Knowledge Base

Get help for payment solutions. Search our articles or browse by category below.

5.3 3D Secure For XML Transactions (Worldnet MPI)

To simplify 3D Secure integration using XML payments, Worldnet provides a simple MPI redirect. To allow 3D Secure transactions for a terminal it should be configured and registered with the card schemes, please contact the Worldnet support team for details.

The merchants application should redirect the cardholder’s browser to the URL:

The above URL should be used in test mode only, please contact the Worldnet support team to receive the live URL.

Cardholder will have to pass the 3D Secure check, check result will be sent back to the merchant application as a GET request. Processing result response will include MPIREF parameter, which should be included in the XML payment request.

The following parameters should be passed in the request:


Field Name Required Description
TERMINALID Y A Terminal ID provided by Worldnet. NB - Please contact Worldnet to be issued with a test terminal ID.
CARDNUMBER Y The payment card number.
CARDEXPIRY Y 4 digit expiry field (MMYY).
CARDTYPE Y See section 3.2 above.
AMOUNT Y The amount of the transaction as a 2 digit decimal or an Integer value for JPY amounts.
CURRENCY Y A 3 character currency code of the transaction.
ORDERID Y A unique identifier for the order created by the merchant (Max 24 characters).
CVV N The security code entered by the card holder.
HASH Y An MD5 HASH. See note 1 below.


1. The MD5 HASH is generated using the following as an input string:


The following parameter are returned to a merchant application


Field Name Description
RESULT MPI processing result:
A - Approved
D - Declined
MPIREF MPI reference, this value should be sent in the XML payment request if received from the Worldnet MPI.
ORDERID Original order identifier.
STATUS A - An attempt at authentication was performed (ECI: 06)
N - Authentication attempt not performed (ECI: 06)
U - Unable to authenticate (ECI: 07 or 06)
Y - Authentication attempted and succeeded (ECI: 05)
ECI 05 - Full 3D Secure authentication
06 - Issuer and/or cardholder are not enrolled for 3D Secure
07 - 3D Secure authentication attempt failed )numerous possible reasons) (Visa only)
HASH An MD5 HASH. See Note 1 below.


1. The MD5 HASH is generated using the following as an input string:


After the merchant application will receives the 3D Secure check result, it should send an XML payment request. If the 3D Secure check was successful (‘A’ Result) the payment request should contain the fields MPIREF, Order ID and Terminal ID and they should be the same as in the 3D Secure request. If the 3D Secure check was not successful (‘D’ Result) the application can send a non-3D Secure transaction (MPIREF will not be available in such case) or don’t send payment transaction at all. We recommend that the transaction should be marked as declined in your system if our MPI rejects the transaction.

Copyright © 2018 Worldnet Knowledge Base | Powered by DokuWiki
developer/integrator_guide/5._xml_integration/5.3._3d_secure_for_xml.txt · Last modified: 2018/02/22 16:56 by tleite