In case the Access Control Server (ACS) of the cardholder's bank does not support any EMV 3DS protocol version (i.e. 2.0 or higher, see acsStartProtocolVersion) the threeDSMethodDataForm element of the versioningData object in the payment response will be Null.

Sequence Diagram

Documentation Axepta BNP Paribas > Server-2-Server - 3DS 1.0 Fallback > 3DS 1.0 Fallback Sequence Diagram.png

3DS 1.0 Authentication

In order to a 3DS 1.0 authentication request through the cardholder browser it is required to construct a form with the data elements provided in threeDSLegacy and to post it to the acsURL.

The form fields that are sent to the ACS are listed in the table below:

Form Element	Description	Beschreibung
PAReq	A constructed, Base64 encoded and compressed field carrying the Payer Authentication Request Message Fields. The compression algorithm used is a combination of LZ77 and Huffman coding as specified in RFC 1951.	Ein konstruiertes, Base64-codiertes und komprimiertes Feld mit den Feldern der Payer Authentication Request Message. Der verwendete Kompressionsalgorithmus ist eine Kombination von LZ77- und Huffman-Codierung gemäß RFC 1951.
TermURL	The merchant URL the ACS will redirect the cardholder to after the authentication has concluded. Note that adds the fields `PayID`, `TransID` and `MID` in the query string to the base URL. Please do not alter the TermURL!	Die Händler-URL, wohin der ACS den Karteninhaber nach Abschluss der Authentisierung weiterleitet. Beachten Sie, dass das die Felder `PayID`, `TransID` und `MID` im Anfrage-String zur Basis-URL hinzufügt. Bitte ändern Sie die TermURL nicht!
MD	The MD (i.e. Merchant Data) field can carry whatever data the merchant needs to continue the session. Please note that this field must be present in the form even though it is not used.	Das Feld MD (d.h. Händlerdaten) kann beliebige Daten transportieren, die der Händler fpr die Fortsetzung der Sitzung benötigt. Beachten Sie bitte, dass dieses Feld im Formular vorhanden sein muss, auch wenn es nicht verwendet wird.

Sample: PAReq form passed through the Cardholder to the ACS URL

<html>
    <head>
        <script language=\"javascript\">
            <!--
                function sendpareq()
                    {  
                        document.pareq_form.submit();
                    }
            // -->
        </script>
    </head>
     
    <body onload="javascript:sendpareq();">
        <form action="https://pit.3dsecure.net/VbVTestSuiteService/pit1/acsService/paReq?summary=ZTIwOWMwYmEtNTVhOC00NDExLThkZDktYzllODk1NmZlNDQ0" method="POST" name="pareq_form">
            <input type="hidden" name="PaReq" value="eJxVUst22jAQ/RUfL7rpMZKFiQ0dK4dXgAVOTmuSpjvVGsApfkSWA+TrK/Fo0t29M6M7M3cEt4di57yhavKqjF2/Q10Hy6ySebmJ3VV650Wu02hRSrGrSozdIzbuLYd0qxAnPzBrFXJYYtOIDTq5jN1aCIEioyzywkhILwh7gddnFD1JMVyv15HfYz2Xw8PwO75yuPTmpnWHAblSo6myrSg1B5G9jhYJD266jHWBXCgUqBYTPk4fR4+M+jdAzgEoRYG8zrXGRn+dFb/nzhdR1N+ccQXklIOsakutjpyF5tWVQKt2fKt1PSBkv993sqqoW13VHYlAbA7Ix0gPrUWN0Trkkv+aLVnyvjkuZ6tD8vS8Tya7l/unBXt+n8ZAbAVIoZGbMSPaY4HjB4MuHQR9IKc4iMIOwX1KzXpnDLVtMfyU+BwA47sydzryfhiZHa4M8FCbM5kKY+U/DBKbjKfGD9PQQiAfC4zn1uFMG+vm+V06bad/Zi+rn6rrJ20xWt4P49h6fiqw8rnxyo/8s74lQKwEuZyTXP6CQf/9kb8b1MvQ">
            <input type="hidden" name="TermUrl" value="http://localhost:40405/test/3DTermURL.aspx?PayID=dc67820e15f049c9b6c1f0420729da8a&TransID=20180524-162741-084&MID=gustav">
            <input type="hidden" name="MD" value="Optional merchant session data">
        </form>
    </body>
</html>

Once the authentication has been completed or the cancelled by the cardholder the ACS will redirect the cardholder through the cardholder's browser to the TermURL as specified in the initail payment request.

The Payer Authentication Response (PaRes) will be transferred via HTTP POST method while MID, PayID and TransID are sent in the HTTP query string (i.e. HTTP GET).

Data Elements transferred to the `TermURL`

Key	Format	CND	Description	Beschreibung
PARes	--	M	The PARes (Payer Authentication Response) message sent by the ACS in response to the PAReq regardless of whether authentication is successful	Die vom ACS gesendete PARes-Nachricht (Payer Authentication Response) in Reaktion auf die PAReq ungeachtet dessen, ob dit Authentisierung erfolgreich ist

Authorization

In order to authorize an 3DS 1.0 authenticated payment you must POST the parameter as listed in the table below unencrypted to direct3d.aspx. The response always is encrypted (Len + Data).

Request Elements

Key	Format	CND	Description	Beschreibung
PAResponse	--	M	The PARes (Payer Authentication Response) message sent by the ACS	Die vom ACS gesendete PARes-Nachricht (Payer Authentication Response)

Response Elements

Key Format CND Description Beschreibung

Status

a..20

M

Status of the transaction.

Values accepted:

Authorized
OK (Sale)
FAILED

Status der Transaktion.

Zulässige Werte:

Authorized
OK (Sale)
FAILED

Description

ans..1024

M

Textual description of the code

Textliche Beschreibung des Codes

Key	Format	CND	Description	Beschreibung
card	JSON	C	Card data	Kartendaten
ipInfo	JSON	O	Object containing IP information	Objekt mit IP-Informationen
threeDSData	JSON	M	Authentication data	Authentisierungsdaten

3DS 1.0 Authentication

Data Elements transferred to the TermURL

Authorization

Request Elements

Response Elements

Data Elements transferred to the `TermURL`