Overview

3D Secure (3DS) Fingerprinting for Web Browsers is an optional 3DS Authentication step in the following payment flows:

• 3DS MPI-Only REST
• Server-to-Server (including Apple Pay Guide (REST API), Google Pay Guide (REST API), etc.)

3DS Fingerprinting has two functions:

• Collects thumbnail browsing information using a hidden IFrame.
• Sends this data to the credit card issuer.

Collect the Browser Information

Collect the 3DS web browser information from a web form on the client side, as follows.
Post a methodUrl request (a “fingerprinting” request) and include the threeD.methodUrl and threeD.methodPayload fields, which were returned in the previous step (Initialize 3DS with /initPayment).

Example of a methodUrl Request – Posted from a Web form on the Client Side:

<form 
  name="frm" 
  method="POST" 
  action={paymentOption.card.threeD.methodUrl}>
<input 
  type="hidden" 
  name="threeDSMethodData" 
  value={paymentOption.card.threeD.methodPayload}>
</form>

Example Response

The credit card issuer (ACS) returns a response to methodNotificationUrl. The response contains threeD.methodData, which includes the base64 encoded threeDSServerTransId field.

Example of a Base64 Encoded threeDSServerTransId

eyJ0aHJlZURTZXJ2ZXJUcmFuc0lEIjoiM2FjN2NhYTctYWE0Mi0yNjYzLTc5MWItMmFjMDVhNTQyYzRhIn0=

Send a Notification

Post a notification back to the methodNotificationUrl and include the following fields:

1. The “decoded” threeDSServerTransId field.
   Decode the threeD.methodData.threeDSServerTransId field, which is Base64 encoded.

   Example of a “decoded” threeDSServerTransId field:

   {"threeDSServerTransId":"3ac7caa7-aa42-2663-791b-2ac05a542c4a"}

2. Set the paymentOption.card.threeD.methodCompletionInd value to:
   • “Y”  – If the response from the ACS/issuer returned within 10 seconds.
   • “N”  – If the response from the ACS/issuer returned in more than 10 seconds or never returned.
3. Continue to the next step, the (first) /payment call.