A 3DS check may end up with one of the following outcomes.

  • 3DS check successful
    fz.sca.success event is triggered by fatzebra.js. If you own your own payments form and use the verifyCard method of fatzebra.js to perform 3DS checks, 3DS result data will be provided in the fz.sca.success event payload. Using this 3DS result data in your Purchase or Refund API call will qualify that transaction for liability shift.

  • 3DS check unsuccessful
    fz.sca.error event is triggered by fatzebra.js. An error code will be returned in the event payload indicating the reason for the error. This could be due to the card issuer not support 3DS2 or if the cardholder was unable to verify their card when prompted with a 3DS challenge flow (e.g. they entered the wrong one-time pin that was sent to their mobile device).

  • Server Error or timeout.
    fz.sca.error event is triggered by fatzebra.js. No error code will be returned in the event payload. In this event we recommend that you prompt your users to retry the 3DS check/payment.

Test cards

FatZebra provides a number of test cards to simulate various 3DS scenarios in the Sandbox environment. Each of the following card numbers will simulate a predetermined outcome:

Successful 3DS2 check

Scenario

Cards

Successful frictionless authentication
Cardholder being authenticated by their Card Issuer
--
Liability shift

Visa: 4000000000001000
Mastercard: 5200000000001005
Amex: 340000000001007

Attempts processing frictionless authentication
Cardholder is enrolled in 3DS however the Issuer is not supporting the program, resulting in a stand-in authentication experience
--
Liability shift

Visa: 4000000000001026
Mastercard: 5200000000001021
Amex: 340000000001023

Successful step-up authentication
Successful OTP challenge
--
Liability shift

Visa: 4000000000001091
Mastercard: 5200000000001096
Amex: 340000000001098

fz.sca.success sample payload

{
  "message": "FatZebra.3DS: 3DS success - Successful Frictionless Authentication",
  "data": {
    "cavv": "xxx",
    "par": "xxx",
    "sli": "xxx",
    "xid": "xxx",
    "ver": "xxx",
    "directoryServerTxnId": "xxx",
    "threedsVersion": "xxx" 
  }
}

Unsuccessful 3DS check

Scenario

Card

Error code

Unsuccessful frictionless authentication
Authentication failed by card issuer without challenge
--
No liability shift

Visa: 4000000000001018
Mastercard: 5200000000001013
Amex: 340000000001015

004

Unavailable frictionless authentication
Authentication is unavailable from the issuer at the current time.
--
No liability shift

Visa: 4000000000001034
Mastercard: 5200000000001039
Amex: 340000000001031

003

Rejected frictionless authentication
Authentication rejected by the issuer.
--
No liability shift

Visa: 4000000000001042
Mastercard: 5200000000001047
Amex: 340000000001049

005

Authentication not available on lookup
Unable to verify 3DS enrolment status with the issuer due to system error.
--
No liability shift

Visa: 4000000000001059
Mastercard: 5200000000001054
Amex: 340000000001056

002

Server Error

No liability shift

Visa: 4000000000001067
Mastercard: 5200000000001062
Amex: 340000000001064

Timeout

No liability shift

Visa: 4000000000001075
Mastercard: 5200000000001070
Amex: 340000000001072

Bypassed authentication
This is related to a feature that is currently not available. We will look at providing merchants the ability to configure rules to determine whether authentication is required for a transaction.
--
No liability shift

Visa: 4000000000001083
Mastercard: 5200000000001088
Amex: 340000000001080

001

Unsuccessful step-up authentication
Unsuccessful authentication due to failed OTP (one time password) challenge.
--
No liability shift

Visa: 4000000000001109
Mastercard: 5200000000001104
Amex: 340000000001106

006

Unavailable step-up authentication
The card holder is enrolled for 3DS, but authentication is not available with that issuer.
--
No liability shift

Visa: 4000000000001117
Mastercard: 5200000000001112
Amex: 340000000001114

007

fz.sca.error sample payload

{
  "errors": [
    "FatZebra.3DS: 3DS error - Rejected Frictionless Authentication"
  ],
  "data": {
    "errorCode": "005" 
  }
}