You’re free to conduct your testing with the cardnumbers below. You can use any
expdate (must be in the future unless you are trying to test an expired card) and we will return a response just like production.
3-D Secure v1
The 3-D Secure process requires that merchants cater for various scenarios.
We have our own 3D Secure emulator that allows testing to take place. Two different cardnumbers can be used to initiate the emulator – one credit and one debit.
To initiate the emulator using a credit card, populate the cardnumber field with 4485600864021418 in the request message.
To test 3D Secure using a debit card, populate the cardnumber field with 4547422155182593.
This returns a 501 response code which triggers our emulator. You can then test responses to the following scenarios:
- Invalid Response (ACS)
- Successful Authentication
- Authentication Acknowledged
- Incorrect Password
- Authentication Unavailable
EMV® 3-D Secure (v2)
|4000018525249219||1||Transaction Success||Successful authentication and authorisation|
|4000019099239669||1||Transaction Success||Authentication could not be performed and successful authentication.|
|4000015012963310||540||SCA: Failed||Authentication failed.|
|4000019842912018||541||SCA: Issuer Reject||Authentication rejected by the issuing bank.|
|4000016188047102||542||SCA: Not Successful||Authentication was attempted but was unsuccessful.|
|4000015979612025||503||SCA: Challenge Required||The issuing bank requires additional information to authenticate the cardholder.|
For the Challenge Flow via the API you will need to be able to replicate the following steps to complete your testing:
- Complete the Check 3-D Secure Version step on the cardnumber and method_url steps.
- Submit the Authentication request including the required device data.
- Handle the 503 response code, POST the creq value (as well as any threeDSSessionData) to the
urlreturned and open it via an i-Frame.
- Upon recieving the
cresvalue back from the ACS - submit the SCA_COMPLETE action to complete the transaction and submit the authorisation.