Submit card and merchant information to https://mpi.3dsecure.io (MPI) according to:
The response will include:
pareqacs_urlenrolled
Possible enrolled values:
Y when cardholder is enrolled
N when cardholder is not enrolled
U when unknown
The following must be submitted to an ACS (acs_url) that then facilitates a Two-Factor Authentication of cardholder:
| Attribute | Mandatory | Value |
|---|---|---|
PaReq |
Y | pareq value |
TermUrl |
Y | Client callback URL |
MD |
N | Merchant data (submitted back to client) |
Above must be submitted using a HTTP POST request (content type: application/x-www-form-urlencoded).
<html>
<body OnLoad='OnLoadEvent();'>
<form name=myForm action="ACS_URL" method="POST">
<input type=hidden name=PaReq value="PaReq">
<input type=hidden name=TermUrl value="TermUrl">
<input type=hidden name=MD value="MD">
</form>
<script language=Javascript>
document.myForm.submit();
</script>
</body>
</html>Upon cardholder authentication ACS will redirect cardholder to TermUrl using a HTTP POST request and include following attributes.
| Attribute | Value |
|---|---|
PaRes |
Must be submitted to MPI |
MD |
Merchant data (sent by client) |
To verify that cardholder has been successfully authenticated submit PaRes to MPI according to:
The response will include:
cavvcavv_algorithmxidecistatus
Above attributes might be included in authorization messages (e.g. ISO-8583 authorization messages).
The status attribute indicate whether cardholder successfully authenticated at ACS:
Y when cardholder successfully authenticated
N when cardholder failed or cancelled authentication
A when cardholder attempted to authenticate (proof of authentication attempt)
U when unknown (possible some system component unavailable)