Page History
...
- If there is the issuing bank URL threeDSMethodURL (unit 7), the merchant generates hidden HTML iFrame on the payment page (unit 9) and sends a POST request with one parameter threeDSMethodData to the received address threeDSMethodURL, and then calls the get3dsecver2 service (unit 10).
- If there is the issuing bank URL threeDSMethodURL (units 7, 9, 10), without the additional interaction with the card holder (unit 8) - Frictionless Flow (F), IPS Assist immediately executes a transaction in processing or completes the operation with an error. In response to a call to the get3dsecver2 service, the merchant will receive the payment status (unit 6).
- If there is the issuing bank URL threeDSMethodURL (units 7, 9, 10), and the additional interaction with the card holder is necessary (unit 8), the merchant generates hidden HTML iFrame on the payment page and sends an HTTP POST request for the card holder verification to the specified challengeurl URL (unit 11). This iFrame displays the issuer's bank ACS page and the customer enters a one-time password received from the bank. This is the Challenge Flow (C) scenario.
- If there is the issuing bank URL threeDSMethodURL (units 7, 9, 10), the additional interaction with the card holder is necessary (unit 8) and цith with decoupled authentication, the merchant must keep the order in the In Process state and wait for the final payment status (within the lifetime of the order). This is the Decoupled Authentication (D) scenario.
- If there is not the issuing bank URL threeDSMethodURL and when the additional interaction with the card holder is not required - Frictionless Flow (F), the transaction will be processed immediately and the payment process will be completed (unit 6). The merchant will receive the authentication result and payment status immediately in response to the call to the silentpay service.
- If there is not the issuing bank URL threeDSMethodURL and the additional interaction with the card holder is necessary (unit 8), but with no issuing bank URL threeDSMethodURL, the enterprise should generate an HTML iFrame object on the payment page and send an HTTP POST request for the card holder verification to the specified challengeurl URL (unit 11). This iFrame displays the issuer's bank ACS page and the customer enters a one-time password received from the bank.
- If there is not the issuing bank URL threeDSMethodURL and the additional interaction with the card holder is necessary (unit 8) under the Decoupled Authentication scenario (D), the merchant must keep the order in the In Process state and wait for the final payment status (within the lifetime of the order).
...
Receiving an AS110 response code in the response of the get3dsecver2 web service means that an additional card holder verification is required (Challenge Flow). In the threedsdata data block, the challenge parameter will be equal to C, and the challengeurl and challengerequest parameters will be filled (block 8). In this case, the enterprise should generate an HTML iFrame object on the payment page and send an HTTP POST request for the card holder verification to the specified URL (block 11) with the creq parameter, in which pass the received challengerequest value. This iFrame displays the ACS page of the issuing bank and the customer enters a one-time password received from the bank.
In a decoupled authentication scenario, the challenge parameter in the threedsdata data block will be equal to D, and the challengeurl and challengerequest parameters will be absent (block 8).
IPS Assist will receive the result of this verification on its server in asynchronous mode (blocks 13, 14). Depending on the authentication result and the settings of the processing and of the enterprise (block 15), the IPS Assist will executes a transaction in processing or completes the operation with an error.
...