Recent Revisions to This Document

About This Guide

Introducing Payer Authentication
- Overview of Chargeback Protection
  - PSD2
  - EMV 3-D Secure
  - Strong Customer Authentication
  - Prerequisites for Implementing Payer Authentication
- Payer Authentication Process Flow Overview
- Integrating Payer Authentication into Your Business
  - Host Names
  - Endpoints
  - Tokenization and Digital Payment Options
  - Overview of 3-D Secure 2.x Implementation
- Using Secure Acceptance with Payer Authentication
- Required Merchant Information

Implementing Cardinal Cruise Direct Connection API Payer Authentication
- Prerequisites
- After Implementation and Before Go Live
- Step 1: Payer Authentication Setup Service
  - Request Fields
  - Important Response Fields
- Step 2: Device Data Collection Iframe
  - Build the Iframe
  - Initiate the Device Data Collection Iframe
  - Submit the Device Data Collection Iframe
  - Listen for the Device Data Collection URL Response
- Step 3: Payer Authentication Check Enrollment Service
  - Request Fields
  - Combining Services
  - Interpreting the Response
  - Important Response Fields
- Step 4: Step-Up IFrame
  - Building the Iframe Parameters
  - Creating the Iframe
  - Invoke the Iframe
  - Receiving the Step-Up Results
- Step 5: Payer Authentication Validation Service
  - Request Fields
  - Combining Services or Mapping Authorization Fields
  - Interpreting the Response
  - Redirecting Customers to Pass or Fail Message Page
- Cardinal Cruise Direct Connection Integration Examples
  - Setup Service Request and Response Examples
  - Check Enrollment Request and Response Examples
  - Validate Authentication Request and Response
  - Authorization with Enroll
  - Authorization with Validation

Hybrid Payer Authentication
- Implementation Overview
- Process Flow for Hybrid Integration
  - Payer Authentication Setup
  - Add the JavaScript
  - BIN Detection
  - Requesting the Check Enrollment Service
    - Interpreting the Response
  - Authenticating Enrolled Cards
    - Receiving the Authentication Results
  - Requesting the Validation Service
    - Interpreting the Response
    - Redirecting Customers to Pass or Fail Message Page
  - Hybrid Integration Examples
    - Check Enrollment
    - Validate
    - Enrollment and Authorization
    - Validation and Authorization Request

API Fields
- Required Fields for Setting Up Payer Authentication
  - Optional Fields for Setting Up Payer Authentication
- Required Fields for Checking Enrollment in Payer Authentication
  - Optional Fields for Enrolling in Payer Authentication
- Required Fields for Validating Payer Authentication
  - Optional Fields for Validating Payer Authentication

Testing Payer Authentication
- Testing Process
  - Enrollment Check
  - Enrollment Check Response Fields
  - Authentication Validation Test Case Fields
- Expected Results
- 3-D Secure 1.0 Testing
  - Visa Secure 3-D Secure 1.0 Test Cases
    - Visa Secure Test Cases for 3-D Secure 1.0
  - Mastercard Identity Check 3-D Secure 1.0 Test Cases
    - Mastercard Identity Check Test Cases for 3-D Secure 1.0
  - Maestro 3-D Secure 1.0 Test Cases
    - Maestro Test Cases for 3-D Secure 1.0
  - American Express SafeKey 3-D Secure 1.0 Test Cases
    - American Express SafeKey Test Cases for 3-D Secure 1.0
  - JCB J/Secure 3-D Secure 1.0 Test Cases
    - JCB J/Secure Test Cases for 3-D Secure 1.0
  - Diners Club Protect Buy 3-D Secure 1.0 Test Cases
    - Diners Club Protect Buy Test Cases for 3-D Secure 1.0
  - Discover Protect Buy 3-D Secure 1.0 Test Cases
    - Discover Protect Buy Test Cases for 3-D Secure 1.0
- Test Cases for 3-D Secure 2.x
  - Test Case 2.1: Successful Frictionless Authentication
  - Test Case 2.2: Unsuccessful Frictionless Authentication
  - Test Case 2.3: Attempts Processing Frictionless Authentication
  - Test Case 2.4: Unavailable Frictionless Authentication
  - Test Case 2.5: Rejected Frictionless Authentication
  - Test Case 2.6: Authentication not Available on Lookup
  - Test Case 2.7: Enrollment Check Error
  - Test Case 2.8: Time-Out
  - Test Case 2.9: Bypassed Authentication
  - Test Case 2.10a: Successful Step-Up Authentication
  - Test Case 2.11a: Unsuccessful Step-Up Authentication
  - Test Case 2.12a: Unavailable Step-Up Authentication
  - Test Case 2.14: Require MethodURL
- Payer Authentication Exemption Test Cases
  - Test Case 1a: Initial/First Recurring Transaction - Fixed Amount
  - Test Case 2a: Card Authentication Failed
  - Test Case 2b: Suspected Fraud
  - Test Case 2c: Cardholder Not Enrolled in Service
  - Test Case 2d: Transaction Timed Out at the ACS
  - Test Case 2e: Non-Payment Transaction Not Supported
  - Test Case 2f: 3RI Transaction Not Supported
  - Test Case 3a: Transaction Risk Analysis Exemption - Low Value - Mastercard
  - Test Case 3a: Transaction Risk Analysis Exemption - Low Value - Mastercard EMV 3-D Secure 2.1 and 2.2
  - Test Case 3b-Transaction Risk Analysis Low Value - Visa
  - Test Case 3c: Transaction Risk Analysis-Low Value-Discover
  - Test Case 3d: Acquirer Transaction Risk Analysis-Cartes Bancaires
  - Test Case 4a: Trusted Beneficiary Prompt for Trustlist
  - Test Case 4b: Utilize Trusted Beneficiary Exemption
  - Test Case 5a-1: Identity Check Insights (ScoreRequest = N)
  - Test Case 5a-2: Identity Check Insights (ScoreRequest = Y)

Website Modification Reference
- Website Modification Checklist
- 3-D Secure Services Logos
- Informational Message Examples

Alternate Methods for Device Data Collection
- Device Data Collection Overview
  - Prerequisites
  - Endpoints
- Collecting Device Data
  - Card BIN in JWT
  - Card BIN as a POST Parameter Plus JWT

Upgrading Your Payer Authentication Implementation
- Benefits
- PSD2 Impact
  - Mandates
- Recommended Integration
- Migration FAQ

Payer Authentication Transaction Details in the Gateway Portal
- Payer Authentication Search
- Storing Payer Authentication Data
- Searching for Payer Authentication Details
  - Enrolled Card
    - Enrollment Check
    - Authentication Validation
  - Card Not Enrolled
    - Transaction Details

Payer Authentication Reports
- Payer Authentication Summary Report
  - Downloading the Report
  - Matching the Report to the Transaction Search Results
  - Interpreting the Report
  - Comparing Payer Authentication and Payment Reports
- Payer Authentication Detail Report
  - Report
  - PayerAuthDetail
  - ProofXML
  - VEReq
  - VERes
  - PAReq
  - PARes
  - AuthInfo
  - Report Examples

Glossary

On This Page

REST API

Authenticating Enrolled Cards

When you have verified that a customer’s card is enrolled in a card authentication program, you must include the URL of the card-issuing bank’s Access Control Server (ACS), the payload, and the

consumerAuthenticationInformation.authenticationTransactionId

response field in the Cardinal.continue
function in order to proceed with the authentication session as shown in the following example.

Cardinal.continue

Cardinal.continue('cca',
{
    "AcsUrl":"https://testcustomer34.cardinalcommerce.com/merchantacsfrontend/pareq.jsp?vaa=b&gold=AAAAAAAA...AAAAAAA",
    "Payload":"eNpVUk1zgjAQvedXME7PJEFBVdKt1CECeDkVCk2PcfcnNjv8Kr+7tx4nlbGOcz/se6G1uMENPTPeeIz1G37WGEUth7YnpO21TfTvF3wDCBqspQ=="
 },
 {
    "OrderDetails":{
         "TransactionId" :"123456abc"

                       }
        }
);

Cardinal.continue
displays the authentication window if necessary and automatically redirects the customer’s session over to the ACS URL for authentication. The customer’s browser displays the authentication window with the option to enter their password.