Finaro 3D secure

This page contains the necessary information to implement and test the 3D secure flow using Finaro as a TSP.

Device fingerprint

Device fingerprint information retrieval flow
When device fingerprint assessment is required by the issuer, Source responds with the 3ds_method and 3ds_trxid parameters in the Payment Key Creation call. 3ds_method - URL - The issuer’s URL that should be used to trigger the collection of the device fingerprint by the issuer 3ds_trxid - [a-zA-Z0-9, -] - Universally unique transaction identifier to identify a single 3D Secure transaction. Perform the following: Upon receiving the 3ds_method and 3ds_trxid parameters, create a JSON object with the 3DS Method Data elements, as follows: threeDSMethodNotificationURL = the URL to which the issuer will send his approval threeDSServerTransID = 3ds_trxid Encode the JSON object in Base64. Render a hidden HTML iframe in the cardholder’s browser and send a form with a field named threeDSMethodData, containing the Base64url JSON Object, via HTTP POST to the 3ds_method URL you received from Source. At this stage you should get a response about the completion of the fingerprint collection process. The information should arrive at the notification URL you provided in the JSON in the threeDSMethodNotificationURL parameter.

Device fingerprint information retrieval flow

When device fingerprint assessment is required by the issuer, Source responds with the 3ds_method and 3ds_trxid parameters in the Payment Key Creation call.

3ds_method - URL - The issuer’s URL that should be used to trigger the collection of the device fingerprint by the issuer 3ds_trxid - [a-zA-Z0-9, -] - Universally unique transaction identifier to identify a single 3D Secure transaction.

Perform the following:

Upon receiving the 3ds_method and 3ds_trxid parameters, create a JSON object with the 3DS Method Data elements, as follows: threeDSMethodNotificationURL = the URL to which the issuer will send his approval threeDSServerTransID = 3ds_trxid
Encode the JSON object in Base64.
Render a hidden HTML iframe in the cardholder’s browser and send a form with a field named threeDSMethodData, containing the Base64url JSON Object, via HTTP POST to the 3ds_method URL you received from Source.
At this stage you should get a response about the completion of the fingerprint collection process. The information should arrive at the notification URL you provided in the JSON in the threeDSMethodNotificationURL parameter.

Source: Finaro documentation

After the device fingerprint retrieval flow is complete you need to use the following values for the attribute fingerPrintStatus:
NOT_REQUIRED: if the device fingerprint retrieval was not requested by the issuer (3ds_method is null).
REQUIRED_ASKED: if the device fingerprint retrieval was requested and you manage to complete the flow successfully.
REQUIRED_NOT_ASKED: if the device fingerprint retrieval was requested but you did not manage to complete the flow successfully or you decided to skip it.

Test cards

Card Scheme	Card Number	Challenge	Success OTP	Fail OTP
Visa	4018810000150015	yes	0101	3333
Mastercard	5299910010000015	yes	4445	9999
Visa	4176660000000068	no
Mastercard	5299990270000392	no