Test your integration to make sure that you can handle 3D Secure 2 authentication scenarios.
If you configured Dynamic 3D Secure and your default rule is set to Prefer Not do either of the following to trigger 3D Secure 2 scenarios while testing:
- Set your default Dynamic 3D Secure rule to Always.
- Include
authenticationData.attemptAuthenticationin your API request. - Use an amount that triggers authentication.
When prompted for 3D Secure 2 text challenges:
- For web and mobile browser integrations, use password: password.
- For native mobile (app-based) integrations, use password: 1234.
If you want to test failed scenarios, use the wrong password (any value other than password provided) to fail the authentication challenge.
To view the details and results of your test payments, do either of the following:
- In your test Customer Area, go to Transactions > Payments.
- Check the AUTHORISATION webhook you received. The
successfield informs you of the outcome of a payment request.
Test cards
These cards are enrolled in 3D Secure.
Make test payments with the following cards to make sure your integration can handle 3D Secure 2 authentication scenarios.
| Card Type | Card Number | Expiry Date | Security Code (CVC/CVV/CID) |
|---|---|---|---|
| American Express | 3714 4963 5398 431 | 03/2030 | 7373 |
| Bancontact / Maestro | 6703 4444 4444 4449 | 03/2030 | Not applicable |
| Bancontact / Visa | 4871 0499 9999 9910 | 03/2030 | 737 |
| Cartes Bancaires / Visa Debit | 4035 5014 2814 6300 | 03/2030 | 737 |
| Cartes Bancaires | 4360 0000 0100 0005 | 03/2030 | 737 |
| China UnionPay (Credit) | 6250 9470 0000 0014 | 03/2030 | 123 |
| China UnionPay (Debit) | 6250 9460 0000 0016 | 03/2030 | 123 |
| Diners | 3056 9309 0259 04 | 03/2030 | 737 |
| Discover | 6011 1111 1111 1117 | 03/2030 | 737 |
| Maestro | 5000 5500 0000 0029 | 03/2030 | Not applicable |
| Mastercard | 5454 5454 5454 5454 | 03/2030 | 737 |
| Mastercard Credit | 2222 4000 1000 0008 | 03/2030 | 737 |
| Visa | 4917 6100 0000 0000 | 03/2030 | 737 |
| Visa Classic | 4166 6766 6766 6746 | 03/2030 | 737 |
When you make a payment request with these cards, you'll receive the following result codes depending on your integration:
RedirectShopper: You'll receive this result code if you are using Redirect authentication.
IdentifyShopper: You'll receive this result code if you are using Native authentication.
ChallengeShopper: You will get this result code after you submit the 3D Secure 2 device fingerprinting result in a Native authentication, unless you specify a frictionless flow.
3D Secure 2 challenge action
If your integration uses the Advanced flow, test this scenario. This does not apply to integrations using the Sessions flow.
Test a payment that requires handling the action object included in a payment response that includes the ChallengeShopper result code. Use the following payment details:
| Card type | Card number | Expiry date | Security code (CVC/CVV/CID) |
|---|---|---|---|
| Visa | 4212 3456 7891 0006 | 03/2030 | 737 |
If the payment was not successful, check that your client-side and server-side integration handles the required action from the /payments response.
Frictionless flow
If your integration uses the Advanced flow, test this scenario. This does not apply to integrations using the Sessions flow.
Test a payment that goes through frictionless flow, where your integration must provide a device fingerprint. No further authentication interaction with the client-side UI is required. Use the following payment details:
| Card type | Card number | Expiry date | Security code (CVC/CVV/CID) |
|---|---|---|---|
| Mastercard | 5201 2815 0512 9736 | 03/2030 | 737 |
If the payment was not successful, check that your client-side and server-side integration handles the required action from the /payments response.
Mobile app integration
On mobile, shoppers can get different types of 3D Secure 2 authentication challenges. Use the following payment details to make test payments and test specific scenarios.
When prompted for 3D Secure 2 text challenge for native mobile (app-based) integrations, use password: 1234. If you want to test failed scenarios, use the wrong password (any value other than 1234) to fail the authentication challenge.
| Card type | Card number | Expiry date | Security code (CVC/CVV/CID) | Scenario |
|---|---|---|---|---|
| Mastercard | 5201 2855 6567 2311 | 03/2030 | 737 | Basic text authentication |
| Mastercard | 5201 2874 9905 2008 | 03/2030 | 737 | Basic single select |
| Mastercard | 5201 2815 9233 1633 | 03/2030 | 737 | Basic multi select |
| Mastercard | 5201 2888 2269 6974 | 03/2030 | 737 | Basic out-of-band (OOB) authentication |
| Mastercard | 5201 2895 0084 3268 | 03/2030 | 737 | HTML out-of-band (OOB) authentication |
| Mastercard | 5201 2861 5377 1465 | 03/2030 | 737 | App single select and text authentication |
To test advanced 3D Secure 2 authentication scenarios for native mobile (app-based) integrations, use the following test cards:
| Card type | Card number | Expiry Date | Security Code (CVC/CVV/CID) | Scenario |
|---|---|---|---|---|
| Visa | 4917 6100 0000 0042 | 03/2030 | 737 | ACS sends an empty Challenge Response (CRes) |
| Visa | 4917 6100 0000 0067 | 03/2030 | 737 | Invalid content in the acsSignedContent field in Authentication Response (ARes) |
| Visa | 4917 6100 0000 0059 | 03/2030 | 737 | Challenge Response (CRes) timeout |
Authentication-only flow
If your integration uses the Authentication-only flow, test that your integration can handle the possible outcomes using our test cards.
In this flow, you receive an AUTHENTICATION webhook, instead of the AUTHORISATION webhook to inform you of the payment request outcome.
Authentication without liability shift
Test a payment that goes through 3D Secure 2 authentication without liability shift, use the following payment details.
When prompted for a 3D Secure 2 text challenge, use password: NoLiabilityShift.
| Card type | Card number | Expiry date | Security code (CVC/CVV/CID) |
|---|---|---|---|
| Visa | 4917 6100 0000 0000 | 03/2030 | 737 |
Advanced scenarios
Test the following scenarios to make sure your integration can handle advanced 3D Secure 2 flows.
Use the following test cards to test scenarios returning ARes (Authentication Response) with different transStatus values:
- Y: Authentication / account verification successful.
- N: Not Authenticated / account not verified. Transaction denied.
- A: Authentication / verification was attempted but could not be verified.
- U: Authentication / account verification could not be performed.
- R: Authentication / account verification rejected by the Issuer.
| Card type | Card number | Expiry date | Security Code (CVC/CVV/CID) | Scenario |
|---|---|---|---|---|
| Mastercard | 5201 2815 0512 9736 | 03/2030 | 737 | Return ARes with transStatus=Y |
| Mastercard | 5201 2812 6243 5268 | 03/2030 | 737 | Return ARes with transStatus=N |
| Mastercard | 5201 2850 9382 3592 | 03/2030 | 737 | Return ARes with transStatus=A |
| Mastercard | 5201 2828 2836 6351 | 03/2030 | 737 | Return ARes with transStatus=U |
| Mastercard | 5201 2864 9681 6589 | 03/2030 | 737 | Return ARes with transStatus=R |
| Mastercard | 5201 2846 7071 7533 | 03/2030 | 737 | Return ARes with transStatus=U and
transStatusReason
=06 |
Use the following test cards to test other advanced 3D Secure 2 scenarios.
| Card type | Card number | Expiry date | Security Code (CVC/CVV/CID) | Scenario |
|---|---|---|---|---|
| Mastercard | 5201 2829 9900 5515 | 03/2030 | 737 | Timeout error |
| Mastercard | 5201 2886 9531 5843 | 03/2030 | 737 | Connection failure error |
| Mastercard | 5201 2858 9491 2800 | 03/2030 | 737 | Version number not supported error |
| Mastercard | 5201 2852 4062 4612 | 03/2030 | 737 | Access denied error |
| Mastercard | 5201 2859 4986 5169 | 03/2030 | 737 | MCC not valid error |
| Mastercard | 5201 2829 4084 9714 | 03/2030 | 737 | Invalid endpoint error |