3-D Secure

Please note - Our QA environment does not handle live card information.

The 3-D Secure process requires that merchants cater for various scenarios. We have our own 3D Secure emulator that allows testing to take place.You’re free to conduct your testing with the cardnumbers below. You can use any expdate (must be in the future unless you are trying to test an expired card) and we will return a response just like production.

EMV® 3-D Secure (v2)

Remember - You will need to perform the Check 3-D Secure Version for both Frictionless and Challenge flows.

Frictionless Flow

VISA

Cardnumber Response Response Message Description
4000018525249219 1 Transaction Success Successful authentication and authorisation.
4000019099239669 541 Unable to perform Authentication could not be performed.
4000015012963310 540 SCA: Failed Authentication failed.
4000019842912018 542 SCA: Issuer Reject Authentication was rejected by the issuer.
4000016188047102 542 SCA: Issuer Reject Authentication rejected by the issuing bank.

MasterCard

Cardnumber Response Response Message Description
5100012222286836 1 Transaction Success Successful authentication and authorisation.
5100013037345882 1 Transaction Success Successful authentication and authorisation.
5100013084486761 541 SCA: Unable to perform Authentication could not be performed.
5100018065968794 540 SCA: Failed Authentication failed.
5100010802125358 542 SCA: Issuer Reject Authentication could not be performed.

Challenge Flow

Remember - For a challenge flow you'll need to redirect to emulator to complete the payment.

VISA

Cardnumber Response Response Message Description
4000015979612025 503 SCA: Challenge Required The issuing bank requires additional information to authenticate the cardholder.

MasterCard

Cardnumber Response Response Message Description
5100015146097478 503 SCA: Challenge Required The issuing bank requires additional information to authenticate the cardholder.

For the Challenge Flow via the API you will need to be able to replicate the following steps to complete your testing:

  1. Complete the Check 3-D Secure Version step on the cardnumber and method_url steps.
  2. Submit the Authentication request including the required device data.
  3. Handle the 503 response code, POST the creq value (as well as any threeDSSessionData) to the url returned and open it via an i-Frame.
  4. Upon recieving the cres value back from the ACS - submit the SCA_COMPLETE action to complete the transaction and submit the authorisation.