Result

POST pci.ravelin.com/3ds/result

Call this endpoint after you have been notified that a 3DS challenge has completed.

The way you are notified depends on the device channel being used:

  • Browser device channel - when you receive a request to your Challenge Notification URL.
  • App device channel - when your mobile app receives a call to the completed() callback method, and notifies your back-end.

If the challenge was successful, the response will contain an authenticationValue which can be used to authorise the transaction with your payment gateway.

For PCI compliance reasons, we delete the 3DS result details shortly after this endpoint is called.

Result Request

threeDSServerTransID string
2.1.0 2.2.0
APP BRW 3RI
required

The unique identifier (UUID) for tracking the transaction throughout the 3DS process.

Example: "c5584543-b67e-5117-bb34-3567ac6a1123"
paRes string
1.0.2
required

The base64 encoded Payer Authentication Response (PARes) received at the end of the 3DS 1 challenge.

Result Response

timestamp integer

A unix timestamp indicating when we finished handling the request.

status integer

The HTTP response status code.

cardScheme string
2.1.0 2.2.0

The card scheme which the card uses.

Example: "Visa"
data object

The Result Response details.

messageVersion string
1.0.2 2.1.0 2.2.0
APP BRW 3RI

3DS protocol version identifier.

threeDSServerTransID string
1.0.2 2.1.0 2.2.0
APP BRW 3RI

The unique identifier (UUID) for tracking the transaction throughout the 3DS process.

Example: "c5584543-b67e-5117-bb34-3567ac6a1123"
sdkTransID string
2.1.0 2.2.0
APP

Universally unique transaction identifier assigned by the 3DS SDK to identify a single transaction.

Example: "a3384543-b67e-5117-bb34-4567ac6a1123"
authenticationType string
2.1.0 2.2.0
APP BRW

The type of authentication the issuer used to challenge the Cardholder.

Options:
01 Static, for example, a password or passcode
02 Dynamic, for example, a one time password (OTP)
03 Out-of-Band (OOB), for example, using the issuing bank's mobile app
04 Decoupled Authentication
authenticationValue string
1.0.2 2.1.0 2.2.0
APP BRW 3RI

The card scheme specific value to be used for authorising the transaction. Also referred to as "CAVV" (Cardholder Authentication Verification Value) by Visa, AAV (Accountholder Authentication Value) by Mastercard and AEVV (American Express Verification Value) by American Express.

authenticationValueAlgorithm string
1.0.2

The algorithm used to generate the authenticationValue.

Options:
1 HMAC as per Secure Electronic Transaction™ (SET™) TransStain (no longer in use)
2 CVV (no longer in use)
3 CVV with Authentication Transaction Number (ATN)
4 MasterCard Secure Payment Application (SPA) algorithm
4 American Express algorithm
7 Required for use with EMV 3DS
transStatus string
1.0.2 2.1.0 2.2.0
APP BRW 3RI

Indicates the outcome of the authenticate request, and how to proceed.

Options:
Y Authentication Successful

The authentication was successful, continue to authorisation using the authenticationValue from the Result Response.

A Authentication Attempted

3DS was attempted but was not possible. However the card scheme granted a successful authentication on the issuer's behalf.

N Authentication Failed

The authentication failed, stop processing the transaction.

U Authentication Unavailable

Authentication could not be performed. You may attempt to proceed to authorisation without an authenticationValue.

R Authentication Rejected

The issuer rejected the authentication attempt and requests that authorisation is not attempted.

transStatusReason string
2.1.0 2.2.0
APP BRW 3RI

Provides information on the transStatus value.

Options:
01 Card authentication failed
02 Unknown device
03 Unsupported device
04 Exceeds authentication frequency limit
05 Expired card
06 Invalid card number
07 Invalid transaction
08 No card record
09 Security failure
10 Stolen card
11 Suspected fraud
12 Transaction not permitted to cardholder
13 Cardholder not enrolled in service
14 Transaction timed out at the ACS
15 Low confidence
16 Medium confidence
17 High confidence
18 Very high confidence
19 Exceeds ACS maximum challenges
20 Non-payment (NPA) transaction not supported
21 3RI transaction not supported
22 ACS technical issue
23 Decoupled authentication required by ACS but not requested by 3DS Requestor
24 3DS Requestor decoupled authentication max expiry time exceeded
25 Insufficient time provided for decoupled authentication to authenticate cardholder. ACS will not attempt authentication
26 Authentication attempted but not performed by the cardholder
eci string
1.0.2 2.1.0 2.2.0
APP BRW 3RI

Electronic Commerce Indicator - a payment system specific value which indicates the result of the attempt to authenticate the cardholder.

Options:
00 Authentication Failed

Mastercard

01 Authentication attempted, but not completed

Mastercard

02 Authentication Successful

Mastercard

05 Authentication Successful

Visa, American Express, Discover, JCB, UnionPay

06 Authentication attempted, but not completed

Visa, American Express, Discover, JCB, UnionPay

07 Authentication Failed

Visa, American Express, Discover, JCB, UnionPay

interactionCounter string
2.1.0 2.2.0
APP BRW

The number of authentication attempts by the cardholder, for example, they may attempt a second time if they enter their password incorrectly.

challengeCancel string
2.1.0 2.2.0
APP BRW

Indicates that the authentication was cancelled

Options:
01 Cardholder selected "Cancel"
02 3DS Requestor cancelled authentication
03 Transaction abandoned
04 Transaction timed out at ACS
05 Transaction timed out at ACS - First Challenge Request (CReq) not received by the ACS
06 Transaction error
07 Unknown
whiteListStatus string
2.2.0
APP BRW 3RI

Indicates whether the cardholder has added the merchant to their list of trusted merchants. A cardholder can typically only choose to trust a merchant after successfully completing a challenge. A cardholder may not be required to complete a challenge with a merchant they have previously trusted.

Options:
Y Merchant is trusted by cardholder
N Merchant has not yet been trusted by cardholder
E Not eligible as determined by issuer
P Pending confirmation by cardholder
R Cardholder rejected the request to trust the merchant
U Trusted status unknown, unavailable, or does not apply
whiteListStatusSource string
2.2.0
APP BRW 3RI

Identifies the system which set the whiteListStatus value.

Options:
01 3DS Server
02 Directory Server (DS)
03 Access Control Server (ACS)

Feedback

© Ravelin Technology Ltd. All rights reserved