The Authenticate Message is responsible for returning the Consumer Authentication outcome to the Merchant. The message will return the status of the Authentication to the Merchant, enabling the Merchant to handle the order/authorization processing according to the outcome.
Once Authentication is completed, the Consumer will be redirected back to the TermUrl representing a webpage on the Merchant website. The Merchant is required to receive this form POST and construct the Authenticate Message to complete the transaction and determine the status of the Authentication. Cardinal will receive the Authenticate Message, decrypt the Authentication data and perform data validation checks on the Authentication result. Cardinal will return a response indicating the status of the Authentication transaction.
In the event a non-zero ErrorNo value is returned or the SignatureVerification element is not Y, the transaction should not be authorized and the Consumer should be prompted for another method of payment.
In the event the ErrorNo element is 0 (zero) and the SignatureVerification element is Y, indicating all fraud checks were satisfied, then the PAResStatus value will define how the transaction should be processed. Based on the transaction outcome, the Merchant's order management system should be updated and the appropriate message should be displayed to the Consumer.
cmpi_authenticate Request Message
Second message of the Lookup/Authenticate pair used in processing Consumer Authentication transactions. The values are posted to the TermUrl from the external systems involved in processing the transactions. The webpage represented by the TermUrl should retrieve the PARes value from the HTTP Request object for use in creating this message.
The message is used to communicate the PARes generated by the Issuer ACS software to Cardinal. Cardinal will verify the digital signature within the PARes to validate that the authentication results were properly generated and not altered. The authentication data values including the transactions status, XID, CAVV/AAV and the ECI are extracted from the PARes and returned to the Merchant on the response message.
All fields use ASCII character set (0-9, A-Z, a-z, special characters)
Use of special characters is allowed in most fields defined as Alpha Numeric (AN)
The following special characters must be escaped before using: & < > " '
The required field contains one of the following values
Y = Yes (Required field)
C = Conditional (Conditions of transaction determine if this field will be returned or not)
O = Optional (Not required but highly recommended)