Professional Documents
Culture Documents
0 Acquirer
Implementation Guide
Ver.2.2.0
J/Secure™ 2.0 Acquirer Implementation Guide
All rights relating to this document belong to JCB Co., Ltd. (hereinafter referred to as “JCB”).
This document contains JCB’s confidential and proprietary information, patents, copyrights,
trademark rights, trade secrets, know-how and other intellectual property or other rights. To
use any part of this document (whether formatted as text, images or in any other way) by any
method (including but not limited to browsing and downloading), you (“the reader”) must
agree to all of the items published herein.
The reader must not copy, distribute, assign, lend, post, publish, disclose or modify (including
translating) any part or all of this document to or for any third party, by any means whatsoever,
except as permitted in advance by JCB.
This document may contain third-party information, patents, copyrights, trademark rights,
trade secrets, know-how and other intellectual property or other rights. JCB does not
guarantee this document or any part thereof to be free of infringement of third-party
information, patent rights, copyrights, trademark rights, trade secrets, know-how, or any other
intellectual property or rights (either explicitly or implicitly). In using this document, it is the
reader’s responsibility to decide whether it is necessary to purchase or license such rights
from a third party. JCB shall not be held liable for infringements of a third party’s intellectual
property or other rights by the reader or any other party.
Although we strive to ensure that this document is accurate and up-to-date, JCB makes no
explicit or implicit warranty as to the accuracy or completeness of this document. Also, JCB
assumes no responsibility for any products or services developed or produced in accordance
with this document. JCB assumes no responsibility for errors or omissions in this document.
To the extent permitted by law, JCB, its directors, employees, affiliates, business partners,
agents, and other representatives shall assume no responsibility for any direct or indirect
damages (including damages incurred by third parties) arising from the use or inability to use
this document, even if JCB has been notified of the possibility of such damages.
JCB Confidential
J/Secure™ 2.0 Acquirer Implementation Guide
JCB Confidential
J/Secure™ 2.0 Acquirer Implementation Guide
Table of Contents
1 Introduction ................................................................................................................... 1
1.1 Objective ..................................................................................................................1
1.2 Intended Readers ....................................................................................................1
1.3 Prerequisites of this Document.............................................................................1
1.4 Structure of this Document ...................................................................................1
1.5 Revisions of this Document ..................................................................................2
1.6 Related Documents ................................................................................................2
1.6.1 EMV 3DS Documents ...........................................................................................2
1.6.2 JCB Documents ....................................................................................................2
1.7 Definitions................................................................................................................3
2 J/Secure2.0 Overview ................................................................................................... 4
2.1 Overview ..................................................................................................................4
2.2 Objectives ................................................................................................................4
2.3 Participants and Responsibilities .........................................................................5
2.4 Structure ..................................................................................................................6
2.4.1 System Overview ..................................................................................................6
2-4-2 System Arrangement Diagram ...............................................................................7
2-5. Authentication Flow ...................................................................................................8
2-5-1 Authentication Flow (Frictionless Flow) ..................................................................8
2-5-2 Authentication Flow (Challenge Flow) ....................................................................9
3. Acquirer Implementation and Operation process ................................................... 12
4. Consideration on Planning Phase............................................................................. 13
4.1 Decision of Implementation Method ........................................................................13
4.1.1 Implementation Options ............................................................................................13
4.1.2 3DS Server Selection ...............................................................................................13
4.1.3 Revision of Merchant Agreement .............................................................................13
5 Implementation Phase ................................................................................................ 14
5.1 Application to JCB ................................................................................................14
5.2 Initialization of 3DS Server ..................................................................................14
5.2.1 Information required ............................................................................................14
5.2.2 Setting of 3DS Server Operator ID .....................................................................14
5.2.3 3DS Server Reference Number ..........................................................................14
5.3 Initialization of 3DS SDK ......................................................................................14
5.4 Installation of Encryption Keys and Certificates...............................................15
5.4.1 Installation on the 3DS Server ............................................................................15
5.4.2 Installation to the 3DS SDK.................................................................................15
5.5 Authorization System Upgrade ...........................................................................16
5.5.1 Authorization Message Items ..............................................................................16
5.6 Merchant Implementation ....................................................................................16
5.6.1 Obtainment of Acquirer BIN and 3DS Server Operator ID .................................16
5.6.2 Registration of Information with DS ....................................................................16
5.6.3 Setting of Acquirer Merchant ID ..........................................................................16
5.6.4 Setting of 3DS Requestor ID ...............................................................................16
5.6.5 Display of JCB Logo ............................................................................................17
5.7 Transaction Processing Requirements ..................................................................... 17
5.7.1 Risk-based Authentication Results ...........................................................................17
5.7.2 Challenge Authentication Results .............................................................................18
JCB Confidential
J/Secure™ 2.0 Acquirer Implementation Guide
JCB Confidential
J/Secure™ 2.0 Acquirer Implementation Guide
1. Introduction
1 Introduction
This chapter describes the objectives, the intended readers, prerequisites, structure, revisions
and related materials of this document.
The term “JCB” used in this document refers to “JCB as the brand holder” unless otherwise
specified.
1.1 Objective
The purpose of this document is to convey the necessary requirements, operations and guidelines
involved when an Acquirer implements J/Secure2.0.
Chapter 1: Introduction
This chapter describes the objectives, the intended readers, prerequisites, structure,
revisions and related materials of this document.
JCB Confidential
1
J/Secure™ 2.0 Acquirer Implementation Guide
1. Introduction
This chapter describes items that the Acquirer shall consider before implementing its
ACS.
Chapter 6: Testing
This chapter describes each test for J/Secure2.0 implementation.
(1) EMV® 3-D Secure Protocol and Core Functions Specification v2.1.0
(2) EMV® 3-D Secure Protocol and Core Functions Specification v2.2.0 (hereinafter EMV 3DS
Core Spec)
(3) EMV® 3-D Secure SDK Specification v2.1.0
(4) EMV® 3-D Secure SDK Specification v2.2.0 (hereinafter EMV 3DS SDK Spec)
(5) EMV® 3-D Secure SDK Device Information
(6) EMV® 3-D Secure SDK Technical Guide v2.1.0
(7) PCI 3DS Security Requirements and Assessment Procedures for EMV 3-D Secure Core
Components: ACS, DS, and 3DS Server v1.0 (hereinafter PCI 3DS Core)
(8) PCI 3DS Security Requirements and Assessment Procedures for EMV 3-D Secure SDK
(hereinafter PCI 3DS SDK)
(9) PCI 3DS Data Matrix For use with PCI 3DS Core Security Standard v1.0 (hereinafter PCI
3DS Data Matrix)
JCB Confidential
2
J/Secure™ 2.0 Acquirer Implementation Guide
1. Introduction
1.8 Definitions
Definitions of the terms “shall”, “should”, and “may” used in this document are following.
(1) “shall” indicates that fulfilling requirements is mandatory.
(2) “should” indicates that fulfilling requirements is strongly recommended.
(3) “may” indicates that fulfilling requirements is optional.
Unless otherwise defined in this document, the definitions of terms shall conform to the EMV 3DS.
JCB Confidential
3
J/Secure™ 2.0 Acquirer Implementation Guide
2. J/Secure2.0 Overview
2 J/Secure2.0 Overview
This chapter presents an overview of J/Secure2.0, its objectives, and the responsibilities of each
party involved.
2.1 Overview
J/Secure2.0 is JCB’s Cardholder authentication program compliant with the EMV 3DS technical
specification, which is the next generation of 3-D Secure specification. The features of
J/Secure2.0 are as follows:
➢ Frictionless Authentications
By performing risk-based authentication using information about the purchase and the
Merchant together with other details such as the device being used by the Cardholder, the
authentication of the majority of transactions is accomplished without the Cardholder having
to input information such as a password. This makes it possible to avoid situations such as
Cardholder withdrawing from transactions as a result of forgetting password.
2.2 Objectives
J/Secure2.0 serves four objectives, which are as follows:
JCB Confidential
4
J/Secure™ 2.0 Acquirer Implementation Guide
2. J/Secure2.0 Overview
JCB Confidential
5
J/Secure™ 2.0 Acquirer Implementation Guide
2. J/Secure2.0 Overview
2.4 Structure
2.4.1 System Overview
Table 2-2 shows an overview of the system necessary for implementing J/Secure2.0.
JCB Confidential
6
J/Secure™ 2.0 Acquirer Implementation Guide
2. J/Secure2.0 Overview
DS
Payment
J/Secure CA
Request
ACS
Commercial CA
JCB
Issuer Host (Authorization Acquirer Host
system)
JCB Confidential
7
J/Secure™ 2.0 Acquirer Implementation Guide
2. J/Secure2.0 Overview
(1) Cardholder follows the purchase procedure using the Merchant web site or app.
(2) The 3DS Server sends an AReq message to DS, and DS sends it to ACS.
(3) The ACS performs authentication based on the contents of the AReq message.
The ACS sends the authentication results as an ARes message to the DS, and DS
(4)
sends it to the 3DS Server.
The 3DS Requestor adds the authentication results to the authorization and sends it to
(5)
the Acquirer.
The Acquirer sends an authorization message, and the results of the authorization
(6)
processing by the Issuer are sent back to the 3DS Requestor via the Acquirer.
* Steps (5) and (6) may be omitted if the 3DS Requestor is not a merchant, or if the service
is used for non-payment purpose.
JCB Confidential
8
J/Secure™ 2.0 Acquirer Implementation Guide
2. J/Secure2.0 Overview
(1) The 3DS SDK or the web browser sends a CReq message to ACS.
For App: Information necessary for the screen display is sent as a CRes message from
(2)
the ACS to the 3DS SDK.
The 3DS SDK or the web browser displays a form where Cardholder can input
(3)
information necessary for authentication, and the Cardholder completes this form.
(4) The ACS performs authentication based on the information entered by the Cardholder.
The ACS sends the authentication results to DS as an RReq message, and the DS
(5)
sends it to the 3DS Server.
The 3DS Requestor adds the authentication results to the authorization and sends it to
(6)
the Acquirer.
The Acquirer sends an authorization message, and the results of the authorization
(7)
processing by the Issuer are sent back to the 3DS Requestor via the Acquirer.
(8) The 3DS Server sends the result received via RReq to DS as an RRes message.
JCB Confidential
9
J/Secure™ 2.0 Acquirer Implementation Guide
2. J/Secure2.0 Overview
3DS Requestor
3DS Server
DS(Brand)
④Authorization
⑤Authorization
ACS ISS Host ACQ Host
②Authentication
Issuer Acquirer
(3 The ACS sends the authentication results as an ARes message to the DS, and the
) DS sends it to the 3DS Server.
(4 The 3DS Requestor adds the authentication results to the authorization and sends it
) to the Acquirer.
(5 The Acquirer sends an authorization message, and the results of the authorization
) processing by the Issuer are sent back to the 3DS Requestor via the Acquirer.
*In the case where additional authentication is required at (2), Issuer can utilize
Decoupled Authentication to authenticate the cardholder. After the authentication, ACS
sends the authentication results as an RReq message to 3DS Server via DS.
[applicable to v2.2.0 and above]
JCB Confidential
10
J/Secure™ 2.0 Acquirer Implementation Guide
2. J/Secure2.0 Overview
- 3RI Payment
In the case where a merchant stores the card information, the merchant can initiate the
authentication request. Since the cardholder is not present, frictionless authentication is
performed based on the previous authentication results and the information stored by the
merchant.
Use Cases: Split shipments, pre-order, recurring transactions(subscription), free trial,
auto top up, payments confirmed after the purchased amount is fixed (e.g. payment in
ridesharing apps), etc.
- Whitelisting
Issuer manages the list of whitelisted merchants for each cardholder.
- Decoupled Authentication
When ACS authenticates the cardholder with the method other than Challenge
authentication, the transaction is pended at the merchant while ACS returns the
authentication results before the pending period expires.
Use Cases: Mail order, telephone order
JCB Confidential
11
J/Secure™ 2.0 Acquirer Implementation Guide
3. Acquirer Implementation and Operation process
Implemen
Planning Test Operation
tation
JCB Confidential
12
J/Secure™ 2.0 Acquirer Implementation Guide
4. Consideration on Planning Phase
The Acquirer develops its own 3DS server in-house and provides it to the
Merchant.
The Acquirer purchases 3DS server from a vendor, implements it in-house, and
provides it to the Merchant as a hosting service.
The Acquirer partners with a third party who provides 3DS server as a hosting
service and provides it to the Merchant.
The Merchant selects 3DS server at its discretion.
JCB Confidential
13
J/Secure™ 2.0 Acquirer Implementation Guide
5.Implementation Phase
5 Implementation Phase
This chapter describes items that the Acquirer shall execute at the implementation phase.
<<Where to submit>>
JCB International Co. Ltd.
Network Services Headquarters
Fax to: +81-3-5778-8377
After the form has been submitted, JCB will provide the information listed below to the
Acquirer
・Acquirer BIN
・3DS Server Operator ID
For the criteria of setting each parameter, refer to J/Secure2.0 3DS Server Functional
Requirements.
JCB Confidential
14
J/Secure™ 2.0 Acquirer Implementation Guide
5.Implementation Phase
JCB Confidential
15
J/Secure™ 2.0 Acquirer Implementation Guide
5.Implementation Phase
3 DS device information encryption J/Secure Encryption of AReq messages
certificate CA between the 3DS SDK and DS
Table 5-4
Item Explanation
A value that indicates whether or not the Issuer has performed authentication.
ECI
For the ECI values for each authentication result, refer to the ECI mapping.
JCB Confidential
16
J/Secure™ 2.0 Acquirer Implementation Guide
5.Implementation Phase
5.6.5 Display of JCB Logo
The Merchant shall display the logo on the Merchant website and Merchant app so as to make it
known that the Merchant has adopted J/Secure2.0. (J/Secure2.0 logo, etc.)
The Acquirer can obtain the J/Secure2.0 logo data from JCB at the URL shown below.
JCB VI Design Manual
http://www.jcb.co.jp/bdmanual/en/serviceMark/jsecure/download.html
In an ARes, the Issuers are expected to send Transaction Status other than N (authentication
failure).
JCB Confidential
17
J/Secure™ 2.0 Acquirer Implementation Guide
5.Implementation Phase
When a transaction is determined to have a high risk of fraud based on risk-based
decisioning, it is recommended for the Issuer to perform Challenge authentication or
Decoupled Authentication challenge. In the case where the Issuer has no channel with
the cardholder and neither of Challenge authentication and Decoupled Authentication
challenge is available, ACS can return Attempt as ARes or if the Issuer hopes to reject
the transaction because of the high risk of fraud, ACS can set R (reject) in the ARes.
When R is set in the ARes, Authorization will not be performed.
The Issuer sets ECI = 07 and CAVV value generated by ACS when the Issuer returns
Transaction Status = I in the ARes.
For NPA (Message Category = Non-Payment), ACS does not need to generate ECI and
CAVV because 3DS Requestor or Merchant is not allowed to utilise the Authentication
Result for NPA in the subsequent payment authorization.
If ACS sends ECI and CAVV in the ARes or RRes for NPA, DS deletes those values and
sends the message to 3DS Server.
JCB Confidential
18
J/Secure™ 2.0 Acquirer Implementation Guide
5.Implementation Phase
5.7.4 Authorization Processing
5.7.4.1 Authorization Request message
The Merchant shall use the ECI mapping described in Appendix B to decide whether or not
to proceed to authorization and send the additional authorization information specified in
Table 5-7 to the Issuer via the Acquirer and JCB.
JCB Confidential
19
J/Secure™ 2.0 Acquirer Implementation Guide
5.Implementation Phase
Table 5-7 Authentication Results and Additional Information to Authorization messages
Authentication Successful Y 05
Authentication Failed N 07 *1
Authentication
U 07
Could Not Be Performed
DS attempt A 06(07) *2
ACS attempt A 06(07) *2
Authentication
R Authorization not possible
Rejected
Authentication Not Requested
I 07
(Data share only)
*1 Shall not send Authorization when Challenge not successful (Exceeding maximum challenge),
Challenge cancel by the Cardholder,
*2 Set the values in parentheses before starting to apply liability rules for Attempt transactions.
➢ Split shipment
➢ Change in transaction amount due to addition/cancellation of purchased
items
In such a case, the Merchant and Acquirer again set the same ECI and CAVV to the Authorization
Request message, which they have used to the original Authorization Request message. A valid
CAVV shall be set. If these values are not set in the Authorization Request message, the Issuer
can request a chargeback.
For more information on sales data inclusion requirements, refer to the JRP Batch
Interface Guide.
JCB Confidential
20
J/Secure™ 2.0 Acquirer Implementation Guide
5.Implementation Phase
5.7.6 Result of Non-Payment Authentication
The Acquirer should not divert the result of Non-Payment (NPA) Authentication to the
Authorization transaction of Payment (PA) or 3RI.
- For PA
DS returns Attempt in the ARes to the 3DS Server.
* For the Issuer who need to adapt to PSD2 requirements, Merchants are expected to send
Authentication request based on the protocol version which is available to the Issuer.
-For NPA
Merchants are expected to send Authentication request based on the protocol version
which is available to the Issuer.
If the Issuer does not support the protocol version set in the AReq by the Merchant, or if the
Issuer does not support J/Secure2.0, the DS does not return Attempt but returns
Transaction Status = U.
JCB Confidential
21
J/Secure™ 2.0 Acquirer Implementation Guide
6.Testing
6 Testing
This chapter describes each test for J/Secure2.0 implementation.
Table 6-1
Case Requirement
1) The Merchant has newly adopted a 3DS Server or 3DS SDK in their
own environment or there has been a major change in the 3DS Server Mandatory
implementation environment after service commencement.
2) A Merchant that has already implemented a 3DS Server newly
Mandatory
adopts a 3DS SDK.
3) A Merchant that has newly adopted a 3DS Server or 3DS SDK
hosting service provided by a third party/gateway who has not yet Mandatory
received 3DS Server Operator ID from JCB.
4) A Merchant that is using a 3DS Server and 3DS SDK already
Optional
implemented with a hosting service, etc. uses a newly obtained 3DS
(recommended)
Server Operator ID.
5) A Merchant that is using a 3DS Server and 3DS SDK already
Optional
implemented with a hosting service, etc. uses a 3DS Server Operator
(recommended)
ID that is shared with a settlement agent.
JCB Confidential
22
J/Secure™ 2.0 Acquirer Implementation Guide
6.Testing
JCB Confidential
23
J/Secure™ 2.0 Acquirer Implementation Guide
7. Operation Phase
7. Operation Phase
This chapter describes Chargeback rules for J/Secure2.0 transactions and the security
requirements.
JCB Confidential
24
J/Secure™ 2.0 Acquirer Implementation Guide
7. Operation Phase
7.2.2.1 Prerequisites
The Acquirer uses and manages the keys described in Section 5.4 but should not use these keys
for reasons other than the intended use described in this document.
Also, the Acquirer should consider the risks of these keys being compromised etc., and should
avoid using the same keys over a long period of time
➢ Split knowledge
Various supervisors distribute the keys and manage various components. A complete
key cannot be constructed with the information retained by one personnel alone.
➢ Dual Control
Multiple personnel manage one key, rather than one personnel managing the key
alone.
Each type of key shall be used throughout its life cycle in a physically and logically safe device,
to avoid improper use. Also, regardless of the life cycle, the key shall not be revealed outside of
this safe device in plaintext format.
JCB Confidential
25
J/Secure™ 2.0 Acquirer Implementation Guide
7. Operation Phase
In the case where TLS encryption key has been exposed to risk, or there is such a possibility
In the case where TLS encryption key has lost its complete secrecy, or there is such a
possibility
7.2.2.4 Back-up
In preparation for cases where the key being used is lost or damaged due to a system error for
example, the key should be backed up so that the key can be restored. Therefore it is desirable
for the system to be able to load the back-up key. The back-up key shall not be stored at a lower
security level than the key in current use.
JCB Confidential
26
J/Secure™ 2.0 Acquirer Implementation Guide
Appendix A Form
Appendix A Form
Acquirer Implementation Form for J/Secure 2.0
JCB Confidential
27
J/SecureTM2.0 Acquirer Implementation Guide
Appendix A Form
Address
Telephone
Fax
JCB Confidential
28
J/SecureTM2.0 Acquirer Implementation Guide
Appendix A Form
Program
Activation
Date
(YYYY, MM, DD)____________________________
If exact date is requested please tick as follows
When? ☐ Exact the above date
*Any email for the DS 2.0 registration which domain is not indicated will be rejected.
Title ________________________________
Acquirer BIN
JCB Confidential
29
J/SecureTM2.0 Acquirer Implementation Guide
Appendix A Form
Password
When Acquirer submits the DS registration files to JCBI, the file (zip format) shall be protected
by this Password.
Date: (YYYY,MM,DD) ___________________________
Title ________________________________
JCB Confidential
30
J/SecureTM2.0 Acquirer Implementation Guide
Appendix B ECI mapping
JCB Confidential
31
J/SecureTM2.0 Acquirer Implementation Guide
Appendix B ECI mapping
Mess ①ACS ARes ②DS ARes ③ACS RReq ④DS RReq ⑤ Authorization
Issuer's Challenge/
ACS age
Seq version Decoupled Authentication result Scenario example Liability
behaviour Cate Trx Status ECI CAVV Trx Status ECI CAVV Trx Status ECI CAVV Trx Status ECI CAVV ECI CAVV *2
support availability
gory
06 06 Issuer
a - 1 PA: DS Attempt PA A yes value of ARes
Not No account range *3, the protocol version is (07) (07) (Acquirer)
support NPA: Authentication is not supported *7
a - 2 NPA U - -
not performed
06 06 Issuer
b - 1 PA: DS Attempt PA U 07 - A yes value of ARes
Challenge or (07) (07) (Acquirer)
Decoupled
RBA is performed but Challenge and 06 value of 06 Issuer
b - 2 authenticati PA: ACS Attempt PA A 06 yes A value of ARes
Decoupled authentication are not available (07) ① (07) (Acquirer)
on is
unavailable NPA: Authentication is
b - 3 NPA U - - U - -
not performed
value of
c - 1 PA Y 05 yes Y 05 05 value of ARes Issuer
①
RBA is successful and authenticated
c - 2 NPA Y - - Y - -
06 06 Issuer
j - 1 Device is not supported by ACS or other PA U 07 - A yes value of ARes
(07) (07) (Acquirer)
technical problems in ARes which is sent by
j - 2 Support ACS NPA U - - U - -
Technical issues or
other problems
k - 1 Technical issues or other problems during PA C *4 - - C - - U 07 - U 07 - 07 - Acquirer
Challenge process and authentication is not
k - 2 completed. NPA C *4 - - C - - U - - U - -
06 06 Issuer
l - 1 DS can not send AReq to ACS、ACS can not PA not connected / Error Message A yes value of ARes
(07) (07) (Acquirer)
send ARes, DS receives error message
l - 2 instead of ARes NPA not connected / Error Message Error Message
06 06 Issuer
m - 1 PA Any Any Any A yes value of ARes
ARes error which is sent by ACS (The (07) (07) (Acquirer)
transaction can be identified)
m - 2 NPA Any - - Error Message
Any cases
o - 1 PA C, D - - C, D - - not Connected / Error Message 07 - Acquirer
ACS can not send RReq to DS, ACS send
error message to DS
o - 2 NPA C, D - - C, D - - not Connected / Error Message
q - 1 AReq error which is sent by 3DSS, 3DSS PA not Connected / Error Message 07 - Acquirer
cannot connect to DS due to network issue.
q - 2 *1 NPA not Connected / Error Message
value of
t - 1 PA I *6 07 Yes I 07 07 value of ARes Acquirer
An authentication exemption is accepted, ①
Any cases Normal
data share only
t - 2 NPA I *6 - - I *6 - -
Information Share
u - 1 An authentication exemption or data share PA U 07 - 07 - Acquirer
Not only is requested but Issuer is not
support participated in J/Secure or does not support
u - 2 protocol version 2.2.0 NPA U - -
For NPA, ECI and CAVV shall not be generated. If ECI and CAVV is generated by ACS, DS will delete these values and does not send them to 3DS Server. The result of NPA shall not be used for Authorization.
As a best practice, Transaction Status = N is not desirable to respond in ARes because transaction may not be proceeded for authorization. If transaction is not authenticated by RBA, ACS should request further authentication such as Challenge (C) or Decoupled (D).
If Challenge or Decoupled authentication is not available, ACS may respond Attempt (A).
<NOTE>
*1 If a message is in error or not connected or timed out, an error component send error message and ends processing. If a merchant decides to send authorization, the transaction is not eligible for the liability shift.
*2 The CAVV associated with a fully authenticated transaction or an attempted transaction, must be included in the authorization message.
*3 3DS Server shall send AReq message even though the issuer card range is not participated in J/Secure2.0 in order to generate the proof of an authentication attempt.
*4 This indicator (C) is not valid if Device Channel = 03(3RI) within the AReq message.
*5 This indicator (D) can be sent only if the 3DS Requestor Decoupled Request Indicator = Y within the AReq message. This transaction status is available for protocol version 2.2.0 and above.
*6 This indicator (I) can be sent only if the 3DS Requestor Challenge Indicator = 05, 06, or 07 within the AReq message. This transaction status is available for protocol version 2.2.0 and above.
*7 If the 3DS Requestor Challenge Indicator indicates 05, 06 or 07 within the AReq message, u-1 is applicable.
JCB Confidential
32
J/SecureTM2.0 Acquirer Implementation Guide
Ver.2.2.0