3DS Authentication

Enterprise

Worldpay eCommerce (SMB)

Steps in Summary

Add the threeDS object to the payments api request to enable 3DS
A response outcome of 3dsDeviceDataRequired will provide details to perform the issuers device data collection on the customers browser
Resume the payment using the supply3dsDeviceData action from the response. If frictionless the payment will proceed and authorize.
If the outcome is 3dsChallenged details will be provided to display the issuers challenge page
Resume the payment using the complete3dsChallenge action from the response to proceed with the payment.

Integration Options

Web integration

API integration with a browser based client side.

iOS/Android integration (native)

API integration with a native client side SDK.

React Native

Using React Native with WebView

How much data to provide

By not providing certain information it is highly likely to impact your authentication success rates. Below is our latest guide on what to include.

Data used for 3DS authentication:

cardNumber, billingAddress - core payment details
instruction.threeDS - for 3DS specific data, some are mandatory
instruction.customer - firstName, lastName, email, phone, dateOfBirth, ipAddress

By providing these, the issuer can make a more accurate assessment and will reduce challenge outcomes in favor of frictionless.

EMVco required values

If certain values are not provided, you risk increased 3dsChallenged outcomes and even 3dsAuthenticationFailed. Card issuers use the below values to help decide if a transaction is fraudulent. We strongly recommend you provide this data, so your authentication rates remain high.

instruction.paymentInstrument.cardHolderName
instruction.customer.ipAddress
instruction.customer.email ¹
instruction.customer.firstName ³
instruction.customer.lastName ³
instruction.customer.phoneNumber ¹
instruction.threeDS.browserLanguage ²
instruction.threeDS.deviceData.browserScreenWidth ²
instruction.threeDS.deviceData.browserScreenHeight ²

¹ Either customer.email or customer.phoneNumber are required.

² Provide for web/browser integration only

³ Only required if instruction.paymentInstrument.cardHolderName is not provided

EMVco recommended values

instruction.paymentInstrument.billingAddress.city
instruction.paymentInstrument.billingAddress.country
instruction.paymentInstrument.billingAddress.address1
instruction.paymentInstrument.billingAddress.postalCode
instruction.paymentInstrument.billingAddress.state

Device Data Collection failure

In the event the device data collection fails to run (browser/native), additionally provide the following in the payment request to maintain healthy authentication rates and reduce issuer challenges:

Providing the data below directly in the API request should not be viewed as an alternative to running the Device Data Collection form. It is a fallback only.

instruction.customer.ipAddress ¹
instruction.threeDS.deviceData.browserLanguage
instruction.threeDS.deviceData.browserScreenHeight
instruction.threeDS.deviceData.browserScreenWidth
instruction.threeDS.deviceData.browserJavaEnabled
instruction.threeDS.deviceData.browserColorDepth
instruction.threeDS.deviceData.timeZone
instruction.threeDS.deviceData.browserJavascriptEnabled
instruction.threeDS.deviceData.channel ¹

¹ Only these values apply to (iOS/Android), the others are not applicable

Next steps

SCA Exemptions
Testing (3DS tab) for scenario details and magic test values