On completion of the 3-D Secure authentication, the ACS will send the challenge results to the
threeDSRedirectURL provided in the initial request using an HTTP POST request. The contents of
this POST request should be returned to the Gateway unmodified in the threeDSResponse field
together with the threeDSRef received in the initial response. This new request will check the
authentication results and either respond with the details for a further challenge, send the
transaction to the Acquirer for approval or abort the transaction depending on the authentication
result and your preferences, either sent in the threeDSPref field or set in the Merchant
Management System (MMS).
The steps to follow are outlined below:
- Send sale request, send all the transaction details with as much addition 3DS data as much as possible).
- Receive sale responseCode, if 65802 go to next step else completed.
- Redirect to ACS at, send the threeDSRequest data name/value pairs via HTTP POST to threeDSURL.
- Receive a response from ACS at via HTTP POST to Merchant’s threeDSRedirectURL.
- Send continuation request consisting of the threeDSRef received from step 3 and threeDSResponse containing the data received in the POST back from the ACS.
- Receive continuation responseCode, if 65802 got to next step else completed.
- Redirect to ACS at, send the threeDSRequest data name/value pairs via HTTP POST to threeDSURL.
- Receive a response from ACS at via HTTP POST to Merchant’s threeDSRedirectURL.
- Send continuation request consisting of the threeDSRef received from step 6 and threeDSResponse containing the data received in the POST back from the ACS.
- Receive responseCode and finished.
The continuation requests only need the threeDSRef and threeDSResponse to be sent, additional fields can be sent but the transaction can be rejected if these field’s values are different to information sent in the initial request and used in the 3-D Secure authentication process. The threeDSRef must be the one received from the previous continuation request.