Ch 2 (04/11/2019 Update): Authenticate Request/Response

Owned by Matthew Gulosh
Last updated: Mar 08, 2023 by Chris Bohatka
4 min read

***Changes made on 04/11/2019 are delineated below in Red.***

Authenticate Request/Response Messages Updated with EMV® 3-D Secure Protocol v2.2.0 Fields

NOTE: If you are in the process of considering readiness for EMVco 3DS 2.0 protocols, the authenticate message may not be required. You should consider migrating to our Cardinal Cruise Java Script where a hybrid approach may be used. Please contact your activation or sales engineering team to discuss your next steps.

The Authenticate Message is responsible for returning the Consumer Authentication outcome to the Merchant. The message will return the status of the Authentication to the Merchant, enabling the Merchant to handle the order/authorization processing according to the outcome.

Once Authentication is completed, the Consumer will be redirected back to the TermUrl representing a webpage on the Merchant website. The Merchant is required to receive this form POST and construct the Authenticate Message to complete the transaction and determine the status of the Authentication. Cardinal will receive the Authenticate Message, decrypt the Authentication data and perform data validation checks on the Authentication result. Cardinal will return a response indicating the status of the Authentication transaction. 

In the event a non-zero ErrorNo value is returned or the SignatureVerification element is not Y, the transaction should not be authorized and the Consumer should be prompted for another method of payment.

In the event the ErrorNo element is 0 (zero) and the SignatureVerification element is Y, indicating all fraud checks were satisfied, then the PAResStatus value will define how the transaction should be processed. Based on the transaction outcome, the Merchant's order management system should be updated and the appropriate message should be displayed to the Consumer. 

cmpi_authenticate Request Message

Second message of the Lookup/Authenticate pair used in processing Consumer Authentication transactions. The values are posted to the TermUrl from the external systems involved in processing the transactions. The webpage represented by the TermUrl should retrieve the PARes value from the HTTP Request object for use in creating this message. 

The message is used to communicate the PARes generated by the Issuer ACS software to Cardinal. Cardinal will verify the digital signature within the PARes to validate that the authentication results were properly generated and not altered. The authentication data values including the transactions status, XID, CAVV/AAV and the ECI are extracted from the PARes and returned to the Merchant on the response message. 

TIP:

  • All fields use ASCII character set (0-9, A-Z, a-z, special characters $%&@!_ etc.)
  • The required field contains one of the following values
    • Y = Yes (Required field)
    • C = Conditional (Conditions of transaction determine if this field will be returned or not)
    • O = Optional (Not required but highly recommended)
    • Boolean = True or False

Field NameDescriptionRequiredField Definition
No New Changes

3DS Extension Support

IVR Extensions (India Only)
No New Changes

cmpi_authenticate Response Message

This message is generated in response to the cmpi_authenticate request message.

TIP:

  • All fields use ASCII character set (0-9, A-Z, a-z, special characters $%&@!_ etc.)
  • The required field contains one of the following values
    • Y = Yes (Required field)
    • C = Conditional (Conditions of transaction determine if this field will be returned or not)
    • O = Optional (Not required but highly recommended)
    • N = No (Not required)
    • Boolean = True or False
Field NameDescriptionRequiredField Definition
ThreeDSVersion

This field contains the 3DS version that was used to process the transaction.

Possible Values:

1.0.2

2.1.0

2.2.0

YAN(10)

3DS 2.0 Fields

Field NameDescriptionRequiredConditionField Definition
ChallengeCancel

An indicator as to why the transaction was canceled.

Possible Values: 

01 - Cardholder selected 'Cancel'

02 - 3DS Requestor canceled authentication Reserved for future EMVCo use (values invalid until defined by EMVCo).

03 - Transaction Abandoned Transaction Timed Out—Decoupled Authentication

04 - Transaction timed out at ACS—other timeouts

05 - Transaction Timed out at ACS - First CReq not received by ACS

06 - Transaction Error

07 - Unknown 

08 = Transaction Timed Out at SDK

NOTE: Only present when the Consumer cancels the challenge.  Decoupled authentication is not supported at this time.

C

Merchant Configuration ON

Required in CReq for 01-APP if the authentication transaction was canceled by user interaction with the cancelation button in the UI or for other reasons as indicated.

Required in the RReq if the ACS identifies that the authentication transaction was canceled for reasons as indicated.

Value of 04 or 05 is required when Transaction Status Reason = 14.

N(2)

ACSRenderingType

Identifies the UI Type the ACS will use to complete the challenge. 

NOTEOnly available for App transactions using the Cardinal Mobile SDK.  Decoupled authentication is not supported at this time.

C

Merchant Configuration ON & App

For RReq, required unless ACS Decoupled Confirmation = Y.


AuthenticationType

Indicates the type of authentication that will be used to challenge the card holder. 

Possible Values:

01 - Static

02 - Dynamic 

03 - OOB (Out of Band)

04 - Decoupled

NOTEEMV® 3-D Secure version 2.1.0 supports values 01-03.  Version 2.2.0 supports values 01-04.  Decoupled authentication is not supported at this time.

C

Merchant Configuration ON

Required in the RReq message if the Transaction Status = Y or N in the RReq message.

N(2)

SdkTransID

NEW FIELD

SDK unique transaction identifier that is generated on each new transaction.R
AN(36)

WhiteListStatus

NEW FIELD

Enables the communication of trusted beneficiary/whitelist status between the ACS, the DS and the 3DS Requestor.

Possible Values: 

Y - 3DS Requestor is whitelisted by cardholder

N - 3DS Requestor is not whitelisted by cardholder

E - Not eligible as determined by issuer

P - Pending confirmation by cardholder

R - Cardholder rejected

U - Whitelist status unknown, unavailable, or does not apply

O
AN(1)

WhiteListStatusSource

NEW FIELD

This data element will be populated by the system setting Whitelist Status.

Possible Values:

01 - 3DS Server

02 - DS

03 - ACS

04-79 - Reserved for EMVCo future use (values invalid until defined by EMVCo)

80-99 - Reserved for DS use

CRequired if Whitelist Status is present.N(2)