Initiating a 3DS Method
The "3DS Method" is a script call, only present in the Browser channel, provided by the 3DS Server and placed on the merchant's website to capture additional browser information, aiming to facilitate risk-based decision-making (RBA-Risk Based Analysis), increasing the chances of obtaining a challenge-free authentication.
Upon transaction creation, the 3DS Server returns the URL of the "3DS Method" in the three_ds_method_url field if device fingerprint capture is enabled for the card's BIN used. This indicates that an invisible frame should be rendered on the buyer's screen pointing to this URL. To achieve this, an HTTP POST in the application/x-www-form-urlencoded format is required, passing the threeDSMethodData field, which is a Base64-encoded JSON.
The return from the "3DS Method" call may take a few seconds. Therefore, for a better user experience, it is recommended to make this call soon after entering the card number. This way, while the user fills in the other checkout details, the "3DS Method" call will have already finished.
When the "3DS Method" call is successfully completed, the authentication request (AREQ) should be sent with the three_ds_comp_ind field set to "Y".
threeDSMethodData object parameters#
| Parameter | Description | Format | Mandatory |
|---|---|---|---|
threeDSMethodNotificationURL | The URL that will receive the notification of 3DS Method completion from the ACS. | < 256 AN | YES |
threeDSServerTransID | 3DS Server transaction ID. | = 36 AN | YES |
Examples#
threeDSMethodData JSON:
threeDSMethodData Base64:
HTML form:
3DS Method notification#
This call will be performed by the ACS on the URL informed by the 3DS Requestor (threeDSMethodNotificationURL field) using the same format of the form described above. This call is important for sending the three_ds_comp_ind field on the authentication service.