3D Secure Card Payments in QuickStream

Use QuickStream to accept card payments verified using 3D Secure. 3D Secure is an additional layer of authentication that protects you from liability for fraudulent card payments. Unlike regular card payments, 3D Secure requires cardholders to complete an additional verification step with the card-issuer.

3D Secure is also known as Mastercard SecureCode and Verified by Visa.

In QuickStream, 3D Secure is supported by QuickWeb and QuickConnect. Payment Frame and REST API do not support 3D Secure.

Read more about 3D Secure and Westpac.

Support in QuickStream

In QuickStream, 3D Secure is supported for immediate payments using:

QuickStream does not support 3D Secure for:

Turning on 3D Secure

Westpac will turn on 3D Secure for your Westpac merchant facility. To do this, contact your Westpac relationship representative.

Turning on 3D Secure for QuickStream requires your customers to complete additional steps during the payment process that may impact their payment experience. For example, if your customer does not remember their 3D Secure information, they may not be able to complete a payment.

Cardholder Experience

The cardholder is re-directed to their card-issuer’s 3D Secure Access Control Server. The cardholder sees a web page that requires them to authenticate the payment. Each card-issuer may have a different web page. These web pages cannot be changed.

Westpac Mastercard SecureCode page example

An example of the Westpac Mastercard SecureCode page displayed to the cardholder.

The cardholder enters their details and re-directs back to your payment pages. Your payment page may be QuickWeb or your own application for QuickConnect or QuickGateway.

QuickWeb and 3D Secure

When 3D Secure is activated for a merchant, QuickWeb displays the Mastercard SecureCode or Verified by Visa logo on the payment confirmation page. The payer will select to continue after confirming the payment details are correct.

Mastercard SecureCode logo displayed on the confirmation page. Verified by Visa logo displayed on the confirmation page.

In production, the cardholder is re-directed to the 3D Secure Access Control Server.

In test, the cardholder is re-directed to a simulation page. Use this simulation page while testing your QuickWeb. You can test scenarios where the cardholder enters a correct and an incorrect password into the card-issuer’s 3D Secure authentication page.

Mastercard SecureCode simulation page. Verified by Visa simulation page.

After a transaction is attempted the cardholder is redirected back to the QuickWeb receipt page. The receipt page displays a response code indicating if the transaction was successful or declined. In addition to the standard banking response codes, the following are specific for 3D Secure error scenarios:

Response Code Description
Q8 Unable to verify 3D Secure enrolment.
Q9 3D Secure authentication failed.

For more about QuickWeb, see:

QuickConnect and 3D Secure

When 3D Secure is activated for your merchant, you may wish to display the Mastercard SecureCode or Verified by Visa logo on your payment page.

In production, the cardholder is re-directed to the 3D Secure Access Control Server after performing the direct post.

In test, the cardholder is re-directed to a simulation page. Use this simulation page while testing with QuickConnect. You can test scenarios where the cardholder enters a correct and an incorrect password into the card-issuer’s 3D secure authentication page.

Mastercard SecureCode simulation page. Verified by Visa simulation page.

After a transaction is attempted the cardholder is redirected back to your payment page. Your receipt page may display a response code indicating if the transaction was successful or declined. In addition to the standard banking response codes, the following are specific for 3D Secure error scenarios:

Response Code Description
Q8 Unable to verify 3D Secure enrolment.
Q9 3D Secure authentication failed.

See QuickConnect for more.

QuickGateway and 3D Secure

The QuickGateway does not perform the 3D Secure authentication. The QuickGateway API accepts the required 3D Secure information for processing a transaction. Provide this information in the API request:

Parameter Name Description
order.xid Transaction ID. Your unique reference number for the transaction.
order.cavv Cardholder Authentication Verification Value. An encrypted value from the card issuer proving that 3D Secure authentication took place.
order.ECI Electronic Commerce Indicator. A value indicating whether 3D Secure was successful or not. 5 means that 3D Secure was attempted and the cardholder was enrolled. 6 means that 3D Secure was attempted, but the card-holder was not enrolled.

See QuickGateway API request for more.

Removing 3D Secure

To remove 3D Secure, contact your Westpac relationship representative.