Frequently Asked Questions
What is the role of the Merchant/PSP in the case of an app based transaction flow?
To better understand the 3DS flow, please check the related diagram.
Description of the the entire flow in detail:
- The integrator of the 3DS SDK sends an AReq (Authentication Request) to the Merchant/PSP, after which the Merchant/PSP additionally maps it with the required fields
- This modified AReq is then sent to the 3DS Server, then the DS, then the ACS
- The ACS evaluates the request and sends an ARes (Authentication Response) to the DS, which is then sent to the 3DS Server, then to the Merchant/PSP, after which the Merchant/PSP should notify the integrator
- In case the field transStatus in the ARes has the value "C", a challenge is required which is handled by the 3DS SDK
- A CReq(Challenge Request)/CRes(Challenge Response) flow ensues which is handled with a communication between the 3DS SDK and the ACS
- After the CReq/CRes flow, a RReq (Results Request) is sent from the ACS to the DS, then to the 3DS Server
- The 3DS Server in turn generates an RRes (Results Response), which is sent to the Merchant/PSP, and to the DS, which sends it to the ACS
- The ACS sends a final CRes to the 3DS SDK, which notifies the integrator of the result
Which test cards can we use when testing with the Netcetera Preview environment?
Please open a ticket on our service portal and request test cards for the Netcetera preview environment.
The 3DS SDK throws an error with the Error Code 1310, and Error Message "Failed verification of certificate chain from acsSignedContent"
This error is caused by an issue with the certificate chain provided in the acsSignedContent.
- If you are using a test/preview environment, please open a ticket on our service portal and provide the Authentication Response that you have received. We will analyze the acsSignedContent and we will send you the correct certificates.
- If you are using a production environment, please make sure that you are using the latest version of the 3DS SDK as it contains the latest supported certificates. If you are using the latest version, and the issue still persists, you should contact the ACS as it is sending an incorrect root certificate in the acsSignedContent.
Do we have any chance to enable screenshot on the challenge screen?
The screenshot taking functionality has been disabled due to a PCI requirement. However, you can use the following workaround, for the purpose of testing. Please note, that you should not include this in your production application, as it will result in security risks.
Override the secure flag from the activity hosting the challenge (the one you pass in Transaction#doChallenge) via the Application.ActivityLifecycleCallbacks in your app class. A sample implementation is shown below.
Runtime error in ChallengeStatusReceiver "The certificate for this server is invalid. You might be connecting to a server that is pretending to be XYZ which could put your confidential information at risk." or Thrown error is java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: "Trust anchor for certification path not found"
Install the root CA you are using by following this guide. If the installed certificate is not in the User Trusted Credentials, you are working with a self-signed certificate.
Include the following attribute to the "AndroidManifest.xml" of the app:
and create a "network_security_config.xml" file in "res/xml" with the following content:
As a word of caution, only use this workaround for internal testing, and remove it when deploying a production version, as this opens the 3DS SDK and app to MITM attacks and other security vulnerabilities.
Authentication Response returns error with the Error Code 302, Error Component "D" and Error Message "Data decryption failure".
First and foremost, please use the latest 3DS SDK version, as it contains the latest encryption and root certificates.
In case this error occurs in production:
- If you are testing with a scheme that is already pre-configured in the 3DS SDK, please use the pre-configured certificates. If you have any custom configuration for the scheme with which you face the problem, remove the configuration and attempt a transaction again.
- If you are using a scheme that is not a part of the pre-configured schemes, please contact the scheme and manually configure the certificates through the SDK configuration.
In case this error occurs on a test or preview environment:
- If you are using a preview/test environment provided by Netcetera, the required certificates for Mastercard and Visa are already configured and can be found in the merchant-demo-app zip (delivered with every 3DS SDK release).
- If you are using a preview/test environment that is not provided by Netcetera, please contact the one responsible for the preview/test environment, and ask for the public encryption and root certificates. Once you obtain the certificates, you should manually configure them through the SDK configuration.
As the Android 3DS SDK includes an optional dependency to Google Play Services Base (part of GMS - Google Mobile Services), is the Android 3DS SDK going to work on the Huawei HMS platform?
The dependencies that are marked as optional, which is the case with GMS, do not break the 3DS SDK functionality if not provided (regarding the missing GMS, there will be warning in logcat which you can ignore). Therefore, the 3DS SDK will work fine on Huawei with HMS. We are only using the GMS to update the platform security provider in case they are provided.
The 3DS SDK throws an error with the Error Code 203, and Error Message "Data element not in the required format or value is invalid as defined in Table A.1"
The issue is that the CRes/Error message that is received from the ACS contains a challenge UI element which is invalid according to the EMVCo specification. Sadly as this is an issue with the ACS, there is nothing that can be done from our side. The issue needs to be raised with the ACS where this transaction was processed.
The 3DS SDK throws an error with the Error Code 101, and Error Message "Message not recognised. Invalid Formatted Message."
The issue is that the CRes/Error message that is received from the ACS is invalid according to the EMVCo specification.
A CRes/Error message is invalid when at least one of the following is true:
- The received message is empty
- The received message has an invalid JSON format (cannot be converted into a JSON Object)
- The received message has an unsupported Message Type (supported types are CRes and Erro)
Sadly as this is an issue with the ACS, there is nothing that can be done from our side. The issue needs to be raised with the ACS where this transaction was processed.
Where to store the public encryption and root keys in the form of certificate files, and how to reference them from the application?
If you are using standard practice the certificates should be in the following location: {project-name}/src/main/assets/{affected-scheme-certificate}.crt In the case that the certificates are configured as String resources, you need to provide those values.
An example as to how the Android 3DS SDK is configured is the following:
For additional information, please check the relevant documentation.
The 3DS SDK throws an error with the Error Code 2201, and Error Message "Failed executing CReq Error code: [2201]."
The error you are getting is due to a failed network request from the SDK to the ACS. For more precise info of the cause of this issue, please check the android logcat for the "warn" message. In order for you to see the "error" and "warn" logs of the 3DS SDK, you need to provide implementation of slf4j. Please follow this documented example for using logback-android.
How to obtain the value for messageVersion used in ThreeDS2Service#createTransaction?
The messageVersion parameter can be obtained from the 3DS Versioning call.
- If you are using the Netcetera 3DS Server (either SaaS or On Premise) please check the relevant documentation
- If you are using your own solution or some other 3DS Server, you should contact the provider and ask for an equivalent documentation.
How should the content of the certificate file look like, in case that the 3DS SDK is configured with it?
Example of a certificate file containing one certificate:
Example of a certificate file containing multiple certificates:
How to configure custom fonts for Challenge Ui Components?
This differs if you have the AndroidX AppCompat Library (androidx.appcompat:appcompat) included as a dependency or not.
- If AndroidX AppCompat is included as a dependency, then the custom font files (.ttf) should be placed in the Resources under the
font
folder - If AndroidX AppCompat is NOT included as a dependency, then the custom font files (.ttf) should be placed in the Assets under the
font
folder
To configure a custom font be used for a specific Challenge Ui Component, specify the custom font name when defining any UiCustomization field.