Comply with PSD2
In order to comply with EU's PSD2 (Payment Services Directive) regulation, customers using PCI Booking need to implement 3D Secure authentication in their card processing.
PCI Booking allows customers to capture 3D Secure authentication with tokenized cards in the following ways:
- Perform 3DS authentication along with capturing the card in our card capture form
- This is used when capturing the card from the card owner
- Store 3DS authentication to an existing token
- This is used when you retrieve the 3DS authentication from a third party apart from the card details
- On-the-fly tokenization using the Tokenization in Response or Tokenization in Request (Gateway)
- This is used when you retrieve the 3DS authenticating from a third party along with the card details
Customers can control the merchant information used for the 3D Secure authentication by following these instructions.
When performing 3DS authentication in the card capture form, you can use the following card details for testing purposes:
For all cards mentioned below, please use the following information when entering the card details:
- Expiry date: any future date
- Name on card: "Three DS test"
- CVV: 123
Frictionless
In this flow, the cardholder is authenticated based on the information provided on the transaction itself, without any additional authentication (such as device fingerprint or challenge method). You will immediately receive a fully authenticated 3D Secure result and authorization decision, in response to your request.
| Card Scheme | Card Number |
|---|---|
| Visa | 4761739000060016 |
| Mastercard | 5455330200000016 |
Device Fingerprint (DFP)
In this scenario, the issuer requests more information about the device that initiated the transaction.
Depending on the issuer this can be the cardholder’s browser or other information used for risk analysis. The information is transferred electronically without the cardholder experiencing any change in the flow and simulates a scenario where the card issuer is satisfied with the authenticity of the cardholder (frictionless experience).
| Card Scheme | Card Number |
|---|---|
| Visa | 4761739001010010 |
| Mastercard | 5185520050000010 |
Challenge
In this scenario, the issuer requires a user challenge flow where the cardholder is prompted with an authentication screen and requested to provide One-Time Password(OTP).
Different OTPs are provided to simulate a successful or unsuccessful cardholder challenge.
| Card Scheme | Card Number | Success OTP | Fail OTP |
|---|---|---|---|
| Visa | 4018810000150015 | 0101 | 3333 |
| Mastercard | 5299910010000015 | 4445 | 9999 |
Device Fingerprint (DFP) and Challenge
In this scenario, the issuer requests more information about the device that initiated the transaction followed by a user challenge flow where the cardholder is prompted with an authentication screen and requested to provide One-Time Password(OTP).
Different OTPs are provided to simulate a successful or unsuccessful cardholder challenge.
| Card Scheme | Card Number | Success OTP | Fail OTP |
|---|---|---|---|
| Visa | 4018810000190011 | 0101 | 3333 |
| Mastercard | 5420711000401011 | 4445 | 9999 |
Updated over 2 years ago