The interaction between 3DSS and other 3-D Secure infrastructure objects is depicted in the figure below.
TLS connection might be established through the proxy reverse server either directly to 3DSS. It depends on implementation.
¶ TLS connections
The link between DS and 3DSS for exchanging messages is established using a TLS protocol with mutual authentication. The public key certificates of both parties are signed by the DS CA. Certificates for a secure connection from directory servers and a cardholder’s web browser may be stored on the web proxy server. These certificates are configured independently from D8 3DSS.
¶ Cardholder Device — 3DS Requestor
When the Cardholder interaction with the 3DS Requestor moves to 3-D Secure protocol-specific actions, the links will need to be in a secured state. This will be 3DS Requestor-specific, with the expectation that it satisfies Payment System security requirements with at least a TLS protocol with 3DS Requestor (server) authentication by the 3DS Requestor App or the Browser.
If the 3DS Requestor and 3DS Server are separate components, data transferred between the components need to be protected at a level that satisfies Payment System security requirements with mutual authentication of both servers.
¶ 3DS Server — DS
The 3DS Server to DS link for the AReq/ARes messages is established using a TLS protocol with mutual authentication. The public key certificates of both parties are signed by the DS CA, with the 3DS Server making the necessary selection if it connects to more than one DS.
The DS to 3DS Server link for the RReq/RRes messages is established using a TLS protocol with mutual authentication. The public key certificates of both parties are signed by the DS CA.
¶ 3DSS - ACS
It is possible to link 3DS Server with AC Server directly. When Issuer and Acquirer placed their 3DS modules in one place, and there is no need to visit PS DS, it is required to configure appropriate settings to establish such connection.
¶ 3DSS URLs
The following URLs must be available for the proper 3DSS work.
| Method | URL path | Interaction with |
|---|---|---|
| POST | /api/3dsmethod | Payment Gateway Browser |
| GET | /api/browserinfo/[threeDSServerTransID] | Browser |
| POST | /3dsmethod/collect | Browser |
| POST | /3dsmethod/handle-acs-notification | ACS |
| POST | /api/pArq | Payment Gateway |
| GET | /api/challenge/[threeDSServerTransID] | Payment Gateway |
| POST | /rreq | DS |
| POST | /api/cresponse | Payment Gateway Browser ACS |