The successful response of this method will include the folowing:

• RequestID for this Card Entry Form session. You will need to use this request ID in future requests relating to this Card Entry Form session.
• Location header for the URL of the card form. You will need to set this URL as the value of the SRC attribute of your iframe in your webpage.

🚧

3D Secure challenge timeout

Please note that if you enable 3DS processing during card capture, the 3DS challenge window will have a 5 minute timeout period. If the card owner does not submit the response to the 3DS challenge within that timeframe, their authentication will be rejected.

📘

All URLs should be https.

📘

CVV Retention Policy

Remember to set the CVV Retention Policy for this token.

❗️

Custom Merchant Information

Please do not use the merchantName parameter in the request unless you have followed our guide on managing merchant information for 3D Secure authentication as this may cause problems in your 3DS processing.

If you plan to use the PCI Booking merchant information for 3DS Authentication, please set "ThreeDs" as True and "merchantName" blank.
Please note that the PCI Booking merchant can only be used to perform 3D Secure authentication on Visa and Mastercard cards.

📘

Complying with Visa 3DS Authentication requirements

As of August 12th 2024, Visa requires all merchants performing 3D Secure authentication to send additional information for the purpose of the authentication. Many of these additional details are sent automatically, in the background, by our system, but there are some parameters that you will need to provide PCI Booking in your request - you would need to provide either the email address or the phone number of the person you are authenticating.

You will find two new additional parameters in this request to provide these values.

If you are using 3DS authentication, you MUST provide at least one of these values.