-
The cardholder navigates to the merchant’s website.
-
Once an order has been prepared, the customer is redirected to the payment gateway (Hosted Payment Form) andsupplies theircarddetailsintothepaymentform.
-
The payment gateway contacts the Directory Server to query whether this card is enrolled in the 3D Securescheme.
-
The Directory Server determineswhetherthecardisenrolledinthe 3DS schemeandpasses this information back to the payment gateway.
-
If the card is enrolled in the 3D Secure Authentication Scheme, the transaction moves to step5.
-
If not, the transaction moves to step 10.
-
-
The payment gateway passes the URL of the cardholder’s bank’s Access Control Server (ACSURL) and additional data from which a Payment Request string (PaREQ) is created, to the Hosted Payment Form.
-
The customer is then redirected by the Hosted Payment Form to their bank’s Access Control Server (ACSURL) and they are greeted with the last 4 digits of their credit card & the identification text they specified when registering their card for 3D Secure.
-
The customer thenvalidatestheir carddetailsusing their 3D Secure password, whichis validated by their bank’s Access Control Server.
-
The Access Control Server then initiates a redirect of the customer’s browser back to a secure processing page on the payment gateway.
-
The payment gateway checks the contents of the payment response (PaRES).
-
If the transaction is declined (following a 3D Secure authentication failure), move to step 11.
-
If not, the transaction moves to step 10.
-
-
The payment gateway then submits the transaction to the bank for authorisation.