Enabling 3-D Secure Authentication
This page describes how to use the Update Merchant Payment Details and Update Acquirer Link requests to enable 3-D Secure authentication for a merchant.
3-Domain Secure™ (3-D Secure or 3DS) authentication is designed to protect online purchases against credit card fraud by allowing the merchant to authenticate the payer before submitting an Authorization or Pay transaction. The American Express PSP supports both 3DS versions — 3DS and EMV 3DS.
EMV 3DS, also known as 3DS2 in the gateway, is the new version designed to enhance security in online purchases while providing frictionless checkouts to payers who are considered low risk by the Access Control Server (ACS). The ACS may determine the risk using information provided by the merchant, browser fingerprinting, and/or previous interactions with the payer. The ACS subjects the payer to a challenge (for example, entering a PIN) only where additional verification is required to authenticate the payer thereby providing increased conversion rates.
3DS2 Authentication
To enable 3DS2 authentication for a merchant, provide the authentication scheme(s) for which the merchant can perform 3DS2 payer authentication, in the merchant.privilege[n] field in the Update Merchant Payment Details request. The gateway uses the requestor credentials (Requestor ID and Requestor Name) for a scheme, which are identifiers for the merchant on the 3DS2 Directory Server, to processs 3DS2 authentication for that scheme. Depending on the authentication scheme, you may be required to provide these, if they are not generated by the gateway.
SECURECODE_2: Allows the merchant to perform 3DS2 Mastercard SecureCode authentication. The gateway generates the requestor credentials for this scheme.VERIFIED_BY_VISA_2: Allows the merchant to perform 3DS2 Verified By Visa authentication. From Web-Services API v55 onwards, the gateway generates the requestor credentials for this scheme.For merchants who have previously configured Verified By Visa using Web-Services API version < 55, and have Requestor ID and Requestor Name details configured, the gateway will continue to use the configured values in processing 3DS2 Verified By Visa authentication.AMEX_SAFEKEY_2: Allows the merchant to perform 3DS2 American Express SafeKey authentication.
For the gateway to process requests for American Express SafeKey authentication, in addition to enabling the privilege, you must provide the Requestor ID and Requestor Name details. These are provided by the merchant's acquirer when they registered to use American Express SafeKey.
merchant.authentication.3ds2.amexSafeKey.requestorIdmerchant.authentication.3ds2.amexSafeKey.requestorName
-
Provide the merchants with the following optional fields that will allow them to provide the merchant ID issued by the acquirer who has registered the merchant for payer authentication.
merchant.acquirerLink.authentication.masterCardSecureCode.3DS2.merchantIDmerchant.acquirerLink.authentication.verifiedByVisa.3DS2.merchantID
3DS2 Configuration API Reference[REST][NVP]
Enabling acquirer BINs
For merchants that are enabled for 3DS2, you can configure an acquirer BIN for each supported authentication scheme on the acquirer link. This allows acquirers that act as processors to process the transaction with the correct 3DS configuration for that acquirer.
You can use the following fields in the Update Acquirer Link request to provide an acquirer BIN for each supported authentication scheme:
merchant.acquirerLink.authentication.masterCardSecureCode.acquirerBinmerchant.acquirerLink.authentication.amexSafeKey.acquirerBinmerchant.acquirerLink.authentication.dinersProtectBuy.acquirerBinmerchant.acquirerLink.authentication.jSecure.acquirerBinmerchant.acquirerLink.authentication.verifiedByVisa.acquirerBinmerchant.acquirerLink.{id}.authentication.unionPay.acquirerBinmerchant.acquirerLink.authentication.3DS.jaywanSecureNxt.acquirerBin
3DS Acquirer BIN API Reference[REST][NVP]
Enabling acquirer merchant ID
Upon applying for UP3DS enrolment, the UPI assigns this field to the 3DS Requestor, which corresponds to the acquirer merchant ID in cases where the 3DS Requestor is a merchant.
You can use the merchant.acquirerLink.{id}.authentication.unionPay.merchantId field in the Update Acquirer Link request if the 'Bank Merchant ID/SE Number' differs from the Acquirer Merchant ID submitted to UnionPay 3-D Secure for EMV 3DS requests.