Details on 3-D Secure transactions

For payments which are authenticated with 3-D Secure you may see details like this:

The values shown above depend on 3-D Secure version used for authentication and the card scheme.

Here are some details:

ECI value

The ECI value stands for "Electronic Commerce Indicator" and detailed overview can be found here: ECI Codes

3-D Version (Directory Server)

The Directory Server is managed by the card scheme (Mastercard, VISA, American Express, ...) where each  card issuer isregistered and can be identified by the BIN (Bank Identication Number).

The Directory Server "talks" to the Access Control Server which finally refers to the card issuer system.

For 3-D Secure processing all parties (scheme, issuer and PSP Axepta) have to agree on the same 3-D Secure version.

3-D Version (Processing)

This is the 3-D Secure version which has been agreed by all parties finally for 3-D Secure authentication.

It may happen that a specific issuer is not supporting 3-D Secure (Version 2.1.0, 2.2.0) by now and then automatically a fallback to Version 1.0 will happen.

Authentication Type

Current supported values for "authentication type" are:

Value

Meaning

Description

00FrictionlessIssuer did not challenge for a strong cardholder authentication.
01Static

Static password is used for cardholder authentication. Also used for 3DS1 non frictionless

02DynamicDynamic password (e.g. token or app) is used for a strong cardholder authentication.
03OOB

OOB stands for "Out Of Band":

Users verify transactions in their issuer’s authentication service which can be issuers' website or app.

04DecoupledWill be supported with 3-D Secure 2.2, intended to support card holder authentication for merchant initiated transactions (MIT).

Challenge Indicator (Requested)

Value

Meaning

Description

01No preferenceNo specific challenge indicator requested, default value.
02No challenge requestedMerchant prefers that "no challenge" should be performed
03Challenge requested: 3DS Requestor PreferenceMerchant prefers that a "challenge" should be performed
04Challenge requested:MandateThere are local or regional mandates that mean that a challenge must be performed
05No challenge requestedTransactional risk analysis is already performed
06No challenge requestedData share only
07No challenge requestedStrong consumer authentication is already performed
08No challenge requestedUtilise whitelist exemption if no challenge required
09Challenge requestedWhitelist prompt requested if challenge required

Transaction Status

Value

Meaning

Description

YAuthentication Verification Successful

Authentication has been completed successfully, i.e. ready for authorisation.

It still may happen that the authorisation fails, e.g. due to low account balance.

NNot Authenticated /Account Not VerifiedTransaction denied
UAuthentication/ Account Verification Could Not Be PerformedTechnical or other problem, as indicated in ARes or RReq
AAttempts Processing PerformedNot Authenticated/Verified, but a proof of attempted authentication/verification is provided.
CChallenge RequiredAdditional authentication is required using the CReq/CRes.
DChallenge RequiredDecoupled Authentication confirmed.
RAuthentication/ Account Verification RejectedIssuer is rejecting authentication/verification and request that authorisation not be attempted.
IInformational Only3DS Requestor (merchant) challenge preference acknowledged.

Whitelist Status

Value

Meaning

Y3DS Requestor (merchant) is whitelisted by cardholder
N3DS Requestor (merchant) is not whitelisted by cardholder
ENot eligible as determined by issuer
PPending confirmation by cardholder
RCardholder rejected
UWhitelist status unknown, unavailable, or does not apply
  • No labels