On this page:
Overview
3D-Secure Fingerprinting for Web Browsers is an optional 3D-Secure v2 Authentication step in the REST 2.0 3DS payment flow.
3D-Secure Fingerprinting has two functions:
- Collects thumbnail browsing information using a hidden IFrame.
- Sends this data to the card issuer.
1. Collect the Browser Info
Collect the 3D-Secure web browser information from a web form on the client side.
Post a request to the fingerprintUrl
in the response to the initial payment request in the REST 2.0 3DS flow. Include threeD.fingerprintUrl
and threeD.fingerprintPayload
in that response.
Example fingerprintUrl
Request
<form name="frm" method="POST" action={paymentOption.card.threeD.fingerprintUrl}> <input type="hidden" name="threeDSMethodData" value={paymentOption.card.threeD.fingerprintPayload}> </form>
The card issuer’s Access Control Server (ACS) sends a response to the fingerprintNotificationUrl
in the initial payment request. The response contains the base64-encoded threeDServerTransId
.
Example Base64-Encoded threeDServerTransId
eyJ0aHJlZURTZXJ2ZXJUcmFuc0lEIjoiM2FjN2NhYTctYWE0Mi0yNjYzLTc5MWItMmFjMDVhNTQyYzRhIn0=
2. Send a Notification
Post a notification back to the fingerprintNotificationUrl
and include:
- Decoded
threeDServerTransId
.
DecodethreeDServerTransId
, which is encoded using base64 .Example Decoded
threeDServerTransId
{"threeDServerTransId":"3ac7caa7-aa42-2663-791b-2ac05a542c4a"}
- Proceed to the next step in the flow, the second payment request (
payments/{payment-id}/fingerprint
) .
SpecifypaymentOption.card.threeD.fingerprintIndicator
as:- “Y” – If the response from the issuer’s ACS returned within 10 seconds.
- “N” – If the response from the issuer’s ACS returned in more than 10 seconds or never returned.