The 3D Secure system is a scheme implemented by the card schemes (primarily Visa, who call it Verified By Visa or VbV and MasterCard, who call it MasterCard SecureCode).<\/p>\n
The basic concept of the system is to tie the financial authorisation process with an online authentication. This authentication is based on a 3 domain model (that is the 3D in the name). The three domains are: Acquirer Domain (the commerce), the Issuer Domain (the bank issuer of the credit card) and finally the Interoperability Domain (Worldwide credit card and support).<\/p>\n
The transaction is effectively broken into 2 messages. During the initial message the card number is checked to see if it enrolled on the card-issuing organisation\u2019s (usually a bank) 3D Secure scheme. If the card is enrolled on the scheme, the transaction is \u201cpaused\u201d & the message ends, informing the
\nmerchant\u2019s website (and so the customer) that they must authenticate their card. This happens by the customer being redirected to their card-issuing organisation\u2019s website & validating their card directly with them. They are the redirected back to the merchant\u2019s website which passes the authentication
\npayment response generated by the card-issuer\u2019s website during the authentication process back to the payment gateway with the second message of the transaction. The gateway then verifies the authentication payment response with the card-issuer directly & depending on the results of this the transaction is resumed or rejected.<\/p>\n
Listed below are the steps that a 3D Secure transaction takes and a diagram below:<\/p>\n
1) The cardholder navigates to the merchant\u2019s website, & fills in their credit card details into the merchant\u2019s payment form (this form may reside on the merchant\u2019s servers or on the payment processing servers).<\/p>\n
2) The credit card information is submitted to the payment gateway by the merchant\u2019s
\npayment form (using a CardDetailsTransaction message).<\/p>\n
3) The payment gateway contacts the Directory Server to query whether this credit card is enrolled (or needs to be enrolled) in the 3D Secure scheme.<\/p>\n
4) The Directory Server passes the enrolment status information back to the payment gateway, which in turn either continues processing the transaction as normal (if the card is not enrolled), or it passes the URL of the cardholder\u2019s bank\u2019s Access Control Server (ACSURL) and additional data from which a Payment Request string (PaREQ) back to the merchant\u2019s payment form. This will be done using the CardDetailsTransactionResponse message.<\/p>\n
5) The customer is then redirected by the payment form to their bank\u2019s Access Control Server & they are greeted with the last 4 digits of their credit card & the identification text they specified when registering their card for 3D Secure. The customer validates their card details using their 3D Secure password, which is validated by their bank\u2019s Access Control Server<\/p>\n
6) The Access Control Server then initiates a redirect of the customer\u2019s browser back to a secure processing page on the merchant\u2019s website (TermUrl), which forwards the payment response string (PaRES) from the Access Control Server to the payment gateway using a ThreeDSecureAuthentication message.<\/p>\n
7) Depending on the contents of the payment response (PaRES), the transaction is either declined immediately (following a 3D Secure Authentication failure) or the transaction is then submitted to the bank for authorisation. The results of the transaction are then passed back to the merchant\u2019s system using a ThreeDSecureAuthenticationResponse which displays the payment result to the customer.<\/p>\n","protected":false},"excerpt":{"rendered":"
The 3D Secure system is a scheme implemented by the card schemes (primarily Visa, who call it Verified By Visa or VbV and MasterCard, who call it MasterCard SecureCode). The basic concept of the system is to tie the financial authorisation process with an online authentication. This authentication is based on a 3 domain model…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[2,45],"tags":[],"_links":{"self":[{"href":"https:\/\/payb.co.uk\/integration-guide\/wp-json\/wp\/v2\/posts\/363"}],"collection":[{"href":"https:\/\/payb.co.uk\/integration-guide\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/payb.co.uk\/integration-guide\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/payb.co.uk\/integration-guide\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/payb.co.uk\/integration-guide\/wp-json\/wp\/v2\/comments?post=363"}],"version-history":[{"count":1,"href":"https:\/\/payb.co.uk\/integration-guide\/wp-json\/wp\/v2\/posts\/363\/revisions"}],"predecessor-version":[{"id":364,"href":"https:\/\/payb.co.uk\/integration-guide\/wp-json\/wp\/v2\/posts\/363\/revisions\/364"}],"wp:attachment":[{"href":"https:\/\/payb.co.uk\/integration-guide\/wp-json\/wp\/v2\/media?parent=363"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/payb.co.uk\/integration-guide\/wp-json\/wp\/v2\/categories?post=363"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/payb.co.uk\/integration-guide\/wp-json\/wp\/v2\/tags?post=363"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}