3-D Secure 1

3-D Secure 1 is a protocol available to offer an extra layer of security on credit and debit card transactions made over the internet.

At a high level, 3D Secure works by allowing card issuers to request multifactor authentication from a cardholder. The merchant's website presents the entry form for this authentication through an I-Frame. Converge uses the Elavon eMPI engine process 3D secure transactions. Converge supports 3D Secure 1 on the following transaction types.

error_outline
important

This page is for 3D Secure 1. Information on using Converge with 3D Secure 2 is available here.

Transaction Types Description
ccsale Credit Card Sale
ccauthonly Credit Card Auth Only

Requirements

3D Secure is available to XML API integrators with terminals with the following settings.

  • Market segment set to eCommerce.
  • 3D Secure Enabled.

3D Secure processing is supported on transactions made with MasterCard and Visa transactions support 3D Secure Processing. Other card types will process as normal and will not trigger 3D secure processing.

error_outline
important

3D secure is handled automatically for integrators using the Hosted Payments Page.

Transaction Flow

Authentication

Pass the following Issuer Authentication variables to authenticate:

Field Name Req? Description
ssl_eci_ind Y eCommerce indicator or ECI Values

(fully authenticated) - There is a liability shift and the merchant is protected from chargeback

(VbV has been attempted) - There is a liability shift and the merchant is protected from chargeback

(Non-VbV transaction) – The merchant is no longer protected from chargeback
ssl_3dsecure_value Y Cardholder Authentication Verification Value or CAVV
ssl_xid C Unique transaction identifier assigned by eMPI

Using XML API

If you are using XML API to integrate to Converge, you have to pass the Issuer Authentication variables ssl_eci_ind, ssl_3dsecure_value and ssl_xid in the Credit Card Sale or the Credit Card Auth Only requests. Those values are obtained by integrating your system to any eMPI capable engine of your choice. Converge has a built-in integration to the Elavon eMPI service that can be utilized free of charge.

The following steps outline the process of sending a 3D secure transaction with XML API using Elavon built-in eMPI engine:

  1. Cardholder enters a Visa or a MasterCard card number at the checkout.

  2. The website collects the payment information using XML API and sends an enrollment request to Converge.

  3. Converge will determine if the card is eligible for 3D Secure processing and responds to the website with a URL, a merchant data value and an encoded payer request value.

    error_outline
    note
    This completes the first stage in the authentication process.

    Shown below is an example of a card enrollment request using XML API:

    Step 1: Send a card enrollment request

    <txn>
        <ssl_merchant_id>my_merchant_id</ssl_merchant_id>
        <ssl_user_id>my_user_id</ssl_user_id>
        <ssl_pin>my_pin</ssl_pin>
        <ssl_transaction_type>paenrolled</ssl_transaction_type>
        <ssl_card_number>0000000000000000</ssl_card_number>
        <ssl_exp_date>1219</ssl_exp_date>
        <ssl_amount>1.00</ssl_amount>
    </txn>

    Receive a card enrollment response along with the issuer URL:

    <txn>
        <acs_url>https://secure.issuerwebsite.com/Visaormastercard.jsp</acs_url>
        <pareq>eJxVUu9PwjAQ/VeWfYe2uOEktxoEiSYWBaeJn0zTHTJlHXRFYH+9LQ5/fGnuXa/v3r0rXO7LVfCJpi4qnYasS8MAtaryQr+l4VM26SRhUFupc7mqNKbhAevwkkO2NIjjR1RbgxwE1rV8w6DI03AtDW5ekySO8hgXnYjl7ogX553kgkUddY6SLlS/r2Qv5PAwnOOGQ9ufu/bdHpATdLxGLaW2HKTaXN1O+d39aHj3KkZA2gSUaG7HXIwoZUC+AWhZIrdY28DljgBUtdXWHHgSUSAnAFuz4ktr1wNCdrtdt9AWjUZbH8fqqqoE4kuA/Ap52PqodpT7IufiQ5xNG9VMs/lEPEZsRieTeTazz+PrFIivgFxa5D3KIhr3koD1B1E0oDGQYx5k6bW4eyerjWHtWwz/XPxNgJNm3IZOo5wQ4H7tFuSfAPmJgfzqHd14G5V1Dk2z61g0H40YD3fi/eVMNC/sfpam3tZjgWcrnEMs9ra2AIinIO3OSLt0F/37DF+VksSF</pareq>
        <md>rO0ABXNyACZjb20ubm92YWluZm8uYWRhcHRlci5lbXBpLk1lcmNoYW50RGF0YQAAAAAAAAABAgAETAACaWR0ABJMamF2YS9sYW5nL1N0cmluZztMAApwYXJhbWV0ZXJzdAATTGphdmEvdXRpbC9IYXNoTWFwO0wAFnRocmVlRFNlY3VyZU1lcmNoYW50SWRxAH4AAUwAA3hpZHEAfgABeHB0ACFOdnpiV3VNbGQ4TnA3ZkE3RjU2X1FGdTEwMTY0MTMyNTlzcgARamF2YS51dGlsLkhhc2hNYXAFB9rBwxZg0QMAAkYACmxvYWRGYWN0b3JJAAl0aHJlc2hvbGR4cD9AAAAAAAAMdwgAAAAQAAAAAnQACXNlc3Npb25JZHEAfgAEdAAMZGNjUmVxdWVzdGVkdAABTnh0AApFTVBJLTAwMDAxdAAUMkM3NzczNTRFMS41Q0FFRTQtVDE=</md>
        <enrolled>Y</enrolled>
    </txn>
  4. If Converge indicates that the card is enrolled, the website will need to redirect the cardholder to the URL returned in the acs_url field and posts the results received from Converge. The post must include the merchant URL so the issuer can redirect the cardholder back to the merchant once the authentication has been completed. The website will receive a new merchant data value and an encoded payer response value from the issuer.

  5. The website sends a second request to Converge with the merchant data value and an encoded payer request value.PaRes value obtained from the issuer in step 1.

    error_outline
    note
    <ul>
    <li>This completes the second stage in the authentication process.</li>
    <li>There is a 15-minute window given to allow the website to respond back to Converge.</li>
    </ul>

    Shown below is an example of a payer authentication:

    Step 2: Send a Payer Authentication Request

    The Merchant will redirect the Customers Browser to the Issuer website and post the authentication request (paReq). Inline authentication Windows with or Without Frames are recommended. Popup windows are not allowed.

    error_outline
    note
    Do not use the GET method

    <form action="https://secure.issuerwebsite.com/Visaormastercard.jsp" method="POST">
        <input type="hidden" id="PaReq" name="PaReq" value="eJxVUu9PwjAQ/VeWfYe2uOEktxoEiSYWBaeJn0zTHTJlHXRFYH+9LQ5/fGnuXa/v3r0rXO7LVfCJpi4qnYasS8MAtaryQr+l4VM26SRhUFupc7mqNKbhAevwkkO2NIjjR1RbgxwE1rV8w6DI03AtDW5ekySO8hgXnYjl7ogX553kgkUddY6SLlS/r2Qv5PAwnOOGQ9ufu/bdHpATdLxGLaW2HKTaXN1O+d39aHj3KkZA2gSUaG7HXIwoZUC+AWhZIrdY28DljgBUtdXWHHgSUSAnAFuz4ktr1wNCdrtdt9AWjUZbH8fqqqoE4kuA/Ap52PqodpT7IufiQ5xNG9VMs/lEPEZsRieTeTazz+PrFIivgFxa5D3KIhr3koD1B1E0oDGQYx5k6bW4eyerjWHtWwz/XPxNgJNm3IZOo5wQ4H7tFuSfAPmJgfzqHd14G5V1Dk2z61g0H40YD3fi/eVMNC/sfpam3tZjgWcrnEMs9ra2AIinIO3OSLt0F/37DF+VksSF">
    
        <input type="hidden" id="TermUrl" name="TermUrl" value="https://www.merchantwebsite.com/3DSReturn.jsp">
        <input type="hidden" id="MD" name="MD" value="rO0ABXNyACZjb20ubm92YWluZm8uYWRhcHRlci5lbXBpLk1lcmNoYW50RGF0YQAAAAAAAAABAgAETAACaWR0ABJMamF2YS9sYW5nL1N0cmluZztMAApwYXJhbWV0ZXJzdAATTGphdmEvdXRpbC9IYXNoTWFwO0wAFnRocmVlRFNlY3VyZU1lcmNoYW50SWRxAH4AAUwAA3hpZHEAfgABeHB0ACFOdnpiV3VNbGQ4TnA3ZkE3RjU2X1FGdTEwMTY0MTMyNTlzcgARamF2YS51dGlsLkhhc2hNYXAFB9rBwxZg0QMAAkYACmxvYWRGYWN0b3JJAAl0aHJlc2hvbGR4cD9AAAAAAAAMdwgAAAAQAAAAAnQACXNlc3Npb25JZHEAfgAEdAAMZGNjUmVxdWVzdGVkdAABTnh0AApFTVBJLTAwMDAxdAAUMkM3NzczNTRFMS41Q0FFRTQtVDE=">
        <input type="submit" name="Proceed to Issuer Website">
    
    </form>

    Receive the Payer Authentication response:

    PaRes = eJzFWMmSo8qS3ddXlNVbyrKYEVxTpVkwCIEUSCAmsbnGJECMYhDD1zfKrKzKV32trV9vWht5eES4H3ePODhsjKSJIuEcBX0TvW5g1LZeHH1Nwx/faqJ7n9HHhUEBM2sASBvpA0hb8wjHd9wQIcw5k1g1Ek9u11cwJ61P7a1v4dYER49ejgJaJY9oUMmfCF8cPwBV0H1wilInLNRMu2R9S0aVWYt/R7/gGRguOJog8crudeMFd05WXw9HHhztuQN8lOxKaJGFl4tGUWxDfI2JReEb12Udt9XXRvg01Q9WXXTK8MiW6Qj8Gmb/LXpOvqvxBkGIbvadlFTRl17VsavgdVsUGeSzbIbyCn/im1i8kxDV9hZqLQgJRU3k9pURV2PKqkXWWIP7YIM8Vm9DrolccxUiUwamvGPkXuv4LZzfIm37jFU8sy/wC66e8qZ8uwKeJz4rNAq2JyuAjlI/RJhrrqoyeWzbIL3mD/MZbeUrumHLb/F9qLdGM7rpkuLP3CyfxHLgjf9pu28rm9fLxvkp7QJvMfjFRryrAomrs4xBQVxgrOGqbeAPBpgif9tySYK0leUWkAt/27QB5XTdolxRPqvys2yBMK8naMXjfnNC4XZ030dSzysv3x7VOtBuJ71cTIkh8UQVlkWRC2afyvb7olAur9V/tI33yqpMAy9PZ69bThMuqQKv/7C9k9mDP1pCUN0kX9ZTL0EGFmPDUogVHfkE8R/Gs/Qmqab2XNvGwpyE9ukbPQkdfTV38e1f/9H1EtJ4uQz/Fwgf7t8tWF7eR6t7EQmcjhmhdGS1Y63O6rv2eSGMMNS888rN8gv2Iv8uy6f8vK8MgnD8m/zFHL7ixZJmNWQCZvq9qlR3IeSZ/97LYyrxoj8rF/dE3hAtNjdGfpiEw9dNWxcgWv5hCG82B8KZ1c7c5YpnEFmumCpNc2IXCVJu7unsR6pVfHV9NvS5jtwMXDmxxvpxOXAbFQR53SS1cSc1q8YpKA6lYAFfbNUZNDHpXuK066S13PTVwppkM5lg32UEKvMefEwJNM7PYaLIX2ED79SOJkRZ1lx6NZJLeB1X/rAlCPixl9Q8igHV9Hr9dNIYI7onMeYs3u9ss7MqmGvHpk/gCMw59WzUigY/4tqPQpZjQBP6xWYsPevlzn0aZUqzuY02N2ZS3vMzZ3Vf3NSYAD/Z0RmWE9uPHeI/JXuzj6b3KizCT5VBr8HsAr7fLnibW/50mVe16pEHLWgWgcH2j0B2bUjn8zxmjtCzzaKbrzRRpHgCvsvKC7ZO4n6L8BuqjSis2oV8cDHw5dPKFd0taOHC6qnjBMZX4gETGncQmWi65dKAjJzZOS/HAFPI21df5jY6Q87xyD/qa6WkMVe9NJHT1Pf0iGToTT3RnWOA0GSXcdUakOFe3G3gDczRXYFJNuvY1TGgdx2tEWV1W8/e5Fzd45aukHQ0CzFewlpFviTybmimqx01D7c3LWaJhgxDU6vB7aATdE6gDFpqbHYyAgTLyEq8Y8keln1b5aWXDwUpCoiQVU1fIMKXU1p3kb7f10q5pUJrO8iovartNiOu2E3AIHGXGGl4VuUjyxvxg6yBBrgNIv7m7nrCvJbdCiUFbzOe5f4qOnS68Jcy/MEyrJQCDwPKj4Gg8yBWNaBYuIPAqEOYszVCg44JzoX0mUQtIuyr1w5eQQq0MQtp4EhEMQDBJkEMFPkEshrqDiKAjhysWotxgwOZftQ2k6ezYyiAU7vsDgRTbxCLf2pTGHejBstYtgadpeHCjFL/U8KKg83Kr5hbAm1xBNyMlvPvgRHnRpi17OnODaFBoU5igY4PBuFxqcZKmmmA27JFChAYajIC7P28twNETSfurmP3Q3joVaO/Dv/iVxUATNEDUIyHd/HNwZOIVeHKX2Z1GHgHmPdYSygWbsMhbXzLH7QysdwyVIWT5ErM1YWFmrh1Cx1liVEbxPjNx0EcOtF13NyX2MG3rT4URA9y8ZtdMELdNTHtfOY4DYOxbmOYv8TrE/IQx2IKASrx57t0ln1C0EQOaCYApMwJA3jO70G11FDjJ8pq3dupz1A/oLjp1g2POmNAkrvUI3W8TCTH2j36KhO2mOVMoKXnsObeZf4tULbkM9Iosr9cJtcTdCjSawU1wq2WxHN64GWL8p8Q8TAx7e86Zb1uGMQnN8H2mO6xLay61TvWYPJyrrdo9p3Tgafu/II17cZVfdTcLhjqkmQJRjMESYSuYhWxBAOVkhl50mBbgrOpt29c73SqbsWP64xmFqoo1rieWtXsOj4AVTRqzEMo/FNale7agdGcIWyPBMJ3PeNjtrnfnasznUMA1Vp0R20jjc2OL1RTRU2qHd4f3Y3EHM9pT/sMXO0LjBKre1YETo6ZDrjpPp17kxEiNjyZc1T5gw9iyAEg3WQBRBAMz3qF4iByyKDxEIBBeNZXR09A2yFLEQQQ2/Gf9eJ1mupkX03t3bIMcrg7UakOWdlxQzuecYuRL70REZ7pFey7Tlr17mkBP7QptpLVhLjT7d05lp1nKkDjgpHTY31gz7ZQTqToRrvj3KVmSmzonjysCK2ebsv7Lagdc6BN9oLJOzSYgFisAXpEAGeBnWK3I7cQZCtU8fgu44SwtsNqNDFTxUjddo5x70h52qMWteK3VissRLOxmpIekwb8KtWYCdZJiK5yGdNvukJJOi6MPupHXvYs POSf1BXp7yqz58WOZcYL3tuw GLjWKaTHpFJxa9cXMiBnzrAcDNpZqQVbUZiQ1OfhUcRC31IYtG9E/SIHeFUT/CowL/tjOseKBoe8QQdbm6dsBNcN8ifD/SPlxU/KK9IPytMkpBsa6NjaqsebZnc7VKw2L0ng4uyeZOlyUdHnVdsCgRvPji4uiJLKr5Qo1POlQhaD/oQnyjCwNE2wEdoQBIaGgDFExSFUJv0U1/6uAOjPwMlHf/FwNkKgf1n8dX02RxCELnyQo8gfUxUEY3vQ7cUhOF7vDPXtsFwwO5Mz3mBN4PC9U7DpK7zq64doq9qTlrQDO7z5ag0f1JJTEWMMXutst8WnowL/bFcRBzw2LU5a6cPJ/y7m4BWB5h9MY8Jzn4/0ii4BkKm57uO6aNleg1NSEvVqVd3puVHYGVSk/HLJCfFnv ZLNHgF2vxM6FgeZ2g9Nr1vZgfEMK8odcyq1x8wiYctLe55uHqVKYYWL2sOjZ6e6OdioDIQZqyxokHMO2iiCPq5JERXZ1Li5CcPHCuJjjk4iBZq8fVmNOs1S/Cid11t9dJaJUTlNK5qobz/tagEQ9DI4iUw02wrL4oZ2kX7ViJjsG9P5ME268SFFjTWIejrTthcee1CuCodL65u6SYDddSZM5A1JUbW4fBVqQrR2hAnC9FQKMc4eRtlLOHXIzpzqXqBQ7ojPwaFG5nQ5kN/bY3m/WwqSOnxC7Vs19luerWDfuOlDW4ht6Siq8TJ81G6nL5R3XbpoAUhPWgOxyP0PlEa0TJykHZcIdMJHR3UdwnFJNJmNibHe9zp9JsneY jbvkTO1C5UUYi7pS/ZfHy1jSHLdhY3a3x62ZNmS yxNNuvOMNu4aVu61jUgEpuTtUMo9WEAnqqqd44yYvQM7bsnEp4khRpZTee2UoKca7pCu16zQIYPjbRQIZqUISJrIJwEaTUI9m4rPjtGzxP780nwDFs5NmRLJxBPqeZCCdrWDptnbxMsOtGYmXNHCOVow6DrLEhdehBo9l1d1Iq/HSpcWLtZA89PSAuagp1YI8EWl7y7tF4km8QEIz0Rd52e mK7O XhxmcEmR1GJ0GW056qV8Z1NBjZN5btXetstNo8CbSJJL2D5SG/G7okF/N e 2/e37w9sHmef78ecPNf8FfxDQ0w==MD=rO0ABXNyACZjb20ubm92YWluZm8uYWRhcHRlci5lbXBpLk1lcmNoYW50RGF0YQAAAAAAAAABAgAETAACaWR0ABJMamF2YS9sYW5nL1N0cmluZztMAApwYXJhbWV0ZXJzdAATTGphdmEvdXRpbC9IYXNoTWFwO0wAFnRocmVlRFNlY3VyZU1lcmNoYW50SWRxAH4AAUwAA3hpZHEAfgABeHB0ACFZTkE2cWFpU28yZDBzb0FBZGtGTDdaZDEwMTY0MTMyNThzcgARamF2YS51dGlsLkhhc2hNYXAFB9rBwxZg0QMAAkYACmxvYWRGYWN0b3JJAAl0aHJlc2hvbGR4cD9AAAAAAAAMdwgAAAAQAAAABXQADXZlbmRvckFwcE5hbWV0AAB0AAlzZXNzaW9uSWRxAH4ABHQADGRjY1JlcXVlc3RlZHQAAU50AAh2ZW5kb3JJZHB0ABB2ZW5kb3JBcHBWZXJzaW9ucQB
  6. Converge will validate the PaRes value sent and responds with the Issuer Authentication variables needed to complete the ccsale or ccauthonly transaction.

    error_outline
    note
    This completes the third and final stage in the authentication process.

    Shown below is an example of a PaRes verification request using XML API:

    Step 3: Send a PaRes Verification request, include the PaRes and MD values received from the issuer in step 2:

    <txn>
        <ssl_merchant_id>my_virtualmerchant_id</ssl_merchant_id>
        <ssl_user_id>my_user_id</ssl_user_id>
        <ssl_pin>my_pin</ssl_pin>
        <ssl_transaction_type>parequest</ssl_transaction_type>
        <md>
        rO0ABXNyACZjb20ubm92YWluZm8uYWRhcHRlci5lbXBpLk1lcmNoYW50RGF0YQAAAAAAAAABAgAETAACaWR0ABJMamF2YS9sYW5nL1N0cmluZztMAApwYXJhbWV0ZXJzdAATTGphdmEvdXRpbC9IYXNoTWFwO0wAFnRocmVlRFNlY3VyZU1lcmNoYW50SWRxAH4AAUwAA3hpZHEAfgABeHB0ACFZTkE2cWFpU28yZDBzb0FBZGtGTDdaZDEwMTY0MTMyNThzcgARamF2YS51dGlsLkhhc2hNYXAFB9rBwxZg0QMAAkYACmxvYWRGYWN0b3JJAAl0aHJlc2hvbGR4cD9AAAAAAAAMdwgAAAAQAAAABXQADXZlbmRvckFwcE5hbWV0AAB0AAlzZXNzaW9uSWRxAH4ABHQADGRjY1JlcXVlc3RlZHQAAU50AAh2ZW5kb3JJZHB0ABB2ZW5kb3JBcHBWZXJzaW9ucQBAAh4dAAKRU1QSS0wMDAwMXQAFDJFNDEzOUYzQkYuRDQxQjU5LVQx
        </md>
        <pares>
        eJzFWMmSo8qS3ddXlNVbyrKYEVxTpVkwCIEUSCAmsbnGJECMYhDD1zfKrKzKV32trV9vWht5eES4H3ePODhsjKSJIuEcBX0TvW5g1LZeHH1Nwx/faqJ7n9HHhUEBM2sASBvpA0hb8wjHd9wQIcw5k1g1Ek9u11cwJ61P7a1v4dYER49ejgJaJY9oUMmfCF8cPwBV0H1wilInLNRMu2R9S0aVWYt/R7/gGRguOJog8crudeMFd05WXw9HHhztuQN8lOxKaJGFl4tGUWxDfI2JReEb12Udt9XXRvg01Q9WXXTK8MiW6Qj8Gmb/LXpOvqvxBkGIbvadlFTRl17VsavgdVsUGeSzbIbyCn/im1i8kxDV9hZqLQgJRU3k9pURV2PKqkXWWIP7YIM8Vm9DrolccxUiUwamvGPkXuv4LZzfIm37jFU8sy/wC66e8qZ8uwKeJz4rNAq2JyuAjlI/RJhrrqoyeWzbIL3mD/MZbeUrumHLb/F9qLdGM7rpkuLP3CyfxHLgjf9pu28rm9fLxvkp7QJvMfjFRryrAomrs4xBQVxgrOGqbeAPBpgif9tySYK0leUWkAt/27QB5XTdolxRPqvys2yBMK8naMXjfnNC4XZ030dSzysv3x7VOtBuJ71cTIkh8UQVlkWRC2afyvb7olAur9V/tI33yqpMAy9PZ69bThMuqQKv/7C9k9mDP1pCUN0kX9ZTL0EGFmPDUogVHfkE8R/Gs/Qmqab2XNvGwpyE9ukbPQkdfTV38e1f/9H1EtJ4uQz/Fwgf7t8tWF7eR6t7EQmcjhmhdGS1Y63O6rv2eSGMMNS888rN8gv2Iv8uy6f8vK8MgnD8m/zFHL7ixZJmNWQCZvq9qlR3IeSZ/97LYyrxoj8rF/dE3hAtNjdGfpiEw9dNWxcgWv5hCG82B8KZ1c7c5YpnEFmumCpNc2IXCVJu7unsR6pVfHV9NvS5jtwMXDmxxvpxOXAbFQR53SS1cSc1q8YpKA6lYAFfbNUZNDHpXuK066S13PTVwppkM5lg32UEKvMefEwJNM7PYaLIX2ED79SOJkRZ1lx6NZJLeB1X/rAlCPixl9Q8igHV9Hr9dNIYI7onMeYs3u9ss7MqmGvHpk/gCMw59WzUigY/4tqPQpZjQBP6xWYsPevlzn0aZUqzuY02N2ZS3vMzZ3Vf3NSYAD/Z0RmWE9uPHeI/JXuzj6b3KizCT5VBr8HsAr7fLnibW/50mVe16pEHLWgWgcH2j0B2bUjn8zxmjtCzzaKbrzRRpHgCvsvKC7ZO4n6L8BuqjSis2oV8cDHw5dPKFd0taOHC6qnjBMZX4gETGncQmWi65dKAjJzZOS/HAFPI21df5jY6Q87xyD/qa6WkMVe9NJHT1Pf0iGToTT3RnWOA0GSXcdUakOFe3G3gDczRXYFJNuvY1TGgdx2tEWV1W8/e5Fzd45aukHQ0CzFewlpFviTybmimqx01D7c3LWaJhgxDU6vB7aATdE6gDFpqbHYyAgTLyEq8Y8keln1b5aWXDwUpCoiQVU1fIMKXU1p3kb7f10q5pUJrO8iovartNiOu2E3AIHGXGGl4VuUjyxvxg6yBBrgNIv7m7nrCvJbdCiUFbzOe5f4qOnS68Jcy/MEyrJQCDwPKj4Gg8yBWNaBYuIPAqEOYszVCg44JzoX0mUQtIuyr1w5eQQq0MQtp4EhEMQDBJkEMFPkEshrqDiKAjhysWotxgwOZftQ2k6ezYyiAU7vsDgRTbxCLf2pTGHejBstYtgadpeHCjFL/U8KKg83Kr5hbAm1xBNyMlvPvgRHnRpi17OnODaFBoU5igY4PBuFxqcZKmmmA27JFChAYajIC7P28twNETSfurmP3Q3joVaO/Dv/iVxUATNEDUIyHd/HNwZOIVeHKX2Z1GHgHmPdYSygWbsMhbXzLH7QysdwyVIWT5ErM1YWFmrh1Cx1liVEbxPjNx0EcOtF13NyX2MG3rT4URA9y8ZtdMELdNTHtfOY4DYOxbmOYv8TrE/IQx2IKASrx57t0ln1C0EQOaCYApMwJA3jO70G11FDjJ8pq3dupz1A/oLjp1g2POmNAkrvUI3W8TCTH2j36KhO2mOVMoKXnsObeZf4tULbkM9Iosr9cJtcTdCjSawU1wq2WxHN64GWL8p8Q8TAx7e86Zb1uGMQnN8H2mO6xLay61TvWYPJyrrdo9p3Tgafu/II17cZVfdTcLhjqkmQJRjMESYSuYhWxBAOVkhl50mBbgrOpt29c73SqbsWP64xmFqoo1rieWtXsOj4AVTRqzEMo/FNale7agdGcIWyPBMJ3PeNjtrnfnasznUMA1Vp0R20jjc2OL1RTRU2qHd4f3Y3EHM9pT/sMXO0LjBKre1YETo6ZDrjpPp17kxEiNjyZc1T5gw9iyAEg3WQBRBAMz3qF4iByyKDxEIBBeNZXR09A2yFLEQQQ2/Gf9eJ1mupkX03t3bIMcrg7UakOWdlxQzuecYuRL70REZ7pFey7Tlr17mkBP7QptpLVhLjT7d05lp1nKkDjgpHTY31gz7ZQTqToRrvj3KVmSmzonjysCK2ebsv7Lagdc6BN9oLJOzSYgFisAXpEAGeBnWK3I7cQZCtU8fgu44SwtsNqNDFTxUjddo5x70h52qMWteK3VissRLOxmpIekwb8KtWYCdZJiK5yGdNvukJJOi6MPupHXvYsPOSf1BXp7yqz58WOZcYL3tuwGLjWKaTHpFJxa9cXMiBnzrAcDNpZqQVbUZiQ1OfhUcRC31IYtG9E/SIHeFUT/CowL/tjOseKBoe8QQdbm6dsBNcN8ifD/SPlxU/KK9IPytMkpBsa6NjaqsebZnc7VKw2L0ng4uyeZOlyUdHnVdsCgRvPji4uiJLKr5Qo1POlQhaD/oQnyjCwNE2wEdoQBIaGgDFExSFUJv0U1/6uAOjPwMlHf/FwNkKgf1n8dX02RxCELnyQo8gfUxUEY3vQ7cUhOF7vDPXtsFwwO5Mz3mBN4PC9U7DpK7zq64doq9qTlrQDO7z5ag0f1JJTEWMMXutst8WnowL/bFcRBzw2LU5a6cPJ/y7m4BWB5h9MY8Jzn4/0ii4BkKm57uO6aNleg1NSEvVqVd3puVHYGVSk/HLJCfFnvZLNHgF2vxM6FgeZ2g9Nr1vZgfEMK8odcyq1x8wiYctLe55uHqVKYYWL2sOjZ6e6OdioDIQZqyxokHMO2iiCPq5JERXZ1Li5CcPHCuJjjk4iBZq8fVmNOs1S/Cid11t9dJaJUTlNK5qobz/tagEQ9DI4iUw02wrL4oZ2kX7ViJjsG9P5ME268SFFjTWIejrTthcee1CuCodL65u6SYDddSZM5A1JUbW4fBVqQrR2hAnC9FQKMc4eRtlLOHXIzpzqXqBQ7ojPwaFG5nQ5kN/bY3m/WwqSOnxC7Vs19luerWDfuOlDW4ht6Siq8TJ81G6nL5R3XbpoAUhPWgOxyP0PlEa0TJykHZcIdMJHR3UdwnFJNJmNibHe9zp9JsneYjbvkTO1C5UUYi7pS/ZfHy1jSHLdhY3a3x62ZNmSyxNNuvOMNu4aVu61jUgEpuTtUMo9WEAnqqqd44yYvQM7bsnEp4khRpZTee2UoKca7pCu16zQIYPjbRQIZqUISJrIJwEaTUI9m4rPjtGzxP780nwDFs5NmRLJxBPqeZCCdrWDptnbxMsOtGYmXNHCOVow6DrLEhdehBo9l1d1Iq/HSpcWLtZA89PSAuagp1YI8EWl7y7tF4km8QEIz0Rd52emK7OXhxmcEmR1GJ0GW056qV8Z1NBjZN5btXetstNo8CbSJJL2D5SG/G7okF/Ne2/e37w9sHmef78ecPNf8FfxDQ0w==
        </pares>
    </txn>

    Receive a PaRes Verification response along with the 3D Secure authentication variables:

    <txn>
        <xid>2C77797CAF.7392B4-T1</xid>
        <cavv>MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=</cavv>
        <eci>02</eci>
        <result>0</result>
    </txn>
  7. The merchant now has to include the ssl_eci_ind, ssl_3dsecure_value, and ssl_xid values in the transaction request ccsale and ccauthonly sent to the converge gateway.

    error_outline
    note
    There is a leading (0) in the ECI value returned from Converge in the second step. It must be removed prior to sending it to Converge.

  8. The website processes Sale or Auth Only collecting the payment information along with the 3D Secure variables obtained, using processxml.do. Refer to the Credit Card Sale(ccsale) and Credit Card Auth Only (ccauthonly) sections for more information.

    Below is an example of a ccsale request with ssl_eci_ind, ssl_3dsecure_value, and ssl_xid values obtained from the previous steps.

    <txn>
        <ssl_merchant_id>my_merchant_id</ssl_merchant_id>
        <ssl_user_id>my_user_id</ssl_user_id>
        <ssl_pin>my_pin</ssl_pin>
        <ssl_test_mode>false</ssl_test_mode>
        <ssl_transaction_type>ccsale</ssl_transaction_type>
        <ssl_card_number>0000000000000000</ssl_card_number>
        <ssl_exp_date>1219</ssl_exp_date>
        <ssl_amount>1.00</ssl_amount>
        <ssl_first_name>John</ssl_first_name>
        <ssl_last_name>Doe</ssl_last_name>
        <ssl_cvv2cvc2_indicator>1</ssl_cvv2cvc2_indicator>
        <ssl_cvv2cvc2>789</ssl_cvv2cvc2>
        <ssl_company>01</ssl_company>
        <ssl_description>VBV Transaction</ssl_description>
        <ssl_eci_ind>2</ssl_eci_ind>
        <ssl_3dsecure_value> MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=</ssl_3dsecure_value>
        <ssl_xid>2C77797CAF.7392B4-T1</ssl_xid>
    </txn>
  9. Converge processes the transaction and returns a response to the website displaying the results. A 3D secure transaction will show in the batch with correct ECI indicator.

Transaction Format

The tables below define the transaction request and response data field elements when using XML API for:

  • Card Enrollment

  • Payer Authentication

  • Verify PaRes

Step 1: Verify Card Enrollment Request

Input Field Name Req? Description
ssl_transaction_type Y Credit Card 3D Secure enrollment (paenrolled).
ssl_merchant_id Y Converge ID as provided by Elavon.
ssl_user_id Y Converge User ID as configured within Converge, case sensitive.
ssl_pin Y Converge PIN as configured within Converge, case sensitive.
ssl_card_number Y Credit Card Number as it appears on the credit card. Must be Visa or MasterCard to be eligible.
ssl_exp_date C Credit Card Expiry Date as it appears on credit card formatted as MMYY.
ssl_amount Y Transaction Sale Amount. Number with 2 decimal places. This amount includes the Net amount and Sales Tax.

Verify Card Enrollment Response

Output Field Name Data Type Description
acs_Url 1-2048 ANS Cardholder issuer URL. The website must redirect the cardholder to this website in order to authenticate with 3D Secure.
paReq ANS Encoded Payer Authentication Request.
enrolled 1 A Indicates whether the card can be authenticated, valid values are:
  • N: The Issuer is not participating. Proceed to authorize the transaction with an with ECI set to 07 (Visa or JCB) or 01 (MC)
  • U: Unable to Authenticate: “U” is used whether the Issuer’s inability to authenticate the account is due to technical difficulties or business reasons. Proceed to authorize the transaction with an ECI of 07 (Visa or JCB) or 01 (MC) or cancel the transaction.
  • Y: The card is enrolled and authentication is available. Redirect the cardholder to the Issuer site for authentication. After the authentication Process, send request to eMPI to obtain the decrypted ECI/CAVV.
md 0-1024 ANS Merchant Data. This is a unique reference to identify the 3D Secure request is genuine and can be then matched up with Elavon.

Step 2: The Payer Authentication Request

Input Field Name Req? Data Type Description
PaReq Y ANS Encoded Payer Authentication Request.
TermUrl Y 1-2048 ANS The merchant URL to which the final reply must be posted. Fully qualified https URL.
md Y 0-1024 ANS Merchant Data. Recommend using request id.

The Payer Authentication Response

Output Field Name Data Type Description
PaRes ANS Encoded Payer Authentication Response. The PARes message is sent by the ACS in response to the PAReq, regardless of whether authentication is successful. PaRes is a Signed XML String which is Compressed and Base 64 Encoded returned by the Issuer.
md 0-1024 ANS Merchant Data.

Step 3: Verify PaRes Request

Input Field Name Req? Description
ssl_transaction_type Y Credit Card 3D PaRes verification (parequest).
ssl_merchant_id Y Converge ID as provided by Elavon.
ssl_user_id Y Converge User ID as configured within Converge, case sensitive.
ssl_pin Y Converge PIN as configured within Converge, case sensitive.
PaRes Y Encoded Payer Authentication key
md

Verify PaRes Response

Input Field Name Data Type Description
result A response containing a value other than 0 for <result> represents non-authenticated transaction. Transaction should be cancelled; the merchant may proceed with ECI of 07 (Visa or JCB) though strongly discouraged.
xID 28 ANS Base 64 Encoded transaction ID.
CAVV 28 ANS Cardholder Authentication Verification Value.

Note: Called UCAF for MasterCard. Universal Cardholder
Authentication Field
  • Base 64 Encoded (28 characters)
eci 0-2 N eCommerce indicator. For a list of possible values, see the ECI Codes section below

ECI Codes

The tables below define the ECI code field elements for:

  • Returned ECI Codes
  • ECI Codes to Send to Converge
  • Protection Status

Returned ECI Codes

ECI Visa MasterCard
01 N/A MCSC has been attempted: Merchant is no longer protected from Chargeback.
02 N/A Fully authenticated: There is a liability shift and the merchant is protected from chargebacks.
05 Fully authenticated: There is a liability shift and the merchant is protected from chargebacks. N/A
06 VbV has been attempted: There is a liability shift and the Merchant is protected from chargebacks. N/A
07 Non-VbV transaction: Merchant is no longer protected from Chargebacks.
blank Non-MCSC transaction: Merchant is no longer protected from Chargebacks.

ECI Codes to Send to Converge

ECI (returned by Converge) ssl_eci_ind ssl_3DSecure_Value ssl_xid
01 6 CAVV Optional Must contain XID
02 5 Must contain CAVV Must contain XID
05 5 Must contain CAVV Must contain XID
06 6 CAVV Optional Must contain XID
07 7 No CAVV XID optional
blank 7 No CAVV XID optional

Transaction Examples

Example 1: XML API

Shown below is an example of a ccsale request with ssl_eci_ind, ssl_3dsecure_value, and ssl_xid values obtained from an integrated eMPI solution to indicate this 3D Secure qualified transaction:

<txn>
    <ssl_merchant_id>my_merchant_id</ssl_merchant_id>
    <ssl_user_id>my_user_id</ssl_user_id>
    <ssl_pin>my_pin</ssl_pin>
    <ssl_test_mode>false</ssl_test_mode>
    <ssl_transaction_type>ccsale</ssl_transaction_type>
    <ssl_card_number>0000000000000000</ssl_card_number>
    <ssl_exp_date>1219</ssl_exp_date>
    <ssl_amount>12000.00</ssl_amount>
    <ssl_first_name>john</ssl_first_name>
    <ssl_last_name>Doe</ssl_last_name>
    <ssl_cvv2cvc2_indicator>1</ssl_cvv2cvc2_indicator>
    <ssl_cvv2cvc2>789</ssl_cvv2cvc2>
    <ssl_company>01</ssl_company>
    <ssl_description>VBV Transaction</ssl_description>
    <ssl_eci_ind>5</ssl_eci_ind>
    <ssl_3dsecure_value>MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=</ssl_3dsecure_value>
    <ssl_xid>14FC923865.3B54A8-T1</ssl_xid>
</txn>

Receive a ccsale response (transaction will show in batch with correct ECI indicator)

<txn>
    <ssl_card_number>00********0000</ssl_card_number>
    <ssl_exp_date>1219</ssl_exp_date>
    <ssl_amount>1.00</ssl_amount>
    <ssl_company>01</ssl_company>
    <ssl_first_name>john</ssl_first_name>
    <ssl_last_name>Doe</ssl_last_name>
    <ssl_result>0</ssl_result>
    <ssl_result_message>APPROVAL</ssl_result_message>
    <ssl_txn_id>AA48439-14AE8D51-2A60-DFA5-15A2-BD02D2FB08A5</ssl_txn_id>
    <ssl_approval_code>CVI127</ssl_approval_code>
    <ssl_cvv2_response>M</ssl_cvv2_response>
    <ssl_avs_response/>
    <ssl_account_balance>1.00</ssl_account_balance>
    <ssl_txn_time>10/04/2011 10:09:11 AM</ssl_txn_time>
</txn>