3D SECURE V2 Manual Ver 1.0.5 EN
3D SECURE V2 Manual Ver 1.0.5 EN
3D SECURE V2 Manual Ver 1.0.5 EN
1
Contents
1. Introduction 3
2. General Architecture 4
3. Details for the Creation of a Test Account 6
4. Strong Customer Authentication through 3D-Secure Wrapper 7
5. 3D-Secure Wrapper Test Cases 25
2
1. Introduction
This document describes the development required for the strong authentication
of a card holder debiting their card on a website. This is the so-called “3D Secure
Version 2” or “EMV 3D-Secure” process supported through the “Visa Secure” and
“Mastercard Identity Check” services; it has to be executed prior to any card
debiting attempt initiated by the holder on a company’s website.
More specifically, where a company uses “Web Service” for card debits (see
relevant Piraeus Bank specification) made by card holders through the company’s
website, the process described herein should be implemented.
3D-Secure requires the card details (number and expiry date) which are either
entered by the user on the company’s website, or alternative the company sends
a “token” obtained at an earlier stage using the Piraeus Bank Tokenization service
(see relevant Piraeus Bank specifications).
3
2. General Architecture
The following diagrams show the general architecture for executing a transaction
following the 3D Secure process. There are two alternatives:
Β) Use of a token
In this case the Piraeus Bank “Tokenization” service has been used and the
company has stored a “token” that corresponds to a card, the details of which
have been stored in Piraeus Bank. The 3D Secure process is thus executed, using
the token value and not the actual card details.
4
Diagram1.2: General architecture – use of a token
5
3. Details for the Creation of a Test Account
The information to be sent to Piraeus Bank in order for the necessary technical
information to be provided (test account) for test transactions is as follows (all is
required):
Technical data:
IP address: IP address of the server from which calls will be made
The test account details provided by Piraeus Bank, once the above information is
sent, are as follows:
AcquirerID
MerchantID
User
Password
6
4. Strong Customer Authentication through 3D-Secure
Wrapper
https://paycenter.piraeusbank.gr/services/Wrapper3DSecure.asmx
Caution!
The amount and currency used in the 3D Secure process should
be identical to those in the sale or pre-authorisation transaction
that follows.
The Web Service call should be made through the Server. Cross-
origin HTTP requests via scripts are not allowed.
The Web Service request and response parameters are described below, followed
by a diagram of the algorithm to be used. Next to each parameter name there is
one of the following indicators:
M (Mandatory): The parameter must have a value
O (Optional): It is not required to send a value to the parameter
C (Conditional): The parameter must have a value subject to the
conditions mentioned in the description.
REQUEST PARAMETERS
Parameter name Description Type
AcquirerID (M) The acquirer id. Provided by Piraeus String
Bank. (up to 5
characters)
MerchantID (M) The merchant ID. Provided by Piraeus Integer
Bank.
User (M) User name. Provided by Piraeus Bank. String
(up to 50
characters)
Password (M) User password encrypted using the MD5 String
hashing algorithm. Provided by Piraeus (up to 50
Bank (in non-encrypted form). characters)
RequestType (M) Request type (see diagram below). String
Possible values:
EnrollmentRequestInit
7
EnrollmentRequestContinue
PAResValidationRequest
Note:
Most Issuers do not display this
description.
Pan (C) Card number or token value. String
A value is required when (up to 19
RequestType=EnrollmentRequestInit. numeric
digits)
8
Expiry (C) The card expiry date in YYMM format. String (4
digits)
When
RequestType=EnrollmentRequestInit
and the pan contains an actual card
number, a value is required in
expiry.
When
RequestType=EnrollmentRequestInit
and the pan contains a Paycenter
token, no value is sent.
MD (O) The content of this parameter will be String (up to
returned through POST in the company’s 254 bytes)
termURL (see parameter description
below). It should contain ASCII
characters numbered from 0x20 to 0x7E,
excluding “<” and “>”. If additional data
is required, Base64 encoding is
necessary. The final size of the
parameter should be up to 254 bytes. It
may be assigned a value only when
RequestType=EnrollmentRequestInit.
Lang (O) ISO 639-1 language code corresponding String (2
to the language used on the company’s characters)
website. E.g. el for Greek, en for English.
It may be assigned a value only when
RequestType=EnrollmentRequestInit.
TermURL (C) The company’s URL to which the user is String
returned following the authentication
process in their bank (see diagram
below). A value is required when
RequestType=EnrollmentRequestInit.
Pares (C) It may be assigned a value when String
RequestType= PAResValidationRequest.
If the company received a value in the
pares parameter when returning to the
TermURL, this value is sent here.
Cres (C) It may be assigned a value when String
RequestType= PAResValidationRequest.
If the company received a value in cres
parameter when returning to the
TermURL, this value is sent here.
ThreeDSMethodNotificat The company’s URL called under certain String
ionURL (C) conditions during the 3D Secure process,
in order for a subsequent call to 3D
Secure wrapper to follow (see diagram
below). A value is required when
RequestType=EnrollmentRequestInit.
Caution!
It is recommended that its value be
generated dynamically and the
MerchantReference value is
included as a parameter (in the
9
query string), so that there is a
unique element to establish the link
to the transaction upon return (e.g.
https://www.test.gr?ref=abcd
where ‘abcd’ is the
MerchantReference value of the
transaction)
ThreeDSCompInd (C) A value is sent only when RequestType= String
EnrollmentRequestContinue (see diagram
below).
“Y”: Sent only when the wrapper call
with RequestType=
EnrollmentRequestContinue follows
the company’s
threeDSMethodNotificationURL call.
“N”: Sent only when the wrapper call
with RequestType=
EnrollmentRequestContinue is made
without prior call of the company’s
threeDSMethodNotificationURL
(TIMEOUT)
PanMode (O) For future use; no value is sent. String
MessageCategory (O) Used when authentication is not followed String
by a card transaction (non-payment
authentication) and only when
RequestType= EnrollmentRequestInit.
For non-payment authentication,
value “NonPayment” is sent
Alternatively, for payment
authentication, value “Payment” is
sent.
* ChallengeWindowSize Desirable window size for card holder String
(C) authentication. Potential values:
W250H400: 250x400
W390H400: 390x400
W500H600: 500x600
W600H400: 600x400
FullScreen: Full screen
A value is required only when
RequestType=EnrollmentRequestInit.
* BrowserIP (C) The browser’s IP. Values accepted IPv4 String
e.g. 1.12.123.255 or IPv6 e.g.
2011:0db8:85a3:0101:0101:8a2e:0370:
7334
A value is required only when
RequestType=EnrollmentRequestInit.
*Navigator_language Value representing the browser language String
(C) as defined in IETF BCP47. Obtained from
navigator.language HTML property.
A value is required only when
RequestType=EnrollmentRequestInit.
*Navigator_javaEnabled Value representing the ability of the String
(O) cardholder browser to execute Java.
10
Obtained from the navigator.javaEnabled
property. Accepted values: true/false
A value is required only when
RequestType=EnrollmentRequestInit.
*Navigator_jsEnabled Value representing the ability of the String
(C) cardholder browser to execute
JavaScript.
Accepted values: true/false
A value is required only when
RequestType=EnrollmentRequestInit.
*Screen_colorDepth (C) Value representing the bit depth of the String (1-2
color palette for displaying images, in characters)
bits per pixel. Obtained from Cardholder
browser using the screen.colorDepth
property. Accepted values: 1, 4, 8, 15,
16, 24, 32, 48.
A value is required only when
RequestType=EnrollmentRequestInit.
* Screen_height (C) Total height of the Cardholder’s screen in String (1-6
pixels. Obtained from the screen.height numeric
property. characters)
A value is required only when
RequestType=EnrollmentRequestInit.
* Screen_width (C) Total width of the cardholder’s screen in String (1-6
pixels. Obtained from the screen.width numeric
property. characters)
A value is required only when
RequestType=EnrollmentRequestInit.
* TimezoneOffset (C) Time-zone offset in minutes between String (1-5
UTC and the cardholder browser local characters)
time. Note that the offset is positive if
the local time zone is behind UTC and
negative if it is ahead. Value is returned
from the getTimezoneOffset() method.
Examples: If UTC -5 hours,
TimezoneOffset=300 or +300. If UTC +5
hours, TimezoneOffset= -300.
A value is required only when
RequestType=EnrollmentRequestInit.
* UserAgent (C) Exact content of the HTTP user-agent String (max.
header. If the total length of the User- 2048
Agent sent by the browser exceeds 2048 characters)
characters, the system truncates the
excess portion.
A value is required only when
RequestType=EnrollmentRequestInit.
* BrowserAccept (C) Value of the accept header field String (max.
(response types acceptable by the 2048
browser). If the total length of the accept characters)
header sent by the browser exceeds
2048 characters, the system truncates
the excess portion.
A value is required only when
11
RequestType=EnrollmentRequestInit.
* BillAddrCity (C) Billing address city String (up to
50 characters)
The parameter contains only Greek or
Latin lowercase & uppercase
alphanumeric characters, space, or the
following special characters /:_().,+-
A value is required only when
RequestType=EnrollmentRequestInit.
* BillAddrCountry (C) ISO 3166-1 numeric country code, String (3
corresponding to Billing address country. numeric
E.g. 300 for Greece. digits)
A value is required only when
RequestType=EnrollmentRequestInit.
* BillAddrLine1 (C) Additional line 1 of the billing address String (up to
50 characters)
The parameter contains only Greek or
Latin lowercase & uppercase
alphanumeric characters, space, or the
following special characters /:_().,+-
A value is required only when
RequestType=EnrollmentRequestInit.
BillAddrLine2 (O) Additional line 2 of the billing address String (up to
50 characters)
The parameter contains only Greek or
Latin lowercase & uppercase
alphanumeric characters, space, or the
following special characters /:_().,+-
BillAddrLine3 (O) Additional line 3 of the billing address String (up to
50 characters)
The parameter contains only Greek or
Latin lowercase & uppercase
alphanumeric characters, space, or the
following special characters /:_().,+-
* BillAddrPostCode (C) Post code of the billing address String (up to
16 characters)
The parameter contains only Greek or
Latin lowercase & uppercase
alphanumeric characters, space, or the
following special characters /:_().,+-
A value is required only when
RequestType=EnrollmentRequestInit.
* BillAddrState (C) ISO 3166 country subdivision code String (max. 3
without the country name code, characters)
corresponding to Billing address State (if
available).
Below are the values for the
administrative regions of Greece:
A Eastern Macedonia and Thrace
B Central Macedonia
C Western Macedonia
D Epirus
E Thessaly
12
F Ionian Islands
G Western Greece
H Central Greece
I Attica
J Peloponnese
K Northern Aegean
L Southern Aegean
M Crete
A value is required only when
RequestType=EnrollmentRequestInit.
* ShipAddrCity (C) Shipping address city String (up to
50 characters)
The parameter contains only Greek or
Latin lowercase & uppercase
alphanumeric characters, space, or the
following special characters /:_().,+-
A value is required only when
RequestType=EnrollmentRequestInit.
* ShipAddrCountry (C) ISO 3166-1 numeric country code, String (3
corresponding to Shipping address numeric
country. E.g. 300 for Greece. digits)
A value is required only when
RequestType=EnrollmentRequestInit.
* ShipAddrLine1 (C) Additional line 1 of the shipping address String (up to
50 characters)
The parameter contains only Greek or
Latin lowercase & uppercase
alphanumeric characters, space, or the
following special characters /:_().,+-
A value is required only when
RequestType=EnrollmentRequestInit.
ShipAddrLine2 (O) Additional line 2 of the shipping address String (up to
50 characters)
The parameter contains only Greek or
Latin lowercase & uppercase
alphanumeric characters, space, or the
following special characters /:_().,+-
ShipAddrLine3 (O) Additional line 3 of the shipping address String (up to
50 characters)
The parameter contains only Greek or
Latin lowercase & uppercase
alphanumeric characters, space, or the
following special characters /:_().,+-
* ShipAddrPostCode (C) Post code of the shipping address String (up to
16 characters)
The parameter contains only Greek or
Latin lowercase & uppercase
alphanumeric characters, space, or the
following special characters /:_().,+-
A value is required only when
RequestType=EnrollmentRequestInit.
* ShipAddrState (C) ISO 3166 country subdivision code String (max. 3
without the country name code, characters)
13
corresponding to Shipping address State
(if available).
Below are the values for the
administrative regions of Greece:
A Eastern Macedonia and Thrace
B Central Macedonia
C Western Macedonia
D Epirus
E Thessaly
F Ionian Islands
G Western Greece
H Central Greece
I Attica
J Peloponnese
K Northern Aegean
L Southern Aegean
M Crete
A value is required only when
RequestType=EnrollmentRequestInit.
* CardholderName (C) Name of the card holder String (2-45
characters)
The parameter contains only Latin (not
Greek) lowercase & uppercase
alphanumeric characters, space, or the
following special characters /:_().,+-
A value is required only when
RequestType=EnrollmentRequestInit.
* Email (C) E-mail of the card holder String (up to
254
The parameter shall meet requirements characters)
of Section 3.4 of IETF RFC 5322.
A value is required only when
RequestType=EnrollmentRequestInit.
* HomePhone (C) Home phone number of the card holder, String (up to
in (..3-..15) format, namely (up to 3 19 characters)
characters dash up to 15 characters).
E.g. 210-3288000
A value is required only when
RequestType=EnrollmentRequestInit.
* MobilePhone (C) Mobile number of the card holder, in String (up to
(..3-..15) format, namely (up to 3 19 characters)
characters dash up to 15 characters).
E.g. +30-6972222222
A value is required only when
RequestType=EnrollmentRequestInit.
WorkPhone (O) Work phone number of the card holder, String (up to
in (..3-..15) format, namely (up to 3 19 characters)
characters dash up to 15 characters).
E.g. 210-3288000
RecurringInd (O) It is only used in recurring transactions. String (1
It concerns the first transaction of a character)
recurring payment (i.e. standing order),
performed online by the card holder and
14
is, therefore, preceded by the 3d-secure
process. It is only sent when
RequestType= EnrollmentRequestInit.
Potential values:
R, for recurring transactions
(transactions performed at regular
intervals)
C, for unscheduled recurring
transactions (transactions performed
at irregular intervals)
Unless the process concerns a recurring
transaction, the parameter is omitted.
RecurPurchaseDate (C) In recurring transactions, it contains the String (14
date of the first recurring transaction in characters)
YYYYMMDDHHMMSS format. It may only
have a value when
RequestType=EnrollmentRequestInit and
provided that the RecurringInd has a
value, too.
RecurFreq (C) In recurring transactions, it contains the String (max. 4
recurrence frequency of the transaction characters)
(integer number of days). It may only
have a value when
RequestType=EnrollmentRequestInit and
provided that the RecurringInd has a
value, too.
RecurEnd (C) In recurring transactions (i.e. when String(8
RecurringInd=R or C), it contains the characters)
expiry date of the recurring debit in
YYYYMMDD format. It may only have a
value when
RequestType=EnrollmentRequestInit and
provided that the RecurringInd has a
value, too.
Attention:
(*): The above parameters are mandatory, as Issuers may soon be
rejecting transactions lacking this information.
RESPONSE PARAMETERS
Parameter name Description Type
AcquirerID (M) The AcquirerID value sent with the request String
MerchantID (M) The MerchantID value sent with the Integer
request
User (M) The User value sent with the request String
(up to 50
characters)
15
RequestType (M) The RequestType value sent with the String
request
ResultCode (M) The request result code indicating whether Integer
a technical issue occurred during the call.
Specifically:
Value = 0: No issue occurred and
the remaining parameters have
information on the 3D Secure
process carried out.
Note:
It is necessary to save the value, so
that it can be used as a reference in
the communication with Piraeus
Bank, as required.
MerchantReference (M) The MerchantReference value sent with the String
request. (up to 50
characters)
MdStatus (C) Unless there is some technical problem String
(ResultCode=0), it contains information on
the call outcome during execution of the
3D Secure process. The actions which
should follow in order for the process to be
completed depend on this value (see
diagram below). The possible values are:
0: Not authenticated
1: Fully authenticated
2: Not enrolled
3: Not enrolled cache (not
used any more)
4: Attempt
5: U received
6: Error received (from Directory
or ACS server)
9: Pending
50: Interim status during the
execution of 3D Secure (see
16
diagram below)
80: Skip device case
91: Network error
92: Directory error (read timeout)
93: Configuration error
94: Merchant input error
95: No directory found for
PAN/cardtype
96: No version 2 directory found
for PAN/cardtype
99: System error
17
PAResVerifed (C) Indicates whether signature verification String
during messaging for the execution of the
3D Secure process was successful or not.
Potential values: True/False. This is an
informative field and its value is not used
anywhere.
Protocol (C) Authentication protocol version used String
during authentication. Possible values: 1
and 2. Its value should be included when
Transaction Web Service is called for the
execution of the transaction (Protocol
parameter)
TDSMethodContent (C) Raw html for browser rendering. May String
contain a value when
RequestType=EnrollmentRequestInit (see
diagram below)
RedirectToACSFormData Raw html for browser rendering. It may String
(C) contain a value when
RequestType=EnrollmentRequestInit or
RequestType=EnrollmentRequestContinue
(see diagram below)
DsTransID (C) Directory server transaction id. Its value String
should be included when Transaction Web
Service is called for the execution of the
transaction (DsTransID parameter)
The following diagram shows the algorithm for executing the 3D Secure process,
followed by a text describing the process and the required calls.
18
19
20
Caution!
2.1 If it is not 0, this means that a technical issue has occurred and the
company will decide whether to send the transaction or not (*).
If it is not 0, this means that a technical issue has occurred and the
company will decide whether to send the transaction or not (*).
21
If mdStatus=0 (unsuccessful authentication), no transaction is
sent and an informative message is displayed to the user.
If mdStatus=50, then:
22
o If mdStatus=1, 2, 3 or 4, the transaction is sent using the
Transaction Web Service. Caution: the values of Eci ,
Cavv, Xid, protocol, dsTransID parameters of the 3D
Secure wrapper in the 3D Secure wrapper response should
be sent and the same MerchantReference should be
used.
o RequestType= PAResValidationRequest
o MerchantReference: the value which had been
used in the first 3D Secure wrapper call
o pares the value of the pares parameter sent to
TermURL or cres the value of cres sent to TermURL
(one of the two parameters will be sent to
TermURL)
23
− If mdStatus=1, 2, 3 or 4, the transaction is sent
using the Transaction Web Service. Caution: the
values of Eci, Cavv, Xid, protocol, dsTransID
parameters of the 3D Secure wrapper in the 3D
Secure wrapper response should be sent and
the same MerchantReference should be used.
Caution!
24
5. 3D-Secure Wrapper Test Cases
Below follows a list of the test cases to be executed in order to check the
implementation of the 3D Secure process. In every test case:
1) The process described in this document should be performed using the
details listed below
2) Depending on the result of the 3D Secure process and provided that the
transaction is to be sent (see previous Section), the Transaction Web
Service should be called with the same card details, same Merchant
Reference, same amount and same currency. Moreover, when the
Transaction Web Service is called:
The CVV2 parameter (for sales and preauthorisations) must have the
value ‘123’.
In preauthorisations, the ExpirePreauth parameter must have the
value ‘30’
The Installments parameter must have the value ‘0’
Test Case 1
REQUIRED
Input parameters:
Parameter Value
Currency 978
Pan 4016000000002
Expiry if a sale transaction is to xx01 where xx the last 2
follow (RequestType=SALE) digits of a future year
Expiry if a preauthorisation xx02 where xx the last 2
transaction is to follow digits of a future year
(RequestType=AUTHORIZE)
25
Test Case 2
REQUIRED
Input parameters:
Parameter Value
Currency 978
Pan 4016000000010
Expiry if a sale transaction is to xx01 where xx the last 2
follow (RequestType=SALE) digits of a future year
Expiry if a preauthorisation xx02 where xx the last 2
transaction is to follow digits of a future year
(RequestType=AUTHORIZE)
26
Test Case 3
REQUIRED
Input parameters:
Parameter Value
Currency 978
Pan 4016000000051
Code to be entered on the correct
display (‘Challenge’)
Expiry if a sale transaction is to xx01 where xx the last 2
follow (RequestType=SALE) digits of a future year
Expiry if a preauthorisation xx02 where xx the last 2
transaction is to follow digits of a future year
(RequestType=AUTHORIZE)
27
Test Case 4
REQUIRED
Input parameters:
Parameter Value
Currency 978
Pan 4016000000051
Code to be entered on the delayed
display (‘Challenge’)
Expiry if a sale transaction is to xx01 where xx the last 2
follow (RequestType=SALE) digits of a future year
Expiry if a preauthorisation xx02 where xx the last 2
transaction is to follow digits of a future year
(RequestType=AUTHORIZE)
28
Test Case 5
REQUIRED
Input parameters:
Parameter Value
Currency 978
Pan 4016000000051
Code to be entered on the attempt
display (‘Challenge’)
Expiry if a sale transaction is to xx01 where xx the last 2
follow (RequestType=SALE) digits of a future year
Expiry if a preauthorisation xx02 where xx the last 2
transaction is to follow digits of a future year
(RequestType=AUTHORIZE)
29
Test Case 6
REQUIRED
Input parameters:
Parameter Value
Currency 978
Pan 4016000000051
Code to be entered on the cancel
display (‘Challenge’)
Expiry if a sale transaction is to xx01 where xx the last 2
follow (RequestType=SALE) digits of a future year
Expiry if a preauthorisation xx02 where xx the last 2
transaction is to follow digits of a future year
(RequestType=AUTHORIZE)
30
Test Case 7
REQUIRED
Input parameters:
Parameter Value
Currency 978
Pan 4016000000051
Code to be entered on the wrong
display (‘Challenge’)
Expiry if a sale transaction is to xx01 where xx the last 2
follow (RequestType=SALE) digits of a future year
Expiry if a preauthorisation xx02 where xx the last 2
transaction is to follow digits of a future year
(RequestType=AUTHORIZE)
31
Test Case 8
REQUIRED
Input parameters:
Parameter Value
Currency 978
Pan 4016000000051
Code to be entered on the error
display (‘Challenge’)
Expiry if a sale transaction is to xx01 where xx the last 2
follow (RequestType=SALE) digits of a future year
Expiry if a preauthorisation xx02 where xx the last 2
transaction is to follow digits of a future year
(RequestType=AUTHORIZE)
32
Test Case 9
REQUIRED
Input parameters:
Parameter Value
Currency 978
Pan 4016000000051
Code to be entered on the unable
display (‘Challenge’)
Expiry if a sale transaction is to xx01 where xx the last 2
follow (RequestType=SALE) digits of a future year
Expiry if a preauthorisation xx02 where xx the last 2
transaction is to follow digits of a future year
(RequestType=AUTHORIZE)
33
Test Case 10
REQUIRED
Input parameters:
Parameter Value
Currency 978
Pan 4012000000012003001
Code to be entered on the Secret33!
display (‘Password’)
Expiry if a sale transaction is to xx01 where xx the last 2
follow (RequestType=SALE) digits of a future year
Expiry if a preauthorisation xx02 where xx the last 2
transaction is to follow digits of a future year
(RequestType=AUTHORIZE)
34
Test Case 11
REQUIRED
Input parameters:
Parameter Value
Currency 978
Pan 4012000000012011046
Expiry if a sale transaction is to xx01 where xx the last 2
follow (RequestType=SALE) digits of a future year
Expiry if a preauthorisation xx02 where xx the last 2
transaction is to follow digits of a future year
(RequestType=AUTHORIZE)
35
Test Case 12
REQUIRED
Input parameters:
Parameter Value
Currency 978
Pan 4012000000012011004
Expiry if a sale transaction is to xx01 where xx the last 2
follow (RequestType=SALE) digits of a future year
Expiry if a preauthorisation xx02 where xx the last 2
transaction is to follow digits of a future year
(RequestType=AUTHORIZE)
36
Test Case 13
REQUIRED
Input parameters:
Parameter Value
Currency 978
Pan 4012000000012011012
Expiry if a sale transaction is to xx01 where xx the last 2
follow (RequestType=SALE) digits of a future year
Expiry if a preauthorisation xx02 where xx the last 2
transaction is to follow digits of a future year
(RequestType=AUTHORIZE)
37
Test Case 14
REQUIRED
Input parameters:
Parameter Value
Currency 978
Pan 4012000000012011020
Expiry if a sale transaction is to xx01 where xx the last 2
follow (RequestType=SALE) digits of a future year
Expiry if a preauthorisation xx02 where xx the last 2
transaction is to follow digits of a future year
(RequestType=AUTHORIZE)
38
Test Case 15
REQUIRED
Input parameters:
Parameter Value
Currency 978
Pan 4012000000012011038
Expiry if a sale transaction is to xx01 where xx the last 2
follow (RequestType=SALE) digits of a future year
Expiry if a preauthorisation xx02 where xx the last 2
transaction is to follow digits of a future year
(RequestType=AUTHORIZE)
39
Test Case 16
REQUIRED
Input parameters:
Parameter Value
Currency 978
5544330000000003
Pan
5544330000000011
Code to be entered on the
unable
display (‘Challenge’)
Expiry if a sale transaction is to xx01 where xx the last 2
follow (RequestType=SALE) digits of a future year
Expiry if a preauthorisation xx02 where xx the last 2
transaction is to follow digits of a future year
(RequestType=AUTHORIZE)
40
Test Case 17
REQUIRED
Input parameters:
Parameter Value
Currency 978
Pan 5544330000000029
Expiry if a sale transaction is to xx01 where xx the last 2
follow (RequestType=SALE) digits of a future year
Expiry if a preauthorisation xx02 where xx the last 2
transaction is to follow digits of a future year
(RequestType=AUTHORIZE)
41
Test Case 18
REQUIRED
Input parameters:
Parameter Value
Currency 978
Pan 5544330000000037
Code to be entered on the
unable
display (‘Challenge’)
Expiry if a sale transaction is to xx01 where xx the last 2
follow (RequestType=SALE) digits of a future year
Expiry if a preauthorisation xx02 where xx the last 2
transaction is to follow digits of a future year
(RequestType=AUTHORIZE)
42
Test Case 19
REQUIRED
Input parameters:
Parameter Value
Currency 978
Pan 5544330000000045
Expiry if a sale transaction is to xx01 where xx the last 2
follow (RequestType=SALE) digits of a future year
Expiry if a preauthorisation xx02 where xx the last 2
transaction is to follow digits of a future year
(RequestType=AUTHORIZE)
43
Test Case 20
REQUIRED
Input parameters:
Parameter Value
Currency 978
4016001000019
Pan
4016001000035
Code to be entered on the
unable
display (‘Challenge’)
Expiry if a sale transaction is to xx01 where xx the last 2
follow (RequestType=SALE) digits of a future year
Expiry if a preauthorisation xx02 where xx the last 2
transaction is to follow digits of a future year
(RequestType=AUTHORIZE)
44
Test Case 21
REQUIRED
Input parameters:
Parameter Value
Currency 978
Pan 4016001000001
Expiry if a sale transaction is to xx01 where xx the last 2
follow (RequestType=SALE) digits of a future year
Expiry if a preauthorisation xx02 where xx the last 2
transaction is to follow digits of a future year
(RequestType=AUTHORIZE)
45
Test Case 22
REQUIRED
Input parameters:
Parameter Value
Currency 978
Pan 4016001000050
Expiry if a sale transaction is to xx01 where xx the last 2
follow (RequestType=SALE) digits of a future year
Expiry if a preauthorisation xx02 where xx the last 2
transaction is to follow digits of a future year
(RequestType=AUTHORIZE)
46