- Get Started
- Guides
- Integrations
- References
- API Reference
- Basic Payment
- Forex
- Authentication
- Card Account
- Apple Pay
- Virtual Account
- Bank Account
- Token Account
- Customer
- Billing Address
- Merchant Billing Address
- Shipping Address
- Merchant Shipping Address
- Merchant
- Corporate
- Recipient
- Marketplace & Cart
- Airline
- Lodging
- Passenger
- Tokenization
- Recurring Migration
- 3D Secure
- Custom Parameters
- Async Payments
- Webhook notifications
- Job
- Risk
- Response Parameters
- Card On File
- Chargeback
- Result Codes
- Payment Methods
- Transaction Flows
- Regression Testing
- Data Retention Policy
- API Reference
- Support
3DS Requestor Initiated (3RI) authentication
3DS Requestor Initiated (3RI) authentication is an authentication method where the cardholder is not present, and the transaction is initiated by the merchant. 3RI request refers to an initial purchase authentication while the cardholder was in session. 3RI provides a method for the merchant to leverage the SCA obtained from the cardholder. ACS providers keep the context of the purchase to determine if a CAVV/UCAF/AAV can be provided. Issuers leverage the 3RI proof of authentication to make better-informed authorization decisions.
3RI Authentications are independent new authentications. This is not an incremental authentication to merge transaction amounts for multiple authentications. CAVVs and transaction amounts are single use for matching an authentication to an authorization.
Use cases
- Installment payments. When a customer chooses an option like buy now, pay later, the merchant can authenticate each subsequent installment without the presence of the cardholder.
- Recurring payments. 3RI enables merchants to authenticate recurring transactions like service subscriptions or utility bills.
- Partial split shipment. If a customer orders multiple items from an online marketplace, but the items are not all available at the same time, the merchant can ship and charge for the items separately using 3RI without the customer having to provide card details for each transaction.
- Multiple merchant authorizations by an agent. When there’s one customer but multiple merchants - e.g. a travel agent booking hotel and flights or someone ordering from multiple vendors on a marketplace - 3RI makes it easy to perform one authentication for the customer and multiple authorizations for the merchants.
- Reauthorization of a refunded purchase. If a customer returns items for a refund but they are not all present or in an expected condition, the merchant can charge the customer again.
- Unknown final amount. When a customer is renting a car or a short-stay rental, 3RI allows the merchant to take payments for further charges like damages, late checkout, or additional services.
- Requesting a new CAVV. To maintain liability protection when authorization is sought more than 90 days after a transaction has been authenticated.
How to send a 3RI request
To send a 3RI request, the following mandatory parameters need to be in the request:
- threeDSecure.channel = 01 - indicates that the transaction is initiated by the merchant, and the shopper is not present.
- customParameters[PriorReference] - ACS Transaction ID of the cardholder initiated authenticated transaction. This value is present in the response of the cardholder authenticated transaction, in the acsTransactionId field.
- customParameters[PriorAuthData] - DS Transaction ID of the cardholder initiated authenticated transaction. This value is present in the response of the cardholder authenticated transaction, in the dsTransactionId field.
- threeDSecure.threeRIInd - Depending on your use-case, it should contain one of the following values: RECURRING, SPLIT_SHIPMENT, DELAYED_SHIPMENT
Additionally the following optional parameters are available:
- customParameters[PriorAuthTimestamp] - The date and time in UTC of the prior cardholder authentication. The accepted date format is YYYYMMDDHHMM.This value is present in the response of the cardholder authenticated transaction, in the threeDSecure.authenticationTimestamp field.
- customParameters[PriorAuthMethod] - Information about the 3D Secure authentication that occurred when the cardholder was present. Possible values: 01 - Frictionless authentication, 02 - Challenge authentication, 03 - ACS verified, 04 - Other