On this page:
Overview
With your customer returned to your site and when you are ready, send the completed 3D-Authentication data to Opayo. We will decode the results and when necessary, obtain a card authorisation from your acquiring bank.
Format the POST
The code in your ThreeDSNotificationURL call-back page should format a simple HTTPS and server-side POST to send to the Opayo Direct 3D-Callback page. The POST must contain:
- VPSTxId
- CRes
No other data is necessary because the Opayo system can use these values to retrieve all the transaction information you supplied in Step 2.
Important: The CRes and cres data field names are case sensitive:
- The encoded results of your customer’s 3D-authentication (the CRes) will be returned to you from the ACS in a field named cres (lower case ‘cr’).
- You must forward the cres value to Opayo in a field named CRes (upper case ‘CR’).
3D-Authentication Results
Transactions that are not sent for authorisation are returned with a REJECTED Status and the 3DSecureStatus.
3D-Authentication Success
When the CRes confirms the 3D-Authentication is successful, the Opayo gateway obtains authorisation.
3D-Authentication Fails
When the CRes confirm the 3D-Authentication is not successful, the system checks whether your 3D-Secure rule base directs authentication to be attempted. By default, 3D-Authentication failures are not sent for authorisation and all other message types are. Refer to our Fraud Prevention Guide available on your region’s Opayo by Elavon website.
❮ Back to Step 6.Next: Step 8. ❯