Skip to main content

Authentication Response

Requirement

Interpret the results of the Authentication to see if MethodUrl populated, Challenge flow, or Frictionless flow.

Authentication Response

A detailed breakdown of all of the fields returned in the response are shown below.

AuthenticationResponse
Field NameData TypeDescription
ReferenceStringGateway returns the original reference passed by the integrator

Length: Variable, max. 50 characters.
ErrorCodeIntegerIf an error has occurred during the process the relevant code will be populated in this field.
ErrorMessageStringIf an error has occurred during the process the relevant message will be populated in this field.
ResponseTimeIntegerNumber of milliseconds taken for the response to be returned
AcsChallengeMandatedIndicatorStringIndication of whether a challenge is required for the transaction to be authorised due to local/regional mandates or other variable.
YChallenge is mandated.
NChallenge Required if
Transaction Status = C or D.
AcsReferenceNumberStringUnique identifier assigned to a certified ACS by EmvCo.

For information only.
AcsRenderingInterfaceStringIdentifies the Template that the ACS UI will use.

For information only.
AcsSignedContentStringContains authenticated content created by the ACS for the ARes message.

For information only.
AcsTransactionIdStringUniversally Unique transaction identifier assigned by the ACS to identify a single transaction.

Required where fallback to v1 has occurred.
AcsUrlStringFully qualified URL of the ACS to be used for the challenge.

Length: Variable, max. 2048 characters.
AtsDataStringAdditional Transaction Security (ATS) data

This will only be populated in the event of fallback to V1.
AuthenticationEciStringElectronic Commerce Indicator (ECI) - consists of two digits
AuthenticationTypeStringIndicates the type of authentication method the Issuer will use to challenge the Cardholder, whether in the ARes message or what was used by the ACS when in the RReq message.
01Static.
02Dynamic.
03OOB
04Decoupled.
AuthenticationValueStringCardholder Authentication Verification Value (CAVV) - a 28-byte base64 encoded value
CReqStringCReq to be used with ACS interaction between cardholder and issuer.
CardClassIdIntegerIndicates the card scheme that issued the card.
DecoupledConfirmationIndicatorStringIndicates whether the ACS confirms utilisation of Decoupled Authentication and agrees to utilise Decoupled Authentication to authenticate the Cardholder.
YConfirms Decoupled Authentication will be utilised.
NDecoupled Authentication will not be utilised.
DsReferenceNumberStringUnique identifier assigned to a certified DS by EmvCo.

For information only.
DsTransactionIdStringUniversally unique transaction identifier assigned by the DS to identify a single transaction.

For information only, the solution uses ThreeDsServerTransactionId instead.
MethodDataString

This value should be sent as a Form POST to the MethodUrl. This should be rendered as a hidden iframe, and is discussed in more detail in the MethodUrl section.

This field is only present when the MethodUrl process is required.
MethodUrlStringIndicates the Url that the MethodData hidden Iframe should be POST'd to.

This field is only present when the MethodUrl process is required.
ProtocolVersionStringIndicates the protocol used in the 3DS process.

If ProtocolVersion starts with 1 this indicates that a fallback to version one of the protocol has been initiated due to card issuer not supporting V2.
ThreeDsServerTransactionIdStringUniversally unique transaction identifier assigned by the 3DS Server to identify a single transaction.

Length: 36 characters.

Populated if DS interaction has taken place.
TransactionStatusString

Indicates whether a transaction qualifies as an authenticated transaction or account verification.

Note: The Final CRes message can contain only a value of Y or N.
YAuthentication Verification Successful.
NNot Authenticated/Account Not Verified; Transaction denied.
UAuthentication/Account Verification Could Not Be Performed; Technical or other problem, as indicated in ARes or RReq.
AAttempts Processing Performed; Not Authenticated/Verified, but a proof of attempted authentication/verification is provided.
CChallenge Required; Additional authentication is required using the CReq/CRes.
DChallenge Required; Decoupled Authentication confirmed.
RAuthentication/Account Verification Rejected; Issuer is rejecting authentication/verification and request that authorisation not be attempted.
IInformational Only; 3DS Requestor challenge preference acknowledged.
Populated if DS interaction has taken place.
TransactionStatusReasonStringProvides information on why the Transaction Status field has the specified value.
01Card authentication failed.
02Unknown Device.
03Unsupported Device.
04Exceeds authentication frequency limit.
05Expired card.
06Invalid card number.
07Invalid transaction.
08No Card record.
09Security failure.
10Stolen card.
11Suspected fraud.
12Transaction not permitted to cardholder.
13Cardholder not enrolled in service.
14Transaction timed out at the ACS.
15Low confidence.
16Medium confidence.
17High confidence.
18Very High confidence.
19Exceeds ACS maximum challenges.
20Non-Payment transaction not supported.
213RI transaction not supported.
22ACS technical issue.
23Decoupled Authentication required by ACS but not requested by 3DS Requestor.
243DS Requestor Decoupled Max Expiry Time exceeded.
25Decoupled Authentication was provided insufficient time to authenticate cardholder. ACS will not make attempt.
26Authentication attempted but not performed by the cardholder.
Populated if DS interaction has taken place.

Example Code Responses


{
"Reference":"TestTransaction",
"ErrorCode":00,
"ErrorMessage":"String content",
"ResponseTime":100,
"AcsChallengeMandatedIndicator":"String content",
"AcsReferenceNumber":"String content",
"AcsRenderingInterface":"String content",
"AcsSignedContent":"String content",
"AcsTransactionId":"String content",
"AcsUrl":"String content",
"AtsData":"String content",
"AuthenticationEci":"String content",
"AuthenticationType":"String content",
"AuthenticationValue":"String content",
"CReq":"String content",
"CardClassId":2147483647,
"DecoupledConfirmationIndicator":"String content",
"DsReferenceNumber":"String content",
"DsTransactionId":"String content",
"MethodData":"String content",
"MethodUrl":"String content",
"ProtocolVersion":"String content",
"ThreeDsServerTransactionId":"String content",
"TransactionStatus":"String content",
"TransactionStatusReason":"String content"
}

Next Steps

MethodUrl present

If the MethodUrl field and the MethodData field are populated, you need to continue to the MethodUrl section.

Challenge Requested

If the TransactionStatus is C or D then you need to proceed to the Challenge Flow section.

Authentication Complete

Other TransactionStatus codes may allow you to proceed or not. Please check Using your Results for more guidance.