3-D Secure 1.0 Test Cases
    - Diners Club Protect Buy Test Cases for 3-D Secure 1.0
  - Discover Protect Buy 3-D Secure 1.0 Test Cases
    - Discover Protect Buy Test Cases for 3-D Secure 1.0
- Test Cases for 3-D Secure 2.x
  - Test Case 2.1: Successful Frictionless Authentication
  - Test Case 2.2: Unsuccessful Frictionless Authentication
  - Test Case 2.3: Attempts Processing Frictionless Authentication
  - Test Case 2.4: Unavailable Frictionless Authentication
  - Test Case 2.5: Rejected Frictionless Authentication
  - Test Case 2.6: Authentication not Available on Lookup
  - Test Case 2.7: Enrollment Check Error
  - Test Case 2.8: Time-Out
  - Test Case 2.9: Bypassed Authentication
  - Test Case 2.10a: Successful Step-Up Authentication
  - Test Case 2.11a: Unsuccessful Step-Up Authentication
  - Test Case 2.12a: Unavailable Step-Up Authentication
  - Test Case 2.14: Require MethodURL
- Payer Authentication Exemption Test Cases
  - Test Case 1a: Initial/First Recurring Transaction - Fixed Amount
  - Test Case 2a: Card Authentication Failed
  - Test Case 2b: Suspected Fraud
  - Test Case 2c: Cardholder Not Enrolled in Service
  - Test Case 2d: Transaction Timed Out at the ACS
  - Test Case 2e: Non-Payment Transaction Not Supported
  - Test Case 2f: 3RI Transaction Not Supported
  - Test Case 3a: Transaction Risk Analysis Exemption - Low Value - Mastercard
  - Test Case 3a: Transaction Risk Analysis Exemption - Low Value - Mastercard EMV 3-D Secure 2.1 and 2.2
  - Test Case 3b-Transaction Risk Analysis Low Value - Visa
  - Test Case 3c: Transaction Risk Analysis-Low Value-Discover
  - Test Case 3d: Acquirer Transaction Risk Analysis-Cartes Bancaires
  - Test Case 4a: Trusted Beneficiary Prompt for Trustlist
  - Test Case 4b: Utilize Trusted Beneficiary Exemption
  - Test Case 5a-1: Identity Check Insights (ScoreRequest = N)
  - Test Case 5a-2: Identity Check Insights (ScoreRequest = Y)

Website Modification Reference
- Website Modification Checklist
- 3-D Secure Services Logos
- Informational Message Examples

Alternate Methods for Device Data Collection
- Device Data Collection Overview
  - Prerequisites
  - Endpoints
- Collecting Device Data
  - Card BIN in JWT
  - Card BIN as a POST Parameter Plus JWT

Upgrading Your Payer Authentication Implementation
- Benefits
- PSD2 Impact
  - Mandates
- Recommended Integration
- Migration FAQ

Payer Authentication Transaction Details in the Gateway Portal
- Payer Authentication Search
- Storing Payer Authentication Data
- Searching for Payer Authentication Details
  - Enrolled Card
    - Enrollment Check
    - Authentication Validation
  - Card Not Enrolled
    - Transaction Details

Payer Authentication Reports
- Payer Authentication Summary Report
  - Downloading the Report
  - Matching the Report to the Transaction Search Results
  - Interpreting the Report
  - Comparing Payer Authentication and Payment Reports
- Payer Authentication Detail Report
  - Report
  - PayerAuthDetail
  - ProofXML
  - VEReq
  - VERes
  - PAReq
  - PARes
  - AuthInfo
  - Report Examples

Glossary

On This Page

REST API

Interpreting the Response

The responses are similar for all card types.

Enrolled cards: You receive

PENDING_AUTHENTICATION

if the customer’s card is enrolled in a payer authentication program. When you receive this response, proceed to Step 4: Step-Up IFrame.

Cards not enrolled, or step-up authentication not required: You receive

AUTHENTICATION_SUCCESSFUL

in the following cases:

When the account number is not eligible for a payer authentication program or when step-up authentication is not required. The other services in your request are processed normally. If you are making separate enrollment and authorization calls, you must include pertinent payer authentication data in the authorization request to receive liability shift protection.

When payer authentication is not supported by the card type. When you receive this response, you can proceed to card authorization. If you receive the authentication results along with

AUTHENTICATION_SUCCESSFUL

, you might receive liability shift protection.

An

AUTHENTICATION_FAILED

status may occur that requires the merchant to display a card issuer message to the cardholder using the

consumerAuthenticationInformation.cardholderMessage

field.

The message text is provided by the ACS/issuer to the cardholder during a frictionless or decoupled transaction to convey information to cardholder. For example, “Additional authentication is needed for this transaction, contact (issuer name) at xxx-xxx-xxxx.”

The entry that appears in the log will be similar to this example:

"cardholderInfo":"You're unable to complete this purchase right now. For help call CommBank on 13 2221"