The following covers the 3DS response fields and their values / meanings. There is also a translation of the TxShield response to 3DS1 naming conventions, as the TxShield response matches 3DS2 naming conventions.
Example Response
{
threeDSIntegratorOid: 'string',
threeDSRequestorOrderID: 'string',
threeDSRequestorData: 'string',
threeDSRequestorID: 'string',
threeDSServerTransID: 'string',
shieldReference: 'string',
acsTransID: 'string',
dsTransID: 'string',
transStatus: 'string',
transStatusReason: 'string',
authenticationValue: 'string',
authenticationAlgorithm: 'string',
eci: 'string',
version: 'string',
errCode: 'string',
errMsg: 'string'
}
transStatus
The values in the transStatus field along with the eci field indicated whether a liability shift has occurred. If the value is Y, U, A you can attempt the authorization (payment) transaction. If the value is N, C, R we recommend not attempting the authorization transaction, however it is at the merchants Discretion if they wish to proceed.
Only a status of Y guarantees a full liability shift.
A transStatus of C should only be returned by the 3DS SDK if challenges are turned off. This turns the 3DS SDK into a frictionless workflow. If you receive a transStatus of C the frictionless transaction has not authenticated. The ACS server (the card issuer) requested the Challenge work flow, and in a forced frictionless scenario this means the Authentication has failed. You should not proceed to payment. The 3DS SDK returns the transStatus of C so that the merchant can keep statistics and track how many potential authentications failed because the ACS requested a challenge, and you may want to use that to inform your decision to turn challenges on later, or keep them turned off.
| transStatus value | Description | Continue to Payment |
|---|---|---|
| Y | Authentication Successful | Y |
| N | Not Authenticated, Transaction denied | N |
| U | Authentication/ Account Verification Could Not Be Performed | Y |
| A | Not Authenticated, but a proof of attempted authentication is provided | Y |
| C | Challenge Required; Additional authentication is required. Only returned if challenge disabled (frictionless) | N |
| R | Authentication Rejected; Issuer is rejecting authenticatio and request that authorisation not be attempted. | N |
transStatusReason
The values in the transStatusReason field can be mapped to these reasons. The full text should already be in the msg field, in the response data so you don't need to map this yourself.
| transStatusReason value | Meaning |
|---|---|
| 01 | Card authentication failed |
| 02 | Unknown Device |
| 03 | Unsupported Device |
| 04 | Exceeds authentication frequency limit |
| 05 | Expired card |
| 06 | Invalid card number |
| 07 | Invalid transaction |
| 08 | No Card record |
| 09 | Security failure |
| 10 | Stolen card |
| 11 | Suspected fraud |
| 12 | Transaction not permitted to cardholder |
| 13 | Cardholder not enrolled in service |
| 14 | Transaction timed out at the ACS |
| 15 | Low confidence |
| 16 | Medium confidence |
| 17 | High confidence |
| 18 | Very High confidence |
| 19 | Exceeds ACS maximum challenges |
| 20 | Non-Payment transaction not supported |
| 21 | 3RI transaction not supported |
TxShield (3DS2) fields to 3DS1 translation
| TxShield Field (3DS2) | 3DS1 Name | Description |
|---|---|---|
| acsTransId | - | ACS servers reference |
| authenticationValue | cavv | |
| dsTransId | xid | Director servers reference |
| eci | eci | Ecommer Indiciator |
| protocolVersion | - | |
| transStatus | transStatus / status | Depends on the processor as to which they use. |
| authenticationAlgorithm | authenticationAlgorithm | Alorithm Identifier. 3DS1 Only |