Basic 3DS Instructions

These instructions can be ignored if your site is hosted by Checkout Champ. 3DS handling is built into the platform.

You can test the 3DS process flow by using test cards. Test Cards

The 3D-Secure process involves sending the consumer to a url or executing a script for the consumer’s bank. The consumer must enter additional security information to authenticate identity. 3DS is a more complicated transaction flow than the standard Import Order and Upsell API calls. The benefit is a secure checkout and a liability shift for chargebacks due to fraud.

To begin the 3DS process flow, first send the standard Order Import or Upsell request. Not all cards are 3DS enabled and will simply process through the normal way. If the issuing bank requires a 3DS authentication then the response will indicate that. Your page must take additional action to process the sale.

3DS requires that redirectsTo and errorRedirectsTo be included on Order Import and Upsell requests.

  • redirectsTo = the url where the browser should redirect on a successful transaction

  • errorRedirectsTo = the url where the browser should redirect on a failed transaction

 

CheckoutChamp has two different 3DS response types:

1. 3DS redirect URL response

This response indicates that the user's browser should be redirected to a specific URL

{ "result": "MERC_REDIRECT", "message": { "url": "https://redirecttheuserhere.com" } }

2. 3DS JavaScript response

This response indicates that the user's browser should execute the supplied JavaScript. The JS eval function can be used for this

{ "result": "MERC_REDIRECT", "message": { "script": "var iframe=document.createElement(\\'IFRAME\\');iframe.innerHTML=..." } }

 

3. Example script to handle both responses

if (result === "MERC_REDIRECT") { if (message && message.url) { window.location.href = message.url; } else if (message && message.script) { eval(message.script); } }

 

On completion of the 3DS process, one of 2 events will occur:

1. 3DS FAILURE

On failure, the consumer will be redirected back to the URL provided in the errorRedirectsTo parameter. Additionally, the errorMsg parameter will be sent as part of the URL query string 
Ex. GET https://mysalesPage.com/lander/index.php?errorMsg=Description+of+bank+error

2.3DS SUCCESS

On success, the browser will initiate a POST request to the URL provided in the redirectsTo parameter. The request will contain two POST parameters:
finalizeTransaction=1&orderData={}, which contains the same json-encoded response information as a successful non-3DS Import Order request.