Netcetera 3DS Server - Release Notes - Version


Published: 07.02.2022

Version is a minor release of the Netcetera 3DS Server.

For documentation about this release please refer to the documentation site.


This version is backwards compatible with previous 2.5.x.x versions of the Netcetera 3DS Server.

Important notification

Netcetera 3DS Server has received a new reference number from EMVCo (3DS_LOA_SER_NEAG_020200_00524), which is included in this 3DS Server version and supports both EMV 3DS 2.2.0 and 2.1.0 transaction processing. The old reference number (3DS_LOA_SER_NEAG_020200_00256) expires on February 18th, 2022. The updating of reference number is not based on functional changes, but rather was a requirement due to the approaching expiration date.

Directory Server configurations for all Schemes should be updated in the Admin UI / XML configuration to use the new 3DS Server Reference Number. We would advise you to coordinate this process with the relevant Schemes in order to ensure a smooth transition and avoid rejected transactions. The following feedback that we have received from different Schemes can be used as a guideline for planning the update:

  • Visa, Mastercard, American Express, Diners, MIR: Need to be informed of the new reference number, in order to activate it on their end. Transactions would not be rejected even when using the old reference number past the expiration date.
  • JCB, CB: Need to be informed of the new reference number, in order to activate it on their end. Old reference number will be valid only during a temporary migration period.
  • UnionPay: Needs to be informed of the new reference number and comfort tests using the new reference number need to be performed additionally, in order to activate it on their end. Old reference number will be valid only during a temporary migration period.

Reminder: Configuration of 3DS Requestor ID and 3DS Requestor Name is moved from the Directory Server to the Merchant Acquirer level. According to the EMVCo specification, Requestor ID and Name are unique identifiers, provided by the Schemes to each 3DS Requestor on an individual basis. Therefore, these two values should be either configured for each Merchant Acquirer DB, XML), or should be passed in the transaction payload as part of the Merchant data. For more recommendations please check 3DS Requestor ID and Name Guidelines.

The Netcetera 3DS Server frontends will not support Microsoft's Internet Explorer 11 (IE11) or older anymore. Please use a different browser to access the Netcetera 3DS Server frontends.


New Features

  • Added possibility to provide the Results Response notification URL via the 3DS Server API Authentication request. See more information under resultsResponseNotificationUrl field in ThreeDSServerAuthenticationRequest#MerchantData With this feature we enable our customers to use different Result response notification URLs.

The URLs are sent in the 3DS Server Authentication request payload from the Requestor, so that the Result Response can be sent to multiple endpoints. This means no routing is needed on Requestor side.

Please be aware that this functionality is available on demand.

  • Added options to reconnect a http connection in case the connection is opened longer than 20 seconds, after the ongoing request is finished. The option for 3DS1 flow is mpi.ds-client.connection-pool-entry-ttl. For 3DS2 flow it is: ds-client.connection-pool-entry-ttl. Both values are in milliseconds. The default is -1, which means infinite TTL.
  • Visibility of license usage within the 3DS Server Dashboard

From the next renewal of your license, information about your license limit and the current number of processed transactions and configured merchants will be shown in the 3DS Server Dashboard License section.

Furthermore, we will proactively alert you at several stages when you are approaching or have already reached your license limits, so you can act in time and upgrade with your Netcetera sales executive. The alerts are shown in the Transactions and Merchants sections of the Dashboard, according to the contractually agreed limits.

The license data metrics can also be viewed under a new actuator endpoint. This is accessible via http://<host>:<port>/admin/dashboard/actuator/license-usage.

The following information is visible there:

  • Contractually agreed transaction limit
  • Number of processed transactions
  • Contractually agreed merchant limit
  • Number of recorded merchants

Enabling this endpoint can be done either by adding "license-usage" to the "management.endpoints.web.exposure.include" property in the file if the property is already present or by adding "management.endpoints.web.exposure.include=metrics,license-usage" if it is not.


  • New 3DS Server Reference Number issued by EMVCo (3DS_LOA_SER_NEAG_020200_00524), supporting 2.1.0 and 2.2.0 transactions, is included as an option under the Directory Server configuration in the Admin UI and set by default in the schema of the XML configuration.
  • Admin UI / Search Transactions: Ordering of messages inside the transaction flow is now done based on the timestamp and messageType.
  • The field threeDSServerTransID is now part of the ResultsResponse payload even in case of an error.
  • Added logging even in case of an invalid protocol message.
  • A new actuator endpoint is added in the Admin UI application (/actuator/configurations-check), which checks if all 3DS server instances have loaded the latest configuration. In case the latest configuration is loaded by all known 3DS server instances the response is just HTTP code 200. Otherwise the response body contains JSON description of the instances with obsolete configuration, and HTTP code 503.

This can be used by monitoring and alerting tools to periodically check the state of the config.

  • The Transaction ID is included in the log in case of error protocol message by DS
  • Improved memory consumption of 3DS Server while writing/reading large number of card ranges when Redis is used as an internal storage.
  • The logging of the transactions in file is now performed asynchronously in order to improve the performance time.
  • Enabled monitoring of the asynchronous task executors under threeDSServerResultsResponseTaskExecutor, preparationRequestTaskExecutor, fileTransactionLogTaskExecutor, databaseTransactionLogTaskExecutor and elasticsearchTransactionLogTaskExecutor metric names.
  • Upgraded log4j dependencies to version 2.17.1.
  • Optionally protect sensitive property values (credentials etc) using AWS KMS and its symmetric encryption

Such property can be defined with ENC operator. Example:

        spring.datasource.password = ENC(AQICAHhX8AfIOKvwU4uJC5u+Iekn7vfjf9c1YuW+....)

The encryption key can be referenced using next setting:
  • Upgraded bouncy castle library to version 1.70.

Bug Fixes

  • Admin UI / Certificate Stores: Fixed the bug that made the Admin UI no longer accessible after uploading an incorrect certificate keystore.
  • Fixed a memory leak by explicitly defining a "distributed garbage collector" in EhCache configuration with replication through JGroups using TCP.
  • Added a missing validation rule for null check of messageCategory field in 2.2 AReq.
  • Enabled deletion of organizations that have existing transactions.