Collect device fingerprint data from the Checkout.com Frames.js or direct 3DS SDK and include it in the payment request as 3ds.device_channel and browser info fields
Submit the payment request; inspect the response for an action type of threeDS indicating the issuer requires authentication
If the action subtype is redirect or iframe, redirect or embed the ACS URL to present the challenge to the cardholder
On challenge completion, receive the cres (Challenge Response) and submit it via a POST to complete 3DS authentication
On frictionless approval, the payment proceeds automatically; validate the eci and authentication_value fields in the payment details before fulfilling
Handle the edge case where an issuer downgrades from 3DS2 to 3DS1 fallback by checking the version field in the authentication result
Known gotchas
Device fingerprinting must complete before the authentication request is initiated; skipping it increases the likelihood of a challenge
Some issuers return a Y authentication result frictionlessly but with an ECI of 06 (attempted) rather than 05 (fully authenticated), which affects liability shift
Challenge completion callbacks can arrive out of order in high-latency mobile networks; implement idempotent webhook handling and a polling fallback on the payment ID
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp