Netcetera Demo Merchant - Release Notes - Version


Published: 09.02.2021

Version is a minor release of the Netcetera Demo Merchant.

For documentation about this release please refer to the documentation site.


This version is fully backwards compatible with previous versions of the Netcetera Demo Merchant.



  • Possibility to configure CAVV value, CAVV algorithm and eci value in the PARes message for 3DS 1.0 transactions. In order to configure the type of PARes, cavv, cavv algorithm or eci value, use the configuration file in the $NDM_SIMULATOR_HOME/conf.
  • Proper handling of unknown OTP code in the Challenge form for both 3DS 1.0 and 3DS 2 transactions. NDM simulator will result in transaction status 'Not Authenticated' in such cases.
  • Beautification of Challenge Form presentation introduced:
    • Added purchase currency
    • Masked cardholder account number

New Features

  • Added a simulation in which sending the Authentication Requests returns an AuthenticationResponse with a transStatus value of "I" (Informational). This simulation is only accepted for ProtocolVersion of 2.2.0 in combination with one of these three values of threeDSRequestorChallengeInd: '05', '06', '07' or NO_CHALLENGE_REQUESTED_RISK_ANALISYS_ALREADY_PERFORMED, NO_CHALLENGE_REQUESTED_DATA_SHARE_ONLY, NO_CHALLENGE_REQUESTED_SCA_ALREADY_PERFORMED respectively.
  • Challenge form implemented for 3DS 1.0 transactions. New PaRes type introduced for this need TRANSACTION_CHALLENGE_OTP. Find more information in 3DS 1.0 NDM Simulator Configuration.
  • New endpoints introduced, that can be used to simulate delayed responses. The relative paths are the following:
    • For 3DS 1.0 the Directory Server Endpoint URL: 3ds1/ds/verifyEnrollmentDelayed
    • For 3DS 1.0, the ACS URL: /3ds1/acs/authenticate-delayed
    • For 3DS 2, authentication URL: /ds/authentication-delayed
  • New simulations for frictionless transactions added:
    • ATTEMPTED_BROWSER_FRICTIONLESS with authenticationValue, eci (should return transaction status A)
    • UNAVAILABLE_BROWSER_FRICTIONLESS with transStatusReason (should return transaction status U)
    • REJECTED_BROWSER_FRICTIONLESS with transStatusReason (should return transaction status R)