SCA
| Event | Description | Applicable Methods |
|---|---|---|
fz.sca.success | Emitted when 3DS validation completes successfully. The liability shifts from merchant to the card issuer. Please note: The edge case is when the enrolled field (ver) comes back as 'N' (3DS success - Not Enrolled), which means "No, Bank is not participating in 3-D Secure protocol". If the Enrolled value is equal to N, then the Consumer is NOT eligible for Authentication (No liability shift). Most merchants choose to continue with these transactions, because otherwise in many cases it would be stopping customers from making legitimate transactions. | renderPaymentsPage verifyCard |
fz.sca.error | Emitted when 3DS enrolment or validation failed. The payment attempt is deemed risky and merchant shall not proceed with the payment. | renderPaymentsPage verifyCard |
fz.sca.success Data Payload
| Attribute | Type | Description |
|---|---|---|
aav | string | Account Authentication Value. Unique 32-character transaction token for a 3D Secure transaction. For Mastercard Identity Check, the AAV is named the UCAF. For Visa Secure, the AAV is named the CAVV. |
cavv | string | Cardholder Authentication Verification Value. A Base64-encoded string sent back with Visa Secure-enrolled cards that specifically identifies the transaction with the issuing bank and Visa. Standard for collecting and sending AAV data for Visa Secure transactions. |
par | string | Payer Authentication Response. Compressed, Base64-encoded response from the card-issuing bank |
sli | string | The Security Level Indicator for 3DS transactions |
xid | string | String used by both Visa and Mastercard which identifies a specific transaction on the Directory Servers. This string value should remain consistent throughout a transaction’s history. |
ucaf | string | Universal Cardholder Authentication Field. Mastercard only. |
ver | string | 3DS enrolment status. |
directoryServerTxnId | string | Directory server transaction Id |
threedsVersion | string | 3DS version used for verifying the intended payment. |
{
message: "xxx",
data: {
aav: "xxx",
cavv: "xxx",
par: "xxx",
sli: "xxx",
xid: "xxx",
ucaf: "xxx",
ver: "xxx",
directoryServerTxnId: "xxx",
threedsVersion: "xxx",
}
}
fz.sca.error Data Payload
| Attribute | Type | Description |
|---|---|---|
errorCode | string | Error code for specific 3DS/SCA failure scenario. errorCode will be not be present in the event of request timeout or server error See below for error code mapping. |
// Request timeout, server error, etc. Prompt user to retry.
{
errors: ["xxx"],
data: null
}
// 3DS2 authentication failed. The card is deemed risky by issuer.
{
errors: ["xxx"],
data: {
errorCode: "xxx"
}
}
3DS/SCA Error Code Mapping
| Error Code | Description |
|---|---|
001 | Bypassed authentication This is related to a feature that is currently not available. We will look at providing merchants the ability to configure rules to determine whether authentication is required for a transaction. -- No liability shift |
002 | Authentication not available on lookup Unable to verify 3DS enrolment status with the issuer. -- No liability shift |
003 | Unavailable frictionless authentication 3DS authentication is unavailable with the issuer. -- No liability shift |
004 | Unsuccessful frictionless authentication The issuer deems the transaction as risky -- No liability shift |
005 | Rejected frictionless authentication -- No liability shift |
006 | Unsuccessful step-up authentication Unsuccessful authentication due to failed OTP (one time password) challenge. -- No liability shift |
007 | Unavailable step-up authentication The card holder is enrolled for 3DS, but authentication is not available with that issuer. -- No liability shift |
Updated almost 2 years ago