PSD2 - Upgrading your XML Integration to 3D Secure version 2

If your integration already supports XML 3D Secure (3DS) 1.0, to support the new directives within the PSD2 regulations it is necessary to make some small changes.

When using 3DS 1.0 it is not necessary to add the Cardholder Name in the REQUEST BODY for the 3D Secure Verification. For 3DS 2.0 it is necessary to add the CARDHOLDERNAME tag containing the Cardholder Name entered by the user when performing the transaction.

PSD2 and Strong Customer Authentication (SCA)

The Payment Services Directive 2 (PSD2) comes into force in 2020 (only applicable in EU) and you might need to be prepared to provide SCA for your payments. Take a closer look at our F.A.Q in case you have more questions.

The process is described in the flowchart below.

1. A POST request is made to the Worldnet server. The server will handle the user authentication.

2. After authentication, the server will redirect to the URL set in the MPI Receipt URL in the `Selfcare > Settings > Terminal` section with the authentication results passed in the URL.

3. In your integration add the MPIREF code to your XML payment and send a payment load to the XML Request URL. For further details, check XML Payment Features.

4. If the payment is successful, the server will return an approval message.

The following resources are the same for all the requests and responses you find in this page:

Request URL


This URL should be used in test mode only. Please contact the Worldnet support team to receive the live URL.

3D Secure Check

Request Body Fields


TERMINALID Y A Terminal ID provided by Worldnet. NB - Please contact Worldnet to be issued with a test terminal ID.
CARDNUMBER Y The payment card number.
CARDHOLDERNAME Y Required for 3DS 2.0 - The name on the front of the credit card.
CARDEXPIRY Y 4 digit expiry field (MMYY).
CARDTYPE Y See Card Types section.
AMOUNT Y The amount of the transaction as a 2 digit decimal or an Integer value for JPY amounts.
CURRENCY Y A 3 character currency code of the transaction.
ORDERID Y A unique identifier for the order created by the merchant (Max 24 characters).
CVV N The security code entered by the card holder.
DATETIME Y Request date and time. Format: DD-MM-YYYY:HH:MM:SS:SSS.
HASH Y A HASH code formed by part of the request fields. The formation rule is given at the ND001 - Hash Formation, in the next section.

Notes and Details About the Request

ND001 - Hash Formation

The general rule to build HASH field is given at the Special Fields and Parameters page. For this specific feature, you should use the following formats:


Response Body Fields

The response body fields will be the same as from your previous integration. For details about the response, check the XML 3D Secure page.

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International