3D Secure (Enterprise API)
This page serves as a supplementary guide for integrating 3D secure into the payment flow and is to be read in conjunction with the PayU Enterprise API integration documentation.
Â
For credit cards, PayU will allow you to set up your transactions to go through an additional level of authentication with Visa or MasterCard. The process is referred to as 3D Secure and involves the customer entering an additional verification code to prove that the card is theirs. This helps prevent fraud and helps reduce the risk associated with accepting credit card payments online.
doTransaction amendments for 3D Secure
Merchants will need to make the following amendments to the doTransaction API call in order to do 3D secure transactions on the PayU platform.
- AdditionalInformation.supportedPaymentMethods = CREDITCARD
- AdditionalInformation.secure3d = true
- AdditionalInformation.returnUrl =<valid full url e.g. http://example.com/return/>
- AdditionalInformation.notificationUrl =<valid full url e.g. http://example.com/notification/ >
Integration payment sequence/flow
When developing a solution with PayU's Enterprise API you will need to cater for a Card enrolled and Card not enrolled scenario. When the <secure3D> tag is present in the PayU API response it indicates that card is enrolled.
Simple payment sequence integration:
- Merchant's website issues a doTransaction SOAP call against PayU's API
- PayU's API reponds with the result of the transaction:
2.1. If <secure3D> is not present in the response - indicating that the card is not enrolled:
      2.1.1. Validate whether transaction was failed or successful against the API response
      2.1.2. No further processing required and website indicates payment result to the customer.
2.2. If <secure3D> is present in the response - indicating that the card is enrolled:
      2.2.1. Present the <secure3DUrl></secure3DUrl> tag content to the browser which will redirect the customer to the bank's 3D Secure page
      2.2.2. Customer receives OTP via SMS
      2.2.3. Customer enters the received OTP on bank's 3D Secure page - Browser automatically redirects customer back to PayU where a message is briefly displayed.
- Browser automatically redirects customer back to merchant's website (url specified within returnUrl parameter).
- Merchant website issues a getTransaction SOAP call against PayU's API from merchant's website and validates payment result e.g. payment successful or declined as per Transaction result validation. The merchant will also recieve an
- IPN to the url specified within notificationUrl parameter with the result of the transaction.
3D Secure OTP page examples
Example of intermediate redirect page to bank/card issuer's 3D secure OTP capture page
Â
Example of bank/card issuer's 3D secure OTP capture page
API call examples
Please refer to the doTransaction API example page for more information
Â