6. Issuing bank returns the customer to Opayo

When the customer successfully completes authentication with their issuing bank, they are redirected to Opayo along with a unique authentication value (called CAVV for Visa or UCAF for MasterCard). This value is passed to your acquiring bank during authorisation to secure the liability shift for the transaction.

If the customer does not successfully authenticate with their issuing bank, they are passed back to the Opayo server without the CAVV/UCAF value. At this stage, we consult your 3D-Secure rulebase to see if authorisation should be attempted. By default, 3D-Authentication failures are not sent for authorisation. For more information on 3D-Secure and rulebases, please refer to our Fraud Prevention Guide available on the Opayo website.

When authorisation is not possible, your customer is returned to the card selection screen to choose an alternative payment method. After three failed attempts, the Opayo servers will redirect your customer to your FailureURL with a Status of REJECTED and a StatusDetail indicating the reason for the failure. Otherwise, authorisation will be gained from your acquiring bank.


❮ Back to Opayo redirects your customer to their IssuerOpayo servers request card authorisation ❯