Frequently Asked Questions
What is the role of the Merchant/PSP in the case of an app based transaction flow?
To better understand the 3DS flow, please check the related diagram.
Description of the the entire flow in detail:
- The integrator of the 3DS SDK sends an AReq (Authentication Request) to the Merchant/PSP, after which the Merchant/PSP additionally maps it with the required fields
- This modified AReq is then sent to the 3DS Server, then the DS, then the ACS
- The ACS evaluates the request and sends an ARes (Authentication Response) to the DS, which is then sent to the 3DS Server, then to the Merchant/PSP, after which the Merchant/PSP should notify the integrator
- In case the field transStatus in the ARes has the value "C", a challenge is required which is handled by the 3DS SDK
- A CReq(Challenge Request)/CRes(Challenge Response) flow ensues which is handled with a communication between the 3DS SDK and the ACS
- After the CReq/CRes flow, a RReq (Results Request) is sent from the ACS to the DS, then to the 3DS Server
- The 3DS Server in turn generates an RRes (Results Response), which is sent to the Merchant/PSP, and to the DS, which sends it to the ACS
- The ACS sends a final CRes to the 3DS SDK, which notifies the integrator of the result
Which test cards can we use when testing with the Netcetera Preview environment?
Please open a ticket on our service portal and request test cards for the Netcetera preview environment.
The iOS 3DS SDK throws an error with the Error Code 507, and Error Message "An error occurred during the challenge flow. Validation of certificate chain with DS Root certificate failed."
This error is caused by an issue with the certificate chain provided in the acsSignedContent.
- If you are using a test/preview environment, please open a ticket on our service portal and provide the Authentication Response that you have received. We will analyze the acsSignedContent and we will send you the correct certificates.
- If you are using a production environment, please make sure that you are using the latest version of the 3DS SDK as it contains the latest supported certificates. If you are using the latest version, and the issue still persists, you should contact the ACS as it is sending an incorrect root certificate in the acsSignedContent.
How to trust self signed certificates in the NDM application?
- Install the root certificate as a profile on the device that you are using (send it to the device and after clicking it you should be prompted with an option to install it)
- Enable full trust for root certificates (Settings -> General -> About -> Certificate Trust Settings -> Enable Full Trust for Root Certificates)
Authentication Response returns error with the Error Code 302, Error Component "D" and Error Message "Data could not be decrypted by the receiving system due to technical or other reason".
First and foremost, please use the latest 3DS SDK version, as it contains the latest encryption and root certificates.
In case this error occurs in production:
- If you are testing with a scheme that is already pre-configured in the 3DS SDK, please use the pre-configured certificates. If you have any custom configuration for the scheme with which you face the problem, remove the configuration and attempt a transaction again.
- If you are using a scheme that is not a part of the pre-configured schemes, please contact the scheme and manually configure the certificates through the SDK configuration.
In case this error occurs on a test or preview environment:
- If you are using a preview/test environment provided by Netcetera, the required certificates for Mastercard and Visa are already configured and can be found in the NetceteraDemoMerchant zip (delivered with every 3DS SDK release).
- If you are using a preview/test environment that is not provided by Netcetera, please contact the one responsible for the preview/test environment, and ask for the public encryption and root certificates. Once you obtain the certificates, you should manually configure them through the SDK configuration.
The 3DS SDK throws an error with the Error Code 203, and Error Message "Data element not in the required format or value is invalid as defined in Table A.1"
The issue is that the CRes/Error message that is received from the ACS contains a challenge UI element which is invalid according to the EMVCo specification. Sadly as this is an issue with the ACS, there is nothing that can be done from our side. The issue needs to be raised with the ACS where this transaction was processed.
As an alternative, you can enable Weak Validation. By doing this you will relax the validation of the challenge UI components, and the Challenge Screen should appear.
Note: You should only use Weak Validation during testing.
What challenge UI elements are affected when enabling Weak Validation?
The following parameter fields are not validated when Weak Validation is enabled:
Note: You should only use Weak Validation during testing.
The 3DS SDK throws an error with the Error Code 101, and Error Message "Message not recognised. Invalid Formatted Message."
The issue is that the CRes/Error message that is received from the ACS is invalid according to the EMVCo specification.
A CRes/Error message is invalid when at least one of the following is true:
- The received message is empty
- The received message has an invalid JSON format (cannot be converted into a JSON Object)
- The received message has an unsupported Message Type (supported types are CRes and Erro)
Sadly as this is an issue with the ACS, there is nothing that can be done from our side. The issue needs to be raised with the ACS where this transaction was processed.
Can the iOS 3DS SDK be delivered as a static framework?
The iOS 3DS SDK can be provided as a static framework, however this is available on customer demand and charged extra. Please contact your Netcetera representative for additional information.
Where to store the public encryption and root keys in the form of certificate files, and how to reference them from the application?
You can store the certificates in any location that is part of your project, however make sure that the certificate files are a part of:
- Your main bundle if you haven't passed an external bundle in the ThreeDS2ServiceSDK init method
- The bundle you have passed to the init method if you have passed one
Once you have stored the required certificates, you can either:
- Setup the certificates by using the configuration builder and by passing the name of the certificate file as a string value.
- Setup the certificates in a property list file by passing the name of the certificate file as a string value.
How to obtain the value for messageVersion used in ThreeDS2Service#createTransaction?
The messageVersion parameter can be obtained from the 3DS Versioning call.
- If you are using the Netcetera 3DS Server (either SaaS or On Premise) please check the relevant documentation
- If you are using your own solution or some other 3DS Server, you should contact the provider and ask for an equivalent documentation.
How should the content of the certificate file look like, in case that the 3DS SDK is configured with it?
Example of a certificate file containing one certificate:
Example of a certificate file containing multiple certificates: