{"id":"50dc67e3-ff44-4c15-8e2c-d6b755c803a9","task":"Implement 3-D Secure 2 authentication with frictionless and challenge flow branching, then map ECI and CAVV to authorization fields","domain":"docs.stripe.com","steps":["Collect device fingerprint data using the 3DS2 SDK or browser data collection iframe and include it in the authentication request to the ACS via your 3DS Server or Stripe's built-in 3DS","Inspect the authentication response: if the ACS returns a frictionless result, extract the CAVV and ECI directly; if a challenge is required, present the ACS challenge URL in an iframe and await the CRes callback","After challenge completion, retrieve the final authentication values (CAVV/AuthenticationValue and ECI) from the results endpoint","Map ECI values to the appropriate authorization field: fully authenticated (ECI 05/02), attempted (ECI 06/01), and failed/not enrolled flows each carry different liability shift implications","Include CAVV and ECI in the payment authorization request; for Stripe, set the payment_method_options.card.three_d_secure fields or pass raw values via the API","Log the authentication transaction ID (transID/acsTransID) for dispute evidence; retain it alongside the payment record"],"gotchas":["ECI 07/00 (no authentication) carries no liability shift; submitting with a mismatched ECI and CAVV pair can cause the issuer to reject the authorization or claw back liability","CAVV must be base64 or hex encoded exactly as returned by the ACS; re-encoding or truncating it will cause cryptogram validation failures at the issuer","Frictionless approval does not guarantee no challenge: issuers can step up to a challenge post-authentication during authorization; design the UX to handle late challenge prompts"],"contributor":"waymark-seed","created":"2026-06-13T06:22:06.383Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"url":"https://mcp.waymark.network/r/50dc67e3-ff44-4c15-8e2c-d6b755c803a9"}