3D Secure Third Party MPI Service

3D Secure Third Party MPI Service

This Service enables the cardholder, you and the card Issuing Bank to authenticate each other prior to the authorisation of a transaction.
By using this Service, you can continue to use MasterCard Payment Gateway Services as your Payment Service Provider if you choose to purchase and use a Merchant Server Plug-in (MPI) from a third party supplier instead of the MasterCard Payment Gateway Services MPI.

When this service is incorporated into the authorisation process, there are four stages to the transaction cycle: card enrolment checkcardholder verificationauthorisation and settlement. The first two steps are completed before the transaction is submitted to the DPG.

Card Enrollment check

Once the payment details have been collected, the third party MPI which is installed within your system contacts the Directory Server which determines whether the card is enrolled within the 3-D Secure system.

If the card is enrolled, your third party MPI will generate a payment authentication request (PAReq), which contains the details required to re-direct the card holder to the Access Control Server (ACS) for their Issuing bank. It also contains the information required to re-direct them back to your own site, once authentication has been completed.

Cardholder Verification

If the card is enrolled, your systems will use the PAReq to re-direct the card holder to the ACS provided by their Issuing Bank. This page enables the card holder to authenticate themselves directly with their bank.

Once the authentication process is complete, the Issuing Bank re-directs the card holder back to your website. This re-direction process also passes back the payment authentication response (PARes) which is generated by the Issuer, and contains information about the result of the check. Your third party MPI will then check the PARes to ensure it genuinely came from the Issuer and that the cardholder successfully authenticated themselves

For cards which are not registered for 3-D Secure, your system may automatically proceed directly to authorisation if required.


Once the verification process has been completed, your system submits the card details to the DPG, along with details taken from the PARes. The transaction is then sent to your Acquiring Bank for authorisation. Your bank forwards the request to the Issuing Bank, who return an authorisation code if they approve the transaction.

The full transaction response - including the authorisation code if the transaction is successfully authorised - is then passed back to your system by the DPG.


Successfully authorised transactions are settled next working day, in the same way as transactions which have not been checked using 3-D Secure.


Before you can go live with this service, you will need:

  • a MasterCard Payment Gateway Services e-Commerce account

  • the account to be configured with the 3-D Secure service

  • to be a registered 3-D Secure merchant with your Acquirer, for the specific card schemes

  • appropriate third party MPI integrated with your website

The 3-D Secure check is currently available for certain Acquiring Banks and card schemes. These are outlined in the table below:

Acquiring Bank

Card Scheme


MasterCard, Visa


MasterCard, Visa


MasterCard, Visa

Lloyds TSB

MasterCard, Visa

Royal Bank of Scotland Group (includes NatWest)

MasterCard, Maestro (International), Visa

Transaction Processing Models

Each transaction processed using this service may be submitted using either the one stage or the two stage processing model. The transactions can also be cancelled and refunded, if required, in exactly the same way as for Bank Card transactions. Full details of these models and transaction types are available in the Bank Card section.

Performing Transactions

When using this service, the normal transaction and card information should be provided; this is the exactly the same as for the Bank Card Service.

For card schemes which are supported by the 3-D Secure service, additional information about the transaction is required:

  • the type of card used

  • whether the card was registered for 3-D Secure

Plus if the card was registered, these pieces of information taken from the PARes:

  • the Electronic Commerce Indicator

  • the security code - the Cardholder Authentication Verification Value for Visa cards, or Universal Cardholder Authentication Field for MasterCard

  • transaction id

Card schemes which are not supported for 3-D Secure should be presented without this extra information, as described in the Bank Card Service.

 Response Codes

An authorisation request may generate the three basic bank responses described in the Bank Card Service:

  • Authorised

  • Referred

  • Declined

A complete list of Response Codes for this service is available here. These are in addition to the general return codes. The Support Centre also contains extensive examples for most error codes. Illustrations are given to demonstrate how they would appear in both Reporting and an XML Response. Suggestions are also given to help you prevent them from occurring.


When a transaction has been checked using the 3-D Secure service, the details of the check will be available for each transaction on the Bank Card Details page

The Support Centre contains full hints and tips to help you get the most out of Reporting.