About 3-D Secure Payment

In this page, it describes the the process flow and a determination of 3-D Secure payment.

Payment Type

Our 3-D Secure service supports the 3-D Secure of the 4 international card brands VISA/MASTER/JCB.
Setting "Payment service option type" (ServiceOptionType) of the 3-D Secure request message, enables the selection of patterns appropriate to the EC site for the risk burden.

List of Service Option Type
service_option_type Authentication Type Card Payment Integration Type Brand specific card payment necessity Risk burden
mpi-complete Complete authentication 3-D Secure + Card payment Brands supporting 3-D Secure
(VISA/MASTER/JCB)
Do Payment Make a payment only when passwords perfectly match
Brands not supporting 3-D Secure Do not make payment -
mpi-company Normal Authentication
(Card company bears risk burden)
3-D Secure + Card payment Brands supporting 3-D Secure
(VISA/MASTER/JCB)
Do Payment Make a payment only when card company bears the risk burden.
Brands not supporting 3-D Secure Do Payment Since 3-D Secure is not supported, the merchant will bear the risk burden.
Brands not supporting 3-D Secure Do Payment Since 3-D Secure is not supported, the merchant will bear the risk burden.

Process sequence

The basic sequence of 3-D Secure.

Process flow

The process flow of 3-D Secure.

mpi-complete

Output Param Value Flow description
mstatus failure
In the case where 3-D Secure is not possible, "mstatus = failure" is returned to the merchant site. Payment not possible.
success
In the case where 3-D Secure is possible, "mstatus = success" is returned to the merchant site.
Redirect to the card company authentication server, and complete 3-D Secure.
Retrieve the process result by performing a Search based on the unique transaction information returned to the merchant site, after the authentication/payment.
Payment is done only when 3-D Secure and signature verification are successful.

mpi-company

Output Param Value Flow description
mstatus failure
In the case where 3-D Secure is not possible and when the card company does not bear the risk burden, "mstatus = failure" is returned to the merchant site.
Payment not possible.
success
In the case where 3-D Secure is possible, "mstatus = success" is returned to the merchant site.
Redirect to the card company authentication server, and complete 3-D Secure.
Retrieve the process result by performing a Search based on the unique transaction information returned to the merchant site, after the authentication/payment.
Payment is done only when 3-D Secure and signature verification are successful, or when the card company bears the risk burden.
success
In the case where 3-D Secure is not possible and when the card company bears the risk burden, "Mstatus = success" is returned to the merchant site. Redirect connect to the VeriTrans gateway, and execute the payment processing.
Retrieve the process result by performing a Search based on the unique transaction information returned to the merchant site, after the payment.
Payment is done only when 3-D Secure and signature verification are successful, or when the card company bears the risk burden.

Redirect receive parameters

When the process is complete, the browser will redirect to redirection_uri.
The following parameters are POST during redirect.
Field Name Name Format Description
RequestId Request ID Half-width alphanumeric and symbols can be use and must be within 128 digits. Key item that searches the result of 3-D Secure.
OrderId Order ID Half-width alphanumeric, hyphen and underscore can be use and must be within 100 digits. ID assigned at the 3-D Secure payment request.

Search Process Result Reference Method

It is necessary to retrieve the 3-D Secure result, payment result by using the /search API process. Use "RequestID" as the key when retrieving.
Search API response sample JSON if you set the Request Id.
{
  "order_info": {
    "order_id": "TESTB001",
    "service_type_code": "mpi",
    "last_success_command": "Verify",
    "success_detail_transaction_type": "a",
    "proper_order_info": {"trad_url": "https://example.com/..."},
    "transaction_info_array": [
      {
        "amount": 100,
        "command": "Verify",
        "mstatus": "success",
        "vresult_code": "G011A00100000000",
        "transaction_datetime": "2015-03-11 20:05:20.277",
        "properTransactionInfo": {
          "transaction_kind": "mpi",
          "transaction_type": "vd",
          "res_3d_cavv": "AbC1eFg2IJkl3NopQ4STU5WXYZ\u003d\u003d",
          "res_3d_cavv_algorithm": "2",
          "res_3d_eci": "05",
          "res_3d_message_version": "1.0.2",
          "res_3d_transaction_id": "12aBcde3Fg4HiJ\u003dAbcd1Efgh2J\u003d",
          "res_3d_transaction_status": "Y"
        }
      },
      {
        "amount": 100,
        "command": "Verify",
        "mstatus": "success",
        "vresult_code": "G011A00100000000",
        "transaction_datetime": "2015-03-11 20:05:22.221",
        "properTransactionInfo": {
          "transaction_kind": "card",
          "res_auth_code": "000000",
          "res_center_error_code": "   "
        }
      }
    ]
  },
  "vresult_code": "N001000000000000",
  "mstatus": "success",
  "code": "Q000",
  "status": "success",
  "message": "Search request was successful"
}

Code List for each Scenario

The following table is the vresult_code list for payment done by 3-D Secure + CARD.
Check the first 4 digits of vresult_code, you need to determine the next processing.
Note that the process varies based on the ServiceOptionType setting (No Payment/Complete Authentication/Normal Authentication (Card Company risk burden)/Normal Authentication (Card Company or Merchant risk burden)/Non enrolled Brand).
No Scenario Risk burden Test Card MPI Authorize
/mpi_charges
Verify
(VeriTransInternalProcess)
Card Company/Merchant Card Number Payment service option type Complete Authentication
(mpi-complete)
Normal Authentication
(mpi-company)
Payment service option type Complete Authentication
(mpi-complete)
Normal Authentication
(mpi-company)
Risk burden Card Company Card Company Risk burden Card Company Card Company
Payment capability for brands not supporting 3-D Secure × Payment capability for brands not supporting 3-D Secure ×
mstatus *1 vresult_code mstatus *1 vresult_code
1 3-D Secure failure
(Password Error, Cancel)
(Payment not possible) 5555444455554442 success G0010000 G0010000 failure GE110000 GE110000
2 3-D Secure success
(Password match)
Card Company 4111111111111111 success G0010000 G0010000 success G011A001 G011A001
3 3-D Secure Success
(Attempt)
Card Company 5555555555554444 success G0010000 G0010000 failure
or success
GE120000 G012A001
4 3-D Secure execution not possible
(Issuer not enrolled in 3-D Secure cache)
Card Company 3528000000000007 failure
or success
GE010000 G0020000 G002A001
5-1 3-D Secure execution not possible
(Issuer or Member is not enrolled)
Card Company 3530111333300000 failure
or success
GE020000 G0030000 G003A001
6-1 3-D Secure execution not possible
(Unsupported device(mobile etc.) or ACS failure)
Merchant 3528000000000023 failure
or success
GE030000 GE030000
6-2 3-D Secure failure
(Incorrect PAReq, Other technical factors)
Merchant 3528000000000015 success G0010000 G0010000 failure
or success
GE130000 GE130000
7-1 Abnormal end
(VeriTrans side 3-D Secure or communication error)
Merchant 5105105105105100
5500000000000004
failure
or success
GE040000
GE050000
GE040000
GE050000
7-2 Abnormal end
(VeriTrans side 3-D Secure or communication error)
Merchant 6950695069506958 success G0010000 G0010000 failure
or success
GE140000
GE150000
GE140000
GE150000
8 3-D Secure failure
(PARes signature verification failure)
(Payment not possible) 5111111111111118 success G0010000 G0010000 failure GE160000 GE160000
*1. Response code is "failure" (failure) when it is "GExx", and it is "success" (success) when it is "G0xx".
 Though this scenario describes that the credit card payment will succeed (vresult_code:A001) after the Verify process succeeds,
it is possible to intentionally fail a payment by setting the expiration date described in the [Testing Air-Direct].

Success based authorize process

  • 3-D Secure execution possible.
  • G002=Payment execution possible. (Conditional success)
  • G003=Payment execution possible. (Conditional success)
  • G004=Payment execution possible. (Conditional success)
  • G005=Payment execution possible. (Conditional success)
  • G006=Payment execution possible. (Conditional success)

Success based verify process

  • G011=Success in 3-D Secure.
  • G012=Success in 3-D Secure. (Conditional success)
  • G013=Success in 3-D Secure. (Conditional success)
  • G014=Success in 3-D Secure. (Conditional Success)

Failure based authorize process

  • GE01=3-D Secure execution not possible. (Issuer not enrolled in MPI cache)
  • GE02=3-D Secure execution not possible. (Issuer or member is not enrolled)
  • GE03=3-D Secure execution not possible. (Unsupported device (Mobile/Unsupported browser) or ACS failure)
  • GE04=3-D Secure execution not possible. (Error occurred in MPI library)
  • GE05=3-D Secure execution not possible. (Center connection notification error occurred ({0}))
  • GE06=3-D Secure execution not possible. (Issuer or member is not enrolled)

Failure based verify process

  • GE11=Failure in 3-D Secure. (Password error, cancel)
  • GE12=Tentatively considered as an authentication success. (Payment not possible)
  • GE13=Failure in 3-D Secure. (Incorrect PAReq, Other technical factors)
  • GE14=Failure in 3-D Secure. (Error occurred in MPI library)
  • GE15=Failure in 3-D Secure. (Center connection notification error occurred({0}))
  • GE16=Failure in 3-D Secure. (PARes signature verification failure)

PUSH Notification

URL push_uri
HTTP Method POST
HTTP Headers Header name Value
Authorization Basic Connect the Server Key to the end of the Request Body, and Sha-256 hashed string
Description Result POST to push_uri.
Input format JSON
POST Parameters
(RequestBody)
push_time String YYYY/MM/DD hh:mm:ss format push datetime
push_id String 8 digits Which is numbering each time it is POST.
data
  [ Array
    {
      order_id String Half-width alphanumeric, hyphen and underscore, up to 100 characters in length. Order Id
      vresult_code String Half-width alphanumeric 16 characters Code that represents the process result in detail.
      transaction_type String Half-width alphanumeric up to 32 characters in length. "Verify":Result verification
      mpi_mstatus String Half-width alphanumeric up to 32 characters in length. Process result status of 3-D Secure.
"success":Normal termination
"failure":Abnormal termination
      card_mstatus String Half-width alphanumeric up to 8 characters in length. Process result status of card payment
"success":Normal termination
"failure":Abnormal termination
"pending":Pending
* Blank when 3-D Secure result code is failure
      test_mode Boolean if dummy transaction then true
    }
  ]
* Not support Basic Authentication.
* Push notification will be performed asynchronously.
 Before your server receives a push notification, there is a possibility that the browser is redirected to the redirection_uri.
 In that case, set the Request ID to the Search API, to get the results.
* Notification more than once, it may be sent in the same push_id.
Push notification request body sample JSON
{
    "push_time": "2015-03-30 18:36:42",
    "push_id": "00000080",
    "data": [
        {
            "order_id": "TESTC001",
            "vresult_code": "G012A00100000000",
            "transaction_type": "Verify",
            "mpi_mstatus": "success",
            "card_mstatus": "success",
            "test_mode": true
        }
    ]
}