Overview
This guide describes various 3D-Secure payment scenarios.
Best Practice Integrations
For most merchants, we recommend letting Nuvei handle the 3D-Secure complexity, by using our Web SDKs:
3D-Secure Enabled Payment Scenarios
3D-Secure for Web SDK
This payment flow scenario allows you to perform the 3D-Secure validation and proceed directly to payment.
This is a summary the steps to perform 3D-Secure payments using our Web SDK:
- On the server-side, call the /openOrder API method to place an order on our server.
- Then on the client-side, generate the payment form on your web page.
Note, you can use our Nuvei Fields feature for PCI descoping. - Call the JavaScript createPayment() method of our Web SDK.
- Verify the payment result by calling the /getPaymentStatus method or by receiving a DMN with the transaction response.
3D-Secure MPI-Only for Web SDK
This payment flow scenario allows you to perform the 3D-Secure validation only, without directly proceeding to payment.
- Server-side: Call the /openOrder API method to place an order on our server.
- Call the JavaScript authenticate3d() method of our Web SDK. This method performs the 3D-Secure validation only, without continuing to payment.
The authenticate3d() method returns the 3D-Secure authentication response which, if successful, can be used to perform a payment.
3D-Secure for Tokenized Cards
Nuvei provides tokenization solutions for cases when you need to run 3D-Secure transactions for tokenized cards.
- Server-side: Call the /openOrder API method to place an order on our server. In addition to regular mandatory fields, make sure you also provide the
userTokenId
field, which is mandatory for this case. - To perform a 3D-Secure transaction for a tokenized card, you simply provide the
userPaymentOptionId
instead of the cardholder details.Example createPayment() Request
sfc.createPayment({ "sessionToken": "<sessionToken from openOrder>", "merchantId": "<your merchantId>", // your Merchant ID provided by Nuvei "merchantSiteId": "<your merchantSiteId>" // your Merchant site ID provided by Nuvei "clientUniqueId": "695701003", // optional "userTokenId": "487106", "paymentOption": { "userPaymentOptionId": "53622598", }, "billingAddress": { "country": "GB", "email": "john.smith@safecharge.com" }, "deviceDetails": { "ipAddress": "93.146.254.172" } }, function(res) { console.log(res) })
Perform a Non-3D-Secure Transaction
Though not recommended, in some case you may want to avoid 3D-Secure altogether. To avoid 3D-Secure, you must set the paymentOption.card.threeD.dynamic3DMode
field to “OFF”.
Example /payment Request – with dynamic3DMode
OFF
{ "sessionToken": "<sessionToken from openOrder>", "merchantId": "<your merchantId>", "merchantSiteId": "<your merchantId>", "clientRequestId": "20190605094208", "timeStamp": "20190228160209", "checksum": "eb50508f5cd2e99797a658f686ceb5ea", "clientUniqueId": "uniqueIdCC", "currency": "EUR", "amount": "10", "paymentOption": { "card": { "cardNumber": "5115806139808464", "cardHolderName": "test name", "expirationMonth": "01", "expirationYear": "2020", "CVV": "122", "threeD": { "dynamic3DMode": "OFF" } } }, "billingAddress": { "country": "GB", "email": "john.smith@safecharge.com" }, "deviceDetails": { "ipAddress": "93.146.254.172" } }
External MPI (Third-Party 3D-Secure)
Nuvei supports processing 3D-Secured transactions using 3D-Secure authentication values received from an external MPI provider.
This scenario can occur where you use an external 3D-Secure provider to process your 3D-Secure requirements, and then use Nuvei to complete the payment processing.
For more information, see the External MPI (Third-Party 3D-Secure) section.