Finaro 3D secure

This page contains the necessary information to implement and test the 3D secure flow using Finaro as a TSP.

Device fingerprint

Device fingerprint information retrieval flow
When device fingerprint assessment is required by the issuer, Source responds with the 3ds_method and 3ds_trxid parameters in the Payment Key Creation call.

3ds_method - URL - The issuer’s URL that should be used to trigger the collection of the device fingerprint by the issuer
3ds_trxid - [a-zA-Z0-9, -] - Universally unique transaction identifier to identify a single 3D Secure transaction.

Perform the following:
1. Upon receiving the 3ds_method and 3ds_trxid parameters, create a JSON object with the 3DS Method Data elements, as follows:
threeDSMethodNotificationURL = the URL to which the issuer will send his approval
threeDSServerTransID = 3ds_trxid
2. Encode the JSON object in Base64.
3. Render a hidden HTML iframe in the cardholder’s browser and send a form with a field named threeDSMethodData, containing the Base64url JSON Object, via HTTP POST to the 3ds_method URL you received from Source.
4. At this stage you should get a response about the completion of the fingerprint collection process. The information should arrive at the notification URL you provided in the JSON in the threeDSMethodNotificationURL parameter.

Source: Finaro documentation

After the device fingerprint retrieval flow is complete you need to use the following values for the attribute fingerPrintStatus:
NOT_REQUIRED: if the device fingerprint retrieval was not requested by the issuer (3ds_method is null).
REQUIRED_ASKED: if the device fingerprint retrieval was requested and you manage to complete the flow successfully.
REQUIRED_NOT_ASKED: if the device fingerprint retrieval was requested but you did not manage to complete the flow successfully or you decided to skip it.

Test cards

Card SchemeCard NumberChallengeSuccess OTPFail OTP