Introduction

This is the documentation for the 3-D Secure Server provided by 3dsecure.io. It is a Software as a Service (SaaS) implementation, offering a language-agnostic HTTP API integration. This service supports all active versions of 3-D Secure version 2 (2.1.0, 2.2.0) and our goal was to make the documentation work on it’s own. Nevertheless, you may need to refer to the specifications during the implementation.

A 3-D Secure Server is used for cardholder authentication. An authentication in 3-D Secure, is the process of verifying cardholder involvement in e.g. a purchase. An authentication results from an authentication flow and proof of authentication is an authentication value. Get an overview of a 3-D Secure Server in What is a 3-D Secure Server?

Who should integrate with this service

Candidates for integrating with this service:

  • Acquirers

  • Gateways

  • Merchants

  • Other Payment Service Providers

Why choose this service by 3dsecure.io?

We believe our service is a great product! Let us list a few reasons why.

Developed to have no downtime

Updates and deployments have been engineered to have no downtime for integrators.

No performance limit

The service is highly scalable and has been engineered to be redundant.

Sandbox service

We provide access to a sandbox service that allows for continuous testing against a “live” system.

Competitive pricing

We offer plans you can grow with. Our pricing is aimed at both low scale users as well as high scale enterprise users.

Dedicated dashboard (under development)

Use our dedicated dashboard to gain insight into your 3-D Secure usage.

Devoted team

We take pride in our job and are dedicated to providing a great service.

What is a 3-D Secure Server?

A 3-D Secure Server is used in the financial industry, to facilitate cardholder authentication in preparation for e.g. making a purchase. The specification is developed by EMVCo, who by their own words:

EMVCo exists to facilitate worldwide interoperability and acceptance of secure payment transactions

The specification is public and can be found at EMVCo’s document page. The specifications are included here for ease of access. This guide intends to be self-contained, such that you do not need to refer to the specification.

Note

The following documents are all produced and copyrighted by EMVCo.

File

Description

EMVCo_3DS_spec_v210.pdf

Specification 2.1.0

EMVCo_3DS_SDKSpec_v210.pdf

SDK Specification 2.1.0

EMVCo_3DS_SB204v5.pdf

Specification Bulletin No. 204 v5 (Cumulative updates to 2.1.0)

EMVCo_3DS_SB207v1.pdf

Update document describing changes between 2.1.0 and 2.2.0.

EMVCo_3DS_Spec_v220.pdf

Specification 2.2.0

EMVCo_3DS_SDKSpec_v220.pdf

SDK Specification 2.2.0

EMVCo_3DS_SB214v1.pdf

Specification Bulletin No. 214 v1 (Cumulative updates to 2.2.0)

Parts involved in 3-D Secure

Requestor (3DSRequestor)

An organization performing 3-D Secure authentication on behalf of a merchant. The requestor may be a merchant.

3-D Secure SDK (SDK)

An SDK for e.g. a mobile phone platform or smart television, providing platform native support for EMVCo 3DS authentication.

3-D Secure Server (3DSS)

A server facilitating communication between the Requestor and Card Schemes.

Directory Server (DS)

Card scheme service facilitating connections between 3-D Secure Server and ACS.

Access Control Server (ACS)

Acts on behalf of issuer to support authentication of cardholders.

Where to go from here

  1. Sign up at 3dsecure.io (not covered by this documentation)

  2. Read the Getting Started guide for getting an understanding of the authentication flow.

  3. Read the Making requests to the 3-D Secure Server section to learn the prerequisites for requests.

  4. Look at the API Usage in this documentation.

  5. Consult the Reference to get details about the individual API endpoints.