Skip to content

What is 2-Step Authentication

2-Step Authentication is a generic solution offered by Worldline to provide various implantations of Strong Customer Authentication. Currently supported authentication methods are 3-D Secure 1.0 and 3-D Secure 2.0.

What is 3-D Secure

The 3-D Secure authentication protocol is based on a three-domain model where the Acquirer Domain and Issuer Domain are connected by the Interoperability Domain for the purpose of authenticating a Cardholder during an electronic commerce (e-commerce) transaction or to provide identity verification and account confirmation. EMVCo specifies protocol and core functions of 3-D Secure 2.0. EMVCo is an organization overseen by American Express, Discover, JCB, MasterCard, UnionPay, and Visa.

Worldline clients who implement 3-D Secure benefit by reducing the chargeback risk of transactions and in most cases also shifts the liability for chargeback’s from themselves to the issuing banks.

Implementing 3-D Secure 1.0

  1. Merchant calls Initiate Authentication to determine whether cardholder authentication is necessary or not, which is indicated in the Authentication Status attribute of the response.
  2. Worldline MPI Server communicates with external DS and ACS to determine if authentication is required or not.
  3. ThreeDSecureResult AuthenticationProtocolVersion specifies the 3-D Secure version.
  4. AuthenticationProtocolVersion equal to 3DSv1 and Authentication Status equal to REQUIRED indicates that next step is Complete Authentication
  5. Merchant calls Complete Authentication.
  6. Authentication Status equal to SUCCESSFUL indicates that no authentication is required and the merchant processes the card transaction using the initiate Payment method.
  7. The merchant collects 3D parameters XID, ECI and CAVV required for liability shift in the subsequent payment transaction.

Implementing 3-D Secure 2.0

  1. Merchant calls Initiate Authentication to determine whether cardholder authentication is necessary or not, which is indicated in the Authentication Status attribute of the response.
  2. Authentication Status equal to CONTINUE indicates that next step is Continue Authentication and ThreeDSecureResult AuthenticationProtocolVersion specifies the 3-D Secure version.
  3. Merchant renders the HTML content of response attribute TDSMethodContent in an invisible iFrame for about 2-3 seconds before calling Continue Authentication.
  4. Merchant calls Continue Authentication.
  5. Worldline MPI Server communicates with external DS and ACS to determine if authentication is required or not.
  6. Authentication Status equal to SUCCESSFUL indicates that no authentication is required. The ThreeDSecureResult attribute of the response contains all 3-D Secure parameter that shall be provided in the Initiate Payment request to be able to claim liability shift.

Scenarios of 3-D Secure 2.0

Frictionless

In this case the response received after InitiateAuthentication is SUCCESSFUL as a result no 3ds authentication is required. overview

Frictionless with 3DS Method Data

  1. In this case , the response received from InitiateAuthentication is CONTINUE due to which continueAuthentication is required and tdsMehtodContent needs to be rendered in an invisible iFrame for about 2-3 seconds.
  2. Merchant calls Continue Authentication.
  3. Authentication Status equal to SUCCESSFUL indicates that no authentication is required and the merchant processes the card transaction using the initiate Payment method. overview

Challenge

In this case the response received after InitiateAuthentication is REQUIRED as a result merchant is redirected to DS server directly without continueAuthentication. overview

Challenge with 3DS Method Data

  1. In this case the response received after InitiateAuthentication is CONTINUE due to which continueAuthentication is required and tdsMehtodContent needs to be rendered in an invisible iFrame for about 2-3 seconds.
  2. Merchant calls Continue Authentication.
  3. Authentication Status equal to REQUIRED indicates that authentication is required and ThreeDSecureResult AuthenticationProtocolVersion specifies the 3-D Secure version.
  4. Merchant calls Complete Authentication
  5. Authentication Status equal to SUCCESSFUL indicates that no authentication is required and the merchant processes the card transaction using the initiate Payment method. overview