3-D Secure transactions flow for cardholder transactions involves request and responses between Merchant/Acquirer, Directory Server and Access Control server. The CA Transaction Manager Admin console allows one to trouble shoot cardholder transactions failures.
How to troubleshoot cardholder transaction issues using Admin reports ?
Troubleshooting Single Cardholder Transaction Issue
Cardholders report several issues related to 3-D Secure transaction. Below are a few examples:
- Cardholder reports that the page showed an error message indicating a transaction failure once he/she entered his/her 3-D Secure credentials.
- Cardholder reports that once they entered Card details into the merchant website, they noticed a blank / or error screen and their purchase did not go through.
In few cases, Cardholder reports that the answer provided to the challenge questions fail to validate.
In all the above cases, a few troubleshooting steps which one can perform is to understand what could have happened to the transaction request.
Discussed below are a few Admin reports which would help the administrator to understand the various stages during a 3-D Secure transaction processing.
1. Use the “Cardholder Account Inquiry” Report
Cardholder Account Inquiry is a report which provides an overview and status of a card. This report confirms if the card is enabled or disabled in 3-D Secure. The same report also provides a detail on the pre-enrollment records and details about the enrolled record of a card.
A few things to validate on the below screen while troubleshooting a cardholder transaction issue would be:
· Check if the “Enabled:” box is checked (as shown in the screen below) which would indicate the card is not locked.
<Please see attached file for image>
Check if the transaction in question is appearing in the list above and note what is populated against it under the Result column.
Please note that if the transaction in question appears as “Success” in the above table then there could be a possibility that the Payer Authentication Response message (PARes) was sent successfully from CA ACS to the Merchant via the cardholder browser.
In such a case, the investigation needs to be carried forward by contacting the Directory Server (such as Visa / MasterCard /AMEX) who shall further involve the Merchant / Acquirer to understand as to why the payment failed.
2. Use the “All Transactions” Report.
“All Transactions” report provides for details of a transaction and one could determine many more facts for analyzing a certain transaction.
To view the “All Transactions” report:
Report Field Description
Issuer Name Name of the Issuer.
Begin Range First number of the card range for the card.
End Range Last number of the card range for the card.
Business ID Bank Identification Number.
The first six digits of a payment card account number that uniquely identifies the issuing financial institution.
Card Holder Name Name of the cardholder.
This field can be empty if the cardholder name is not used.
Card Number Card number associated with the corresponding cardholder.
Cardholder IP Address IP address of the system from where the cardholder performed the secure transaction.
ProxyPAN Unique identifier of the card number. The value generated here is always the same for a card number.
The Cardholder and Transaction Details sub-report is displayed when you click the proxy PAN that is displayed in this column.
Transaction ProxyPAN Other identifier for the card number.
There is a unique value generated for every transaction. This is the value sent in all the external communications instead of the actual card number.
Instance ID ACS instance from which this transaction originated.
Purchase XID Transaction identifier that is generated by the merchant.
This value along with the proxy pan is used to uniquely identify the transaction. The XID field is of the format: Random number: Instance ID: Merchant XID.
PARes Signing Time Date and timestamp when the PARes was signed.
Authentication Method used to authenticate the cardholder. The value can be one of the following:
None | Mobile OTP | Display Card with PIN |
Core | Email OTP | Display Card without PIN |
Chip Card | SMS OTP | Mobile Token |
Arcot Card | EMV OTP | Key FOB Token |
Hint | Trusted Third Party | Biometric |
IssuerQuestion | Simple OTP | Others |
Abridged ADS | Bingo Card/Grid |
|
UCP Authentication | IVR (Interactive Voice Response) |
|
Partial Password | Static List via ATM |
|
Currency Currency used in the purchase during the transaction.
Amount Amount of the purchase during the transaction.
Merchant Name
Merchant URL
Merchant ID
Merchant Country Details of the Merchant involved in the transaction.
PwdInfo Status Specifies whether the transaction reached the password or Opt-In page. The value can be one of the following:
Successful
Failed
N/A (If the cardholder canceled the transaction or the browser stopped responding before the page was displayed.)
Verify Password Status Specifies whether the cardholder entered the correct password. The value can be one of the following:
Successful (the password is correct)
Failed (the password is not correct)
N/A (neither of the earlier options) The cardholder may have closed the password page, lost Internet connectivity, or the browser may have stopped responding. In other words, the password was not entered on the page, so it could not be verified.
Hint Question Status The indication whether the cardholder was asked to enter the response to the hint question.
Verify Hint Answer Status The indication whether the cardholder’s response to the hint question is
correct:
1 (the response is correct)
0 (the response is not correct)
N/A (neither of the earlier options) The cardholder may have closed the password page, lost Internet connectivity, or the browser may have stopped responding. In other words, the cardholder’s response was not entered on the page, so it could not be verified.
Transaction Status Status of the transaction. The value can be one of the following:
Successful: Implies that the transaction was successful.
Failed: Implies that the transaction failed.
Unavailable: Implies that the system was not available to authenticate the transaction.
Attempts: Implies that the range is configured for Attempts method of ADS (Activation During Shopping).
CallOut Status Status returned by the ACS Callouts configured.
If there are more than one Callouts configured, all the status returned are logged separated by a delimiter.
Transaction Request Date The date the purchase transaction was requested.
Device The device used for the purchase.
Verify Password Request Time The timestamp when the password is authenticated.
Receipt Request Time The time stamp when the ACS generated receipt is sent to the configured receipt server.
After Num. Failed The indication if the cardholders who are configured for ADS.
This field indicates the number of times a cardholder failed authentication before failing the transaction.
After Num. Declines The indication if the number of times a cardholder declined to auto-enroll into the online authentication program before failing the transaction.
Transaction Type The indication of the type of transaction of the cardholder.
The transaction can be either Regular or AutoEnroll.
Reason This summary of the reason for which the transaction failed.
For a list of values for this field, see Report Codes.
Hex Encoded Transaction Proof
The indication if the calculated value is used for dispute resolution.
The hex encoded value of the transaction proof, which can be CAVV or AAV.
Base64 Encoded Transaction Proof Specifies the base64 encoded value of the transaction proof, which can be CAVV or AAV.
Risk Advice Status The Risk Advice suggested by CA Risk Analytics to the calling application, after evaluating the risk of a transaction.
PARes Clicking a link provided in this column displays the PARes details of the purchase transaction.
In case of transactions which show up as successful 3-D Secure transaction and the end user claims to have noticed a failed or an error screen, PARes sent to the merchant could be downloaded from the all transaction report and the same could be shared with Visa / MasterCard or Merchant to understand what when wrong with the authorization.
None.