1. ISX Help Center
  2. 3-D Secure Feature

How 3-D Secure 1.0 works?

The three domains consist of the merchant / acquirer domain, issuer domain, and the interoperability domain (e.g. payment systems). This is simplified diagram of 3-D Secure 1.0 process workflow:

  1. The online-customer (Cardholder) in their web-browser checks-out at the merchant site and enters their payment card details.
  2. If Merchant’s site enables 3- D Secure, it implements the merchant plug-in (MPI). MPI contacts the Payment System Directory Server (DS) located in the Interoperability Domain to verify the enrolment of the payment card in 3-D Secure by sending to the DS a Verifying Enrolment Request (VEReq) which includes Cardholder’s payment card number (primary account number (PAN)).
  3. Based on the PAN, the DS finds the card issuer’s Access Control Server (ACS) and contacts it to determine whether the card is enrolled in 3-D Secure.
  4. The ACS responds to the DS, confirming or not confirming that card with the given PAN is enrolled in the payment system.
  5. The DS responds to the MPI with a Verifying Enrolment Response (VERes) message, confirming to the MPI whether the card is enrolled or not. If card is enrolled, the VERes message include the URL of the card issuer’s ACS.
  6. Merchant’s MPI redirects (or provides iFrame) Cardholder browser to the ACS URL adding to POST-request signed Payer Authentication Request (PAReq), which includes PAN and other transaction details.
  7. The Cardholder authenticates himself at the ACS authentication. Depending on supporting authentication method it can be One Time PIN, known fixed password, login to web bank, etc. The personal assurance message (PAM) is chosen by cardholder during the enrolment maybe displayed on this page, if Issuer supports this option.
  8. When Cardholder submitted authentication form as above, the ACS redirects them back to MPI adding a Payer Authentication Response (PARes) message.
  9. The PARes is then forwarded to the MPI via the customer’s browser. PARes includes the transaction status which indicates whether the customer has successfully authenticated with 3-D Secure. Depending on payment system rules and the transaction status in PARes message the merchant can proceed with a payment.