Menu

Important: Test values have changed in API version v3 of 3DS. Go here for thev1 & v2 test values.

3DS Testing

API v3
Last updated May 2021

Test your 3DS integration on the Try environment using the magic values provided below. Send requests and see simulated responses.

For theAndroid/iOS SDK, the environment must be set to CardinalEnvironment.STAGING as part of the CardinalConfigurationParameters to use the test values on the Access Try environment.

Tokens

If you're creating tokens containing the test card numbers you must delete the token before creating another with the same PAN. You are prevented from creating another token using the same PAN. As an alternative, you can also change the namespace used as part of the token creation.

Liability shift

Liability shift is confirmed on payment authorization. Thetest card numbertables show the different scenarios and the likely liability shift based on the authentication details provided (e.g. authenticationValue, eci, transactionId).

Test Card Number

Use different card numbers to alter the 3DS authentication outcome.

Important: Do not mix the old test values used for API v1/v2 with the new ones for API v3 or you will get unexpected scenario outcomes. Set the cardHolderName to any other value e.g. Bob Smith

Important: Always use a test card number from the tables below. Using a number not listed will result in the challenge failing to load for both web and SDK.

Common Issues

IssueCause
Mobile SDK: challenge page fails to load, producing one of the following errors
  • Android SDK returns: 20606 (Payload Validation failed)
  • Invalid Signature. Your request contains an invalid signature.
  • You must use version 3 of the API with the mobile SDK on Try and ensure you use the updated test card values below.
  • You cannot use a made up card number. You must use a test card value below or the challenge will not display correctly.
Web Integration: challenge page fails to load
  • Ensure you're using the correct API version and Test values. API version 3 uses the card numbers below. APIversion 1&2use the cardholder name.
  • You cannot use a made up card number. You must use a test card value below or the challenge will not display correctly.

3DS1

Test ScenarioDescriptionTest ValuesAuthentication outcomeVerification outcomeLiability shiftAction
Successful Authentication (Challenge)Issuer prompts a challenge in authentication, customer responds successfully
  • Visa: 4000000000000002
  • Mastercard: 5200000000000007
  • AMEX: 340000000003961
  • JCB: 3520000000000922
  • Diners: 3005000000006246
  • Discover: 6011000000000004
challengedauthenticatedYesApply authentication object in payment request, proceed with payment authorization
Failed SignatureSuccessful authentication but unsuccessful signature verification
  • Visa: 4000000000000010
  • Mastercard: 5200000000000015
  • AMEX: 340000000006022
  • JCB: 3520000000002811
  • Diners: 3005000000004373
  • Discover: 6011000000000012
challengedsignatureFailedNoDo not proceed with payment authorization. Either retry 3DS or prompt for another form of payment.
Failed AuthenticationIssuer prompts a challenge in authentication, customer responds with incorrect details (e.g. OTP, fingerprint etc)
  • Visa: 4000000000000028
  • Mastercard: 5200000000000023
  • AMEX: 340000000000033
  • JCB: 3520000000009931
  • Diners: 3005000000005925
  • Discover: 6011000000000020
challengedauthenticationFailedNoDo not proceed with payment authorization. Either retry 3DS or prompt for another form of payment.
Attempts/Non-ParticipatingChallenge attempted but the card issuer doesn't support 3DS, card scheme provides authentication details for this case.
  • Visa: 4000000000000101
  • Mastercard: 5200000000000908
  • AMEX: 340000000003391
  • JCB: 3520000000004767
  • Diners: 3005000000005271
  • Discover: 6011000000000038
challengedauthenticatedYesApply authentication object in payment request, proceed with payment authorization
Authentication TimeoutTimeout during the authentication request
  • Visa: 4000000000000044
  • Mastercard: 5200000000000049
  • AMEX: 340000000008309
  • JCB: 3520000000001284
  • Diners: 3005000000001890
  • Discover: 6011000000000046
unavailableN/ANoProceed as non-authenticated transaction or retry authentication request
Not EnrolledCardholder not enrolled. Issuing Bank not participating.
  • Visa: 4000000000000051
  • Mastercard: 5200000000000056
  • AMEX: 340000000008135
  • JCB: 3520000000006903
  • Diners: 3005000000007269
  • Discover: 6011000000000053
notEnrolledN/ANoApply authentication object in payment request (only contains ECI)
Authentication unavailable
  • Visa: 4000000000000069
  • Mastercard: 5200000000000064
  • AMEX: 340000000007780
  • JCB: 3520000000002423
  • Diners: 3005000000006030
  • Discover: 6011000000000061
unavailableN/ANoProceed with payment authorization or retry authentication request
Authentication ErrorError response from authentication request
  • Visa: 4000000000000085
  • Mastercard: 5200000000000080
  • AMEX: 340000000006337
  • JCB: 3520000000002175
  • Diners: 3005000000009877
  • Discover: 6011000000000087
unavailableN/ANoProceed with payment authorization
Verification ErrorError response from verification request
  • Visa: 4000000000000093
  • Mastercard: 5200000000000098
  • AMEX: 340000000009299
  • JCB: 3520000000006861
  • Diners: 3005000000005602
  • Discover: 6011000000000095
challengeunavailableNoProceed as non-authenticated transaction or use alternative payment method
Verification unavailableCardholder is enrolled but verification is unavailable
  • Visa: 4000000000000036
  • Mastercard: 5200000000000031
  • AMEX: 340000000000116
  • JCB: 3520000000005780
  • Diners: 3005000000007376
  • Discover: 6011000000000103
challengedunavailableNoProceed as non-authenticated transaction or retry verification request
BypassedBypass the consumer authentication flow via Cardinal Rules Engine configuration. Returned if 3DS premium is enabled or when there is a timeout connecting to the 3DS directory server.
  • Visa: NA
  • Mastercard: 5200990000000009
  • AMEX: 340099000000001
  • JCB: 3500990000000001
  • Diners: 3000990000000006
  • Discover: 6011990000000006
bypassedNANoProceed with payment authorization

3DS2

Note: For 3DS2 we support the following payment methods

  • Visa
  • Mastercard
  • American Express
Test ScenarioDescriptionTest ValuesAuthentication outcomeVerification outcomeLiability shiftAction
Successful Authentication (Frictionless)
  • Visa: 4000000000001000
  • Mastercard: 5200000000001005
  • AMEX: 340000000001007
  • Discover/Diners: 6011000000001002
authenticatedN/AYesApply authentication object in payment request, proceed with payment authorization
Failed Frictionless Authentication
  • Visa: 4000000000001018
  • Mastercard: 5200000000001013
  • AMEX: 340000000001015
  • Discover/Diners: 6011000000001010
authenticationFailedN/ANoDo not proceed with payment authorization. Either retry 3DS or prompt for another form of payment.
Attempts Stand-In Frictionless AuthenticationCardholder is enrolled in 3DS but the issuer does not support. This results in the issuer stand-in for the authentication
  • Visa: 4000000000001026
  • Mastercard: 5200000000001021
  • AMEX: 340000000001023
  • Discover/Diners: 6011000000001028
authenticatedN/AYesApply authentication object in payment request, proceed with payment authorization
Authentication Unavailable (issuer)Cardholder is enrolled but authentication is unavailable
  • Visa: 4000000000001034
  • Mastercard: 5200000000001039
  • AMEX: 340000000001031
  • Discover/Diners: 6011000000001036
unavailableN/ANoProceed as non-authenticated transaction or retry authentication request
Authentication RejectedAuthentication rejected by the issuer, no challenge is offered
  • Visa: 4000000000001042
  • Mastercard: 5200000000001047
  • AMEX: 340000000001049
  • Discover/Diners: 6011000000001044
authenticationFailedN/ANoDo not proceed with payment authorization. Either retry 3DS or prompt for another form of payment.
Authentication Unavailable (system error)Authentication rejected by the issuer, no challenge is offered
  • Visa: 4000000000001059
  • Mastercard: 5200000000001054
  • AMEX: 340000000001056
  • Discover/Diners: 6011000000001051
unavailableN/ANoProceed as non-authenticated transaction or retry authentication request
Authentication ErrorError whilst attempting authentication
  • Visa: 4000000000001067
  • Mastercard: 5200000000001062
  • AMEX: 340000000001064
  • Discover/Diners: 6011000000001069
unavailableN/ANoProceed as non-authenticated transaction or retry authentication request
Authentication TimeoutTimeout during the authentication request
  • Visa: 4000000000001075
  • Mastercard: 5200000000001070
  • AMEX: 340000000001072
  • Discover/Diners: 6011000000001077
unavailableN/ANoProceed as non-authenticated transaction or retry authentication request
Successful Authentication (Challenged)Issuer prompts a challenge in authentication, customer responds successfully
  • Visa: 4000000000001091
  • Mastercard: 5200000000001096
  • AMEX: 340000000001098
  • Discover/Diners: 6011000000001093
challengedauthenticatedYesApply authentication object in payment request, proceed with payment authorization
Failed Challenged AuthenticationIssuer prompts a challenge in authentication, customer responds with incorrect details (e.g. OTP, fingerprint etc)
  • Visa: 4000000000001109
  • Mastercard: 5200000000001104
  • AMEX: 340000000001106
  • Discover/Diners: 6011000000001101
challengedauthenticationFailedNoDo not proceed with payment authorization. Either retry 3DS or prompt for another form of payment.
Verification UnavailableAuthentication data following a challenge cannot be retrieved
  • Visa: 4000000000001117
  • Mastercard: 5200000000001112
  • AMEX: 340000000001114
  • Discover/Diners: 6011000000001119
challengedunavailableNoProceed as non-authenticated transaction or retry verification request
Verification ErrorError whilst attempting verification
  • Visa: 4000000000001125
  • Mastercard: 5200000000001120
  • AMEX: 340000000001122
  • Discover/Diners: 6011000000001127
challengedunavailableNoProceed as non-authenticated transaction or retry verification request
BypassBypass the consumer authentication flow via Cardinal Rules Engine configuration. Returned if 3DS premium is enabled or when there is a timeout connecting to the 3DS directory server.
  • Visa: 4000000000001083
  • Mastercard: 5200000000001088
  • AMEX: 340000000001080
  • Discover/Diners: 6011000000001085
bypassedN/ANoProceed as non-authenticated transaction