No results

Overview

The XML Server to Server 3D Secure Protocol allows the Merchant to have complete control of the transaction by invoking synchronous services call and at the same time benefit from the protection offered by the 3D secure protocol.

The protocol provides that the holder submit data on their credit card directly to the Merchant's system, who is then subject to PCI regulations; Nexi reserves the right to request a document proving the certification.

Enrolled case

  1. The cardholder makes a payment via the Merchant's site; payment data are transmitted to the Merchant's server
  2. The Merchant's server sends a VerifyEnrollment message to the Gateway to verify participation of the card in the 3D Secure protocol
  3. The Gateway send a VEReq (Verify Enrollment Request) to the Visa/Mastercard interoperability domain
    1. Visa/Mastercard forwards the request to the Issuer
    2. The Issuer replies to e Visa/Mastercard with the outcome and the URL of the ACS (Access Control Server)
  4. Visa/Mastercard responds with the VERes (Verify Enrollment Response)
  5. Once the authentication is completed, the Gateway send to the Merchant's server the outcome of verifying participation of the card in the 3D Secure protocol and the PAReq (Payment Authentication Request)
  6. The Merchant's server redirects the cardholder to the ACS of the Issuer together with the PAReq
  7. The ACS redirects the holder to the Merchant's return page passing the PARes (Payment Authentication Response) as parameter
  8. The Merchant's Server sends to the Gateway the authentication outcome (PARes) via a verifyPares
    9. message
  9. The Gateway sends the data that are necessary to process a 3D Secure authorisation request. If authentication fails, the payment will be aborted
  10. The Merchant sends to Nexi an authorisation request (operationtype=PAYTHREESTEP) containing all the details (order details, card details, 3D Secure authentication details)
  11. The Gateway processes the authorisation request and returns the outcome to the Merchant

Not enrolled case

  1. The cardholder makes a payment via the Merchant's site; payment data are transmitted to the Merchant's server
  2. The Merchant's server sends a VerifyEnrollment message to the Gateway to check the card for participation in the 3D Secure protocol
  3. The Gateway sends VEReq (Verify Enrollment Request) message to Visa/Mastercard interoperability domain
    1. rability domain 3A. Visa/Mastercard forwards the request to the Issuer
    2. The Issuer replies to Visa/Mastercard with the verification outcome
  4. Visa/Mastercard responds with the VERes (Verify Enrollment Response) message
  5. Nexi replies to the Merchant reporting that the card must not perform authentication
  6. The Merchant sends to the Gateway an authorisation request (operationtype=PAYTHREESTEP) containing all the details (order details, card details, ECI flag)
  7. The Gateway processes the authorisation request and returns the outcome to the Merchant.

Not supported case

  1. The cardholder makes a payment via the Merchant's site; payment data are transmitted to the Merchant's server
  2. The Merchant's server sends a VerifyEnrollment message to the Gateway
  3. The Gateway checks the card for participation in the 3D Secure protocol
  4. The Gateway replies to the Merchant reporting that the card is not supported
  5. The Merchant sends to Nexi an authorisation request (operationtype=PAY) containing all the details (order details, card details, ...)
  6. The Gateway processes the authorisation request and returns the outcome to the Merchant.