3D Secure Setup

There are two ways to setup 3DSecure:

  1. Via the Gateway
  2. Via 3rd Party 

Via Gateway

This option is based on the Merchant Gateway. If 3DS is offered by the Gateway, it can be enable on the merchant within Sublytics. 

To add 3DS on a Merchant

Select Processing → Merchant → Check "Attempt 3D Secure"


  1. Check Attempt 3D Secure
  2. Enter API Key, provided by the Gateway (NMI & Paysafe only)
This option can be frictionless, it all depends on the response back from the gateway.  
101 Response
You will need to redirect the user to a new page that you specify in the API request.
Once the customer verifies, there will be API call to finalize the payment.
100 Response
No need to redirect the customer.
Required fields needed to pass when using 3DS through the gateway:
redirect_url -> this is the URL that the user will be redirected to after they complete the challenge
Using NMI Three Step Redirect for initial transactions? Find more information here


Via 3rd Party


This option does not require any setup or configuration within Sublytics if using a single 3rd party account

If using paay.co on your pages, Sublytics API will accept additional parameters that are generated from paay.co
If passing these values to Sublytics ( this should be available to you via paay.co integration on the front end ), then Sublytics passes this along to the gateway.


Pass an array of values to use for each corresponding cycle.

These values are in Sublytics documentation https://{instancename}.sublytics.com/api_docs under the doProcess, doAddProcess and doAddProcessOrder.  




Common ERROR: XID data must be 20 bytes REFID:1160745918

This happens either when a user tries with one card brand like visa, the trans declines, then they use another card brand like MasterCard but using the tokens obtained from the visa.
Or the wrong XID value is being passed.



Authenticated Status Defined
Y Authenticated
A Attempted. Proof of (Liability is still shifted. Network stepped in for the authentication.)
C Requiring a Cardholder challenge to complete authentication
N  Not authenticated
U Authentication could not be performed due to a technical or other problem
R Issuer is rejecting authentication and requesting that authorization not be attempted


ECI Defined
01 Authenticated
02 Attempted (Liability is still shifted. Network stepped in for the authentication.)
00 Not Authenticate
05 Authenticated
06 Attempted (Liability is still shifted. Network stepped in for the authentication.)
07 Not Authenticate

Have multiple accounts via 3rd Party? 

If you have more than one account with paay.co, you can use the Sublytics API simulates they payment router to determine which key the javascript should show. 
In this case, there is setup within Sublytics.

To add Multiple 3DS Accounts

Select Processing → Merchant → Third Party Integrations

Was this article helpful?
1 out of 1 found this helpful