Firstoken API Docs
  • ⚙️API Reference
    • Firstoken API
      • Tokenization As A Service
        • Simple Tokenization
        • Simple Detokenization
        • Inspect Token
        • Delete Tokens
      • Transactions
        • Create a Transaction
        • Retrieve a Transaction
        • Inspect a Transaction
        • Delete a Transaction
        • Tokenize a Transaction
      • Proxy
        • Allowed Headers
        • Actions
        • Methods
          • POST - Proxy
          • GET - Proxy
          • PUT - Proxy
          • PATCH - Proxy
          • DELETE - Proxy
        • Get Payload Hash
        • Proxy JOSE
        • Proxy WSSEC
      • Inbound Routes
        • Create an Inbound - POST
      • Payments
        • Attributes of the Request
        • Common response
        • Endpoints
          • Authorizations
          • Reversals
          • Capture
            • Capture Refunds
            • Capture Void
          • Payments
            • Payment Refunds
            • Payment Void
          • Refunds void
          • Credit
            • Credit Void
          • Get Transaction Details
        • Decision Manager
          • How it works
          • Create decision
          • Update Decision
        • Risk Payer Authentication
          • How to use it
          • 3-D Secure Flows
            • Successful Frictionless Authentication
            • Unsuccessful Frictionless Authentication
            • Attempts Processing Frictionless Authentication
            • Unavailable Frictionless Authentication
            • Rejected Frictionless Authentication
            • Authentication not available on Lookup
            • Enrollment check error
            • Time-out
            • Bypassed Authentication
            • Successful Step-Up Authentication
            • Unsuccessful Step-Up Authentication
            • Unavailable Step-Up Authentication
            • Require Method URL
        • Point of Sale Payments
          • Authorization
          • Capture
          • Payment
          • Credit
  • 📖Guides
    • Firstoken Captures Hosted Iframe
      • How Firstoken Captures works
      • Generating a JSON Web Token
      • JSON form Schema
      • Iframe Communication
    • De-scoping Components
      • How Firstoken De-scoping Components works
      • Inbound Routes Module
        • Create an Inbound Route
        • Edit an Inbound Route
        • Delete an Inbound Route
      • Webhook Module
        • Create a Webhook
        • Edit a Webhook
        • Delete a Webhook
        • Webhook events
        • How to sign Webhooks data
      • Proxy Module
        • Create a Proxy
        • Edit a Proxy
        • Delete a Proxy
    • Firstoken Captures SDK JS
      • Getting Started
      • Functions
      • Type of Elements
      • Elements Options
      • CSS Object
      • Full Example of Usage
      • SDK versions
Powered by GitBook
On this page

Was this helpful?

  1. API Reference
  2. Firstoken API
  3. Payments
  4. Risk Payer Authentication

3-D Secure Flows

PreviousHow to use itNextSuccessful Frictionless Authentication

Last updated 2 months ago

Was this helpful?

  • Setup: The initial service response includes a JSON Web Token (JWT) for secure communication with the merchant, a reference ID for use during authentication, and a URL for sending device data collected in the subsequent step.

  • Capture: Upon receiving device data at the specified URL, the protocol uses a Method URL to capture the full card number for bank identification. A small, invisible iframe is created in the browser, through which the merchant transmits the customer's device data using the provided access token.

  • Enroll: The bank conducts a risk assessment, leading to one of three outcomes:

    • Frictionless success for low-risk scenarios

    • Challenge required for moderate-risk scenarios

    • Frictionless failure or decline for high-risk scenarios

  • Validation: A validation check confirms the customer's successful authentication. This step is skipped for frictionless authentication and is only needed when additional verification (step-up authentication) is required.

  • Authorization: Once the customer is authenticated, the merchant must obtain authorization from the bank to finalize the transaction. (Is the authorization used in the Payments API, adding the enrollment data obtained).

⚙️
Drawing
All 3-D Secure flows has the following steps, some of them don’t need validation, some of them need it.