In general, there are three possible categories of transactions (combinations of Merchant and cardholder status with respect to 3D Secure), and for each category there is a PA response as follows:
1) Merchant not Registered ? Merchant is not 3D Secure enabled thus doesn?t have the plug-in to support it. No messages are transferred between RSA ACS (Access Control Server), Visa/MC Directory Server and Merchant (There are no Verify Enrollment, Payment Authentication messages).
2) Merchant Registered & Cardholder is not Registered
Stage 1 ? Verify Enrollment:
If the cardholder is not registered but eligible for 3D Secure service, then during shopping at a 3D Secure enabled site, the merchant will ask via Visa or MC Directory server if the cardholder is enrolled to Issuer?s ACS by sending Verify Enrollment Request. RSA ACS will return VE response = Y and Merchant redirect the cardholder browser to registration for 3D Secure service.
Stage 2 ? Payment Authentication:
There are 2 options for the work flow of the cardholder:
a) If the cardholder opts out, RSA ACS will send PA response of A (Attempt) to the Merchant.
The response also contains the UCAF (MC) / CAVV Value (Visa). This is proof that the message is authentic and merchant tried to perform 3D Secure transaction by authenticating the cardholder.
b) If the cardholder registers successfully, RSA ACS sends PA response = Y (Successful authentication) to the Merchant.
The response also contains the UCAF (MC) / CAVV Value (Visa). This is proof that the message is authentic and not tampered with by a fraudster.
3) Merchant Registered & Cardholder is Registered
Stage 1 ? Verify Enrollment:
After registering to 3D Secure and upon subsequent shopping at 3D Secure enabled site, the Merchant will ask via Visa or MC directory server if cardholder is enrolled to Issuer?s ACS by sending Verify Enrollment Request. RSA ACS will return VE response = Y and Merchant redirect the cardholder's browser to authenticate as part of 3D Secure service, that is sign a receipt by entering the 3D Secure Password that was chosen during registration process.
Stage 2 ? Payment Authentication:
There are 2 options for the work flow of the cardholder:
a) If the cardholder enters correct PW, RSA ACS will send PA response Y (Successful authentication) to the Merchant.
The response also contains the UCAF (MC) / CAVV Value (Visa), serving as proof that the message is authentic
b) If the cardholder doesn?t authenticate successfully, RSA ACS send PA response = N to Merchant.
The response does not contain the UCAF (MC) / CAVV Value (Visa)After 3D Secure process was completed, merchant saves the receipt and performs the regular authorization process.
Related Articles
RSA Governance & Lifecycle Recipes: Chart - AD Orphan Account Summary Number of Views RSA Governance & Lifecycle Recipes: Chart - AD User Account Control Summary Number of Views Allowing RSA ACE/Server RADIUS to display more attributes in the profile configuration Number of Views RSA Governance & Lifecycle Recipes: Chart - Application - Application Account & Orphan Trending Number of Views RSA Governance & Lifecycle Recipes: Report - AD Days Since Last Logon Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process RSA Release Notes for RSA Authentication Manager 8.8 RSA RADIUS Server service failed to start in the RSA Authentication Manager 8.1 Operations Console Microsoft Entra ID External MFA - Relying Party Configuration Using OIDC - RSA Ready Implementation Guide RSA Release Notes: Cloud Access Service and RSA Authenticators
