Authentication response and Results request configuration

The NDM Simulator allows external configuration of the simulated Authentication response and Results request per account number.

Possible types of Authentication Responses are listed below:

Possible types of Results Request are listed below:

In order to configure the type of Authentication response and Results Request per account number, use the cardholder-numbers-simulated-message-types.properties configuration file in the $NDM_SIMULATOR_HOME/conf. An example on how to configure it is listed below:

There is also a possibility to configure specific message fields values per authentication response and results request type. The configurable message fields per authentication response type are listed below and (if configured) they must be provided in that specific order.

• AUTHENTICATED_APPLICATION_FRICTIONLESS - authenticationValue,eci
• NOT_AUTHENTICATED_APPLICATION_FRICTIONLESS - transStatusReason
• APPLICATION_FRICTIONLESS_MISSING_SDK_TRANS_ID - authenticationValue,eci
• APPLICATION_CHALLENGE - transStatusReason, acsChallengeMandated, authenticationType
• APPLICATION_CHALLENGE_SDK_TRANS_ID_INVALID_FORMAT - transStatusReason, acsChallengeMandated, authenticationType
• AUTHENTICATED_BROWSER_FRICTIONLESS - authenticationValue, eci
• NOT_AUTHENTICATED_BROWSER_FRICTIONLESS - transStatusReason
• BROWSER_FRICTIONLESS_MISSING_DS_TRANS_ID - authenticationValue, eci
• BROWSER_CHALLENGE - transStatusReason, acsChallengeMandated, authenticationType
• BROWSER_CHALLENGE_MISSING_ACS_URL - transStatusReason, acsChallengeMandated, authenticationType
• BROWSER_DECOUPLED_CHALLENGE_VERSION_2_2_0 - transStatusReason, acsChallengeMandated, authenticationType
• AUTHENTICATED_MERCHANT_WHITELIST_VERSION_2_2_0 - authenticationValue, eci, whiteListStatus, whiteListStatusSource
• THREE_RI - authenticationValue,eci
• PROTOCOL_ERROR - errorComponent, errorCode, errorDescription, errorDetail

The configurable message fields per results request type are listed below and (if configured) they must be provided in that specific order.

• AUTHENTICATED_TRANSACTION - authenticationValue, eci, transStatusReason,authenticationType
• NOT_AUTHENTICATED_TRANSACTION - transStatusReason, authenticationType
• AUTHENTICATED_TRANSACTION_MISSING_AUTHENTICATION_VALUE - eci, transStatusReason, authenticationType
• PROTOCOL_ERROR - errorComponent, errorCode, errorDescription, errorDetail
• AUTHENTICATED_MERCHANT_WHITELIST_VERSION_2_2_0 - authenticationValue, eci, transStatusReason, whitelistStatus, whitelistStatusSource
• NOT_AUTHENTICATED_MERCHANT_WHITELIST_VERSION_2_2_0 - transStatusReason, whitelistStatus, whitelistStatusSource

The format requirements for each configurable message field are listed below:

• authenticationValue - String, 28 characters
• eci - String, 2 characters
• transStatusReason - Values accepted:
  • 01 - CARD_AUTHENTICATION_FAILED
  • 02 - UNKNOWN_DEVICE
  • 03 - UNSUPPORTED_DEVICE
  • 04 - EXCEEDS_AUTHENTICATION_FREQUENCY_LIMIT
  • 05 - EXPIRED_CARD
  • 06 - INVALID_CARDNUMBER
  • 07 - INVALID_TRANSACTION
  • 08 - NO_CARD_RECORD
  • 09 - SECURITY_FAILURE
  • 10 - STOLEN_CARD
  • 11 - SUSPECTED_FRAUD
  • 12 - TRANSACTION_NOT_PERMITTED_TO_CARDHOLDER
  • 13 - CARDHOLDER_NOT_ENROLLED_IN_SERVICE
  • 14 - TRANSACTION_TIMED_OUT_AT_THE_ACS
  • 15 - LOW_CONFIDENCE
  • 16 - MEDIUM_CONFIDENCE
  • 17 - HIGH_CONFIDENCE
  • 18 - VERY_HIGH_CONFIDENCE
  • 19 - EXCEEDS_ACS_MAXIMUM_CHALLENGES
  • 20 - NON_PAYMENT_TRANSACTION_NOT_SUPPORTED
  • 21 - THREE_RI_TRANSACTION_NOT_SUPPORTED
• acsChallengeMandated - Values accepted:
  • Y - CHALLENGE_IS_MANDATED
  • N - CHALLENGE_IS_NOT_MANDATED
• authenticationType - Values accepted:
  • 01 - STATIC
  • 02 - DYNAMIC
  • 03 - OUT_OF_BAND
• whiteListStatus - Values accepted:
  • Y - WHITELISTED
  • N - NOT_WHITELISTED
  • E - NOT_ELIGIBLE_FOR_WHITELISTING
  • P - PENDING_CONFIRMATION
  • U - UNKNOWN
• whiteListStatusSource - Values accepted:
  • 01 - THREE_DS_SERVER
  • 02 - DS
  • 03 - ACS
• errorComponent - Values accepted:
  • C - THREE_DS_SDK
  • S - THREE_DS_SERVER
  • D - DIRECTORY_SERVER
  • A - ACCESS_CONTROL_SERVER
• errorCode - Values accepted:
  • 101 - MESSAGE_RECEIVED_INVALID
  • 102 - MESSAGE_VERSION_NUMBER_NOT_SUPPORTED
  • 103 - SENT_MESSAGES_LIMIT_EXCEEDED
  • 201 - REQUIRED_ELEMENT_MISSING
  • 202 - CRITICAL_MESSAGE_EXTENSION_NOT_RECOGNIZED
  • 203 - FORMAT_ON_ONE_OR_MORE_ELEMENTS_INVALID_ACCORDING_SPECS
  • 204 - DUPLICATE_DATA_ELEMENT
  • 301 - TRANSACTION_ID_NOT_RECOGNIZED
  • 302 - DATA_DECRYPTION_FAILURE
  • 303 - ACCESS_DENIED_INVALID_ENDPOINT
  • 304 - ISO_CODE_NOT_VALID
  • 305 - TRANSACTION_DATA_NOT_VALID
  • 306 - MCC_NOT_VALID_FOR_PAYMENT_SYSTEM
  • 307 - SERIAL_NUMBER_NOT_VALID
  • 402 - TRANSACTION_TIMED_OUT
  • 403 - TRANSIENT_SYSTEM_FAILURE
  • 404 - PERMANENT_SYSTEM_FAILURE
  • 405 - SYSTEM_CONNECTION_FAILURE
• errorDescription - String, maximum 2048 characters
• errorDetail - String, maximum 2048 characters

In order to configure the authentication response and results request specific fields, the cardholder-numbers-simulated-message-types.properties configuration file in the $NDM_SIMULATOR_HOME/conf should be also used. If no configuration is provided for the message fields, default values will be used. An example configuration is listed below:

Card range data configuration

The NDM Simulator allows external configuration of the Preparation response card ranges data used when simulating a Directory Server.

Each card range is configured in a separate row following the order of the message fields:

• startRange - Start of the card range
• endRange - End of the card range
• actionIndicator - Indicates the action to take with the card range. Value accepted:
  • A = Add the card range
  • D = Delete the card range
  • M = Modify the card range (only for PReq messages with message version 2.2.0)
  • R = Randomly pick whether the action indicator to be A (Add)/D (Delete)
• acsStartProtocolVersion - The earliest (i.e. oldest) active protocol version that is supported by the ACS
• acsEndProtocolVersion - The most recent active protocol version that is supported for the ACS URL
• dsStartProtocolVersion - The earliest (i.e. oldest) active protocol version that is supported by the DS
• dsEndProtocolVersion - The most recent active protocol version that is supported for the DS
• acsInfoIndicator - Indicates how actively and with which features a card range is participating in 3DS authentication.
  • 01 - Authentication available
  • 02 - Attempts supported
  • 03 - Decoupled authentication supported
  • 04 - Whitelisting supported

The fields values are separated with comma and are defined in that specific order.

Once the card ranges are configured a preparation response including them will be returned on the following endpoint:

• fully-qualified-url-of-simulator/ds/valid-pres-configured-card-range-data

An example configuration file on how to configure it exists in the $NDM_SIMULATOR_HOME/conf under the name simulated-card-range-data.properties and it is also listed below:

Challenge flow configuration

The NDM Simulator allows configuration of the Results Request sent when simulating an ACS for Challenge flow.

Each request is configured in a separate row following the order of the message fields:

• otpValue - The OTP input that the cardholder will insert to get the configured response
• transStatus - The status of the transaction
  • Y - Authentication / Account verification successful
  • N - Not authenticated / Account not verified; Transaction denied
  • U - Authentication / Account verification could not be performed; technical or other problem
  • C - In order to complete the authentication, a challenge is required
  • R - Authentication / Account verification Rejected. Issuer is rejecting authentication/verification and request that authorization not be attempted
  • A - Attempts processing performed; Not authenticated / verified, but a proof of attempt authentication / verification is provided
• transStatusReason - Reason if the transaction failed. The values are defined in the EMVCo Specification. Any value defined in the specification will work. Examples:
  • 01 - Card authentication failed
  • 02 - Unknown device
  • 03 - Unsupported device
  • 04 - Exceeds authentication frequency limit
  • 05 - Expired card
  • 06 - Invalid card number
  • 07 - Invalid transaction
  • 08 - No card record
  • 09 - Security failure
  • 10 - Stolen card
  • 11 - Suspected fraud
• eci - The eci value that will be sent in the RReq
• authenticationValue - The authenticationValue that will be sent for a transaction.

The fields values are separated with comma, and are defined in that specific order.

Once the responses are configured, the cardholder can use the configured OTP values for simulating a RReq message.

An example configuration file on how to configure it exists in the $NDM_SIMULATOR_HOME/conf under the name simulated-otp-responses.properties and it is also listed below: