How it works

3D Secure Authentication Process

The Risk Payer Authentication follows the 3D Secure 2.0 protocol, providing secure cardholder authentication for online transactions. This service focuses specifically on verifying the cardholder's identity through the 3D Secure standard, independent of any fraud scoring system.

Authentication Flow Steps

1. Setup

Initialize the authentication process and obtain secure communication tokens. The response includes:

  • JSON Web Token (JWT) for secure merchant communication

  • Reference ID for tracking the authentication session

  • Device data collection URL for the next step

2. Device Data Capture

Collect comprehensive device fingerprinting data through the Cardinal Songbird SDK integration:

  • Browser characteristics and capabilities

  • Screen resolution and color depth

  • Device timezone and language settings

  • JavaScript and cookie support

  • IP geolocation data

3. Enroll (3D Secure Verification)

The enrollment process checks if the card is enrolled in 3D Secure and the card issuer's Access Control Server (ACS) determines the authentication path based on:

  • Card enrollment status in 3D Secure

  • Issuer's authentication policies

  • Transaction characteristics

  • Device and browser information

  • Cardholder authentication history

4. Authentication Decision

Based on the issuer's 3D Secure policies and enrollment status, one of three outcomes occurs:

Frictionless Approval

  • Card is enrolled and issuer allows frictionless authentication

  • No user interaction required

  • Authentication completes automatically

Challenge Required

  • Card is enrolled and issuer requires additional verification

  • User must complete authentication challenge

  • Requires validation step after completion

Authentication Not Available/Failed

  • Card not enrolled in 3D Secure, or

  • Issuer declines authentication, or

  • Technical error in authentication process

5. Validation (Conditional)

When a challenge is required:

  • User completes the authentication challenge

  • Validation confirms successful completion

  • Results are verified before proceeding

6. Authorization

Process the payment using authentication results with:

  • Firstoken Payments API: Integrated payment processing

  • Third-party Processor: Any payment gateway (processor-agnostic)

Benefits

Higher Authentication Success Rates

  • Proper 3D Secure implementation increases issuer confidence

  • Reduces false declines from authentication failures

  • Supports both frictionless and challenge-based flows

Enhanced Security

  • Cardholder identity verification

  • Secure authentication protocols

  • Liability shift protection for qualifying transactions

Improved User Experience

  • Seamless authentication for enrolled cards

  • Mobile-optimized challenge interfaces

  • Reduced cart abandonment through proper implementation

Technical Advantages

  • 3D Secure 2.0 compliance

  • Rich data exchange with issuers

  • Backward compatibility with 3D Secure 1.0

  • Real-time transaction processing

ECI (Electronic Commerce Indicator) Results

Authentication results are communicated through ECI codes:

Mastercard

  • 01, 02: Authentication successful

  • 00: Authentication failed

VISA/AMEX

  • 05, 06: Authentication successful

  • 07: Authentication failed

Integration Requirements

Frontend Integration

  • Cardinal Songbird SDK implementation

  • Device data collection handling

  • Challenge modal display capability

Backend Integration

  • Three API endpoint implementations

  • Token and session management

  • Error handling and retry logic

Payment Processing

  • Authentication result handling

  • ECI code interpretation

  • Liability shift optimization

Cardinal Commerce Integration

When authentication is pending, you need to integrate with Cardinal Commerce for the challenge flow. Our team will provide you with the necessary Cardinal credentials and integration guidelines.

Last updated

Was this helpful?