What's new in 3DS 2.2.0
Version 2.2.0 of the EMV® 3-D Secure (EMV 3DS) specification introduced some new functionality that is available in the component when setting the ProtocolVersion configuration setting to a value of 2.2.0.
ACS Information Indicator
In 3DS 2.2.0, the card ranges retrieved by the RequestCardRanges method may also include information regarding what functionality is supported for the card range. When this data is present, the ACSInformationIndicator will be populated. This field is a mask with the following values; multiple values can be set:
- 01 = Authentication Available at ACS
- 02 = Attempts Supported by ACS or DS
- 03 = Decoupled Authentication Supported
- 04 = Whitelisting Supported
Decoupled Authentication
Decoupled Authentication is a new concept in version 2.2.0 of the EMV 3DS specification. This is essentially the challenge flow, but the challenge process itself happens outside of 3DS. For example, a push notification from a banking application prompts the user to complete authentication there instead. No challenge request (CReq) or challenge response (CRes) packets are used. The results request is still sent by the directory server when the process is complete. The decoupled authentication process is available as follows:
The ACS indicates that it supports Decoupled Authentication via the acsInfoInd (ACSInformationIndicator) returned when retrieving card ranges.
When sending the AReq packet via the SendAuthRequest method, let the server know Decoupled Authentication is requested via the following properties:
- DecoupledMaxTimeout
- DecoupledRequestIndicator
When the ARes packet is received (SendAuthRequest returns), a TransactionStatus value of D would indicate that Decoupled Authenticaiton is being used. The following properties can also be checked related to this type of authentication:
- DecoupledConfirmationIndicator
- DecoupledTimeRemaining
At this point, authentication happens behind the scenes and the 3DS Server waits for the RReq to be received. If an RReq is received, the transaction process would move forward normally (the same as if a regular challenge had been performed.) If no RReq is received before the timeout, the 3DS Server should assume the Decoupled Authentication was not successful.
Whitelisting
Whitelisting is the process of an ACS enabling the cardholder to place the 3DS Requestor on their trusted beneficiaries list. In the app-based flow, there are new fields where a Whitelisting message is provided by the ACS to prompt the user whether or not to whitelist the app. The CReq sent back to the ACS contains a true/false answer.
Simiar to Decoupled Authentication above, the ACS indicates that it supports Whitelisting via the acsInfoInd (ACSInformationIndicator) returned when retrieving card ranges.
When sending the AReq packet via the SendAuthRequest method, the WhitelistStatus config can be set to Y or N to indicate whether or not the 3DS Requestor is whitelisted by the cardholder. At this time, the WhitelistStatusSource should be 01, indicating that the status is provided by the (3DS Server).
In the app-based flow, if there is WhitelistingInformationText included in the CRes, the WhitelistingDataEntry, set to a value of Y or N, indicates whether or not the user checked the box or not and is sent in the following CReq packet.
There is also a Whitelist status check option in the ThreeRIIndicator config. This indicates that the purpose of the 3RI transaction is to check the whitelist status.
BrowserJavaScriptEnabledVal property
This new BrowserJavaScriptEnabledVal property is used to indicate to the directory server whether the cardholder browser supports executing JavaScript. This should be set prior to calling SendAuthRequest and is only used in the browser-based flow. When set to true, the BrowserJavaEnabledVal property must also be set.
New ThreeRIIndicator values
3DS 2.2.0 introduced new 3RI indicator values, which can be set via the ThreeRIIndicator configuration setting. The new values are detailed in the documentation, and are as follows:
- 06 = Split/delayed shipment
- 07 = Top-up
- 08 = Mail order
- 09 = Telephone order
- 10 = Whitelist status check
- 11 = Other payment
New TransactionStatus values
3DS 2.2.0 introduced new transaction status values, which can be accessed via the TransactionStatus property. The new values are detailed in the documentation, and are as follows:
- D = Challenge Required; Decoupled Authentication confirmed
- I = Informational Only; 3DS Requestor challenge preference acknowledged
We appreciate your feedback. If you have any questions, comments, or suggestions about this article please contact our support team at support@nsoftware.com.