In case the Access Control Server (ACS) of the cardholder's bank does not support any EMV 3DS protocol version (i.e. 2.0 or higher, see acsStartProtocolVersion) the threeDSMethodDataForm element of the versioningData object in the payment response will be Null.
Sequence Diagram
3DS 1.0 Authentication
In order to a 3DS 1.0 authentication request through the cardholder browser it is required to construct a form with the data elements provided in threeDSLegacy and to post it to the acsURL.
The form fields that are sent to the ACS are listed in the table below:
Form Element | Description |
A constructed, Base64 encoded and compressed field carrying the Payer Authentication Request Message Fields. The compression algorithm used is a combination of LZ77 and Huffman coding as specified in RFC 1951. | |
TermURL | The merchant URL the ACS will redirect the cardholder to after the authentication has concluded. Note that Computop Paygate adds the fields PayID, TransID and MID in the query string to the base URL. Please do not alter the TermURL! |
MD | The MD (i.e. Merchant Data) field can carry whatever data the merchant needs to continue the session. Please note that this field must be present in the form even though it is not used |
Sample: PAReq form passed through the Cardholder to the ACS URL
1<html>2 <head>3 <script language="javascript">4 <!--5 function sendpareq()6 { 7 document.pareq_form.submit();8 }9 // -->10 </script>11 </head>12 13 <body onload="javascript:sendpareq();">14 <form action="https://pit.3dsecure.net/VbVTestSuiteService/pit1/acsService/paReq?summary=ZTIwOWMwYmEtNTVhOC00NDExLThkZDktYzllODk1NmZlNDQ0" method="POST" name="pareq_form">15 <input type="hidden" name="PaReq" value="eJxVUst22jAQ/RUfL7rpMZKFiQ0dK4dXgAVOTmuSpjvVGsApfkSWA+TrK/Fo0t29M6M7M3cEt4di57yhavKqjF2/Q10Hy6ySebmJ3VV650Wu02hRSrGrSozdIzbuLYd0qxAnPzBrFXJYYtOIDTq5jN1aCIEioyzywkhILwh7gddnFD1JMVyv15HfYz2Xw8PwO75yuPTmpnWHAblSo6myrSg1B5G9jhYJD266jHWBXCgUqBYTPk4fR4+M+jdAzgEoRYG8zrXGRn+dFb/nzhdR1N+ccQXklIOsakutjpyF5tWVQKt2fKt1PSBkv993sqqoW13VHYlAbA7Ix0gPrUWN0Trkkv+aLVnyvjkuZ6tD8vS8Tya7l/unBXt+n8ZAbAVIoZGbMSPaY4HjB4MuHQR9IKc4iMIOwX1KzXpnDLVtMfyU+BwA47sydzryfhiZHa4M8FCbM5kKY+U/DBKbjKfGD9PQQiAfC4zn1uFMG+vm+V06bad/Zi+rn6rrJ20xWt4P49h6fiqw8rnxyo/8s74lQKwEuZyTXP6CQf/9kb8b1MvQ">16 <input type="hidden" name="TermUrl" value="http://localhost:40405/test/3DTermURL.aspx?PayID=dc67820e15f049c9b6c1f0420729da8a&TransID=20180524-162741-084&MID=gustav">17 <input type="hidden" name="MD" value="Optional merchant session data">18 </form>19 </body>20</html>Once the authentication has been completed or cancelled by the cardholder the ACS will redirect the cardholder through the cardholder's browser to the TermURL as specified in the initial payment request.
The Payer Authentication Response (PaRes) will be transferred via HTTP POST method while MID, PayID and TransID are sent in the HTTP query string (i.e. HTTP GET).
Data Elements transferred to the TermURL
| Key | Format | CND | Description |
|---|---|---|---|
ans..30 | M | MerchantID, assigned by Computop | |
an32 | M | ID assigned by Paygate for the payment, e.g. for referencing in batch files as well as for capture or credit request. | |
ans..64 | M | TransactionID provided by you which should be unique for each payment | |
PARes | -- | M | The PARes (Payer Authentication Response) message sent by the ACS in response to the PAReq regardless of whether authentication is successful |
Authorization
In order to authorize an 3DS 1.0 authenticated payment you must POST the parameter as listed in the table below unencrypted to https://www.computop-paygate.com/direct3d.aspx. The response always is encrypted (Len + Data).
Request Elements
| Key | Format | CND | Description |
|---|---|---|---|
ans..30 | M | MerchantID, assigned by Computop. Additionally this parameter has to be passed in plain language too. | |
an32 | M | ID assigned by Paygate for the payment, e.g. for referencing in batch files as well as for capture or credit request. | |
ans..64 | M | TransactionID provided by you which should be unique for each payment | |
PAResponse | -- | M | The PARes (Payer Authentication Response) message sent by the ACS |
Response Elements
| Key | Format | CND | Description |
|---|---|---|---|
ans..30 | M | MerchantID, assigned by Computop | |
an32 | M | ID assigned by Paygate for the payment, e.g. for referencing in batch files as well as for capture or credit request. | |
an32 | M | ID for all single transactions (authorisation, capture, credit note) for one payment assigned by Paygate | |
ans..64 | M | TransactionID provided by you which should be unique for each payment | |
Status | a..20 | M | Status of the transaction. Values accepted:
|
Description | ans..1024 | M | Textual description of the code |
an8 | M | Error code according to Paygate Response Codes (A4 Error codes) | |
card | JSON | C | Card data |
ipInfo | JSON | O | Object containing IP information |
threeDSData | JSON | M | Authentication data |