On this page:
Overview
3D-Secure Fingerprinting for Web Browsers is an optional 3D-Secure v2 Authentication step in the 3DS payment flow in REST 2.0.
3D-Secure Fingerprinting has two functions:
- Collects thumbnail browsing information using a hidden IFrame.
- Sends this data to the credit card issuer.
1. Collect the Browser Info
Collect the 3D-Secure web browser information from a web form on the client side, as follows:
Post a fingerprintUrl
request (a “fingerprinting” request) and include the threeD.fingerprintUrl
and threeD.fingerprintPayload
fields, which were returned in the first /payment
step in the 3DS flow.
Example of a fingerprintUrl
Request – Posted from a Web form on the Client Side:
<form name="frm" method="POST" action={paymentOption.card.threeD.fingerprintUrl}> <input type="hidden" name="threeDSMethodData" value={paymentOption.card.threeD.fingerprintPayload}> </form>
Example Response
The credit card issuer (ACS) returns a response to the fingerprintNotificationUrl
, containing the base64 encoded threeDServerTransId
field.
Example of a Base64 Encoded threeDServerTransId
eyJ0aHJlZURTZXJ2ZXJUcmFuc0lEIjoiM2FjN2NhYTctYWE0Mi0yNjYzLTc5MWItMmFjMDVhNTQyYzRhIn0=
2. Send a Notification
Post a notification back to the fingerprintNotificationUrl
and include the following fields:
- The “decoded”
threeDServerTransId
field.
Decode thethreeDServerTransId
field, which is Base64 encoded.Example of a “decoded”
threeDServerTransId
field:{"threeDServerTransId":"3ac7caa7-aa42-2663-791b-2ac05a542c4a"}
- Set the
paymentOption.card.threeD.fingerprintIndicator
value to:- “Y” – If the response from the ACS/issuer returned within 10 seconds.
- “N” – If the response from the ACS/issuer returned in more than 10 seconds or never returned.
- Proceed to the next step, the (second)
payment/{paymentId}/fingerprint
call (Second Payment Request) .