3D Secure 2
3D Secure 2
SCA is a European regulatory requirement to combat and reduce fraud and make online payments more secure in every aspect.
There are three elements, that must be independent of one appendix-caption other, have to be considered to verify the identity of the consumer: PIN or password, smartphone, and scan or fingerprint.
Supported brands are Mastercard, VISA, American Express, Diners Club, and Discover.
Commands
Pre Transaction Commands
The first step is to generate a unique order number with the command CREATEORDER.
Transaction Commands
INITIATEPAYMENT
Request Parameters
| Required Parameters | Optional Parameters | ||
|---|---|---|---|
|
|||
|
|||
|
|||
|
| Required Parameters | ||
|---|---|---|
|
||
|
||
Optional Parameters |
||
|
Optional request parameters CUSTOMERSTATEMENT and ORDERREFERENCE, are more restricted about their length and allowed characters than usual.
Initialization example
3D Secure payment method can be initialized if the merchant sends 3DSECURE for parameter INITTYPE.
|
-
Send a request.
Example of Request for InitiationCOMMAND=INITIATEPAYMENT& MERCHANTKEY=43gADp5.UOZxPTet6O8o8K6o-7RefQB3BO21OMu4chB65LJUI_& INITTYPE=3DSECURE& PAYMENTTYPE=CREDITCARD& ORDERNUMBER=14286231& DEPOSITAMOUNT=0& LANGUAGE=en& AMOUNT=1& CURRENCY=EUR& SERVICEURL=http://yourimprint.com/& MERCHANT_TOKENIZATION_FLAG=TRUE& CONSUMER_CHALLENGE_INDICATOR=04& OVERWRITE_WAKEUPMESSAGE=TRUE& USER_AGENT=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.81 Safari/537.36 Edg/104.0.1293.47& ACCEPT_HEADERS=text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9& BROWSER_JAVA_ENABLED=0& BROWSER_JAVASCRIPT_ENABLED=1& BROWSER_ACCEPT_HEADERS=text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9& BROWSER_SCREEN_RESOLUTION=1920x1080& BROWSER_COLOR_DEPTH=24& BROWSER_USER_AGENT=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.81 Safari/537.36 Edg/104.0.1293.47& BROWSER_LANGUAGE=en-GB& BROWSER_CHALLENGE_WINDOW_SIZE=05& BROWSER_TIME_ZONE=-120& EXPIRY=01/2025& PAN=4000012892688323& CARDVERIFYCODE=123& CARDHOLDERNAME=Test005& CONSUMER_IP_ADDRESS=172.20.0.231& CUSTOMERSTATEMENT=Test005& SUCCESSURL=https://yoursuccessurl.com& FALLBACK=FALSE& ORDERDESCRIPTION=Test:0000& CARDHOLDERNAMED=Test005& IP_ADDRESS=172.20.0.231& APPLICATIONTYPE=S& WAKEUPMESSAGE_METHOD=PAGE& -
The response looks like this:
Example of Response for Initiationheader=Content-Type%3A+text%2Fhtml%0D%0A& body=%3Chtml%3E%0A%3Chead%3E%0A%3Ctitle%3EACS+Anfrage+Seite%3C%2Ftitle%3E%0A%3C%2Fhead%3E%0A%3Cbody+OnLoad%3D%22OnLoadEvent%28%29%3B%22%3E%0A%3Cform+name%3D%22downloadForm%22+action%3D%22https%3A%2F%2Fapi.qenta.com%2Fpage%2Facs.php%22+method%3D%22post%22%3E%0A%3Ccenter%3E%0A%3Cnoscript%3E%0A%3Cbr+%2F%3E%3Cbr+%2F%3E%0A%3Ch1%3E3-D+Secure+Transaktion%3C%2Fh1%3E%0A%3Ch2%3EJavaScript+ist+in+Ihrem+Browser+deaktiviert%3C%2Fh2%3E%0A%3Ch3%3EBitte+klicken+Sie+auf+den+Button%2C+um+die+3-D+Secure+Transaktion+fortzusetzen%3C%2Fh3%3E%0A%3Cinput+type%3D%22submit%22+value%3D%22fortsetzen%22+%2F%3E%0A%3C%2Fnoscript%3E%0A%3C%2Fcenter%3E%0A%3Cinput+type%3D%22hidden%22+name%3D%22PaReq%22+value%3D%22eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6ImU0NWZiMDhmLTU5NDktNDcxNC04NGVhLWMzZTc4YjY2NjA0YSIsImFjc1N0YXJ0UHJvdG9jb2xWZXJzaW9uIjoiMi4xLjAiLCJhY3NFbmRQcm90b2NvbFZlcnNpb24iOiIyLjEuMCIsImRzU3RhcnRQcm90b2NvbFZlcnNpb24iOiIyLjEuMCIsImRzRW5kUHJvdG9jb2xWZXJzaW9uIjoiMi4yLjAiLCJoaWdoZXN0Q29tbW9uU3VwcG9ydGVkUHJvdG9jb2xWZXJzaW9uIjoiMi4xLjAiLCJ0aHJlZURTTWV0aG9kVVJMIjoiaHR0cHM6Ly8zZHMtc2ltLWRldi5jb21wdXRvcC5jb20vL2Fjcy8zZHMtbWV0aG9kIiwidGhyZWVEU01ldGhvZERhdGFGb3JtIjoiZXlKMGFISmxaVVJUVFdWMGFHOWtUbTkwYVdacFkyRjBhVzl1VlZKTUlqb2lhSFIwY0hNNkx5OTNkM2N1WTI5dGNIVjBiM0F0Y0dGNVoyRjBaUzVqYjIwdlkySlVhSEpsWlVSVExtRnpjSGdfWVdOMGFXOXVQVzEwYUdST2RHWnVJaXdpZEdoeVpXVkVVMU5sY25abGNsUnlZVzV6U1VRaU9pSmxORFZtWWpBNFppMDFPVFE1TFRRM01UUXRPRFJsWVMxak0yVTNPR0kyTmpZd05HRWlmUSIsInRocmVlRFNNZXRob2REYXRhIjp7InRocmVlRFNNZXRob2ROb3RpZmljYXRpb25VUkwiOiJodHRwczovL3d3dy5jb21wdXRvcC1wYXlnYXRlLmNvbS9jYlRocmVlRFMuYXNweD9hY3Rpb249bXRoZE50Zm4iLCJ0aHJlZURTU2VydmVyVHJhbnNJRCI6ImU0NWZiMDhmLTU5NDktNDcxNC04NGVhLWMzZTc4YjY2NjA0YSJ9fQ%3D%3D%22+%2F%3E%0A%3Cinput+type%3D%22hidden%22+name%3D%22TermUrl%22+value%3D%22https%3A%2F%2Fyoursuccessurl.com%22+%2F%3E%0A%3Cinput+type%3D%22hidden%22+name%3D%22MD%22+value%3D%22Q1JFRElUQ0FSRC0zRFMyfDg0MHwtMXwxMjMyODkwNg%3D%3D%22+%2F%3E%0A%3C%2Fform%3E%0A%3Cscript+type%3D%22text%2Fjavascript%22%3E%0A%3C%21--%0Afunction+OnLoadEvent%28%29%0A%7B%0A++document.downloadForm.submit%28%29%3B%0A%7D%0A%2F%2F--%3E%0A%3C%2Fscript%3E%0A%3C%2Fbody%3E%0A%3C%2Fhtml%3E%0A& version=qtillserver+3.23.0.47& status=0 -
Decode the text with URL Decoder. Use Notepad ++ or some other URL Decoder. After decoding the response should look like this.
header=Content-Type: text/html &body=<html> <head> <title>ACS Anfrage Seite</title> </head> <body OnLoad="OnLoadEvent();"> <form name="downloadForm" action="https://api.qenta.com/page/acs.php" method="post"> <center> <noscript> <br /><br /> <h1>3-D Secure Transaktion</h1> <h2>JavaScript ist in Ihrem Browser deaktiviert</h2> <h3>Bitte klicken Sie auf den Button, um die 3-D Secure Transaktion fortzusetzen</h3> <input type="submit" value="fortsetzen" /> </noscript> </center> <input type="hidden" name="PaReq" value="eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6ImU0NWZiMDhmLTU5NDktNDcxNC04NGVhLWMzZTc4YjY2NjA0YSIsImFjc1N0YXJ0UHJvdG9jb2xWZXJzaW9uIjoiMi4xLjAiLCJhY3NFbmRQcm90b2NvbFZlcnNpb24iOiIyLjEuMCIsImRzU3RhcnRQcm90b2NvbFZlcnNpb24iOiIyLjEuMCIsImRzRW5kUHJvdG9jb2xWZXJzaW9uIjoiMi4yLjAiLCJoaWdoZXN0Q29tbW9uU3VwcG9ydGVkUHJvdG9jb2xWZXJzaW9uIjoiMi4xLjAiLCJ0aHJlZURTTWV0aG9kVVJMIjoiaHR0cHM6Ly8zZHMtc2ltLWRldi5jb21wdXRvcC5jb20vL2Fjcy8zZHMtbWV0aG9kIiwidGhyZWVEU01ldGhvZERhdGFGb3JtIjoiZXlKMGFISmxaVVJUVFdWMGFHOWtUbTkwYVdacFkyRjBhVzl1VlZKTUlqb2lhSFIwY0hNNkx5OTNkM2N1WTI5dGNIVjBiM0F0Y0dGNVoyRjBaUzVqYjIwdlkySlVhSEpsWlVSVExtRnpjSGdfWVdOMGFXOXVQVzEwYUdST2RHWnVJaXdpZEdoeVpXVkVVMU5sY25abGNsUnlZVzV6U1VRaU9pSmxORFZtWWpBNFppMDFPVFE1TFRRM01UUXRPRFJsWVMxak0yVTNPR0kyTmpZd05HRWlmUSIsInRocmVlRFNNZXRob2REYXRhIjp7InRocmVlRFNNZXRob2ROb3RpZmljYXRpb25VUkwiOiJodHRwczovL3d3dy5jb21wdXRvcC1wYXlnYXRlLmNvbS9jYlRocmVlRFMuYXNweD9hY3Rpb249bXRoZE50Zm4iLCJ0aHJlZURTU2VydmVyVHJhbnNJRCI6ImU0NWZiMDhmLTU5NDktNDcxNC04NGVhLWMzZTc4YjY2NjA0YSJ9fQ==" /> <input type="hidden" name="TermUrl" value="https://yoursuccessurl.com" /> <input type="hidden" name="MD" value="Q1JFRElUQ0FSRC0zRFMyfDg0MHwtMXwxMjMyODkwNg==" /> </form> <script type="text/javascript"> <!-- function OnLoadEvent() { document.downloadForm.submit(); } //--> </script> </body> </html> &version=qtillserver 3.23.0.47&status=0 -
Beautify code (delete everything above and below html tag and uncomment function OnLoadEvent(), replace every "+" with empty space).
<html> <head> <title>ACS Anfrage Seite</title> </head> <body OnLoad="OnLoadEvent();"> <form name="downloadForm" action="https://api.qenta.com/page/acs.php" method="post"> <center> <noscript> <br /><br /> <h1>3-D Secure Transaktion</h1> <h2>JavaScript ist in Ihrem Browser deaktiviert</h2> <h3>Bitte klicken Sie auf den Button, um die 3-D Secure Transaktion fortzusetzen</h3> <input type="submit" value="fortsetzen" /> </noscript> </center> <input type="hidden" name="PaReq" value="eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6ImU0NWZiMDhmLTU5NDktNDcxNC04NGVhLWMzZTc4YjY2NjA0YSIsImFjc1N0YXJ0UHJvdG9jb2xWZXJzaW9uIjoiMi4xLjAiLCJhY3NFbmRQcm90b2NvbFZlcnNpb24iOiIyLjEuMCIsImRzU3RhcnRQcm90b2NvbFZlcnNpb24iOiIyLjEuMCIsImRzRW5kUHJvdG9jb2xWZXJzaW9uIjoiMi4yLjAiLCJoaWdoZXN0Q29tbW9uU3VwcG9ydGVkUHJvdG9jb2xWZXJzaW9uIjoiMi4xLjAiLCJ0aHJlZURTTWV0aG9kVVJMIjoiaHR0cHM6Ly8zZHMtc2ltLWRldi5jb21wdXRvcC5jb20vL2Fjcy8zZHMtbWV0aG9kIiwidGhyZWVEU01ldGhvZERhdGFGb3JtIjoiZXlKMGFISmxaVVJUVFdWMGFHOWtUbTkwYVdacFkyRjBhVzl1VlZKTUlqb2lhSFIwY0hNNkx5OTNkM2N1WTI5dGNIVjBiM0F0Y0dGNVoyRjBaUzVqYjIwdlkySlVhSEpsWlVSVExtRnpjSGdfWVdOMGFXOXVQVzEwYUdST2RHWnVJaXdpZEdoeVpXVkVVMU5sY25abGNsUnlZVzV6U1VRaU9pSmxORFZtWWpBNFppMDFPVFE1TFRRM01UUXRPRFJsWVMxak0yVTNPR0kyTmpZd05HRWlmUSIsInRocmVlRFNNZXRob2REYXRhIjp7InRocmVlRFNNZXRob2ROb3RpZmljYXRpb25VUkwiOiJodHRwczovL3d3dy5jb21wdXRvcC1wYXlnYXRlLmNvbS9jYlRocmVlRFMuYXNweD9hY3Rpb249bXRoZE50Zm4iLCJ0aHJlZURTU2VydmVyVHJhbnNJRCI6ImU0NWZiMDhmLTU5NDktNDcxNC04NGVhLWMzZTc4YjY2NjA0YSJ9fQ==" /> <input type="hidden" name="TermUrl" value="https://yoursuccessurl.com" /> <input type="hidden" name="MD" value="Q1JFRElUQ0FSRC0zRFMyfDg0MHwtMXwxMjMyODkwNg==" /> </form> <script type="text/javascript"> function OnLoadEvent() { document.downloadForm.submit(); } </script> </body> </html> -
Execute the HTML, and the 3D Secure mask should be seen in a browser. Enter specific test data for 3D Secure payment method. After that, the merchant will be redirected to the successUrl (which is invalid in this example).
VERIFYPAYMENT
| After every INITIATEPAYMENT, VERIFYPAYMENT needs to be done for 3D Secure. |
Response Parameters
| Required Parameters | Optional Parameters | ||
|---|---|---|---|
|
Verifying payment example
-
Send a request.
Request ParametersMERCHANTKEY=43gADp5.UOZxPTet6O8o8K6o-7RefQB3BO21OMu4chB65LJUI_& COMMAND=VERIFYPAYMENT& APPLICATIONTYPE=S& DEPOSITFLAG=FALSE& ORDERNUMBER=14286231& LANGUAGE=en& -
The response looks like this:
Response Parametersorder.1.amount=1.00& payment.1.1.paymentNumber=14286231& payment.1.1.depositAmount=0.00& order.1.orderText=Test%3A0000& order.1.contractNumber=Qenta_Test1& payment.1.1.timeModified=26.10.2022+09%3A39%3A54& payment.1.1.operationsAllowed=DEPOSIT%2CAPPROVEREVERSAL& payment.1.1.paymentType=CREDITCARD& order.1.merchantNumber=840& payment.1.1.state=payment_approved& order.1.depositAmount=0& order.1.customerStatement=Test005& order.1.providerContractNumber=Qenta_Test1& order.1.timeModified=26.10.2022+09%3A39%3A54& payment.1.1.providerReferenceNumber=09fe67a91b2b4ecd93b8e79fd0b502bc& order.1.orderNumber=14286231& payment.1.1.gatewayReferenceNumber=0741d39e24e841ea9005edbb5e98de76& payment.1.1.orderNumber=14286231& payment.1.1.approveAmount=1.00& payment.1.1.providerTokenId=0527152527152323& order.1.approveAmount=1.00& order.1.credits=0& payment.1.1.merchantNumber=840& order.1.payments=1& order.1.currency=EUR& version=qtillserver+3.23.0.48& order.1.refundAmount=0& payment.1.1.currency=EUR& order.1.timeCreated=26.10.2022+09%3A38%3A42& order.1.state=ORDERED& order.1.orderDescription=Test%3A0000&orders=1& payment.1.1.timeCreated=26.10.2022+09%3A39%3A54& order.1.acquirer=QENTA& order.1.paymentType=CREDITCARD& order.1.brand=Verified+by+Visa& status=0
Post Transaction Commands
GETORDERDETAILS
Response Parameters
| Required Parameters | Optional Parameters | ||
|---|---|---|---|
|
Getting order details example
-
Send a request.
Request ParametersMERCHANTKEY=43gADp5.UOZxPTet6O8o8K6o-7RefQB3BO21OMu4chB65LJUI_& COMMAND=GETORDERDETAILS& APPLICATIONTYPE=S& ORDERNUMBER=14286231& ADMIN_PASSWORD=9p3a0m5f& -
The response looks like this:
Response Parametersorder.1.amount=1.00& payment.1.1.paymentNumber=14286231& payment.1.1.timeModified=26.10.2022+09%3A39%3A54& payment.1.1.operationsAllowed=DEPOSIT%2CAPPROVEREVERSAL& payment.1.1.paymentType=CREDITCARD& order.1.merchantNumber=840& order.1.depositAmount=0& payment.1.1.providerReferenceNumber=09fe67a91b2b4ecd93b8e79fd0b502bc& payment.1.1.orderNumber=14286231& payment.1.1.providerTokenId=0527152527152323& order.1.approveAmount=1.00& order.1.credits=0& payment.1.1.merchantNumber=840& order.1.payments=1& version=qtillserver+3.23.0.48& order.1.state=ORDERED& payment.1.1.currency=EUR& order.1.refundAmount=0& orders=1& order.1.brand=Verified+by+Visa& order.1.acquirer=QENTA& status=0& payment.1.1.depositAmount=0.00& order.1.orderText=Test%3A0000& order.1.contractNumber=Qenta_Test1& payment.1.1.state=payment_approved& order.1.customerStatement=Test005& order.1.providerContractNumber=Qenta_Test1& order.1.orderNumber=14286231& order.1.timeModified=26.10.2022+09%3A39%3A54& payment.1.1.gatewayReferenceNumber=0741d39e24e841ea9005edbb5e98de76& objectsTotal=1& payment.1.1.approveAmount=1.00& order.1.currency=EUR& order.1.timeCreated=26.10.2022+09%3A38%3A42& order.1.orderDescription=Test%3A0000& payment.1.1.timeCreated=26.10.2022+09%3A39%3A54& order.1.paymentType=CREDITCARD
DEPOSIT
The transaction can be deposited:
-
By using the command DEPOSIT (see an example!).
This is only possible if the transaction is not deposited in any other way. -
By sending the parameter
DEPOSITAMOUNTfor the INITIATEPAYMENT and the parameterDEPOSITFLAGfor VERIFYPAYMENT.
In this case, the command DEPOSIT isn’t used.
Deposit example
-
Send a request.
Request ParametersMERCHANTKEY=43gADp5.UOZxPTet6O8o8K6o-7RefQB3BO21OMu4chB65LJUI_& COMMAND=DEPOSIT& ORDERNUMBER=14286231& PAYMENTNUMBER=14286231& AMOUNT=1.00& CURRENCY=EUR& LANGUAGE=en& APPLICATIONTYPE=S& -
The response looks like this:
Response Parametersversion=qtillserver+3.23.0.48& paymentNumber=14286231& status=0
DEPOSITREVERSAL
Deposit Reversal example
-
Send a request.
Request ParametersMERCHANTKEY=43gADp5.UOZxPTet6O8o8K6o-7RefQB3BO21OMu4chB65LJUI_& COMMAND=DEPOSITREVERSAL& ORDERNUMBER=14286231& PAYMENTNUMBER=14286231& CURRENCY=EUR& ADMIN_PASSWORD=9p3a0m5f& LANGUAGE=en& APPLICATIONTYPE=S& -
The response looks like this:
Response Parametersversion=qtillserver+3.23.0.48& status=0
APPROVEREVERSAL
| For using the command APPROVEREVERSAL, payment needs to be in an approved state. Look at the order flow diagram of the payment method for closer information. |
Approve Reversal example
-
Send a request.
Request ParametersMERCHANTKEY=43gADp5.UOZxPTet6O8o8K6o-7RefQB3BO21OMu4chB65LJUI_& COMMAND=APPROVEREVERSAL& ORDERNUMBER=27541& PAYMENTNUMBER=27541& ADMIN_PASSWORD=9p3a0m5f& LANGUAGE=en& APPLICATIONTYPE=S& -
The response looks like this:
Response Parametersversion=qtillserver+3.23.0.47& status=0
RECURPAYMENT
Recurring payment example
-
Send a request.
Request ParametersCOMMAND=RECURPAYMENT& MERCHANTKEY=43gADp5.UOZxPTet6O8o8K6o-7RefQB3BO21OMu4chB65LJUI_& ORDERNUMBER=11649764& SOURCEORDERNUMBER=14286231& AMOUNT=1& CURRENCY=EUR& ORDERDESCRIPTION=Test:0000& MERCHANT_TOKENIZATION_FLAG=TRUE& PERIODIC_TYPE=ucof& ADMIN_PASSWORD=9p3a0m5f& APPLICATIONTYPE=S& -
The response looks like this:
Response Parametersversion=qtillserver+3.23.0.47& status=0
REFUND
Request Parameters
| Required Parameters | Optional Parameters | ||
|---|---|---|---|
|
Refunding example
-
Send a request.
Request ParametersMERCHANTKEY=43gADp5.UOZxPTet6O8o8K6o-7RefQB3BO21OMu4chB65LJUI_& COMMAND=REFUND& ORDERNUMBER=6958930& CURRENCY=EUR& AMOUNT=1.00& ADMIN_PASSWORD=9p3a0m5f& APPLICATIONTYPE=S& LANGUAGE=en& -
The response looks like this:
Response ParameterscreditNumber=15236111& version=qtillserver+3.23.0.48& status=0
REFUNDREVERSAL
Refunding reversal example
-
Send a request.
Request ParametersMERCHANTKEY=43gADp5.UOZxPTet6O8o8K6o-7RefQB3BO21OMu4chB65LJUI_& COMMAND=REFUNDREVERSAL& ORDERNUMBER=6958930& CREDITNUMBER=15236111& (1) ADMIN_PASSWORD=9p3a0m5f& APPLICATIONTYPE=S& LANGUAGE=en1 Use a credit number got from the refund. -
The response looks like this:
Response Parametersversion=qtillserver+3.23.0.47& status=0
Query Commands
For every payment method commands QUERYORDERS, QUERYCREDITS, and QUERYBATCHES are used.
3DS2 Use Cases
One-Time Payment
One-time payment is a fast way to make a single, non-recurring payment. Every transaction is consumer-initiated, therefore SCA based on PSD2 is required.
One-Click Checkout
Each One-click checkout transaction falls under the SCA requirements because it’s executed by the consumer in session. Merchants have to store credit card data as a token in their webshops for recurring payments. The advantage is that consumers can initialize the transaction just in a few steps with data stored in the shop. Every transaction is consumer-initiated so they need to give permission the first time for one-click checkout.
These parameters need to be set in the first request:
-
CONSUMER_BILLING_FIRST_NAME,CONSUMER_BILLING_LAST_NAME, andCONSUMER_EMAILare mandatory parameters -
CONSUMER_CHALLENGE_INDICATORmust be set to04 -
MERCHANT_TOKENIZATION_FLAGmust be set toTRUE.
The optional parameters CONSUMER_AUTHENTICATION_METHOD and CONSUMER_SHIPPING_ITEM_AVAILABILITY are recommended.
|
If the payment is done and the result is received, the 3DS2 process is also completed for the first payment. If the consumer wants to pay again, the checkout has to be initialized once again as above by the consumer, set the parameter SOURCEORDERNUMBER with the ORDERNUMBER value from the previous payment in the new request.
Subscription Model
With this model, consumers must be informed regarding the terms of the agreement when setting up the recurring payment plan and the first transaction needs an SCA since transactions are merchant-initiated.
These parameters need to be set in the first request:
-
CONSUMER_BILLING_FIRST_NAME,CONSUMER_BILLING_LAST_NAME, andCONSUMER_EMAILare mandatory parameters -
CONSUMER_CHALLENGE_INDICATORmust be set to04 -
MERCHANT_TOKENIZATION_FLAGmust be set toTRUE.
The optional parameters CONSUMER_AUTHENTICATION_METHOD and CONSUMER_SHIPPING_ITEM_AVAILABILITY are recommended.
|
If the payment is done and the result is received, the 3DS2 process is also completed for the first payment.
The merchant has to use the RECURPAYMENT command with the SOURCEORDERNUMBER, the MERCHANT_TOKENIZATION_FLAG with the value TRUE and the PERIODIC_TYPE with the value recurring. The SOURCEORDERNUMBER is the ORDERNUMBER from the last recurring transaction and if the last transaction was the initial transaction, use this ORDERNUMBER for the SOURCEORDERNUMBER instead.
Recurring payments with different amounts by each payment
Unlike the subscription model where recurring payments happen with the same amount on a fixed date, PSD2 has the possibility to execute unscheduled merchant-initiated transactions (UCOF). Merchants have to consider that consumers must be informed regarding the terms of the unscheduled credential on file. The first transaction needs an SCA since transactions are merchant-initiated.
These parameters need to be set in the first request:
-
CONSUMER_BILLING_FIRST_NAME,CONSUMER_BILLING_LAST_NAME, andCONSUMER_EMAILare mandatory parameters -
CONSUMER_CHALLENGE_INDICATORmust be set to04 -
MERCHANT_TOKENIZATION_FLAGmust be set toTRUE.
The optional parameters CONSUMER_AUTHENTICATION_METHOD and CONSUMER_SHIPPING_ITEM_AVAILABILITY are recommended.
|
If the payment is done and the result is received, the 3DS2 process is also completed for the first payment.
The merchant has to use the RECURPAYMENT command with the SOURCEORDERNUMBER, the MERCHANT_TOKENIZATION_FLAG with the value TRUE and the PERIODIC_TYPE with the value ucof. The SOURCEORDERNUMBER is the ORDERNUMBER from the last recurring transaction and if the last transaction was the initial transaction, use this ORDERNUMBER for the SOURCEORDERNUMBER instead.
PAN, EXPIRY, and CARDVERIFYCODE are mandatory. The parameter SOURCEORDERNUMBER can not be used with these three parameters. If sent SOURCEORDERNUMBER, parameters PAN, EXPIRY, and CARDVERIFYCODE will be ignored, so they don’t need to be sent.