At the point of checkout, the Cardholder selects an appropriate payment method based on the initiatives supported by the Merchant. The Cardholder fills out the checkout form including the payment option and clicks Buy.
If the association of the Card is a MasterCard or Visa, and the merchant is enabled for 3DSecure, then the Merchant passes a cmpi_lookup message to Centinel MAPS, containing the following values based on the payment information:
Field Name |
Description |
MsgType |
cmpi_lookup |
Version |
Application Version identifier |
ProcessorId |
Application Processor identifier |
MerchantId |
Application Merchant identifier |
OrderNumber |
Order number from the Merchant Website |
PurchaseAmount |
Formatted total sale transaction |
RawAmount |
Total amount without decimalization |
PurchaseCurrency |
3-digit numeric ISO4217 currency code for the sale amount |
PAN |
Credit card number used for transaction |
PANExpr |
Credit card expiry date, formatted YYMM |
Sample Message:
<CardinalMPI>
<MsgType>cmpi_lookup</MsgType>
<Version>1.3</Version>
<ProcessorId>1000</ProcessorId>
<MerchantId>12345678</MerchantId>
<OrderNumber>IVERI00001</OrderNumber>
<PurchaseAmount>ZAR11</PurchaseAmount>
<RawAmount>11</RawAmount>
<PurchaseCurrency>710</PurchaseCurrency>
<PAN>4242424242424242</PAN>
<PANExpr>0410</PANExpr>
</CardinalMPI>
- This message contains all the required information supplied by the cardholder in order to check the enrollment of the cardholder.
- Based on the card number range stored within Centinel MAPS, a Verify Enrollment Request (VEReq), message will be sent to the Enrollment directory server.
- The Enrollment directory server will send the VEReq to the cardholders Issuing Bank Access Control Server (ACS) where it will verify the enrollment status.
- The Verify Enrollment Response (VERes), is then passed back to the Directory server with the corresponding ACS url, if applicable.
- The information is then passed back to Centinel MAPS where it is verified and the Payment Authentication Request (PAReq) is created.
The lookup response is then returned to the Merchant, Containing the following values:
FieldName |
Description |
ErrorDesc |
Application error description for the associated errornumber |
ErrorNo |
Application error number, non zero, encountered while attempting to process the message request |
TransactionId |
This number is required to be passed on the cmpi_authenticate message |
Payload |
Contains the encoded PAReq generated by MAPS, available if Enrolled = Y |
SPSHiddenFields |
Contains the SPA hidden form fields, Available if Master card transaction |
Enrolled |
CardHolder enrolled status (Y - enrolled, N - not enrolled, U - Cardholder enrolled but authentication unavailable) |
ACSUrl |
Contains the fully qualified path of the Issuers ACS, this is used by the merchant to redirect the Cardholder, available if Enrolled = Y |
Sample Response Message:
<CardinalMPI>
<ErrorDesc></ErrorDesc>
<ErrorNo>0</ErrorNo>
<TransactionId>jMpkHtqeHD+6GTlUhafK</TransactionId>
<Payload>*******PAReqMessage********</Payload>
<SPAHiddenFields></SPAHiddenFields>
<Enrolled>Y</Enrolled>
<ACSUrl>http://dns/path</ACSUrl>
</CardinalMPI>
- Based on the existence of the ACS url in the lookup response the Merchant will redirect the cardholder’s browser to the corresponding ACS server. The cardholder enters their authentication data and initiates the Authentication process directly with the ACS server.
- The ACS, in conjunction with the Card Issuer, authenticates the cardholder. The Payment Authentication Response (PARes), is send back to the Cardholder via the web browser.
- The PARes is forwarded to the Merchant.
The Merchant initiates a cmpi_authenticate message to the Centinel MAPS, containing the following values:
Field Name |
Description |
MsgType |
cmpi_authenticate |
Version |
Application Version identifier |
TransactionId |
This links the cmpi_lookup with the cmpi_authenticate message together |
ProcessorId |
Application Processor identifier |
MerchantId |
Application Merchant identifier |
PAResPayload |
PARes generated by the Issuer ACS |
Sample Message:
<CardinalMPI>
<msg_type>cmpi_authenticate</msg_type>
<version>1.3</version>
<processor_id>1000</processor_id>
<merchant_id>12345678</merchant_id>
<order_number>AUT000191</order_number>
<PAResPayload>*******PAResMessage********</PAResPayload>
</CardinalMPI>
The authenticate response is then returned to the Merchant, containing the following values:
Field Name |
Description |
ErrorDesc |
Application error description for the associated errornumber |
ErrorNo |
Application error number, non zero, encountered while attempting to process the message request |
Cavv |
Transaction stain from PARes |
SignatureVerification |
Status of the signature verification of the PARes message (Y - validated successfully, N - not validated) |
Xid |
Transaction Xid from PARes |
EciFlag |
E-Commerce indicator from PARes |
PAResStatus |
Transaction status from PARes (Y, N, U or A) |
Sample Message:
<CardinalMPI>
<ErrorDesc></ErrorDesc>
<ErrorNo>0</ErrorNo>
<Cavv>AAABAJEDFwAAAAAAAAMXAAAAAAA=</Cavv>
<SignatureVerification>Y</SignatureVerification>
<Xid>QPqHUYfUAn1c4OJGzEM2lEzeAYU=</Xid>
<EciFlag>05</EciFlag>
<PAResStatus>Y</PAResStatus>
</CardinalMPI>