Netcetera 3DS Server - Release Notes - Version


Published: 15.10.2020

Version is a minor release of the Netcetera 3DS Server.

For documentation about this release please refer to the documentation site.

Be informed that prior to upgrading to a Netcetera 3DS Server 2.2.x version and rolling out to production, you need to get in contact with Diners for enrollment of the merchants using the new reference number due to a specific Diners process of relating merchants to 3DS Server reference number on their systems.


This version is backwards compatible with previous 2.2.x.x versions of the Netcetera 3DS Server.

Important notification

  • Be informed that in the next minor release we are planning to break the search in the history_transaction_log table, i.e. the transaction records in this table will be no more present in the 3DS Server Admin UI transaction search result. If you still want these records to be searchable you will need to move them back to the transaction_log table.
  • In version the transaction_log and history_transaction_log tables' primary key is changed to a composite key of (threedss_transaction_id, message_type). Be sure not to have null values in these two columns, nor duplicates of the (threedss_transaction_id, message_type) pair before the upgrade to any 2.2.* version.

Upgrade notes

  • This release introduces new configuration properties for the Netcetera 3DS Server. For detailed documentation please refer to the configuration properties.

These are the included changes:

New 3DS Server configuration Properties that should be configured:


Find more information in the 3DS Server configuration properties


New Features

  • Added possibility to rotate the encryption key used for encryption of certificate stores' passwords. Find more information in the 3DS Server operation manual.
  • Allow configuration of the Preparation Request message version per Directory Server. Valid protocol version (2.1.0 or 2.2.0) can be selected via the Admin UI (or configured in the XML configuration).
  • Implemented American Express requirement for allowing empty Acquirer Merchant ID to be sent in the 3DS Server Authentication Request for Online Travel Agencies merchants. The 3DS Server will validate the empty value as valid only if this feature is enabled by configuration. Enable this feature by setting the threedsserver.api-authentication-request.allow-empty-acquirer-merchant-id to true only if the 3DS Server processes American Express transactions for Online Travel Agencies (OTA) merchants.
  • Implemented Mastercard Identity Check Insights, i.e. Mastercard Data-only support.
  • Implemented Mastercard requirement for mapping 16 digits cardholder account numbers to 19 digits cardholder account numbers for Versioning flow.


  • The following DB versions are deprecated:
    • PostgreSQL 9.5 (next minimum supported is 9.6)
    • MySQL 5.7 (next minimum supported is 8.0.13)
    • Oracle 12.0c (next minimum supported is 19c)
    • Microsoft SQL Server 2012 (next minimum supported is 2016)
  • Improved the scheme resolution logic on each Authentication / Versioning Request.

There are three steps now how the 3DS Server identifies the Scheme when Authentication / Versioning request is received:

  1. If the schemeId is sent as part of the request body, the 3DS Server will use it.
  2. If the schemeId is not sent as part of the request body, the 3DS Server will try to resolve the scheme by searching the card ranges for the specific card account number.
  3. If a card range containing the specific card account number is not found, the 3DS Server will try to resolve the scheme using the scheme regex patterns.
  • Added a primary key to the auth_role table.
  • Added possibility to assign the same Acquirer Merchant ID for one Merchant for multiple schemes.
  • Added support for values '80' and '81' for the ShipIndicator field required by Carte Bancaire (CB).
  • Implemented JCB specific requirement for validation of 'cardExpiryDate' for 2.2 transactions. For 2.2 transactions this field is always required unless it is a recurring transaction (3DS Requestor Authentication Indicator = 02 or 3RI Indicator=01).
  • Standardized 3DS Admin validations

When a 3DS Admin entity (Scheme, Merchant, Acquirer, etc.) is added / updated, format and required validation is applied to its fields inputs. More general validation which affects the whole configuration (ex: duplicate scheme names, duplicate acquirer bins, etc. ) is applied when 'Validate and Reload' button is clicked.

Bug Fixes

  • Removed the unique constraint of acquirer bins on the level of 3DS Server in multi tenant setup. A constraint is added for uniqueness of acquirer bins on the level of organization.
  • Immediately schedule preparation request when a new Directory Server is added / there is a change in the Directory Server URL without having to restart the 3DS Server.
  • In case 'Message Limit Exceeded' error is received for a Preparation Request, re-schedule the preparation request to the configured time interval.
  • Fixed bug in Redis (storage type) implementation caused by obfuscation process.