Versions Compared

Version Old Version 3 New Version Current
Changes made by

Vanni Sanvincenti

Mladenka Vukmirovic

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The need to authenticate a payer can be determined in one of two three ways:

  1. Seller determines that authentication is required prior to payment commitment (or not required but decide to proceed anyway) and sends authentication payload with payment details

  2. Seller determines that authentication is not required prior to payment commitment and sends authentication payload containing a reason for exemption with the payment details

  3. Airline determines that authentication is required while processing payment

 

Inc drawio
simple0
zoom1
isSketch0
pageId607356109
custContentId1358135304
diagramDisplayNameSecurePaymentFlowchart.drawio
lbox1
hiResPreview0
baseUrlhttps://standards.atlassian.net/wiki
diagramNameSecurePaymentFlowchart.drawio
imgPageId574226627
pCenter0
aspect74e2e168-ea6b-b213-b513-2b3c1d86103e 1
includedDiagram1
width911
aspectHashb5e1dab6336c5397eceefd19f2dd7e6bd75268b8
linksauto
tbstyletop
height651

1. Seller determines that authentication is required

...

  1. The Seller triggers the authentication process.

  2. The Seller sends the authentication result to the airline along with the Payer’s card information at time of payment commitment.

  3. The Airline uses the authentication result in their authorization request.

2. Seller determines that authentication exemption applies

If the Seller determines that authentication is not required (e.g. the payment was done through a secure corporate process), it may request an exemption. In this case :

  1. The Seller does not trigger the authentication process.

  2. The Seller sends the Payment Authentication Exemption code to the airline at time of payment commitment

    • AO for Authentication outage

    • DA for Delegated authentication

    • LV for Low value

    • MA for Merchant problem and Major outage

    • ND for None defined

    • SC for Secure corporate

    • TB for Trusted beneficiary

    • TR for Transaction risk analysis

  3. The Airline uses the exemption code in their authorization request.

3. Airline determines that authentication is required

If the Seller has not sent an authentication payload result or an exemption request isn’t accepted, then an airline may decide to request an authenticationto to ask the seller to authenticate the payer:

  1. The Seller sends the Payer’s card information to the airline at time of payment commitment.

  2. The Airline determines that the Payer must authenticate and sends an error in response to the payment commitment.

  3. The seller triggers the authentication process.

  4. Seller sends this authentication result to the airline along with the Payer’s card information to the airline.

  5. The Airline uses the authentication results in their authorization request.

...

Example of transfer of details for payment card transaction, including payer authentication result

xml
Code Block
language
...
<PaymentFunctions>
	<OrderAssociation>
		<OrderItemRefID>ORDITM-01</OrderItemRefID>
		<OrderRefID>XB952A1B2C3D4</OrderRefID>
	</OrderAssociation>
	<PaymentProcessingDetails>
		<Amount CurCode="EUR">1000.00</Amount>
		<PaymentMethod>
			<PaymentCard>
				<CardBrandCode>VI</CardBrandCode>
				<CardHolderName>Mary Smith</CardHolderName>
				<CardNumber>4111111111111111</CardNumber>
				<CardSecurityCode>111</CardSecurityCode>
				<ExpirationDate>0125</ExpirationDate>
				<SecurePaymentVersion2>
					<AuthenticationMerchantName>SellerMerchantName</AuthenticationMerchantName>
					<AuthenticationTokenValue>12345a6c789d225648e</AuthenticationTokenValue>
					<AuthenticationValue>CAVV</AuthenticationValue>
					<CardNumberCollectionCode>S</CardNumberCollectionCode>
					<DirectoryServerTrxID>a28b-4473-a130-3fa5e1c2eef0</DirectoryServerTrxID>
					<ElectronicCommerceInd>05</ElectronicCommerceInd>
					<PaymentTrxChannelCode>EC</PaymentTrxChannelCode>
					<ProgramProtocolText>2.2.0</ProgramProtocolText>
					<TrxStatusText>A</TrxStatusText>
				</SecurePaymentVersion2>
			</PaymentCard>
		</PaymentMethod>
	</PaymentProcessingDetails>
</PaymentFunctions>
...

Example of transfer of details for payment card transaction, including payer authentication exemption reason code

Code Block
...
<PaymentFunctions>
	<OrderAssociation>
		<OrderItemRefID>ORDITM-01</OrderItemRefID>
		<OrderRefID>XB952A1B2C3D4</OrderRefID>
	</OrderAssociation>
	<PaymentProcessingDetails>
		<Amount CurCode="EUR">1000.00</Amount>
		<PaymentMethod>
			<PaymentCard>
				<CardBrandCode>VI</CardBrandCode>
				<CardHolderName>Mary Smith</CardHolderName>
				<CardNumber>4111111111111111</CardNumber>
				<CardSecurityCode>111</CardSecurityCode>
				<ExpirationDate>0125</ExpirationDate>
				<SecurePaymentVersion2>
					<PayerAuthenticationExemptionCode>SC</PayerAuthenticationExemptionCode>
				</SecurePaymentVersion2>
			</PaymentCard>
		</PaymentMethod>
	</PaymentProcessingDetails>
</PaymentFunctions>
...