Device Data Capture (DDC)

This Device Data Collection page provides a set of options for our Customers to integrate one of these requirements for our 2C2P 3DSS API integration. By choosing one of the Device Data Collection option, 2C2P 3DSS can collect the 3DS 2.0 (EMV 3DS) required browser data elements to make the 3DS 2.0 request and invoke the 3DS Method URL if available.

3DSS will leverage this process to place the required Method URL on the merchant's site, within an iframe, if the Issuing Bank chooses to use one. (Per EMV 3DS requirements, a merchant must place and run the Method URL on their website if an Issuing Bank uses one).

• Please refer to the step number 1.4 in the above diagram.
• Please refer to the Appendix A for JWT creation/validation.


Required data in DDC iframe

Field NameData TypeLengthExampleDescriptionRequirement
ddcIdStringvarchar(36)This field is unique id for DDC (Reference Id for that session)Required
cardBINStringvarchar(11)Card BINRequired
callbackUrlStringmax 2048 charsURL for the 3DS Requestor PGWRequired
JWTStringmax 2048 chars
<iframe name='collectionFrame' height="10" width="10" style="visibility: hidden; position: absolute; top: -1000px; left: -1000px;"></iframe>
<form id="collectionForm" target='collectionFrame' name="devicedata" method="POST" action="">
      POST Parameters: bin=First 6 digits to full pan of the payment card number. For merchants unable to utilize the First 6 of the Cardnumber, optional Rest API is
      available to generate a session identifier representing the session. JWT=JWT generated per merchant spec 
 <input type="hidden" name="bin" value="410000" />
 <input type="hidden" name="callbackUrl" value="specify the return URL for 3DS Requestor" />
 <input type="hidden" name="ddcId" value=" Reference Id for that session" />
 <input type="hidden" name="jwt" value="JWT generated per merchant spec" />
<script>window.onload = function () {
    // Auto submit form on page load


Common JWT Claims

Claim NameDescriptionRequired
jtiJWT Id - A unique identifier for this JWT. This field should change each time a JWT is generated.Y
iatIssued At - The epoch time in seconds of when the JWT was generated. This allows us to determine how long a JWT has been around and whether we consider it expired or not.Y
issIssuer - An identifier of who is issuing the JWT. We use this value to contain the Api Key identifier or name.Y
audAudience – 2c2p populates this field on response JWT to contain the request jti field. This allows merchant to match up request JWTs with response JWTs.Y
expExpiration - The numeric epoch time that the JWT should be consider expired. This value is ignored if its larger than 2hrs. By default we will consider any JWT older than 2hrs.N
Field NameData TypeLengthExampleDescriptionRequirement
ddcIdStringvarchar(36)This field is unique id for DDCRequired
statusStringvarchar(36)The status of DDC processRequired
ddcBooleanDDC Collection completedRequired
threeDsMethodUrlBooleanDDC Collection for ACS completedRequired
errorNumberNumberError number indicating the result. 0 is success
errorDescriptionStringA text description of the ErrorNumber field.
  "iss": "b319259f-639b-4907-b914-a5fcbb151c93",
  "iat": 1535052764,
  "exp": 1535059964,
  "jti": "31dd6191-c217-47b9-9fdd-751767e641b2"
  "aud": "36db6974-c220-4b3e-b45e-66f3c9a58ad2",
  "payload": {
    "ddcId": " 8a871cfb-7a34-48d9-81cf-dafe5badedee
    "dataCollection": {
        "ddc": true
        "threeDsMethodUrl": true
   "errorNumber" : 0,
   "errorDescription" : "success",