Skip to main content

Testing approaches

There are two approaches to testing 3D Secure:
  1. Test cards from 3DS provider (documented below): Use specific card numbers provided by the underlying 3DS providers to simulate different authentication outcomes directly in your payment flows.
  2. Register custom scenarios: Programmatically create and manage authentication scenarios via the 3DS Scenarios API. This approach provides more flexible testing and configuration, but is only available for the hosted 3DS flow.

Configuration

Before testing 3DS in the sandbox environment, ensure:
  • 3DS is configured for each card scheme (Visa, Mastercard, American Express, etc.) on your primary card connector
  • Flow rules do not skip 3DS for the test scenarios you want to verify
  • You’re using the correct test card numbers for your desired outcome

Testing with hosted embed and web flows

The Gr4vy 3DS integration uses 3DSecure.io as the 3DS provider. Use the following test cards to simulate different authentication scenarios.

Frictionless authentication - successful

These cards return a frictionless response with successful authentication (transStatus: Y).
Card NumberSchemeExpirySecurity CodeOutcome
5200000000001203Mastercard03/30100Frictionless success
4111111111101203Visa03/30100Frictionless success
340000000022003American Express03/301000Frictionless success
3558111111121203JCB03/30100Frictionless success

Challenge flow - manual and automatic

These cards trigger a challenge that requires user interaction.
Card NumberSchemeExpirySecurity CodeOutcome
5240000000001072Mastercard03/30100Challenge required
4111111111181072Visa03/30100Challenge required
340000000082072American Express03/301000Challenge required
3558111111121872JCB03/30100Challenge required
When a challenge is triggered, complete the verification process in the challenge modal. The outcome depends on your selection:
  • Manual challenge (card ending in 72): You can choose to pass or fail the challenge.
  • Automatic challenge (card ending in 70): The challenge automatically passes.

Card not enrolled

Cards without 3DS enrollment skip authentication.
Card NumberSchemeExpirySecurity CodeOutcome
9000100111111111Visa03/30100Not enrolled

Advanced testing scenarios

For more detailed testing including message version variations and 3DS method handling, refer to the 3DSecure.io sandbox documentation. The following test card patterns can be used for specific scenarios:
  • Message version testing: Cards with patterns like xxxx in positions 2-4 determine the 3DS message version (2.1, 2.2, or 2.3.1).
  • 3DS Method: Cards with x0xx pattern include 3DS Method, x1xx exclude it, x2xx simulate timeout.
  • Challenge outcomes: Cards with xx70 auto-pass, xx71 auto-fail, xx72 allow manual selection.

Testing with native mobile SDKs

The native iOS (Swift) and Android (Kotlin) SDKs use a different 3DS provider than the web-based flows. The preceding test cards and scenarios documented do not apply to native mobile integrations.For testing 3DS with the native mobile SDKs, refer to the dedicated testing guides:The native SDKs provide their own set of test cards and challenge scenarios.