Important: Test values have changed in API version v3 of 3DS. Go here for thev1 & v2 test values.

3DS Testing

API v3

Last updated January 2023

Test your 3DS integration on the Try environment using the magic values provided below. Send requests and see simulated responses.

For theAndroid/iOS SDK, the environment must be set to CardinalEnvironment.STAGING as part of the CardinalConfigurationParameters to use the test values on the Access Try environment.

Tokens

If you're creating tokens containing the test card numbers you must delete the token before creating another with the same PAN. You are prevented from creating another token using the same PAN. As an alternative, you can also change the namespace used as part of the token creation.

Liability shift

Liability shift is confirmed on payment authorization. Thetest card numbertables show the different scenarios and the likely liability shift based on the authentication details provided (e.g. authenticationValue, eci, transactionId).

Test Card Number

Use different card numbers to alter the 3DS authentication outcome.

Important: Do not mix the old test values used for API v1/v2 with the new ones for API v3 or you will get unexpected scenario outcomes. Set the cardHolderName to any other value e.g. Bob Smith

Important: Always use a test card number from the tables below. Using a number not listed will result in the challenge failing to load for both web and SDK.

Common Issues

Issue	Cause
Mobile SDK: challenge page fails to load, producing one of the following errors Android SDK returns: `20606 (Payload Validation failed)` `Invalid Signature. Your request contains an invalid signature.`	You must use version 3 of the API with the mobile SDK on Try and ensure you use the updated test card values below. You cannot use a made up card number. You must use a test card value below or the challenge will not display correctly.
Web Integration: challenge page fails to load	Ensure you're using the correct API version and Test values. API version 3 uses the card numbers below. APIversion 1&2use the cardholder name. You cannot use a made up card number. You must use a test card value below or the challenge will not display correctly.

3DS2

Test Scenario	Description	Test Values	Authentication outcome	Verification outcome	Liability shift	Action
Successful Authentication (Frictionless)		Visa: `4000000000001000` Mastercard: `5200000000001005` AMEX: `340000000001007` Discover/Diners: `6011000000001002` JCB: `3337000000000008`	`authenticated`	N/A	Yes	Apply authentication object in payment request, proceed with payment authorization
Failed Frictionless Authentication		Visa: `4000000000001018` Mastercard: `5200000000001013` AMEX: `340000000001015` Discover/Diners: `6011000000001010` JCB: `3337000000000990`	`authenticationFailed`	N/A	No	Do not proceed with payment authorization. Either retry 3DS or prompt for another form of payment.
Attempts Stand-In Frictionless Authentication	Cardholder is enrolled in 3DS but the issuer does not support. This results in the issuer stand-in for the authentication	Visa: `4000000000001026` Mastercard: `5200000000001021` AMEX: `340000000001023` Discover/Diners: `6011000000001028` JCB: `3337000000007045`	`authenticated`	N/A	Yes	Apply authentication object in payment request, proceed with payment authorization
Authentication Unavailable (issuer)	Cardholder is enrolled but authentication is unavailable	Visa: `4000000000001034` Mastercard: `5200000000001039` AMEX: `340000000001031` Discover/Diners: `6011000000001036` JCB: `3337000000000735`	`unavailable`	N/A	No	Proceed as non-authenticated transaction or retry authentication request
Authentication Rejected	Authentication rejected by the issuer, no challenge is offered	Visa: `4000000000001042` Mastercard: `5200000000001047` AMEX: `340000000001049` Discover/Diners: `6011000000001044` JCB: `3337000000000321`	`authenticationFailed`	N/A	No	Do not proceed with payment authorization. Either retry 3DS or prompt for another form of payment.
Authentication Unavailable (system error)	Authentication rejected by the issuer, no challenge is offered	Visa: `4000000000001059` Mastercard: `5200000000001054` AMEX: `340000000001056` Discover/Diners: `6011000000001051` JCB: `3337000000006765`	`unavailable`	N/A	No	Proceed as non-authenticated transaction or retry authentication request
Authentication Error	Error whilst attempting authentication	Visa: `4000000000001067` Mastercard: `5200000000001062` AMEX: `340000000001064` Discover/Diners: `6011000000001069` JCB: `3337000000000016`	`unavailable`	N/A	No	Proceed as non-authenticated transaction or retry authentication request
Authentication Timeout	Timeout during the authentication request	Visa: `4000000000001075` Mastercard: `5200000000001070` AMEX: `340000000001072` Discover/Diners: `6011000000001077` JCB: `3337000000000081`	`unavailable`	N/A	No	Proceed as non-authenticated transaction or retry authentication request
Successful Authentication (Challenged)	Issuer prompts a challenge in authentication, customer responds successfully	Visa: `4000000000001091` Mastercard: `5200000000001096` AMEX: `340000000001098` Discover/Diners: `6011000000001093` JCB: `3337000000200004`	`challenged`	`authenticated`	Yes	Apply authentication object in payment request, proceed with payment authorization
Failed Challenged Authentication	Issuer prompts a challenge in authentication, customer responds with incorrect details (e.g. OTP, fingerprint etc)	Visa: `4000000000001109` Mastercard: `5200000000001104` AMEX: `340000000001106` Discover/Diners: `6011000000001101` JCB: `3337000000200087`	`challenged`	`authenticationFailed`	No	Do not proceed with payment authorization. Either retry 3DS or prompt for another form of payment.
Verification Unavailable	Authentication data following a challenge cannot be retrieved	Visa: `4000000000001117` Mastercard: `5200000000001112` AMEX: `340000000001114` Discover/Diners: `6011000000001119` JCB: `3337000000200079`	`challenged`	`unavailable`	No	Proceed as non-authenticated transaction or retry verification request
Verification Error	Error whilst attempting verification	Visa: `4000000000001125` Mastercard: `5200000000001120` AMEX: `340000000001122` Discover/Diners: `6011000000001127` JCB: `3337000000200046`	`challenged`	`unavailable`	No	Proceed as non-authenticated transaction or retry verification request
Bypass	Bypass the consumer authentication flow via Cardinal Rules Engine configuration. Returned if 3DS premium is enabled or when there is a timeout connecting to the 3DS directory server.	Visa: `4000000000001083` Mastercard: `5200000000001088` AMEX: `340000000001080` Discover/Diners: `6011000000001085` JCB: `3337000000000537`	`bypassed`	N/A	No	Proceed as non-authenticated transaction

3DS1

3DS1 has been largely decommissioned and now only applies to a small number of countries:

Visa: Bangladesh, Bhutan, Maldives, Nepal, India, Sri Lanka (domestic) - Ending Oct 12th 2023
Mastercard: India and Bangladesh (domestic and cross boarder) - Ending Oct 3rd 2023
AMEX: India - Ending Oct 13th 2023

A 3DS1 notEnrolled response is still being returned for some traffic and should be tested against.

Test Scenario	Description	Test Values	Authentication outcome	Verification outcome	Liability shift	Action
Not Enrolled	Cardholder not enrolled. Issuing Bank not participating.	Visa: `4000000000000051` Mastercard: `5200000000000056` AMEX: `340000000008135` JCB: `3520000000006903` `Diners: 3005000000007269` `Discover: 6011000000000053`	`notEnrolled`	N/A	No	Apply authentication object in payment request (only contains ECI)

The remaining 3DS1 test cases are now disabled by default and will only return an 'unavailable' response. You can request them to be enabled if necessary.

Test Scenario	Description	Test Values	Authentication outcome	Verification outcome	Liability shift	Action
Successful Authentication (Challenge)	Issuer prompts a challenge in authentication, customer responds successfully	Visa: `4000000000000002` Mastercard: `5200000000000007` AMEX: `340000000003961` JCB: `3520000000000922` `Diners: 3005000000006246` `Discover: 6011000000000004`	`challenged`	`authenticated`	Yes	Apply authentication object in payment request, proceed with payment authorization
Failed Signature	Successful authentication but unsuccessful signature verification	Visa: `4000000000000010` Mastercard: `5200000000000015` AMEX: `340000000006022` JCB: `3520000000002811` `Diners: 3005000000004373` `Discover: 6011000000000012`	`challenged`	`signatureFailed`	No	Do not proceed with payment authorization. Either retry 3DS or prompt for another form of payment.
Failed Authentication	Issuer prompts a challenge in authentication, customer responds with incorrect details (e.g. OTP, fingerprint etc)	Visa: `4000000000000028` Mastercard: `5200000000000023` AMEX: `340000000000033` JCB: `3520000000009931` `Diners: 3005000000005925` `Discover: 6011000000000020`	`challenged`	`authenticationFailed`	No	Do not proceed with payment authorization. Either retry 3DS or prompt for another form of payment.
Attempts/Non-Participating	Challenge attempted but the card issuer doesn't support 3DS, card scheme provides authentication details for this case.	Visa: `4000000000000101` Mastercard: `5200000000000908` AMEX: `340000000003391` JCB: `3520000000004767` `Diners: 3005000000005271` `Discover: 6011000000000038`	`challenged`	`authenticated`	Yes	Apply authentication object in payment request, proceed with payment authorization
Authentication Timeout	Timeout during the authentication request	Visa: `4000000000000044` Mastercard: `5200000000000049` AMEX: `340000000008309` JCB: `3520000000001284` `Diners: 3005000000001890` `Discover: 6011000000000046`	`unavailable`	N/A	No	Proceed as non-authenticated transaction or retry authentication request
Not Enrolled	Cardholder not enrolled. Issuing Bank not participating.	Visa: `4000000000000051` Mastercard: `5200000000000056` AMEX: `340000000008135` JCB: `3520000000006903` `Diners: 3005000000007269` `Discover: 6011000000000053`	`notEnrolled`	N/A	No	Apply authentication object in payment request (only contains ECI)
Authentication unavailable		Visa: `4000000000000069` Mastercard: `5200000000000064` AMEX: `340000000007780` JCB: `3520000000002423` `Diners: 3005000000006030` `Discover: 6011000000000061`	`unavailable`	N/A	No	Proceed with payment authorization or retry authentication request
Authentication Error	Error response from authentication request	Visa: `4000000000000085` Mastercard: `5200000000000080` AMEX: `340000000006337` JCB: `3520000000002175` `Diners: 3005000000009877` `Discover: 6011000000000087`	`unavailable`	N/A	No	Proceed with payment authorization
Verification Error	Error response from verification request	Visa: `4000000000000093` Mastercard: `5200000000000098` AMEX: `340000000009299` JCB: `3520000000006861` `Diners: 3005000000005602` `Discover: 6011000000000095`	`challenge`	`unavailable`	No	Proceed as non-authenticated transaction or use alternative payment method
Verification unavailable	Cardholder is enrolled but verification is unavailable	Visa: `4000000000000036` Mastercard: `5200000000000031` AMEX: `340000000000116` JCB: `3520000000005780` `Diners: 3005000000007376` `Discover: 6011000000000103`	`challenged`	`unavailable`	No	Proceed as non-authenticated transaction or retry verification request
Bypassed	Bypass the consumer authentication flow via Cardinal Rules Engine configuration. Returned if 3DS premium is enabled or when there is a timeout connecting to the 3DS directory server.	Visa: `NA` Mastercard: `5200990000000009` AMEX: `340099000000001` JCB: `3500990000000001` `Diners: 3000990000000006` `Discover: 6011990000000006`	`bypassed`	NA	No	Proceed with payment authorization

Searching accross the entire site

Filter by product

Filter by product Searching across the entire site