Use 3-D Secure for e-commerce transactions
IMPORTANT: Minimum data requirements for Visa Secure authentication requests
As per article ID: AI13666, effective August 12, 2024, Visa® requires information from three data fields for all tokenized Visa Secure EMV® 3-D Secure (3DS) payment transactions. The three required data fields in authentication request messages are:
- Browser Internet Protocol (IP) address or the device IP address for in-app transactions
- Cardholder name
- Cardholder email address or phone number, or both
Clover recommends merchants to check with their providers for 3D Secure (3DS) enablement.
3-D Secure (3DS) is a protocol that provides an additional security layer for online credit and debit card-not-present (CNP) transactions. Clover uses the EMV® 3DS to authenticate customers and safeguard against CNP fraud. 3D stands for three domains:
- The card issuer.
- The merchant receiving the payment.
- The 3DS infrastructure platform that is a secure go-between for the customer and the merchant.
Enable 3DS
3DS is required for apps intended for use in the European region. It is optional in other regions, but you can still use it as a tool to reduce fraud.
To create an additional security layer for CNP transactions, add the 3DS authentication method while using the Create a charge endpoint. When you turn on 3D Secure, the cardholder must validate every transaction with a secure personal identification number (PIN) sent to their phone or associated devices from their card issuer.
All major card issuers offer 3DS by a different brand name. Example:
Card issuer | 3DS |
---|---|
American Express® | SafeKey® |
Discover® | ProtectBuy® |
Mastercard® | SecureCode |
Visa® | Visa Secure |
3DS parameter requirement
Add the 3DS object to your charge request to initiate the 3DS authentication.
Object | Type | Description | Required/Optional |
---|---|---|---|
source | String | Source of the 3DS authentication, for example NON_CLOVER. | Required |
authentication_result | Object | 3DS authentication result. 3DS is a protocol that provides an additional security layer for online credit and debit card-not-present (CNP) transactions. | Required |
- authentication_status | String | Authentication status of 3DS transaction. Values: - Success - Failed - Attempted - Unavailable - Rejected | Optional |
- transaction_id | String | 3DS transaction identifier. | Optional |
- cryptogram | String | 3DS cryptogram is an authentication method associated with the cards stored as Android device tokens. Returned payment data includes a (3DS) cryptogram generated on the device. | Required for non-Clover 3DS |
- threeds_version | String | 3DS authentication version. Note: Clover supports 3DS version 2.0 only. Upgrade your version to 2.0, as 1.0 is no longer supported | Optional |
Request and response examples
curl --request POST \
--url 'https://scl-sandbox.dev.clover.com/v1/charges' \
--header 'accept: application/json' \
--header 'authorization: Bearer ab86a5e8-48f3-b3bd-8c45-d415e9867833' \
--header 'content-type: application/json' \
--data '
{
"ecomind": "ecom",
"metadata": {
"existingDebtIndicator": false
},
"threeds": {
"authentication_result": {
"authentication_status": "SUCCESS",
"transaction_id": "CAACCVVUlwCXUyhQNlSXAAAAAAA",
"cryptogram": "11B5 2345 49C3 C4DD 931A 27BD 8CA3 CD82",
"threeds_version": "2"
},
"source": "NON_CLOVER"
},
"source": "clv_1ABCDefgHI23jKL4m5nOPQrS",
"amount": 100,
"currency": "USD",
"description": "test"
}
‘
{
"id": "3NTR8H89C1D8M",
"amount": 100,
"payment_method_details": "card",
"amount_refunded": 0,
"currency": "USD",
"created": 1234567891234,
"description": "test",
"captured": true,
"ref_num": "1234567891",
"auth_code": "121212",
"outcome": {
"network_status": "approved_by_network",
"type": "authorized"
},
"paid": true,
"status": "succeeded",
"source": {
"id": "clv_1ABCDefgHI23jKL4m5nOPQrS",
"brand": "DISCOVER",
"exp_month": "01",
"exp_year": "2030",
"first6": "123456",
"last4": "4321"
},
"ecomind": "ecom",
"threeds": {
"validation_result": "AUTHENTICATION_STATUS_UNKNOWN",
"liability_protection_status": "NOT_PROTECTED"
Updated 3 months ago