Content

Request fields updates

The column CB2A describe how the field will be used in authorization.

Payline Field Name	Format	Mandatory	3DS Field Origin	Comment
`containerVersion`	2 chars	Mandatory	N/A	Field used to identify the version of the JSON container. Version 2 will be available the 29th january 2020.
`eci`	2 chars	Conditional	`eci` in `ARes` message if Frictionless `eci` in `RReq` message if Challenge	Required if present in 3DS message.
`authenticationValue`	28 chars	Conditional	`authenticationValue` in `ARes` message if Frictionless `authenticationValue` in `RReq` message if Challenge	Required if present in 3DS message.
`avAlgorithm`	1 char	Conditional	`CB-AVALGO` in `ARes` message if Frictionless `CB-AVALGO`in `RReq` message if Challenge	Required if present in 3DS message.
`effectiveAuthType`	2 chars	Conditional	Type of authentication done.	Required if present in 3DS message. Values could be : FR : When frictionless CH : When challenge
`acsOperatorID`	32 chars	Conditional	`acsperatorID` in `ARes` message for Frictionless and Challenge	Required if present in 3DS. If frictionless and `acsOperatorID` = "CB-DS" message, the field `59-419` must be set to "FD"
`threeDSRequestorChallengeInd`	2 chars	Conditional	This data is set by Cardinal in the field `AReq.threeDSRequestorChallengeInd` The same value must be send to payline	Specific using. It indicates to the scheme and the issuer the merchant preference. Required if present in 3DSmessage. Values could be : `01 = No preference` `02 = No challenge requested` `03 = Challenge requested : 3DS Requestor Preference` `04 = Challenge requested: Mandate`
`transStatus`	1 char	Conditional	`transStatus` in `ARes` message if Frictionless `transStatus` in `RReq` message if Challenge	Required if present in 3DS message. Values could be : `Y = Authentication/ Account Verification Successful` `N = Not Authenticated /Account Not Verified; Transaction denied` `U = Authentication/ Account Verification Could Not Be Performed; Technical or other problem, as indicated in ARes or RReq` `A = Attempts Processing Performed; Not Authenticated/Verified, but a proof of attempted authentication/verification is provided` `C = Challenge Required; Additional authentication is required using the CReq/CRes` `R = Authentication/ Account Verification Rejected; Issuer is rejecting authentication/verification and request that authorisation not be attempted.`
`transStatusReason`	2 chars	Conditional	`transStatusReason` in `ARes` message if Frictionless `transStatusReason` in `RReq` message if Challenge	Required if present in 3DS message. Values could be : `01 = Card authentication failed` `02 = Unknown Device` `03 = Unsupported Device` `04 = Exceeds authentication frequency limit` `05 = Expired card` `06 = Invalid card number` `07 = Invalid transaction` `08 = No Card record` `09 = Security failure` `10 = Stolen card` `11 = Suspected fraud` `12 = Transaction not permitted to cardholder` `13 = Cardholder not enrolled in service` `14 = Transaction timed out at the ACS` `15 = Low confidence` `16 = Medium confidence` `17 = High confidence` `18 = Very High confidence` `19 = Exceeds ACS maximum challenges` `20 = Non-Payment transaction not supported` `21 = 3RI transaction not supported`
`challengeCancelInd`	2 chars	Conditional	`challengeCancel` in `CReq` if the buyer cancel in APP-BASED `challengeCancel` in `RReq` if the buyer cancel in BROWSER-BASED	Required if present in 3DS message. Values could be `01 = Cardholder selected “Cancel”` `02 = 3DS Requestor cancelled Authentication.` `03 = Transaction Abandoned` `04 = Transaction Timed Out at ACS—other timeouts` `05 = Transaction Timed Out at ACS—First CReq not received by ACS` `06 = Transaction Error` `07 = Unknown`
`networkScore`	2 chars	Conditional	CB-Score in A`Res`	This field is CB Brand specific. Required if present in 3DS message.
`dsTransID`	36 chars	Conditional	`dsTransID` in ARes message if frictionless `dsTransID` in RReq message if challenge `dsTransID` in Erro in case of error	Required if present in 3DS message.
`acsTransID`	36 chars	Conditional	`acsTransID` in ARes message if frictionless `acsTransID` in RReq message if challenge `acsTransID` in Erro in case of error	Required if present in 3DS message.
`messageVersion`	8 chars	Mandatory	`messageVersion` in `ARes` message if Frictionless `messageVersion` in `RReq` message if Challenge
`useCase`	2 chars	Conditional	`CB-USECASE` in `AReq` message
`purchaseInstalData`	2 chars	Conditional	`purchaseInstalData` in `AReq` message
`exemptions`	4 chars	Conditional	`CB-EXEMPTIONS` in `ARes` message
`merchantName`	40 chars	Conditional	`merchantName` in `AReq` message
`purchaseDate`	14 chars	Conditional	`purchaseDate` in `AReq` message
`purchaseAmount`	48 chars	Conditional	`purchaseAmount` in `AReq` message
`recurringExpiry`	8 chars	Conditional	`recurringExpiry` in `AReq` message	YYYYMMDD
`cardBrand`	20 chars	Mandatory	card type chosen by the merchant or the buyer (usefull in case of co-branded card)	added in `containerVersion=2` Values could be : `CB` `VISA` `MASTERCARD` `AMEX` `...`
`browserIP`	ans...45	Mandatory	browserIP in AReq message	added in `containerVersion=2`
`merchantCountryCode`	n3	Mandatory	merchantCountryCode in AReq message	added in `containerVersion=2`
`acquirerBin`	n11	Conditional	acquirerBIN (lg max 11) in AReq message	added in `containerVersion=2`
`acquirerMerchantID`	35 chars	Conditional	acquirerMerchantID in AReq message	added in `containerVersion=2`
`threeDSRequestorName`	40 chars	Conditional	threeDSRequestorName in AReq message	added in `containerVersion=2`
`threeDSRequestorID`	35 chars	Conditional	threeDSRequestorID in AReq message	added in `containerVersion=2`

Packaging

3DS V2 fields are packed in an JSON container by Cardinal. The proposed structure is : JSON Container

{
"cavvAlgorithm":"1",
"effectiveAuthType":"FR",
"acsOperatorID":"CB-DS",
"merchantChallengeInd":"02",
"transStatus":"Y",
"transStatusReason":"",
"challengeCancelInd":"",
"schemeScore":"50",
"dsTransID":"96e4be73-1d59-429a-b4c1-439e5d9ad632",
"acsTransID":"d746c39c-17bc-4b4d-be56-fd9c0ad0877f",
"3DSversion":"2.1.0"
}

Null fields must be absent of the JSon structure

Then the field is encoded in base64 (the charset is UTF-8) : B64 encode

@Test
    public void shouldGenerateBase64FromGson() {
        String json =
                "{\n" +
                "\"cavvAlgorithm\":\"1\",\n" +
                "\"effectiveAuthType\":\"FR\",\n" +
                "\"acsOperatorID\":\"CB-DS\",\n" +
                "\"merchantChallengeInd\":\"02\",\n" +
                "\"transStatus\":\"Y\",\n" +
                "\"transStatusReason\":\"\",\n" +
                "\"challengeCancelInd\":\"\",\n" +
                "\"schemeScore\":\"50\",\n" +
                "\"dsTransID\":\"96e4be73-1d59-429a-b4c1-439e5d9ad632\",\n" +
                "\"acsTransID\":\"d746c39c-17bc-4b4d-be56-fd9c0ad0877f\",\n" +
                "\"3DSversion\":\"2.1.0\"\n" +
                "}";

        String jsonBase64 = Base64.encode(json.getBytes(StandardCharsets.UTF_8));
        LOGGER.info("json : {}", jsonBase64);

        String jsonExpected = "ewoiY2F2dkFsZ29yaXRobSI6IjEiLAoiZWZmZWN0aXZlQXV0aFR5cGUiOiJGUiIsCiJhY3NPcGVyYXRvcklEIjoiQ0ItRFMiLAoibWVyY2hhbnRDaGFsbGVuZ2VJbmQiOiIwMiIsCiJ0cmFuc1N0YXR1cyI6IlkiLAoidHJhbnNTdGF0dXNSZWFzb24iOiIiLAoiY2hhbGxlbmdlQ2FuY2VsSW5kIjoiIiwKInNjaGVtZVNjb3JlIjoiNTAiLAoiZHNUcmFuc0lEIjoiOTZlNGJlNzMtMWQ1OS00MjlhLWI0YzEtNDM5ZTVkOWFkNjMyIiwKImFjc1RyYW5zSUQiOiJkNzQ2YzM5Yy0xN2JjLTRiNGQtYmU1Ni1mZDljMGFkMDg3N2YiLAoiM0RTdmVyc2lvbiI6IjIuMS4wIgp9";
        Assert.assertEquals(jsonExpected, jsonBase64);

    }

JSON Container is designed for 3DS.

Arborescence des pages

3DSV2 - Direct Interface - JSON container format

Request fields updates

Packaging