3D-Secure Fingerprinting

On this page:

Overview

3D-Secure Device Fingerprinting for Web Browsers is an optional 3D-Secure v2 Authentication step in the following payment flows:

3DS_HIDDEN_TEXT:
Under s2s: (including Apple Pay Guide (REST API), Google Pay Guide (REST API), etc.)

3D-Fingerprinting has two functions:

  1. Collects thumbnail browsing information using a hidden IFrame.
  2. Sends this data to the credit card issuer.

1. Collect the Browser Info

Collect the 3D-Secure web browser information from a web form on the client side, as follows.
Post a methodUrl request (a “fingerprinting” request) and include the threeD.methodUrl and threeD.methodPayload fields, which were returned in the previous step (Initialize 3D-Secure with /initPayment).

Example of a methodUrl Request – Posted from a Web form on the Client Side:
<form 
  name="frm" 
  method="POST" 
  action={paymentOption.card.threeD.methodUrl}>
<input 
  type="hidden" 
  name="threeDSMethodData" 
  value={paymentOption.card.threeD.methodPayload}>
</form>
Example Response

The credit card issuer (ACS) returns a response to the methodNotificationUrl, containing threeD.methodData, that includes the base64 encoded threeDServerTransId field.

Example of a Base64 Encoded threeDServerTransId
eyJ0aHJlZURTZXJ2ZXJUcmFuc0lEIjoiM2FjN2NhYTctYWE0Mi0yNjYzLTc5MWItMmFjMDVhNTQyYzRhIn0=

2. Send a Notification

Post a notification back to the methodNotificationUrl and include the following fields:

  1. The “decoded” threeDServerTransId field.
    Decode the threeD.methodData.threeDServerTransId field, which is Base64 encoded.
    Example of a “decoded” threeDServerTransId field:
    {"threeDServerTransId":"3ac7caa7-aa42-2663-791b-2ac05a542c4a"}
  2. Set the paymentOption.card.threeD.methodCompletionInd value to:
    • "Y"  – If the response from the ACS/issuer returned within 10 seconds.
    • "N"  – If the response from the ACS/issuer returned in more than 10 seconds or never returned.
  3. Continue to the next step, the (first) /payment call.