# Access Control Server (ACS)

**EMV 3D Secure** is an authentication protocol that enables cardholder verification during e-commerce transactions. It operates through data exchange between three domains: Acquirer/3DS Server, Interoperability/Directory Server, and Issuer/ACS.

<figure><img src="/files/lXYXHBiWzFGgz0vq1x5s" alt=""><figcaption></figcaption></figure>

A 3D Secure transaction can be initiated through three channels:

* **Browser:** Transactions initiated from the merchant's website
* **App:** Transactions initiated from a merchant mobile app that includes a 3DS SDK
* **3DS Requestor Initiated (3RI):** Transactions initiated by the merchant without cardholder interaction

**3D Secure Transaction Categories:**

A 3D Secure transaction can be one of two message categories:

* **Payment Authentication:** E-commerce transactions where a payment is made
* **Non-payment Authentication:** Authentication transactions that do not involve payment, such as adding a card or checking card status

**Cardholder Authentication Methods:**

The following authentication methods can be used for transactions requiring cardholder authentication:

* **FIDO:** Authentication using the WebAuthn capability of modern browsers
* **Out-of-Band (OOB):** Authentication using a mobile application on the Issuer domain to authenticate the cardholder via a push notification.&#x20;
* **OTP:** Entering a verification code shared via SMS or a 3rd party application into the ACS challenge page.&#x20;

**3D Secure Transaction Flow:**

1. The Authentication Request (AReq) message, generated by the 3DS Server and containing transaction information, is sent to the Directory Server and from there to the ACS.
2. The ACS sends transaction and risk information to the Issuer's Verify Account service.
3. If no response is received from the Issuer within a sufficient time, an Authentication Response (ARes) message with the transaction status Attempt (A) is returned to the DS.
4. The Issuer checks the card status and whether the transaction is eligible for 3D Secure and shares with the ACS how it wants the transaction to proceed through the Verify Account Response message.
5. If the Transaction Status value is other than C or D, the ACS returns an ARes with appropriate values and ends the transaction.
6. If the Transaction Status value is either C or D, the transaction proceeds according to the Authentication Method. Check Integration Manuals to learn more on how the transaction proceeds based on the authentication method.&#x20;

## Quick Links

{% content-ref url="/pages/zLWlIY3paAz9eyR1RFeM" %}
[ACS as a Service](/finartz-3d-secure/access-control-server-acs/acs-as-a-service.md)
{% endcontent-ref %}

{% content-ref url="/pages/zfrjKTmjwEZsMHANoPSA" %}
[ACS On-Premise](/finartz-3d-secure/access-control-server-acs/acs-on-premise.md)
{% endcontent-ref %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.secureartz.com/finartz-3d-secure/access-control-server-acs.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.