UK Gateway

3-D Secure

Last updated: 15-Apr-2022
Download as PDF

The figure below presents the complete flow when a browser is used by the cardholder to purchase a good. The payment flow consists of four parts: the setup, the actions before the customer initiates the purchase (clicks buy button), the Authentication and finally, the Authorisation.

Inject threeds flow

Set up

During the set up part, you will receive by the implementation team your 3DS account credentials and an authenticator ID.

Payment

The payment takes place when the cardholder fills in the payment details. The following steps shall be completed prior to the cardholder initiating the transaction (clicks ‘Buy/Order’).

  1. Create a JWT_token in the backend server (link)
  2. After you have generated your JWT token you'll use it to call Inject. You'll need to include the JWT token, organisation ID and lookup_endpoint. The organisation ID is the Dimebox org ID and the lookup_endpoint is the endpoint that Inject will use to submit the jwt_token and device_info_id. Once you receive this information from Inject -which happens after the customer has submitted their card details- you will make a lookup_request call to Dimebox: Note: device_data_info and device_channel are optional but recommended to be sent, to overcome cases where an Ad-blocker blocks the 3DS JS to retrieve this information by the browser.

3DS Flow

The Authentication flow, begins when the Cardholder initiates the transaction (clicks ‘Buy/Order’).

  1. When the Cardholder has initiated the transaction, the Inject reads the Cardholder information and returns to the lookup_endpoint defined earlier, the card_id and the device_info_id.
  2. After you receive the card_id and the device_info_id formulate and send the lookup request using the lookup API
  3. Receive the lookup response and respond to step 1 with an object {continue3ds, lookup_response}. The continue3ds_flag shows your preference to continue or not with the challenge flow. If the challenge flow should be initiated set the field to true, if the challenge flow should not be initiated, set the field to false.
  4. If continue3ds_flag=true, the Inject will continue with presenting the challenge window. If continue3ds_flag=false, the inject will submit the form.
  5. When the challenge has been completed, the Inject will submit the JWT which includes the payload needed for authorisation.

Authorization

  1. Use the payment details from the JWT to authorise the payment using the createCardTransaction API
Rate this article:
Download as PDF

Need help?

Do you have a question? If you didn’t find the answer you are looking for in our documentation, you can contact our Support teams for more information. If you have a technical issue or question, please contact us. We are happy to help.

Get in touch

Not yet a Verifone customer?

We’ll help you choose the right payment solution for your business, wherever you want to sell, in-person or online. Our team of experts will happily discuss your needs.

Contact sales Get Started
Verifone logo