UK Gateway

3-D Secure

Last updated: 15-Apr-2022
Download as PDF

The figure below presents the complete flow when a Checkout is used by the cardholder to purchase a good. The payment flow consists of four parts: the setup, the actions before the customer initiates the purchase (clicks buy button), the Authentication and finally, the Authorisation.

Checkout threeds flow

Set up

During the set up part, you will receive by the implementation team, your 3DS account credentials and an authenticator ID. To create a checkout with 3DS you'll need to populate the configurations.card.threed_secure.authenticator field with the _id of the authenticator you'll be using.

Create checkout

The check out section takes place when the cardholder is redirected in the checkout page. The following steps shall be completed prior to the cardholder initiating the transaction (clicks ‘Buy/Order’).

  1. Create a customer using the createCustomer API
  2. Create a checkout using the createCheckout API and set configurations.card.threed_secure.enabled to true if you want to perform 3-D Secure. In case you only want to perform a 3-D Secure and not a card transaction set the configurations.card.process_transaction to true. In response to the checkout creation you will receive the following:
    {
  "_id": "string",
  "url": "string"
}

    The _id field is the ID of the checkout object. The url field is the URL that the consumer should be sent to to complete the checkout process.

  3. Redirect the Cardholder to the url of the checkout page, received when creating the checkout.

3DS Flow & Authorization

The Authentication flow, begins when the Cardholder initiates the transaction (clicks ‘Buy/Order’).

  1. When the Cardholder has initiated the transaction, the Checkout receives the Cardholder information and initiates the 3DS flow.
  2. After the consumer has completed the 3DS flow there are two ways to retrieve the authentication._id:
    1. Consumer will be redirected to the return_url with the authentication._id appended to the url like so: 
      https://return.url?authentication_id=5cade83a35f9660226f21726
    2. The authentication._id will also be stored in the checkout object. Use getCheckout API using the id that you received in the Checkout response /v1/checkout/{{id}}. Retrieve the authentication._id from the configurations.card.threed_secure.authentication field. The response will look like this:
      {
		...
    "configurations": {
        "card": {
        		...
            "threed_secure": {
            		...
                "authentication": "613939de8cba9a5a97e59551"
                ...
            }
        }
    },
    ...
}
  3. Use getThreedAuthentication API to query the results of the authentication using the authentication._id from the previous step/v1/3d/{{authentication id}}.

Authorizing with another gateway

To authorizing the transaction with another gateway you will need the token of the card. The token is stored in the card object, to get the token for authorization you'll first need the card._id . This can be done in two different ways:

  1. The card._id can be found in the GET call for the checkout at /v1/checkout/{{id that you received in the Checkout creation response}} in the configurations.card.card field. 
    {
		...
    "configurations": {
        "card": {
            "card": "613939de8cba9a5a97e59551",
						...
        }
    },
    ...
}
  2. An other method is to perform a GET call to the authentication object using the authentication._id at /v1/3d/{{authentication id}}
{
	...
	"card": "613939de8cba9a5a97e59551",
	...
}

In the response you'll see the card field. Store this ID.

Getting the token

The token is returned in the card field in the authentication object.

Query the card id through a GET call to /v1/card/{{card._id}} and store the token field.

{
  ...
  "token": "",
  ...
}

 

Fields for creating a customer for 3DS

The Customer API mandates specific fields as required. On top of these there are additional fields which are required to enable 3DS during a checkout. Please refer to the table below.

Field name Description Required/Optional/Conditional Specification
billing_address_1 Consumer's billing address information. R String (50)
billing_address_2 Consumer's billing address information. C Required if information is available String (50)
billing_address_3 Consumer's billing address information. C Required if information is available String (50)
billing_city Consumer's city on their billing address. R String (50)
billing_country_code Consumer's alpha 2 digit ISO 3166 country code. (e.g. United States = US) R String (2)
billing_first_name Consumer's first name. R String (50)
billing_last_name Consumer's last name. R String (50)
billing_phone Consumer's phone number for billing address. This should be unformatted without hyphens. (e.g. 4422345678) C Required if information is available String (20)
billing_postal_code Consumer's postal code of their billing address. R String(10)
billing_state Consumer's state or province of their billing address. ISO 3166-2 R Required unless market or regional mandate restricts sending this information, or state is not applicable for this country. String (3)
company_name Company name C if billing_first_name or billing_last_name not provided String
company_registration_number Unique identifier of the company, recognised by the government. Known as CoC (Chamber of Commerce) number in some countries. O String
date_of_birth The date of birth of a person, 10 characters, ISO-8601 (YYYY-MM-DD) O String (10)
email_address Consumer's email address. R String (255)
gender Gender O String (male or female)
organisation Dimebox Organisation ID Optional, default value is organisation of the user submitting the call String
phone_number Cardholder's mobile phone number R Number (25)
shipping_address_1 Consumer's shipping address information. C Required if information is available String (50)
shipping_address_2 Consumer's shipping address information. C Required if information is available String (50)
shipping_address_3 Consumer's shipping address information. C Required if information is available String (50)
shipping_city Consumer's city of their shipping address. C Required if information is available String (50)
shipping_country_code Consumer's alpha 2 digit ISO 3166 country code. (e.g. United States = US) C Required if information is available String (2)
shipping_postal_code Consumer's postal code of their shipping address. C Required if information is available String (10)
shipping_state Consumer's state or province of their shipping address. (e,g. Ohio = OH, Texas = TX) C Required if information is available String (50)
social_security_number The social security number of the customer. Only supported for DK, FI, NO & SE and required for dealing with Klarna. O String
title The title / honorific prefix of a person, amongst (mr, ms). O String
work_phone Consumer's work phone number. C Required if information is available Number (25)
Rate this article:
Download as PDF

Need help?

Do you have a question? If you didn’t find the answer you are looking for in our documentation, you can contact our Support teams for more information. If you have a technical issue or question, please contact us. We are happy to help.

Get in touch

Not yet a Verifone customer?

We’ll help you choose the right payment solution for your business, wherever you want to sell, in-person or online. Our team of experts will happily discuss your needs.

Contact sales Get Started
Verifone logo