3D Secure (Enterprise API)

This page serves as a supplementary guide for integrating 3D secure into the payment flow and is to be read in conjunction with the PayU Enterprise API integration documentation.

For credit cards, PayU will allow you to set up your transactions to go through an additional level of authentication with Visa or MasterCard. The process is referred to as 3D Secure and involves the customer entering an additional verification code to prove that the card is theirs. This helps prevent fraud and helps reduce the risk associated with accepting credit card payments online.

doTransaction amendments for 3D Secure

Merchants will need to make the following amendments to the doTransaction API call in order to do 3D secure transactions on the PayU platform.

AdditionalInformation.supportedPaymentMethods = CREDITCARD
AdditionalInformation.secure3d = true
AdditionalInformation.returnUrl =<valid full url e.g. http://example.com/return/>
AdditionalInformation.notificationUrl =<valid full url e.g. http://example.com/notification/ >

Integration payment sequence/flow

When developing a solution with PayU's Enterprise API you will need to cater for a Card enrolled and Card not enrolled scenario. When the <secure3D> tag is present in the PayU API response it indicates that card is enrolled.

Simple payment sequence integration:

Merchant's website issues a doTransaction SOAP call against PayU's API
PayU's API reponds with the result of the transaction:
2.1. If <secure3D> is not present in the response - indicating that the card is not enrolled:
       2.1.1. Validate whether transaction was failed or successful against the API response
       2.1.2. No further processing required and website indicates payment result to the customer.
2.2. If <secure3D> is present in the response - indicating that the card is enrolled:
       2.2.1. Present the <secure3DUrl></secure3DUrl> tag content to the browser which will redirect the customer to the bank's 3D Secure page
       2.2.2. Customer receives OTP via SMS
       2.2.3. Customer enters the received OTP on bank's 3D Secure page
Browser automatically redirects customer back to PayU where a message is briefly displayed.
Browser automatically redirects customer back to merchant's website (url specified within returnUrl parameter).
Merchant website issues a getTransaction SOAP call against PayU's API from merchant's website and validates payment result e.g. payment successful or declined as per Transaction result validation. The merchant will also recieve an
IPN to the url specified within notificationUrl parameter with the result of the transaction.

It should be noted that the sequence set out in this document (as well as above and flowchart below), is only for a golden path integration.

3D Secure OTP page examples

Example of intermediate redirect page to bank/card issuer's 3D secure OTP capture page

Example of bank/card issuer's 3D secure OTP capture page

API call examples

Please refer to the doTransaction API example page for more information