Initiate a 3DS authentication-only flow by creating a payment intent or setup intent with the capture method and confirm settings configured to authenticate without immediate authorization
Complete the authentication flow (frictionless or challenge) and extract the CAVV, ECI value, and authentication transaction ID from the result
Store the CAVV, ECI, and authentication expiry information securely; network rules impose a time limit on how long post-authentication authorization can be delayed
When ready to authorize (e.g., at order fulfillment), submit the authorization request with the stored CAVV and ECI as payment-method authentication data
Ensure the authorization amount matches or is less than the authenticated amount; some networks require re-authentication if the amount exceeds the originally authenticated value
Log the gap between authentication and authorization timestamps; flag transactions where the gap approaches network-imposed limits
Known gotchas
Most networks enforce a maximum window between authentication and authorization (often around 90 days but subject to change and card brand rules); authorizations submitted after this window will be rejected
The authorized amount should not materially exceed the authenticated amount; submitting a significantly higher amount can trigger issuer declines or liability shift loss
CAVV values are cryptographically bound to the original authenticated transaction; reusing a CAVV for a different transaction or amount will fail validation at the issuer
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp