Below is the order that the variables should be listed when creating the 3D Secure authentication request hash digest to check against the one in submitted in the form. The string to be hashed must be comprised of the variables listed in the order below in standard URL format (i.e. listed in name/value pairs, delimited with an ampersand character e.g. “variable1=value&variable2=value&variable3=value”). The variable names and values are case- sensitive and the values should be represented EXACTLY as they appear in the form (NON-URL ENCODED). This hash must be checked against the one submitted in the form, and it should be exactly the same as the hash digest created by us. Any differences should be treated with EXTREME caution, as this indicates that the variables in the form have been tampered with.
|
Variable Name |
Mandatory or Always Present |
Comments |
|
PreSharedKey |
See comments |
The pre shared key should ONLY be included in the hash digest if the chosen hash method is standard (i.e. not HMAC) MD5 or SHA1. If the chosen hash method is either HMACMD5 or HMACSHA1, then the pre shared key is used as part of the hash generation so should be ENTIRELY omitted from the string to be hashed – if it is present in these cases (even as an empty string), then an error will be thrown |
|
MerchantID |
Yes |
|
|
Password |
Yes |
|
|
CrossReference |
Yes |
|
|
TransactionDateTime |
Yes |
|
|
CallbackURL |
Yes |
|
|
PaRES |
Yes |
|