API Overview

Recent Revisions to This Document

Payer Authentication Developer Guide
- VISA Platform Connect: Specifications and Conditions for Resellers/Partners

Introduction to Payer Authentication
- Why Payer Authentication Is Needed
- EMV 3-D Secure 2.0
- Payer Authentication Customer Workflow
- Payer Authentication Merchant Workflow
- Acquirer Information
- Enable Merchant Account for EMV 3-D Secure
- Payer Authentication Configuration Testing
- Request Endpoints
- Payer Authentication Integrations

Implementing Direct API for Payer Authentication
- Prerequisites
- After Implementation and Before Go Live

Step 1: Setup Service
- Request Fields
- Important Response Fields

Step 2: Device Data Collection
- Which Device Data is Collected
- Building the Iframe
- Initiating the Device Data Collection Iframe
- Submitting the Device Data Collection Iframe
- Receiving the Device Data Collection URL Response

Step 3: Payer Authentication Check Enrollment Service
- Request Fields
- Interpreting the Check Enrollment Response
- Important Response Fields

Step 4: Step-Up Iframe
- Building the Iframe Parameters
- Creating the Iframe
- Invoking the Iframe
- Receiving the Step-Up Results

Step 5: Payer Authentication Validation Service
- Request Fields
- Interpreting the Validation Response
- Redirecting Customers to Pass or Fail Message Page

Combining the Authentication and the Authorization Services
- Combining Check Enrollment and the Authorization Services
  - Check Enrollment Response Fields and Their Equivalent Authorization Request Fields
- Combining the Validation and the Authorization Services
  - Validation Fields and their Equivalent Authorization Fields

Implementing SDK Payer Authentication
- Implementation Overview
- Process Flow for SDK Integration
- Prerequisites for SDK Implementation
  - Credentials/API Keys
    - Generating your API Key:
- Mobile Device Data Collected
- Using the Android SDK
  - Updating the Gradle Build Properties
  - Configuring the Android SDK
  - Setting Up the Initial Request
- Using the iOS SDK
  - Downloading and Importing the SDK
  - Configuring Your Build Environment
  - Configuring the iOS SDK
  - Setting Up the Initial Request
- Running Payer Authentication with SDK
  - Requesting the Check Enrollment Service (SDK)
  - Interpreting the Response
  - Authenticating Enrolled Cards
    - Calling Cardinal.cca_continue (Android SDK)
    - Calling Cardinal session continue (iOS SDK)
    - Receiving the Authentication Results
  - Requesting the Validation Service
    - Interpreting the Response
    - Redirecting Customers to the Message Page

Authentication Examples Using Primary Account Numbers
- Setting Up Device Data Collection
  - Required Fields for Device Data Collection
  - Optional Fields for Device Data Collection
  - REST Example: Setting Up Data Collection
- Checking Enrollment in Payer Authentication
  - Required Fields for Checking Enrollment in Payer Authentication
  - Optional Fields for Checking Enrollment in Payer Authentication
  - REST Example: Checking Enrollment
- Validating a Challenge
  - Required Fields for Validating a Challenge
  - Optional Fields for Validating a Challenge
  - REST Example: Validating a Challenge
- Validating and Authorizing a Transaction
  - Required Fields for Processing an Authorization Using Visa Secure
  - Optional Fields for Validating a Challenge
  - REST Example: Validating and Authorizing a Transaction
- Non-Payment Authentication
  - Required Fields for Checking Enrollment in Payer Authentication
  - REST Example: Checking Enrollment for Non-Payment Authentication

Examples Using 3-D Secure Data Only
- Visa Data Only
  - Required Fields for Visa Data Only
  - REST Example: Visa Data Only
  - REST Example: Bundled Authentication and Authorization with Visa Data Only
- Mastercard Data Only
  - Required Fields for Mastercard Data Only
  - REST Example: Mastercard Data Only
  - REST Example: Bundled Authentication and Authorization with Mastercard Data Only

Authentication Examples Using Digital Payment (Google Pay)
- Setting Up Device Data Collection Using Digital Payment (Google Pay)
  - Required Fields for Device Data Collection
  - Optional Fields for Device Data Collection
  - REST Example: Setting Up Device Data Collection When Using Digital Payment (Google Pay)
- Checking Enrollment in Payer Authentication Using Digital Payment (Google Pay)
  - Optional Fields for Checking Enrollment in Payer Authentication
  - Required Fields for Checking Enrollment in Payer Authentication
  - REST Example: Checking Enrollment in Payer Authentication Using Google Pay
- Validating a Challenge Using Digital Payment (Google Pay)
  - Required Fields for Validating Payer Authentication
  - Optional Fields for Validating a Challenge
  - REST Example: Validating a Challenge When Using Google Pay

Authentication Examples Using TMS Tokens
- Setting Up Device Data Collection with a TMS Token
  - Required Fields for Setting Up Data Collection When Using a TMS Token
  - REST Example: Setting Up Device Data Collection When Using a TMS Token
- Checking Enrollment When Using a TMS Token
  - Required Fields for Checking Enrollment in Payer Authentication While Using a TMS Token
  - REST Example: Checking Enrollment When Using a TMS Token
- Validating a Challenge When Using a TMS Token
  - Required Fields for Validating a Challenge When Using a TMS Token
  - REST Example: Validating a Challenge When Using a TMS Token

Authentication Examples Using Flex Microform Tokens
- Setting Up Device Data Collection When Using a Flex Microform Token
  - Required Fields for Setting Up Device Data Collection When Using a Flex Microform Token
  - REST Example: Setting Up Device Data Collection When Using a Flex Microform Token
- Checking Enrollment When Using a Flex Microform Token
  - Required Fields for Checking Enrollment When Using a Flex Microform Token
  - REST Example: Checking Enrollment When Using a Flex Microform Token (Challenge)
- Validating a Challenge When Using a Flex Microform Token
  - Required Fields for Validating a Challenge When Using a Flex Microform Token
  - REST Example: Validating a Challenge When Using a Flex Microform Token

Authentication Examples Using Network Token/Tokenized Cards
- Setting Up Device Data Collection with a Network Token/Tokenized Card
  - Required Fields for Setting Up Device Data Collection with a Network Token/Tokenized Card
  - REST Example: Setting Up Device Data Collection When Using a Network Token/Tokenized Card
- Checking Enrollment with a Network Token/Tokenized Card
  - Required Fields for Checking Enrollment When Using a Network Token/Tokenized Card
  - REST Example: Checking Enrollment When Using a Network Token/Tokenized Card (Frictionless)

Authentication Examples of Merchant-Initiated Transactions
- Challenge Reponses to 3RI Transactions
- Network-Specific Values for 3RI
- 1a: Initial Recurring Transaction
  - Required Fields for 3RI 1a: Initial Recurring Transaction
  - REST Example: Checking Enrollment for a 3RI Initial Recurring Transaction
  - REST Example: Validating the Challenge for a 3RI Initial Recurring Transaction
- 1b: Recurring Payments - Subsequent Transaction (Mastercard)
  - Required Fields for 3RI 1b: Recurring Payments - Subsequent Transaction (Mastercard)
  - REST Example: Validating the Challenge for 3RI Subsequent Installment Transactions
- 2a: Installment - Customer Initiated Transaction (Mastercard)
  - Required Fields for 3RI 2a: Installment - Customer Initiated Transaction (Mastercard)
  - REST Example: Checking Enrollment for a 3RI Customer Initiated Total Installments (Mastercard)
  - REST Example: Validating the Challenge for a 3RI Customer Initiated Total Installments (Mastercard)
- 3a: Split/Partial Shipment (Mastercard)
  - Required Fields for 3RI 3a: Split/Partial Shipment (Mastercard)
  - REST Example: Checking Enrollment for 3RI Split Shipment Transaction (Mastercard)
- 3b: Split/Delayed Shipment (Visa)
  - Required Fields for 3RI 3b: Split/Delayed Shipment (Visa)
  - REST Example: Checking Enrollment for 3RI Split Shipment Transaction (Visa)
- 4a: Multi-Party Commerce or OTA (Visa)
  - Required Fields for 3RI 4a: Multi-Party Commerce or OTA (Visa)
  - REST Example: Checking Enrollment for 3RI Multi-Party Commerce Transaction (Visa)
- 4b: Multi-Party Commerce or OTA (MasterCard)
  - Required Fields for 3RI 4b: Multi-Party Commerce or OTA (MasterCard)
  - REST Example: Checking Enrollment for 3RI Multi-Party Commerce Transaction (Mastercard)
  - REST Example: Validating the Challenge for 3RI Multi-Party Commerce Transaction (Mastercard)
- 4c: Multi-Party Commerce or OTA (MasterCard)
  - Required Fields for 3RI 4c: Multi-Party Commerce or OTA (MasterCard)
  - REST Example: Checking Enrollment for 3RI Multi-Party Commerce Transaction (Mastercard)

Testing Payer Authentication
- Testing Process
  - Enrollment Check Response Fields
  - Authentication Validation Response Fields
- Test Cases for 3-D Secure 2.x
  - 2.1: Frictionless Authentication Is Successful
  - 2.2: Frictionless Authentication Is Unsuccessful
  - 2.3: Stand-In Frictionless Authentication is Attempted
  - 2.4: Frictionless Authentication Is Unavailable
  - 2.5: Frictionless Authentication Is Rejected
  - 2.6: Authentication Is Not Available
  - 2.7: Check Enrollment Error
  - 2.8: Time Out
  - 2.9: Step-Up Authentication Is Successful
  - 2.10: Step-Up Authentication Is Unsuccessful
  - 2.11: Step-Up Authentication Is Unavailable
  - 2.12: Error During Authentication
  - 2.13: Authentication Is Bypassed
  - 2.14: Require Method URL
- Additional Test Cases
  - 1a: First Recurring Transaction: Fixed Amount
  - 2a: Card Authentication Failed
  - 2b: Suspected Fraud
  - 2c: Cardholder Not Enrolled in Service
  - 2d: Transaction Timed Out at the ACS
  - 2e: Non-Payment Transaction Not Supported
  - 2f: 3RI Transaction Not Supported
  - 3a: TRA Exemption—Low Value: Mastercard EMV 3-D Secure 2.1 and 2.2
  - 3b: TRA—Low Value: Visa
  - 3c: TRA—Low Value: Discover
  - 3d: Acquirer TRA: Cartes Bancaires
  - 4a: Trusted Beneficiary Prompt for Trustlist
  - 4b: Utilize Trusted Beneficiary Exemption
  - 5a: Visa Data Only
  - 5b: Identity Check Insights (ScoreRequest = Y)
- HTTP Status Codes

Website Modification Reference
- Website Modification Checklist
- EMV 3-D Secure Service Logos
- Informational Message Examples

Upgrading Your Payer Authentication Implementation
- Benefits
- PSD2 Impact
  - Mandates
- Recommended Integration
- Migrating from EMV 3-D Secure 1.x to 2.x FAQ

Finding Payer Authentication Transaction Details in the Business Center
- Searching for Transactions
- Storing Payer Authentication Data
- Searching for Payer Authentication Details
  - Enrolling a Card
    - Checking Enrollment
    - Authentication Validation
  - Card Not Enrolled
    - Transaction Details

Payer Authentication Reports
- Payer Authentication Summary Report
  - Download the Report
  - Matching the Report to the Transaction Search Results
  - Interpreting the Report
  - Comparing Payer Authentication and Payment Reports
- Payer Authentication Detail Report
  - Report Element
  - PayerAuthDetail Element
  - PAReq Element
  - PARes Element
  - AuthInfo Element
  - Report Examples

Glossary

On This Page

Setting Up the Initial Request

Run the Cardinal.init()
process to:

Begin the communication process with Cardinal.

Authenticate your credentials (server JWT).

Complete the data collection process.

By the time the customer is ready to check out, all necessary preprocessing is complete.

Each time a user begins a mobile transaction, Cardinal assigns a unique identifier to the consumer session called a

consumerSessionId

. This

consumerSessionId

ensures that Cardinal matches the correct device data collection results to a request. Visa Acceptance Solutions calls this session identifier

payerAuthEnrollService_referenceID

. You must assign the value of the

consumerSessionId

field to the

payerAuthEnrollService_referenceID

field so that Visa Acceptance Solutions can also track the calls for each user session.

Study the code example shown below for completing the cardinal.init()
process.

Cardinal.init() (Android SDK)

cardinal = Cardinal.getInstance();
String serverJwt = "INSERT_YOUR_JWT_HERE";
cardinal.init(serverJwt ,
new CardinalInitService() {
    /**
    * You may have your Submit button disabled on page load. Once you are 
    * set up for CCA, you may then enable it. This will prevent users 
    * from submitting their order before CCA is ready.
    */
    @Override
    public void onSetupCompleted(String consumerSessionId) {
  
    }
    /**
    * If there was an error with set up, Cardinal will call this function
    * with validate response and empty serverJWT
    * @param validateResponse
    * @param serverJwt will be an empty
    */
    @Override
    public void onValidated(ValidateResponse validateResponse, String serverJwt) {
  
    }
});

See Running Payer Authentication with SDK for the next steps.

Back to top