3D Secure Integration

Non-Payment Authentication Guide

On this page:

This guide explains how to perform Non-Payment Authentication through 3D Secure.

Non-Payment Authentication (NPA) is when authentication is performed as part of a non-payment event, such as adding a card to a wallet. There is no subsequent authorisation event associated with this type of authentication.

Non-Payment Authentication flow diagram

A Non-Payment Authentication flow is the same as a standard browser or app flow, with some changes to the required values or fields:

%%{ init: { 'theme': 'base', 'themeVariables': { 'primaryColor': '#ececff' } } }%% sequenceDiagram participant BACKEND as Client Back-End participant RAVELIN as Ravelin 3D Secure BACKEND ->> RAVELIN: Authenticate Request Note over BACKEND,RAVELIN: Message Category set to 02 (Non-Payment Authentication) RAVELIN ->> BACKEND: Authenticate Response Note over BACKEND,RAVELIN: If frictionless authentication was performed, some card schemes may not return an Authentication Value for successful Non-Payment Authentications.
If a challenge is required (transaction status = C), follow the browser and app Challenge flow request. BACKEND ->> RAVELIN: Result Request RAVELIN ->> BACKEND: Result Response Note over BACKEND,RAVELIN: Some card schemes may not return an Authentication Value
for successful Non-Payment Authentications.

Authenticate Request

In the Authenticate Request, specific values or conditions are applicable for some fields.

Authenticate and Result Responses

In the Authenticate and Result Responses, Non-Payment Authentication specific values may be returned or or some values may not be returned at all.

  • authenticationValue: this value may not be returned by American Express and Mastercard, even if authentication is successful.
  • eci: Mastercard may return specific values of N0 (not authenticated) or N2 (authenticated)

Card Scheme Support

Not all card schemes support Non-Payment Authentications.

If authentication is attempted with a card scheme or issuer that does not support Non-Payment Authentications, a transStatusReason of 20 (Non-Payment Authentications not supported) is returned in the Authenticate Response.

Visa, Mastercard, and American Express require all issuers to support Non-Payment Authentications. However, they do not support attempts or stand-in services for this message category.

Mastercard may return a unique value of 85 in the acsInfoInd to confirm whether Non-Payment Authentication is supported or not.

If a card scheme or issuer do not support Non-Payment Authentication, then you could take one of the following options based on regional compliance requirements and risk appetite:

  • Stop processing the non-payment event if you are unable to perform authentication
  • Continue processing the non-payment event, understanding that the cardholder has not been authenticated
  • Ensure authentication is performed on a subsequent payment event

Next steps

Test your 3DS integration with our test cards