Developer Docs

SCA

Event Description Applicable Methods
fz.sca.success Emitted when 3DS validation completes successfully.
The liability shifts from merchant to the card issuer.
Please note: The edge case is when the enrolled field (ver) comes back as 'N' (3DS success - Not Enrolled), which means "No, Bank is not participating in 3-D Secure protocol". If the Enrolled value is equal to N, then the Consumer is NOT eligible for Authentication (No liability shift).
Most merchants choose to continue with these transactions, because otherwise in many cases it would be stopping customers from making legitimate transactions.
renderPaymentsPage
verifyCard
fz.sca.error Emitted when 3DS enrolment or validation failed.
The payment attempt is deemed risky and merchant shall not proceed with the payment.
renderPaymentsPage
verifyCard

fz.sca.success Data Payload

Attribute Type Description
aav string Account Authentication Value. Unique 32-character transaction token for a 3D Secure transaction. For Mastercard Identity Check, the AAV is named the UCAF. For Visa Secure, the AAV is named the CAVV.
cavv string Cardholder Authentication Verification Value. A Base64-encoded string sent back with Visa Secure-enrolled cards that specifically identifies the transaction with the issuing bank and Visa. Standard for collecting and sending AAV data for Visa Secure transactions.
par string Payer Authentication Response. Compressed, Base64-encoded response from the card-issuing bank
sli string The Security Level Indicator for 3DS transactions
xid string String used by both Visa and Mastercard which identifies a specific transaction on the Directory Servers. This string value should remain consistent throughout a transaction’s history.
ucaf string Universal Cardholder Authentication Field.
Mastercard only.
ver string 3DS enrolment status.
directoryServerTxnId string Directory server transaction Id
threedsVersion string 3DS version used for verifying the intended payment.
json fz.sca.success data payload
{
  message: "xxx",
  data: {
  aav: "xxx",
  cavv: "xxx",
  par: "xxx",
  sli: "xxx",
  xid: "xxx",
  ucaf: "xxx",
  ver: "xxx",
  directoryServerTxnId: "xxx",
  threedsVersion: "xxx",
  }
}

fz.sca.error Data Payload

Attribute Type Description
errorCode string Error code for specific 3DS/SCA failure scenario.
errorCode will be not be present in the event of request timeout or server error
See below for error code mapping.
json fz.sca.error data payload
// Request timeout, server error, etc. Prompt user to retry.
{
  errors: ["xxx"],
  data: null
}

// 3DS2 authentication failed. The card is deemed risky by issuer.
{
  errors: ["xxx"],
  data: {
  errorCode: "xxx"
  }
}

3DS/SCA Error Code Mapping

Error Code Description
001 Bypassed authentication
This is related to a feature that is currently not available. We will look at providing merchants the ability to configure rules to determine whether authentication is required for a transaction.
--
No liability shift
002 Authentication not available on lookup
Unable to verify 3DS enrolment status with the issuer.
--
No liability shift
003 Unavailable frictionless authentication
3DS authentication is unavailable with the issuer.
--
No liability shift
004 Unsuccessful frictionless authentication
The issuer deems the transaction as risky
--
No liability shift
005 Rejected frictionless authentication
--
No liability shift
006 Unsuccessful step-up authentication
Unsuccessful authentication due to failed OTP (one time password) challenge.
--
No liability shift
007 Unavailable step-up authentication
The card holder is enrolled for 3DS, but authentication is not available with that issuer.
--
No liability shift