Placetopay Docs

General Terms

The following definitions are intended to clarify the information presented throughout this document.

3DS Client: Consumer-oriented component that enables the consumer's interaction with the 3DS Requestor to initiate the EMV 3D-Secure protocol.
3DS Integrator: EMV 3D-Secure participant that facilitates and integrates the 3DS Requestor Environment and, optionally, facilitates integration between the Merchant and the Acquirer.
3DS Method: A scripting call provided by the 3DS Integrator that is placed on the 3DS Requestor's website. Optionally used to obtain additional browser information to facilitate risk-based decision-making.
3DS Requestor: The initiator of the EMV 3D-Secure Authentication Request. For example, it may be a merchant or a digital wallet requesting authentication within a purchase flow.
3DS Requestor App: An application on a Consumer Device that can process a 3D-Secure transaction using a 3DS SDK. The 3DS Requestor App is enabled through integration with the 3DS SDK.
3DS Requestor Environment: The components controlled by the 3DS Requestor (3DS Requestor App, 3DS SDK, and 3DS Server) are typically facilitated by the 3DS Integrator. The implementation of the 3DS Requestor Environment will vary as defined by the 3DS Integrator.
3DS Requestor Initiated (3RI): 3D-Secure transaction initiated by the 3DS Requestor to confirm that an account remains valid or for Cardholder authentication. The first main use case is recurring transactions (TV subscriptions, utility payments, etc.) where the merchant wants to perform a payment transaction to receive authentication data for each bill or a non-payment transaction to verify that a subscription user still has a valid payment method. The second main use case is when the 3DS Requestor requests Decoupled Authentication as a method to authenticate the Cardholder.
3DS Requestor Website: Component that provides the website requesting the Cardholder's credentials (either stored or entered by the Cardholder).
3DS SDK: 3D-Secure Software Development Kit (SDK). A component embedded in the 3DS Requestor App. The 3DS SDK performs 3D-Secure-related functions on behalf of the 3DS Server.
3DS Server: Refers to the server or systems of the 3DS Integrator that handle online transactions and facilitate communication between the 3DS Requestor and the DS.
3D-Secure (3DS): An e-commerce authentication protocol that enables secure processing of payment, non-payment, and account confirmation card transactions.
ACS - Access Control Server: A component operating in the Issuer Domain, which verifies if authentication is available for a card number and device type, and authenticates specific Cardholders.
Acquirer Domain: Contains the systems and functions of the 3DS Requestor Environment and, optionally, the Acquirer.
Acquirer: A financial institution that establishes a contractual service relationship with a Merchant for the purpose of accepting payment cards. In the context of 3D-Secure, in addition to the traditional role of receiving and sending authorization and settlement messages (introducing the transaction into the exchange), the Acquirer also determines if a Merchant is eligible to support Merchant participation in 3D-Secure.
Authentication: In the context of 3D-Secure, the process of confirming that the person conducting an e-commerce transaction is authorized to use the payment card.
Digital Wallet: A software component that allows a user to make an electronic payment with a financial instrument (such as a credit card) while hiding the technical details of executing the payment protocol, including tasks such as entering an account number and providing shipping and Cardholder identification information.
Message Category: Indicates the category of the EMV 3D-Secure message. It can be Payment (01-PA) or Non-Payment (02-NPA).
Merchant: Entity that contracts with an Acquirer to accept payment cards. Manages the online shopping experience with the Cardholder, obtains the card number, and then transfers control to the 3DS Server, which performs payment authentication.
One-Time Password (OTP): A password that is valid for only one login session or transaction, on a computer system or other digital device.
Challenge: The process in which the ACS communicates with the 3DS Client to obtain additional information through interaction with the Cardholder.
Issuer Domain: Contains the systems and functions of the Issuer and its clients (Cardholders).
Issuer: A financial institution that issues payment cards, contracts with Cardholders to provide card services, determines Cardholder eligibility to participate in 3D-Secure, and identifies for the Directory Server the card number ranges eligible to participate in 3D-Secure.
EMV: A term referring to EMVCo specifications for global interoperability and acceptance of secure payment transactions and/or products and services that comply with such specifications.
EMVCo: EMVCo, LLC, a limited liability company incorporated in Delaware, USA. Owned by American Express, Discover, JCB, MasterCard, UnionPay, and Visa. It facilitates global interoperability and acceptance of secure payment transactions using the specifications provided by EMV.
Electronic Commerce Indicator (ECI): Payment System-specific value provided by the ACS to indicate the results of the attempt to authenticate the Cardholder.
Challenge Flow: A 3D-Secure flow that involves interaction with the Cardholder.
Frictionless Flow: A 3D-Secure flow that does not involve interaction with the Cardholder.
Out Of Band (OOB): A Challenge activity completed outside of, but in parallel with, the 3D-Secure flow. The final Challenge Request is not used to transport the data that the ACS must verify, but only signals that authentication has been completed. The ACS authentication methods or implementations are not defined by the 3D-Secure specification.
Authentication Request Message (AReq): An EMV 3D-Secure message sent by the 3DS Server via the DS to the ACS to initiate the authentication process.
Authentication Response Message (ARes): An EMV 3D-Secure message returned by the ACS via the DS in response to an Authentication Request message.
Challenge Request Message (CReq): An EMV 3D-Secure message sent by the 3DS SDK or 3DS Server where additional Cardholder information is sent to the ACS to support the authentication process.
Challenge Response Message (CRes): The ACS response to the CReq message. It may indicate the result of Cardholder authentication or, in the case of an App-based model, also signal that further interaction with the Cardholder is required to complete authentication.
Preparation Request Message (PReq): 3D-Secure message sent from the 3DS Server to the DS to request the Protocol Version(s) of the ACS and DS corresponding to the DS card ranges, as well as an optional 3DS Method URL to update the 3DS Server's internal storage information.
Preparation Response Message (PRes): Response to the PReq message containing the DS Card Ranges, the active Protocol Versions for the ACS and DS, and the 3DS Method URL, so that updates can be made to the 3DS Server's internal storage.
Results Request Message (RReq): Message sent by the ACS via the DS to transmit the results of the authentication transaction to the 3DS Server.
Results Response Message (RRes): Message sent by the 3DS Server to the ACS via the DS to acknowledge receipt of the Results Request message.
Browser: In the context of 3D-Secure, the browser is a conduit for transporting messages between the 3DS Server (in the Acquirer Domain) and the ACS (in the Issuer Domain).
Bank Identification Number (BIN): The first six digits of a payment card account number that uniquely identify the issuing financial institution. Also known as Issuer Identification Number (IIN) in ISO 7812.
Directory Server (DS): A server component operated in the Interoperability Domain; performs various functions including: authenticating the 3DS Server, routing messages between the 3DS Server and the ACS, and validating the 3DS Server, 3DS SDK, and 3DS Requestor.
Frictionless: The authentication process achieved without interaction with the Cardholder.
Authorization System: The systems and services through which a Payment System offers online financial processing, authorization, clearing, and settlement services to Issuers and Acquirers.
Payment System: A Payment System defines the rules and operating conditions, and the requirements for card issuance and Merchant acceptance.
Card: In this specification, it is synonymous with a payment card account.
Cardholder: A person to whom a card is issued or who is authorized to use such card.
Authentication Token: A text string that is not intended to have any meaning and represents an authorization access issued to the client. The token allows replacing the owner's authentication credentials directly, in order to protect the information.
Authentication Value (AV): A cryptographic value generated by the ACS to provide a way, during authorization processing, for the authorization system to validate the integrity of the authentication result. The AV algorithm is defined by each Payment System.
Message Version: Refers to the protocol version that will be used by all components to process the 3D-Secure transaction. The message version is always consistent across all 3D-Secure protocol messages for a specific transaction.
Cardholder Initiated Transaction (CIT): Any transaction in which the cardholder actively participates. Transactions may be performed based on credentials provided by the cardholder at the time of the transaction or a credential stored from a previous interaction. Transactions may occur as an in-store point-of-sale (POS) transaction, an e-commerce transaction, a mail/telephone order, or at an ATM.
Merchant Initiated Transaction (MIT): A transaction where the cardholder does not actively participate. MITs are often preceded by a CIT involving a PA (Payment Authentication) or an Account Status Inquiry (ASI).
Payment Authentication (PA): Involves authentication amount.
Not Payment Authentication (NPA): Does not involve authentication amount.