Skip to content

ACS Settings

3D Secure 2 settings added

System Management > ACS Settings

The ACS Settings section is used to set local and remote (CAAS) Access Control Server options.

Use the following fields to set ACS settings:

  • ACS reference number

    Displays a unique reference number provided by EMVCo to ActiveAccess.

  • Select Local or Remote (CAAS) from the Authentication server drop down list.

3-D Secure 1 Settings

  • ACS URL is the fully qualified URL of the Access Control Server's Payer Authentication (PA) processing page, as seen externally.

    The ACS URL specified here is passed to the merchant MPI as part of the ACS response to the Verify Enrolment (VEReq) message and is used by the merchant to transfer the session to the ACS for authentication of the cardholder.

    The default path for the ActiveAccess PA processing page is /acs/pa.

    Example

    If you have installed ActiveAccess on the web server available on https://www.authenticationserver.com/ you should set the ACS URL to https://www.authenticationserver.com/acs/pa

  • Process timeout in seconds
    Defines the maximum amount of time a cardholder has to complete their authentication. If the cardholder does not complete the authentication within the prescribed time, ACS returns a session timeout error.
    Acceptable range: 60 to 9000

  • Relative timeout in seconds

    Determines the amount of time a cardholder has to complete a single page, however, the total time to complete the whole authentication process may not exceed the Process timeout.

    Acceptable range: 60 to 9000

3-D Secure 2 Settings

  • ACS challenge URL is the fully qualified URL of the Access Control Server’s Challenge (CReq) processing, as seen externally.

    The ACS URL specified here is passed to the 3DS Server as part of the ACS response to the Authentication Request (AReq) message and is used by the 3DS Requestor to transfer the session to the ACS for authentication of the cardholder.

    The default path for the ActiveAccess CReq processing page is /acs/ca.

    Example

    If you have installed ActiveAccess on the web server available on https://www.authenticationserver.com/ you should set the ACS URL to https://www.authenticationserver.com/acs/ca

    dc_new.png The domain and protocol of the URL will be used for OOB device's WebSocket and callback URLs.

    Example

    The WebSocket URL is: wss://www.authenticationserver.com/acs/oob-ws/

    The callback URL is: https://www.authenticationserver.com/acs/notify/

  • Initiate CReq timeout in seconds

    Defines the maximum amount of time between the completion of the TLS handshake and the first CReq message sent to the ACS for processing. If the ACS does not receive any CReq within the prescribed time, it returns a transaction timeout error.

    Acceptable range: 15 to 60

  • Subsequent CReq timeout in seconds

    Determines the amount of time a cardholder has to complete a single page in App mode. However, the total time to complete the whole authentication process may not exceed the Process timeout. If the cardholder does not complete a single page within the prescribed time, ACS returns a transaction timeout error.

    Acceptable range: 300 to 1200

  • RRes timeout in seconds

    Defines the maximum amount of time the Directory Server has to respond with RRes to the RReq sent by the ACS. If the Directory Server does not respond with RRes within the prescribed time, ACS returns a transaction timeout error.

    Acceptable range: 2 to 10

  • Browser authentication timeout in seconds

    Determines the amount of time a cardholder has to complete a single page in Browser mode. However, the total time to complete the whole authentication process may not exceed the Process timeout. If the cardholder does not complete a single page within the prescribed time, ACS returns a transaction timeout error.

    Acceptable range: 300 to 1200

  • RReq retry interval in seconds

    Failure to complete the initial connection and TLS handshake to the Directory Server for sending RReq results in an immediate retry. Upon second failure, the ACS will wait for the amount of time prescribed in RReq retry interval and retry to connect to the Directory Server.

    Acceptable range: 5 to 20

  • Process timeout in seconds

    Defines the maximum amount of time a cardholder has to complete their authentication. If the cardholder does not complete the authentication within the prescribed time, ACS returns a transaction timeout error.

    Acceptable range: 315 to 1260

  • Apply button to save changes.