Empty parameter (see error.detail for further details)
202
message.extension not recognized
203
Invalid parameter (see error.detail for further details)
301
Transaction ID received is not valid for the receiving component.
305
Card not supported by the issuer for 3DS 2.0 authentications.
402
Timeout when communicating with DS
404
Unexpected error
405
DS communication error
device_channel field
Code
Description
01
App-based
02
Browser
03
3DS Requestor Initiated (3RI)
04-79
Reserved for future use by EMVCo
80-99
Reserved for future use by DS
Glossary
3DS Requestor: Store or gateway (such as Carat)
3D-Secure: Also known as Visa Secure, Mastercard Identity Check,
American Express SafeKey, Discover ProtectCode or Elo SecureCode,
is a security protocol used by card brands to authenticate online transactions and reduce fraud.
ACS (Access Control Server): The server responsible for
provide the authentication interface on behalf of the issuer during the
3D-Secure transaction process. It interacts with the issuer and cardholder to verify the authenticity of the transaction.
DS (Directory Server): Represents the flag
AReq: Authentication Request, according to the 3DS 2.0 protocol
ARes: Authentication Response, according to the 3DS 2.0 protocol
CReq: Challenge Request, according to the 3DS 2.0 protocol
CRes: Challenge Response, according to the 3DS 2.0 protocol
RReq: Results Request, according to the 3DS 2.0 protocol
RRes: Results Response, according to the 3DS 2.0 protocol
Challenge/Step-up Flow: Also known as "challenge flow".
It is a form of 3D-Secure authentication in which the cardholder is directed to
a page or application to provide additional information or enter a security code to confirm the transaction.
Frictionless Flow: Also known as "frictionless flow".
It is a form of 3D-Secure authentication in which the transaction is automatically authenticated
based on available data, without the need for intervention by the cardholder.
This usually occurs when the issuer has sufficient information
(such as data about the holder or the device used) to confirm the identity of the holder.
3DS Server Id: ID that identifies the transaction on the 3DS Server (three_ds_server.trans_id field of the transaction creation or authentication response)
DS Id: ID that identifies the transaction on the Bandeira server (ds.trans_id field of the transaction authentication response)
ACS ID: ID that identifies the transaction at the Issuer (acs.trans_id field of the transaction authentication response)
3DS Method URL: Issuer URL to send a post to collect information from the buyer's device in web transactions
reference_id: Field to be used in the Carat payment rest API (the ds.trans_id value of the transaction authentication response must be passed)
ECI (or “e-commerce indicator”): Code returned to the MPI by the brands, which indicates the result of the bearer’s 3DS authentication with the issuer
CAVV or IAV: Cryptogram code used in transaction authentication and sent by the establishment's MPI (authentication.value field in the transaction authentication response or in the transaction query).
Authentication: The process of verifying the identity of the
cardholder during an online transaction. 3D-Secure requires authentication
additional information, usually through a security code, PIN or biometrics by the requesting business.
Issuer: The financial institution (bank or credit card company)
who issues the credit card, debit card to the holder.
Commerce/Merchant: A company or website that accepts online payments via credit or debit cards.
Enrollment: The process of registering a card for use in 3D-Secure. The cardholder normally carries out
the enrollment process when using the card for the first time on a 3D-Secure compatible website.
Liability Shift: The transfer of responsibility from the merchant to the issuer occurs in the case of a fraudulent transaction, provided that the transaction has been authenticated by 3D-Secure, and the merchant is enabled on 3DS, allowing them to win the "Reversal of Responsibility.".
RBA (Risk-Based Analysis): It is an approach within 3D-Secure in which the card issuer assesses the risk of a transaction to determine if additional verification is necessary. Based on factors such as transaction value, device identification, and the cardholder's history, low-risk transactions may be approved without additional validation, while medium or high-risk transactions may require extra steps to ensure security. This enhances the customer experience by reducing friction in low-risk transactions while simultaneously safeguarding against fraudulent transactions.
MPI (Merchant Plug-In): The software or service used by a merchant to connect to the 3D-Secure authentication system. It facilitates communication between the merchant, the issuer and the card brand.
Carat provides support for 3D-Secure 2.0 transactions through its 3DS Server
And to learn more about these nomenclatures (Bin, Software Express, Carat, e-Sitef) Learn more
