Device Data Collection

The Intermediary Step Between /init and /lookup


What's a browser?


"A Browser is a dedicated software application for accessing information on the World Wide Web, for example Chrome, Safari, Edge, Firefox. When a user requests a web page from a particular website, the Browser retrieves the necessary content from a web server and then displays the page on the consumer’s screen. In the context of 3-D Secure, the Browser is a conduit to transport messages between the Acquirer Domain and the Issuer Domain. A Browser is distinguished from a UI component for example, a WebView, or Custom Tabs, which can be used to display content within an App on a mobile device. The Browser flow is invoked by a Browser whereas the EMVCo specification does not support a UI component within an app invoking the Browser flow."

-EMV® 3-D Secure Protocol and Core Functions Specification v2.3.1.0

To help the Issuing Bank perform risk-based authentication, Device Data Collection must be executed prior to calling TabaPay's 3D Secure Lookup API. Failing to complete this step may result in the transaction being downgraded to 1.0, a less-secure version of 3DS.
While not required, including the Browser/Device data is strongly recommended. Doing so ensures the transaction will still be of 3DS 2.0, even if the Device Data Collection fails. The Device Data Collection may be done through the (Cardinal recommended) Songbird.js library or POSTing to the DDU returned in TabaPay’s 3D Secure Initialize.

Option 1: Cardinal Cruise Hybrid

The Cardinal Cruise Hybrid utilizes the Songbird.js library. Below are URLs a client can use to test various environments. Each build of Songbird is directly tied to an environment. To change environments simply edit the URL you are using.


Cardinal setup:

Setting up a transaction flow includes the following:

(1) Send a jwt object to Cardinal via Cardinal.setup(), which in turn...
(2) Triggers a payments.setupComplete() event:

<script src=""></script>
Cardinal.setup("init", {
jwt: “{{Please insert JWT string here}}”
Cardinal.on('payments.setupComplete', function (setupCompleteData) {
// handle set up complete event

Option 2: POSTing to the Device Data Collection URL

If you do not want to include a 3rd party library, POST the jwt object to the Device Data Collection URL that was returned in the TabaPay's 3D Secure Initialize response:

Note: ReferenceId is inside the JWT, you do not need to anything else except add the JWT in the correct value field.

<iframe name="collectionFrame" height="10" width="10" 
           style="visibility: hidden; position: absolute; top: -1000px; left: -1000px;">
<form id="collectionForm" target='collectionFrame' name="devicedata"
			POST Parameters: JWT 
      	The Authentication JWT with the ReferenceId
      	from the BIN Intelligence API Response 
<input type="hidden" name="JWT" value="…" />
  window.onload = function () {
  	// Auto submit form on page load