000027121 - In which scenarios does RSA ACS Server return the CAVV (VISA) / UCAF (MC) Value in the Payment Authentication (PA) Response message for 3D Secure transactions?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000027121
Applies To

In general, there are three possible categories of transactions (combinations of Merchant and cardholder status with respect to 3D Secure), and for each category there is a PA response as follows:


1) Merchant not Registered ? Merchant is not 3D Secure enabled thus doesn?t have the plug-in to support it. No messages are transferred between RSA ACS (Access Control Server), Visa/MC Directory Server and Merchant (There are no Verify Enrollment, Payment Authentication messages).  
2) Merchant Registered & Cardholder is not Registered 

Stage 1 ? Verify Enrollment: 

If the cardholder is not registered but eligible for 3D Secure service, then during shopping at a 3D Secure enabled site, the merchant will ask via Visa or MC Directory server if the cardholder is enrolled to Issuer?s ACS by sending Verify Enrollment Request. RSA ACS will return VE response = Y and Merchant redirect the cardholder browser to registration for 3D Secure service.


Stage 2 ? Payment Authentication: 

There are 2 options for the work flow of the cardholder:

a) If the cardholder opts out, RSA ACS will send PA response of A (Attempt) to the Merchant.

The response also contains the UCAF (MC) / CAVV Value (Visa). This is proof that the message is authentic and merchant tried to perform 3D Secure transaction by authenticating the cardholder.

b) If the cardholder registers successfully, RSA ACS sends PA response = Y (Successful authentication) to the Merchant.

The response also contains the UCAF (MC) / CAVV Value (Visa). This is proof that the message is authentic and not tampered with by a fraudster.


3) Merchant Registered & Cardholder is Registered 

Stage 1 ? Verify Enrollment: 

After registering to 3D Secure and upon subsequent shopping at 3D Secure enabled site, the Merchant will ask via Visa or MC directory server if cardholder is enrolled to Issuer?s ACS by sending Verify Enrollment Request. RSA ACS will return VE response = Y and Merchant redirect the cardholder's browser to authenticate as part of 3D Secure service, that is sign a receipt by entering the 3D Secure Password that was chosen during registration process.


Stage 2 ? Payment Authentication: 

There are 2 options for the work flow of the cardholder:

a) If the cardholder enters correct PW, RSA ACS will send PA response Y (Successful authentication) to the Merchant.

The response also contains the UCAF (MC) / CAVV Value (Visa), serving as proof that the message is authentic

b) If the cardholder doesn?t authenticate successfully, RSA ACS send PA response = N to Merchant.

The response does not contain the UCAF (MC) / CAVV Value (Visa)

After 3D Secure process was completed, merchant saves the receipt and performs the regular authorization process.

IssueIn which scenarios does RSA ACS Server return the CAVV (VISA) / UCAF (MC) Value in the Payment Authentication (PA) Response message for 3D Secure transactions? 
Legacy Article IDa49423

Attachments

    Outcomes