3-D Secure

Please note - our QA environment does not handle live card information.

You’re free to conduct your testing with the cardnumbers below. You can use any expdate (must be in the future unless you are trying to test an expired card) and we will return a response just like production.

3-D Secure v1

The 3-D Secure process requires that merchants cater for various scenarios.

We have our own 3D Secure emulator that allows testing to take place. Two different cardnumbers can be used to initiate the emulator – one credit and one debit.

To initiate the emulator using a credit card, populate the cardnumber field with 4485600864021418 in the request message.

To test 3D Secure using a debit card, populate the cardnumber field with 4547422155182593.

This returns a 501 response code which triggers our emulator. You can then test responses to the following scenarios:

  • Invalid Response (ACS)
  • Successful Authentication
  • Authentication Acknowledged
  • Incorrect Password
  • Authentication Unavailable

EMV® 3-D Secure (v2)

Remember - you will need to perform the Check 3-D Secure Version for both Frictionless and Challenge flows.

Frictionless Flow

Cardnumber Response Response Message Description
4000018525249219 1 Transaction Success Successful authentication and authorisation
4000019099239669 1 Transaction Success Authentication could not be performed and successful authentication.
4000015012963310 540 SCA: Failed Authentication failed.
4000019842912018 541 SCA: Issuer Reject Authentication rejected by the issuing bank.
4000016188047102 542 SCA: Not Successful Authentication was attempted but was unsuccessful.

Challenge Flow

Remember - for a challenge flow you'll need to redirect to emulator to complete the payment.
Cardnumber Response Response Message Description
4000015979612025 503 SCA: Challenge Required The issuing bank requires additional information to authenticate the cardholder.

For the Challenge Flow via the API you will need to be able to replicate the following steps to complete your testing:

  1. Complete the Check 3-D Secure Version step on the cardnumber and method_url steps.
  2. Submit the Authentication request including the required device data.
  3. Handle the 503 response code, POST the creq value (as well as any threeDSSessionData) to the url returned and open it via an i-Frame.
  4. Upon recieving the cres value back from the ACS - submit the SCA_COMPLETE action to complete the transaction and submit the authorisation.