Manually requesting step up (challenge) authentication

  Last updated: 

 

  Visa and Mastercard require merchants in PSD2-mandated countries to re-attempt authentication using the forced challenge (mandate) indicator (scaexemptionindicator=14) when a soft decline response is received.

 

There are certain circumstances where you may prefer transactions be subject to more stringent EMV 3-D Secure authentication. To allow for this, you can submit the additional field scaexemptionindicator in THREEDQUERY requests to the Trust Payments gateway with one of the following supported values:

  • scaexemptionindicator=13 - This will request the card issuer performs a step up (challenge) authentication with EMV 3DS, but if the card issuer deems this unnecessary, frictionless authentication will occur and the card issuer will assume liability in most circumstances.
  • scaexemptionindicator=14 - This will request the card issuer performs a step up (challenge) authentication with EMV 3DS in all circumstances.

For further information regarding different integrations, please refer to the sections provided below:

Payment Pages
  • Update your POST to Trust Payments to include the field scaexemptionindicator with one of the following supported values:
  Field Format Description
X2-EN.png scaexemptionindicator Numeric (1)
  • 13 – Step up authentication at card issuer's discretion.
  • 14 –Step up authentication performed.

  In situations where a soft decline response has been returned, scaexemptionindicator=14 must be included in the POST in order to trigger step up authentication.

Example

<html>
<body>
<form method="POST" action="<DOMAIN>/process/payments/choice">
<input type="hidden" name="sitereference" value="test_site12345">
<input type="hidden" name="stprofile" value="default">
<input type="hidden" name="currencyiso3a" value="GBP">
<input type="hidden" name="mainamount" value="1.00">
<input type="hidden" name="version" value="2">
<input type="hidden" name="scaexemptionindicator" value="14">
<input type="submit" value="Pay">
</form>
</body>
</html>

Replace <DOMAIN> with a supported domain. Click here for a full list.

JavaScript Library

Update the JWT payload to include the field scaexemptionindicator with one of the following supported values:

  Field Format Description
X2-EN.png scaexemptionindicator Numeric (1)
  • 13 – Step up authentication at card issuer's discretion.
  • 14 –Step up authentication performed.

  In situations where a soft decline response has been returned, scaexemptionindicator=14 must be included in the payload in order to trigger step up authentication.

3DS API

You will need to ensure the THREEDQUERY submitted includes the field scaexemptionindicator with one of the following supported values:

  Field Format Description
X2-EN.png

scaexemptionindicator
XPath: /operation/scaexemptionindicator

Numeric (1)
  • 13 – Step up authentication at card issuer's discretion.
  • 14 – Step up authentication performed.

  In situations where a soft decline response has been returned, scaexemptionindicator=14 must be included in the payload in order to trigger step up authentication.

Android SDK / iOS SDK

Update the JWT payload to include the field scaexemptionindicator with one of the following supported values:

  Field Format Description
X2-EN.png scaexemptionindicator Numeric (1)
  • 13 – Step up authentication at card issuer's discretion.
  • 14 –Step up authentication performed.

  In situations where a soft decline response has been returned, scaexemptionindicator=14 must be included in the payload  in order to trigger step up authentication.

 

If you are using your own MPI

Contact your 3DS Server (MPI) provider to request the AReq message to be updated to include one of the following values:

  • Challenge Indicator = 03 - Step up authentication (Challenge) requested (3DS Requestor preference).
  • Challenge Indicator = 04 - Step up authentication (Challenge) requested (Mandate).
Was this article helpful?
0 out of 0 found this helpful