6. 3D-Authentication and your site called back

Your customer completes the 3D-authentication process at their Issuing Bank’s website. Successful or not, the ACS will redirect your customer back to your URL specified in the ThreeDSNotificationURL at Step 2, or the TermURL at Step 5.

The following two fields return with your customer:

  • threeDSSessionData (or MD), to uniquely identify the transaction being called back.
  • CRes (or PARes), the encoded results of your customer’s 3D-authentication.
Important: Do not modify the CRes (or PARes) values. The authentication process will fail.


❮ Back to Step 5.Next: Step 7. ❯