• Documentation
  • API Reference
  • Documentation
  • API Reference
Expand All Collapse All
  • Payment Overview
    • Introduction
    • Choosing an Integration Method
  • Accept Payment
    • Payment Page
      • Quick Start
      • Input Parameters
      • Output Parameters
    • Web SDK
      • Quick Start
      • Nuvei Fields
        • Styling
      • Additional Functions
      • APM Payments
      • Tokenization-Only Flow
      • Scenarios
      • Using ReactJS
        • Full Samples
        • Sandbox Examples
      • FAQs
    • Checkout
      • Quick Start
        • UI Customization
        • Payment Customization
        • Advanced Controls
        • Checkout Examples
      • Server-to-Server
      • Payment Scenarios
      • Mobile SDKs (Beta Release)
        • Android Mobile SDK (Beta Release)
        • iOS Mobile SDK (Beta Release)
      • Flow Diagrams
      • Plugins
        • Magento
          • Rebilling with Magento
        • WooCommerce
          • Rebilling with WooCommerce
        • PrestaShop
          • PrestaShop with Web SDK
          • PrestaShop with Checkout
        • OpenCart
        • Shopify (via AsiaBill)
        • Mirakl
        • Salesforce
        • SAP
        • WIX
      • Marketplaces
    • Features
      • Authentication
      • Financial Operations
        • Refund
        • Void
        • Auth and Settle
        • Partial Approval
        • Currency Conversion (DCC and MCP)
        • Payout
      • Card Operations
        • Card-on-File
        • PCI and Tokenization
        • Zero-Authorization
        • Merchant-Initiated Transactions (MIT)
        • Blocking Cards
      • Subscription (Rebilling)
      • 3D-Secure
        • 3D-Secure Explained
        • 3DS Implementations
          • 3DS MPI-Only Web SDK
          • 3DS MPI-Only REST
          • 3DS External MPI
          • 3DS Responses
        • 3DS Functions
          • 3D-Secure Fingerprinting
          • 3D-Secure Authentication Challenge
      • Webhooks (DMNs)
        • Payment Transaction Requests
        • Control Panel Events API
    • Guides
      • Testing Cards, APIs and APMs
        • Testing Cards
        • Testing APIs with Postman
        • Testing APMs
      • Response Handling
      • Alternative Payment Guides (APMs)
      • Airline Ticket Guides
        • Airline Addendum
        • External Authorization Addendum
      • Payment Facilitators (PayFac)
      • Cashier
        • Cashier Events Guide
        • Cashier Features
      • Withdrawal Guide
      • Risk Guide
        • Nuvei Services
        • Transaction Types
        • Credits and Payouts
        • Fraud to Sale Programs
        • Compliance Programs
        • Chargebacks
      • eKYC Guide
      • Server SDKs
        • Java SDK
        • .NET SDK
        • PHP SDK
        • Node.JS SDK
      • Fast Track Onboarding Developer Guide
      • Currency Conversion Guides
        • Multiple Currency Pricing (MCP)
        • Dynamic Currency Conversion (DCC)
          • DCC in Cashier or Payment Page
          • DCC in REST API Workflows
          • DCC in Web SDK Workflows
      • Website Compliance Guides
    • Additional Links
      • FAQs
      • API Reference
      • Release Notes
      • Country and Currency Codes

    3D-Secure Fingerprinting

    On this page:
    • Overview
    • 1. Collect the Browser Info
    • 2. Send a Notification

    Overview

    3D-Secure Device Fingerprinting for Web Browsers is an optional 3D-Secure v2 Authentication step in the following payment flows:

    • 3DS MPI-Only REST
    • Server-to-Server

    3DS_HIDDEN_TEXT:
    Under s2s: (including Apple Pay Guide (REST API), Google Pay Guide (REST API), etc.)

    3D-Fingerprinting has two functions:

    1. Collects thumbnail browsing information using a hidden IFrame.
    2. Sends this data to the credit card issuer.

    1. Collect the Browser Info

    Collect the 3D-Secure web browser information from a web form on the client side, as follows.
    Post a methodUrl request (a “fingerprinting” request) and include the threeD.methodUrl and threeD.methodPayload fields, which were returned in the previous step (Initialize 3D-Secure with /initPayment).

    Example of a methodUrl Request – Posted from a Web form on the Client Side:
    <form 
      name="frm" 
      method="POST" 
      action={paymentOption.card.threeD.methodUrl}>
    <input 
      type="hidden" 
      name="threeDSMethodData" 
      value={paymentOption.card.threeD.methodPayload}>
    </form>
    Example Response

    The credit card issuer (ACS) returns a response to the methodNotificationUrl, containing threeD.methodData, that includes the base64 encoded threeDServerTransId field.

    Example of a Base64 Encoded threeDServerTransId
    eyJ0aHJlZURTZXJ2ZXJUcmFuc0lEIjoiM2FjN2NhYTctYWE0Mi0yNjYzLTc5MWItMmFjMDVhNTQyYzRhIn0=

    2. Send a Notification

    Post a notification back to the methodNotificationUrl and include the following fields:

    1. The “decoded” threeDServerTransId field.
      Decode the threeD.methodData.threeDServerTransId field, which is Base64 encoded.
      Example of a “decoded” threeDServerTransId field:
      {"threeDServerTransId":"3ac7caa7-aa42-2663-791b-2ac05a542c4a"}
    2. Set the paymentOption.card.threeD.methodCompletionInd value to:
      • "Y"  – If the response from the ACS/issuer returned within 10 seconds.
      • "N"  – If the response from the ACS/issuer returned in more than 10 seconds or never returned.
    3. Continue to the next step, the (first) /payment call.
    2022 Nuvei. All rights reserved.