Overview

3D-Secure Fingerprinting for Web Browsers is an optional 3D-Secure v2 Authentication step in the REST 2.0 3DS payment flow.

3D-Secure Fingerprinting has two functions:

• Collects thumbnail browsing information using a hidden IFrame.
• Sends this data to the card issuer.

1. Collect the Browser Info

Collect the 3D-Secure web browser information from a web form on the client side.

Post a request to the fingerprintUrl in the response to the initial payment request in the REST 2.0 3DS flow. Include threeD.fingerprintUrl and threeD.fingerprintPayload in that response.

Example fingerprintUrl Request

<form 
  name="frm" 
  method="POST" 
  action={paymentOption.card.threeD.fingerprintUrl}>
<input 
  type="hidden" 
  name="threeDSMethodData" 
  value={paymentOption.card.threeD.fingerprintPayload}>
</form>

The card issuer’s Access Control Server (ACS) sends a response to the fingerprintNotificationUrl in the initial payment request. The response contains the base64-encoded threeDSServerTransId.

Example Base64-Encoded threeDSServerTransId

eyJ0aHJlZURTZXJ2ZXJUcmFuc0lEIjoiM2FjN2NhYTctYWE0Mi0yNjYzLTc5MWItMmFjMDVhNTQyYzRhIn0=

2. Send a Notification

Post a notification back to the fingerprintNotificationUrl and include:

1. Decoded threeDSServerTransId.
   Decode threeDSServerTransId, which is encoded using base64.

   Example Decoded threeDSServerTransId

   {"threeDSServerTransId":"3ac7caa7-aa42-2663-791b-2ac05a542c4a"}

2. Proceed to the next step in the flow, the second payment request (payments/{payment-id}/fingerprint).
   Specify paymentOption.card.threeD.fingerprintIndicator as:
   • “Y”  – If the response from the issuer’s ACS returned within 10 seconds.
   • “N”  – If the response from the issuer’s ACS returned in more than 10 seconds or never returned.