Recent Revisions to This Document

About This Guide

Introducing Payer Authentication
- Overview of Chargeback Protection
  - PSD2
  - EMV 3-D Secure
  - Strong Customer Authentication
  - Prerequisites for Implementing Payer Authentication
- Payer Authentication Process Flow Overview
- Integrating Payer Authentication into Your Business
  - Host Names
  - Endpoints
  - Tokenization and Digital Payment Options
  - Overview of 3-D Secure 2.x Implementation
- Using Secure Acceptance with Payer Authentication
- Required Merchant Information

Implementing Cardinal Cruise Direct Connection API Payer Authentication
- Prerequisites
- After Implementation and Before Go Live
- Step 1: Payer Authentication Setup Service
  - Request Fields
  - Important Response Fields
- Step 2: Device Data Collection Iframe
  - Build the Iframe
  - Initiate the Device Data Collection Iframe
  - Submit the Device Data Collection Iframe
  - Listen for the Device Data Collection URL Response
- Step 3: Payer Authentication Check Enrollment Service
  - Request Fields
  - Combining Services
  - Interpreting the Response
  - Important Response Fields
- Step 4: Step-Up IFrame
  - Building the Iframe Parameters
  - Creating the Iframe
  - Invoke the Iframe
  - Receiving the Step-Up Results
- Step 5: Payer Authentication Validation Service
  - Request Fields
  - Combining Services or Mapping Authorization Fields
  - Interpreting the Response
  - Redirecting Customers to Pass or Fail Message Page
- Cardinal Cruise Direct Connection Integration Examples
  - Setup Service Request and Response Examples
  - Check Enrollment Request and Response Examples
  - Validate Authentication Request and Response
  - Authorization with Enroll
  - Authorization with Validation

Hybrid Payer Authentication
- Implementation Overview
- Process Flow for Hybrid Integration
  - Payer Authentication Setup
  - Add the JavaScript
  - BIN Detection
  - Requesting the Check Enrollment Service
    - Interpreting the Response
  - Authenticating Enrolled Cards
    - Receiving the Authentication Results
  - Requesting the Validation Service
    - Interpreting the Response
    - Redirecting Customers to Pass or Fail Message Page
  - Hybrid Integration Examples
    - Check Enrollment
    - Validate
    - Enrollment and Authorization
    - Validation and Authorization Request

API Fields
- Required Fields for Setting Up Payer Authentication
  - Optional Fields for Setting Up Payer Authentication
- Required Fields for Checking Enrollment in Payer Authentication
  - Optional Fields for Enrolling in Payer Authentication
- Required Fields for Validating Payer Authentication
  - Optional Fields for Validating Payer Authentication

Testing Payer Authentication
- Testing Process
  - Enrollment Check
  - Enrollment Check Response Fields
  - Authentication Validation Test Case Fields
- Expected Results
- 3-D Secure 1.0 Testing
  - Visa Secure 3-D Secure 1.0 Test Cases
    - Visa Secure Test Cases for 3-D Secure 1.0
  - Mastercard Identity Check 3-D Secure 1.0 Test Cases
    - Mastercard Identity Check Test Cases for 3-D Secure 1.0
  - Maestro 3-D Secure 1.0 Test Cases
    - Maestro Test Cases for 3-D Secure 1.0
  - American Express SafeKey 3-D Secure 1.0 Test Cases
    - American Express SafeKey Test Cases for 3-D Secure 1.0
  - JCB J/Secure 3-D Secure 1.0 Test Cases
    - JCB J/Secure Test Cases for 3-D Secure 1.0
  - Diners Club Protect Buy 3-D Secure 1.0 Test Cases
    - Diners Club Protect Buy Test Cases for 3-D Secure 1.0
  - Discover Protect Buy 3-D Secure 1.0 Test Cases
    - Discover Protect Buy Test Cases for 3-D Secure 1.0
- Test Cases for 3-D Secure 2.x
  - Test Case 2.1: Successful Frictionless Authentication
  - Test Case 2.2: Unsuccessful Frictionless Authentication
  - Test Case 2.3: Attempts Processing Frictionless Authentication
  - Test Case 2.4: Unavailable Frictionless Authentication
  - Test Case 2.5: Rejected Frictionless Authentication
  - Test Case 2.6: Authentication not Available on Lookup
  - Test Case 2.7: Enrollment Check Error
  - Test Case 2.8: Time-Out
  - Test Case 2.9: Bypassed Authentication
  - Test Case 2.10a: Successful Step-Up Authentication
  - Test Case 2.11a: Unsuccessful Step-Up Authentication
  - Test Case 2.12a: Unavailable Step-Up Authentication
  - Test Case 2.14: Require MethodURL
- Payer Authentication Exemption Test Cases
  - Test Case 1a: Initial/First Recurring Transaction - Fixed Amount
  - Test Case 2a: Card Authentication Failed
  - Test Case 2b: Suspected Fraud
  - Test Case 2c: Cardholder Not Enrolled in Service
  - Test Case 2d: Transaction Timed Out at the ACS
  - Test Case 2e: Non-Payment Transaction Not Supported
  - Test Case 2f: 3RI Transaction Not Supported
  - Test Case 3a: Transaction Risk Analysis Exemption - Low Value - Mastercard
  - Test Case 3a: Transaction Risk Analysis Exemption - Low Value - Mastercard EMV 3-D Secure 2.1 and 2.2
  - Test Case 3b-Transaction Risk Analysis Low Value - Visa
  - Test Case 3c: Transaction Risk Analysis-Low Value-Discover
  - Test Case 3d: Acquirer Transaction Risk Analysis-Cartes Bancaires
  - Test Case 4a: Trusted Beneficiary Prompt for Trustlist
  - Test Case 4b: Utilize Trusted Beneficiary Exemption
  - Test Case 5a-1: Identity Check Insights (ScoreRequest = N)
  - Test Case 5a-2: Identity Check Insights (ScoreRequest = Y)

Website Modification Reference
- Website Modification Checklist
- 3-D Secure Services Logos
- Informational Message Examples

Alternate Methods for Device Data Collection
- Device Data Collection Overview
  - Prerequisites
  - Endpoints
- Collecting Device Data
  - Card BIN in JWT
  - Card BIN as a POST Parameter Plus JWT

Upgrading Your Payer Authentication Implementation
- Benefits
- PSD2 Impact
  - Mandates
- Recommended Integration
- Migration FAQ

Payer Authentication Transaction Details in the Gateway Portal
- Payer Authentication Search
- Storing Payer Authentication Data
- Searching for Payer Authentication Details
  - Enrolled Card
    - Enrollment Check
    - Authentication Validation
  - Card Not Enrolled
    - Transaction Details

Payer Authentication Reports
- Payer Authentication Summary Report
  - Downloading the Report
  - Matching the Report to the Transaction Search Results
  - Interpreting the Report
  - Comparing Payer Authentication and Payment Reports
- Payer Authentication Detail Report
  - Report
  - PayerAuthDetail
  - ProofXML
  - VEReq
  - VERes
  - PAReq
  - PARes
  - AuthInfo
  - Report Examples

Glossary

On This Page

REST API

Receiving the Step-Up Results

After the customer interacts with the issuing bank, the user is redirected back to the

consumerAuthenticationInformation.returnUrl

within the iframe as specified in Step 3: Payer Authentication Check Enrollment Service. The payload sent to the returnURL is URL-encoded and Base64-encoded (see the example below). The merchant hosting the returnURL can then close the iframe after redirection.

The response sent back to the return URL contains the following:

Transaction ID: (

consumerAuthenticationInformation.authenticationTransactionId

response field). This is used in Step 5: Payer Authentication Validation Service.

MD: merchant data returned if present in the POST to step-up URL; otherwise, null.

POST to Return URL

TransactionId=BwNsDeDPsQV4q8uy1Kq1&MD=null