Menu

Important: Test values have changed in API version v3 of 3DS. Go here for thev1 & v2 test values.

3DS Testing

Test your 3DS integration on the Try environment using the magic values provided below. Send requests and see simulated responses.

Note: For theAndroid/iOS SDKthe environment must be set to CardinalEnvironment.STAGING as part of the CardinalConfigurationParameters to use the test values on the Access Try environment

Test Card Number

Use different card numbers to alter the 3DS authentication outcome.

Tokens

If you're creating tokens containing the test card numbers you must delete the token before creating another with the same PAN. You are prevented from creating another token using the same PAN. As an alternative, you can also change the namespace used as part of the token creation.

3DS1

Test ScenarioDescriptionTest ValuesAuthentication outcomeVerification outcomeLiability shiftAction
Successful Authentication (Challenge)Issuer prompts a challenge in authentication, customer responds successfully
  • Visa: 4000000000000002
  • Mastercard: 5200000000000007
  • AMEX: 340000000003961
  • JCB: 3520000000000922
challengedauthenticatedYesApply authentication object in payment request, proceed with payment authorization
Failed SignatureSuccessful authentication but unsuccessful signature verification
  • Visa: 4000000000000010
  • Mastercard: 5200000000000015
  • AMEX: 340000000006022
  • JCB: 3520000000002811
challengedsignatureFailedNoDo not proceed with payment authorization. Either retry authentication or prompt for another form of payment.
Failed AuthenticationIssuer prompts a challenge in authentication, customer responds with incorrect details (e.g. OTP, fingerprint etc)
  • Visa: 4000000000000028
  • Mastercard: 5200000000000023
  • AMEX: 340000000000033
  • JCB: 3520000000009931
challengedauthenticationFailedNoDo not proceed with payment authorization
Attempts/Non-ParticipatingChallenge attempted but the card issuer doesn't support 3DS, card scheme provides authentication details for this case.
  • Visa: 4000000000000101
  • Mastercard: 5200000000000908
  • AMEX: 340000000003391
  • JCB: 3520000000004767
challengedauthenticatedYesApply authentication object in payment request, proceed with payment authorization
Authentication TimeoutTimeout during the authentication request
  • Visa: 4000000000000044
  • Mastercard: 5200000000000049
  • AMEX: 340000000008309
  • JCB: 3520000000001284
unavailableN/ANo
Not EnrolledCardholder not enrolled. Issuing Bank not participating.
  • Visa: 4000000000000051
  • Mastercard: 5200000000000056
  • AMEX: 340000000008135
  • JCB: 3520000000006903
notEnrolledN/ANoApply authentication object in payment request (only contains ECI)
Verification unavailable
  • Visa: 4000000000000069
  • Mastercard: 5200000000000064
  • AMEX: 340000000007780
  • JCB: 3520000000002423
challengedunavailableNoProceed with payment authorization
Authentication ErrorError response from authentication request
  • Visa: 4000000000000085
  • Mastercard: 5200000000000080
  • AMEX: 340000000006337
  • JCB: 3520000000002175
unavailableN/ANoProceed with payment authorization
Verification ErrorError response from verification request
  • Visa: 4000000000000093
  • Mastercard: 5200000000000098
  • AMEX: 340000000009299
  • JCB: 3520000000006861
challengeunavailableNoProceed as non-authenticated transaction or use alternative payment method
Authentication unavailableCardholder is enrolled but authentication is unavailable
  • Visa: 4000000000000036
  • Mastercard: 5200000000000031
  • AMEX: 340000000000116
  • JCB: 3520000000005780
unavailableN/ANoProceed as non-authenticated transaction or retry authentication
BypassedBypass the consumer authentication flow via Cardinal Rules Engine configuration. Returned if 3DS premium is enabled or when there is a timeout connecting to the 3DS directory server.
  • Visa: NA
  • Mastercard: 5200990000000009
  • AMEX: 340099000000001
  • JCB: 3500990000000001
bypassedNANoProceed with payment authorization

3DS2

Note: For 3DS2 we support the following payment methods

  • Visa
  • Mastercard
  • American Express
Test ScenarioDescriptionTest ValuesAuthentication outcomeVerification outcomeLiability shiftAction
Successful Authentication (Frictionless)
  • Visa: 4000000000001000
  • Mastercard: 5200000000001005
  • AMEX: 340000000001007
authenticatedN/AYesApply authentication object in payment request, proceed with payment authorization
Failed Frictionless Authentication
  • Visa: 4000000000001018
  • Mastercard: 5200000000001013
  • AMEX: 340000000001015
authenticationFailedN/ANo
Attempts Stand-In Frictionless AuthenticationCardholder is enrolled in 3DS but the issuer does not support. This results in the issuer stand-in for the authentication
  • Visa: 4000000000001026
  • Mastercard: 5200000000001021
  • AMEX: 340000000001023
authenticatedN/AYesApply authentication object in payment request, proceed with payment authorization
Authentication Unavailable (issuer)Cardholder is enrolled but authentication is unavailable
  • Visa: 4000000000001034
  • Mastercard: 5200000000001039
  • AMEX: 340000000001031
unavailableN/ANoProceed as non-authenticated transaction or retry authentication
Authentication RejectedAuthentication rejected by the issuer, no challenge is offered
  • Visa: 4000000000001042
  • Mastercard: 5200000000001047
  • AMEX: 340000000001049
authenticationFailedN/ANoDo not proceed with payment authorization. Prompt for another form of payment.
Authentication Unavailable (system error)Authentication rejected by the issuer, no challenge is offered
  • Visa: 4000000000001059
  • Mastercard: 5200000000001054
  • AMEX: 340000000001056
unavailableN/ANoProceed as non-authenticated transaction or retry authentication
Authentication ErrorError whilst attempting authentication
  • Visa: 4000000000001067
  • Mastercard: 5200000000001062
  • AMEX: 340000000001064
unavailableN/ANoProceed as non-authenticated transaction or retry authentication
Authentication TimeoutTimeout during the authentication request
  • Visa: 4000000000001075
  • Mastercard: 5200000000001070
  • AMEX: 340000000001072
unavailableN/ANoProceed as non-authenticated transaction or retry authentication
Successful Authentication (Challenged)Issuer prompts a challenge in authentication, customer responds successfully
  • Visa: 4000000000001091
  • Mastercard: 5200000000001096
  • AMEX: 340000000001098
challengedauthenticatedYesApply authentication object in payment request, proceed with payment authorization
Failed Challenged AuthenticationIssuer prompts a challenge in authentication, customer responds with incorrect details (e.g. OTP, fingerprint etc)
  • Visa: 4000000000001109
  • Mastercard: 5200000000001104
  • AMEX: 340000000001106
challengedauthenticationFailedNoDo not proceed with payment authorization. Prompt for another form of payment.
Verification UnavailableAuthentication data following a challenge cannot be retrieved
  • Visa: 4000000000001117
  • Mastercard: 5200000000001112
  • AMEX: 340000000001114
challengedunavailableNoProceed as non-authenticated transaction or retry authentication
Verification ErrorError whilst attempting verification
  • Visa: 4000000000001125
  • Mastercard: 5200000000001120
  • AMEX: 340000000001122
challengedunavailableNoProceed as non-authenticated transaction or retry authentication
BypassBypass the consumer authentication flow via Cardinal Rules Engine configuration. Returned if 3DS premium is enabled or when there is a timeout connecting to the 3DS directory server.
  • Visa: 4000000000001083
  • Mastercard: 5200000000001088
  • AMEX: 340000000001080
bypassedN/ANoProceed as non-authenticated transaction

Device data initialization

Submit thedevice data initializerequest.

Add token resource or card details to the request as required.

Device Data Collection (DDC)

For web using thedevice data initializationresponse values, POST the deviceDataCollection.jwt and deviceDataCollection.bin to the deviceDataCollection.url as per theDDC formdetails.

For iOS/Android the device data collection is handled by the SDK when the deviceDataCollection.jwt is provided as part of theinitial call to Cardinal.

Authentication

Add the SessionId(web) or consumerSessionId(iOS/Android) from the device data collection to deviceData.collectionReference in theauthentication request

Challenge

If the authentication response has an outcome value of challenged, you must POST the challenge.jwt to the location of the challenge.url. For more information seeChallenge Displaydetails.

The simulator POSTs back a standard response to the iframe. You are then presented with fake issuer challenge page where you must enter a one time pin (OTP) that is included on the page itself. When complete you are redirected to the returnURL provided in the authentication request.

For iOS and Android the way todisplay the challenge pagediffers based on the 3DS version.

Verification

Once the challenge form is complete, you can send averification requestcontaining the original challenge.reference from the authentication response.

Payment authorization

Depending on your outcome, use the values returned in the authentication object from your authentication or verification request in yourpayment authorize 3DSrequest.

Liability shift

Liability shift is confirmed on payment authorization. Thetest card numbertables detail the different scenarios and the likely liability shift based on the authentication details provided (e.g. authenticationValue, eci, transactionId).