Introduction

When sending a payment or authorization request to an issuer, Nuvei (as the acquirer) can request a 3D-Secure exemption or insist on performing a 3D-Secure challenge, based on the type of transaction, risk analysis, or the merchant’s preference.

3D-Secure Response

The response returned from the issuer will include a threeD class containing the 3D-Secure authentication result, and if applicable the relevant 3D-Secure challenge or exemption with its reason.

Example `/payment` Response to a Challenge Request

{
  "reason":"",
  "authCode":"",
  "orderId":"36789991",
  "transactionStatus":"REDIRECT",
  "clientRequestId":"QMFX1401D",
  "customData":"",
  "internalRequestId":19129281,
  "merchantDetails":{
    "customField1":"<customField1>",
    "customField2":""
  },
  "version":"1.0",
  "transactionId":"2110000000005112013",
  "merchantSiteId":"126006",
  "transactionType":"Auth3D",
  "gwExtendedErrorCode":0,
  "gwErrorCode":0,
  "merchantId":"2502136204546424962",
  "clientUniqueId":"695701003",
  "errCode":0,
  "paymentOption":{
    "userPaymentOptionId":"8114701",
    "card":{
      "issuerBankName":"BANCO SANTANDER TOTTA S.A.",
      "ccCardNumber":"5****5205",
      "bin":"554506",
      "avsCode":"",
      "threeD":{
        "isExemptionRequestInAuthentication":"0",
        "whiteListStatus":"",
        "acsTransID":"f6851f23-0b9c-4bef-9aed-8adec7b67535",
        "cardHolderInfoText":"",
        "eci":"7",
        "version":"2.2.0",
        "acsUrl":"https://qa1-tlv-acq1:4434/api/ThreeDSACSChallengeController/ChallengePage?eyJub3RpZmljYXRpb25VUkwiOiJ3d3d3LlRlc3QtTm90aWZpY2F0aW9uLVVSTC1BZnRlci1UaGUtQ2hhbGxhbmdlLUlzLUNvbXBsZXRlLVdoaWNoLVJlY2lldmVzLVRoZS1DUmVzLU1lc3NhZ2UuY29tIiwidGhyZWVEU1NlcnZlclRyYW5zSUQiOiI5YTRmMjIxMS1mMWQ3LTRhOTYtYWJhYi0yMTA5YmExMzAzZTYiLCJhY3NUcmFuc0lEIjoiZjY4NTFmMjMtMGI5Yy00YmVmLTlhZWQtOGFkZWM3YjY3NTM1IiwiZHNUcmFuc0lEIjoiNjU3NTU4ZjUtZWI0Ni00MTA1LWI2MWUtODFhZDcyYjdkNTMwIiwiZGF0YSI6bnVsbCwiTWVzc2FnZVZlcnNpb24iOiIyLjIuMCJ9",
        "cavv":"",
        "result":"C",
        "challengePreferenceReason":"1",
        "cReq":"eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6IjlhNGYyMjExLWYxZDctNGE5Ni1hYmFiLTIxMDliYTEzMDNlNiIsImFjc1RyYW5zSUQiOiJmNjg1MWYyMy0wYjljLTRiZWYtOWFlZC04YWRlYzdiNjc1MzUiLCJjaGFsbGVuZ2VXaW5kb3dTaXplIjoiMDUiLCJtZXNzYWdlVHlwZSI6IkNSZXEiLCJtZXNzYWdlVmVyc2lvbiI6IjIuMi4wIn0=",
        "dsTransID":"657558f5-eb46-4105-b61e-81ad72b7d530",
        "acquirerDecision":"ChallengeRequest",
        "authenticationType":"01",
        "sdk":{
          "acsSignedContent":"MnRiSDZrME43N0t6S1NvN0hwckw="
        },
        "acsChallengeMandated":"Y",
        "threeDReasonId":"",
        "flow":"challenge",
        "decisionReason":"InitialMerchantInitiatedTransaction"
      },
      "cardType":"Credit",
      "ccExpMonth":"12",
      "ccExpYear":"25",
      "issuerCountry":"PT",
      "isPrepaid":"false",
      "acquirerId":"99",
      "cardBrand":"MASTERCARD",
      "cvv2Reply":"",
      "last4Digits":"5205"
    }
  },
  "sessionToken":"095388b7-7110-4dfa-8a06-ca1c64b920df",
  "userTokenId":"E0ZQOSVG3KU1",
  "externalTransactionId":"",
  "status":"SUCCESS"
}

3D-Secure Response Parameters

These are the challenge and exemption parameters returned in the threeD class.

`threeD` Class Parameter	Description	Possible Values
`challengePreferenceReason`	Identifier of combinations of `flow` and `acquirerDecision`.	1 to 15
`flow`	The type of 3DS flow used to complete the request.	`challenge` `frictionless` `exemption` `none` - No 3DS flow was performed (only returned if 3DS was requested).
`acquirerDecision`	The type of 3DS flow the acquirer asked the merchant to perform. Currently, this is only applicable to the `exemption` flow.	`ChallengeRequest` `ExemptionRequest` `NoReference`
`decisionReason`	Description of the `acquirerDecision`.	See the Challenge Preference Reasons table below.

Challenge Preference Reasons

The issuer’s challenge/exemption “decision” returned in the /payment response is:

Most often just a confirmation of the “challenge/exemption request” sent in the request by the acquirer (Nuvei).
Can be based on a request from the merchant.
Can be based on the issuer’s own risk calculations.

`challengePreferenceReason` (GW response)	`acquirerDecision`	`decisionReason`
1	ChallengeRequest	InitialMerchantInitiatedTransaction
2	ChallengeRequest	InitialRecurringPayment
3	ChallengeRequest	AddCard
4	ChallengeRequest	AccountVerification
5	ExemptionRequest	MerchantInitiatedTransaction
6	ExemptionRequest	RecurringPayment
7	ExemptionRequest	MerchantScaDelegation
8	ExemptionRequest	WalletScaDelegation
9	ExemptionRequest	CorporateCard
10	ExemptionRequest	TrustedBeneficiaries
11	ChallengeRequest	AlwaysChallenge
12	ExemptionRequest	NoPreference
13	ChallengeRequest	RuleEngineChallenge
14	ExemptionRequest	LowValuePayment
15	ExemptionRequest	TransactionRiskAnalysis

3D-Secure Scenarios

This table lists possible scenarios for different flows.

Only the scenarios that are directly requested by the acquirer (Nuvei) have values for the acquirerDecision parameter (and the decisionReason parameter).

Use Case	Input `threeD` Class	Flow	`acquirerDecision`	`decisionReason`	Result `threeD` Class
Challenge requested by Nuvei	Yes	Challenge	ChallengeRequest	relevant decisionReason (challenge reason)	Yes
Challenge just by Issuer (regular challenge)	Yes	Challenge	Null	Null	Yes
Frictionless	Yes	Frictionless	Null	Null	Yes
Exemption by the merchant (when sending `challengePreference="02"`)	Yes	Exemption	Null	Null	Yes
Exemption by Nuvei	Yes	Exemption	ExemptionRequest	relevant decisionReason (exemption reason)	Yes
Straight to authorization	No	Exemption	ExemptionRequest (optional)	relevant decisionReason (exemption reason)	Yes
Non-3D-Secure	No	Null	Null	Null	No

Challenges and Exemptions