Documentation Monext Online

Arborescence des pages

Vous regardez une version antérieure (v. /display/DT/DP+-+3DSecure+user+in+direct+mode+V1) de cette page.

afficher les différences afficher l'historique de la page

« Afficher la version précédente Vous regardez la version actuelle de cette page. (v. 3) afficher la version suivante »

Content


Introduction

Banking and Connection Prerequisites 3DSecure

This treatment is based on the establishment of an additional control during an online purchase: in addition to banking data, the buyer will validate his payment by entering a secret data that will have provided his bank.
This system is accompanied by a regulatory change called "liability shift" or "transfer of responsibility", the principle of which is to bear the risk of unpaid invoices for the bearer's challenge to the bearer's bank and no longer to the merchant, if the holder has validated his payment by filling in the 3D Secure data and the merchant has complied with the security measures set out in the general terms and conditions of his e-commerce contract with his bank.
The payment solution Payline has performed a 3DSecure certification with banks, as well as with Visa and MCI.

Subscription

The merchant must subscribe to a VADS contract (VAD type 3D Secure). The merchant informs Payline that he has subscribed to a VADS contract with 3DSecure, and the customer wishes to subscribe to the 3DSecure option. The Payline team must register the merchant with Visa and MCI, "10 days is required" Upon confirmation of the Visa and MCI networks, the Payline team informs the merchant that he will activate the VADS contract. Upon activation of the VADS contract, all flows on this contract will be 3DS transactions.

Prerequisites for using Payline payment solution

La solution 3D Secure en mode interface Direct assure le transfert sécurisé des données sensibles et traite les demandes d'authentification, d'autorisation.

Les points d'intégration :

Vous devez vérifier la clé d'accès des services et configuration le paramétrage SOAP UI.


The 3D Secure solution in Direct interface mode ensures the secure transfer of sensitive data and processes requests for authentication and authorization.

Integration points:

  • verifyEnrollment is required to provide authentication and doAuthorization to perform the authorization;
  • get the result of the transaction with gettransactionDetails.

You must check the service access key and configure the SOAP UI setting.


3D-Secure in Direct Interface mode with a payment

This page presents the two web services "verifyEnrollment and doAuthorization" to perform a 3DSecure transaction using the direct interface mode of the payment solution Payline.


Step 1 - verifyEnrollment : 

This first call web service makes it possible to verify the eligibility of the bearer to the 3DSecure device, and therefore to know if the cardholder is registered with a VISA or Mastercard Directory Server.


Here is an example of a request / response for the web services verifyEnrollment:

verifyEnrollmentRequest

verifyEnrollmentResponse

<impl:verifyEnrollmentRequest>
<impl:card>
<obj:number>4970100000325734</obj:number>
<obj:type>CB</obj:type>
<obj:expirationDate>0912</obj:expirationDate>
<obj:cvx>123</obj:cvx>
</impl:card>
<impl:payment>
<obj:amount>4050</obj:amount>
<obj:currency>978</obj:currency>
<obj:action>100</obj:action>
<obj:mode>CPT</obj:mode>
<obj:contractNumber>CB3DS</obj:contractNumber>
</impl:payment>
<impl:orderRef>REF0923847</impl:orderRef>
</impl:verifyEnrollmentRequest>

<verifyEnrollmentResponse>
<result>
<code>03000</code>
<shortMessage>ACCEPTED</shortMessage>
<longMessage>Operation Successfull</longMessage>
</result>
<actionUrl>https://acs.modirum.com/mdpayacs/pareq</actionUrl>  <actionMethod>POST</actionMethod>
<pareqFieldName>PaReq</pareqFieldName>
<pareqFieldValue> 
eJxVkdtuwjAMhl+l4gGaA21ZkcnEOGhIYzAYQ9rNFFoPKq
ClScvh7ZeUMrbcxJ9jx/ZveN8oxP4co1KhgDFqLdfoJHGnw
XgrpM2QNQRMuzPMBRxR6SRLBXOpy4Hc0GSpaCPTQoCM
8qfRq2C86fkBkBphj2rUF+x6gFwRUrlH0e1NnRiPQCqCKCv
TQl0E9ymQG0CpdmJTFIc2IafTyV1n2XqH7rciGqUp/Zh3TM
TXKiuLJC9RA7EJQO59TUtraVPgnMRivPgMJkt/uNoO5Xzrl
5OBz5eDj5fZ8K0DxEZALAsUnJp2KQ8cGrY5a3tmosoPcm8
7E4PFzPGoa1utPXCwhbpX8Kh9+esBo7LCNLqIsPVg5rsR4
PmQpWgijKy/NsSoIzNGfd1n6D1bpaPCiNiklIdBJXXF9qfES
MY4DauvLACxGaTeIqmXbKx/y/8Ba4usNQ==
</pareqFieldValue> 

<termUrlName>TermUrl</termUrlName>
<termUrlValue> https://acs.modirum.com/mdpayacs.php </termUrlValue>
<mdFieldName>MD</mdFieldName>
<mdFieldValue>1Fz9nEnAZJNn8NvXEKDT</mdFieldValue>
</verifyEnrollmentResponse>


Once the verifyEnrollment is done, authentication to the ACS server must be performed. For this, it is necessary to send the information of the verifyEnrollment on the authentication server.

Sending information

To send this information, simply create an HTML form in POST if you want to create a link if GET:

POST: The information will be sent to the authentication server through the form below. The field names and values ​​are dynamically retrieved from the verifyEnrollmentResponse.
  • session tracking: value to retrieve in the verifyEnrollment response 
    • mdFieldName = MD
    • mdFieldValue = 1Fz9nEnAZJNn8NvXEKDT
  • authentication request: value to retrieve in the verifyEnrollment
    • pareqFieldName = PaReq
    • pareqFieldValue  = eJxVkdtuwjAMhl+l4gGaA...
  • Address where the authentication server. This address must be able to retrieve a form sent in "POST" and containing the answer of the authentication of the user. 
    • termUrlName = TermUrl
      termUrlValue  =  https://acs.modirum.com/mdpayacs.php 
Sample HTML form to perform a test on your server:

HTML form

<form name="downloadForm" action="https://acs.modirum.com/mdpayacs/pareq" method="POST">
<input type="hidden" name="TermUrl" value="http://127.0.0.1/3DSecure/receive_form.php">
PAREQ : <input type="text" name="PaReq">
<br />
MD : <input type="text" name="MD">
<br />
<input type="submit" name="submit" value="Submit">
</form>

Receipt of information returned during authentication

The authentication server sends its message to the URL entered in the TermURL parameter (sent in the previous form). In the response form, two fields must be retrieved to continue the transaction in 3DSecure mode:

  • The MD field: always the same field allowing the follow-up of the session
  • the Payer Authentication Response (PaRes) field: an encrypted string containing the response of the authentication server. The value of the PaRes field will validate or not the transaction as a 3DSecure transaction.

These two fields are retrieved and allow to complete the doAuthorizationRequest in 3DSecure mode.

Sample script (here written in PHP) to retrieve the response to authentication:

Script PHP : receive_form.php

<?php
$pares = $_POST['PaRes'];
$md = $_POST['MD'];

echo "MD : ".$md."<br />PARES : ".$pares;
?>


Note: This script must be placed on a started web server and in a folder corresponding to the address sent via the TermURL field.

Example: if the server is local it is quite possible to put as value:

TermURL = http://127.0.0.1/3DSecure/receive_form.php

Step 2 : doAuthorizathion with3D Secure settings


The web service call of the doAuthorization method allows you to directly perform the transaction with the 3DSecure parameters. 
The parameters entered: md / pares make it possible to check the authentication and thus the identity of the user before carrying out the transaction.

If the parameters are correct, the transaction is then directly carried out as for the classic doAuthorization.

doAuthorizationRequest

doAuthorizationResponse

<impl:doAuthorizationRequest>
<impl:payment>
<obj:amount>4150</obj:amount>
<obj:currency>978</obj:currency>
<obj:action>100</obj:action>
<obj:mode>CPT</obj:mode>
<obj:contractNumber>CB3DS</obj:contractNumber>
</impl:payment>
<impl:card>
<obj:number>4970105512345674</obj:number>
<obj:type>CB</obj:type>
<obj:expirationDate>0912</obj:expirationDate>
<obj:cvx>123</obj:cvx>
</impl:card>
<impl:order>
<obj:ref>REF023493</obj:ref>
<obj:country>FR</obj:country>
<obj:taxes>100</obj:taxes>
<obj:amount>1400</obj:amount>
<obj:currency>978</obj:currency>
<obj:date>28/01/2009 09:32</obj:date>
</impl:order>
<impl:buyer>
<obj:lastName>Dupond</obj:lastName>
<obj:firstName>Wilfried</obj:firstName>
<obj:email>wilfried.dupond@yahoo.fr</obj:email>
</impl:buyer>
<impl:authentication3DSecure>
<obj:md>xRtMifcy975D2EB3Zs8e</obj:md>
<obj:pares>
eJzFV2mTokoW/Ssd/T4a3ewKHZQq8LT8uWh9v0X8C9X
9dnSvZpwiZxtkQnR4/vcxQo0vM1a4/lI9R/BFjkEQryXL4
NU12Tb4MZVE1L1+PbVv/QJC+77/3xPfzNUWmgFEEZZ
k6R9fX0cle6U6nJcsH1bnKovDIruH7bTYMGmP5/2X9wl
2H14xxBT5b5PbbzFGVt8eCEo8aYT83umHcP/OLJ8Dvzb
YYYo8JPjlasmZySB7LnHxxTOXl6x8fSC1kadK0/86Mb7N
Dmzw2LW7JsXdOgDbKqGt0MWzXUzHgfeTiJHYyXt3Gvli
LP+N9W4D2XV0MrIQkUn+/iOLJrhOdX5t6je0MVLvrO6/
+UWyynOS9H7sYGAZ5U3lbmDcT3ZMMEcjDfJb20VXhTw
bWgWEOt2Ix04i1tmBAuFHx2aEgzgEtcaJzH8TLbsXbpj4r
…………
</obj:pares>
<obj:xid/>
<obj:eci/>
<obj:cavv/>
<obj:cavvAlgorithm/>
<obj:vadsResult/>
</impl:authentication3DSecure>
</impl:doAuthorizationRequest>

<doAuthorizationResponse>
<result>
<code>00000</code>
<shortMessage>ACCEPTED</shortMessage>
<longMessage>Transaction approved</longMessage>
</result>
<transaction>
<id>90217095220928</id>
<date>17/02/09 09:52</date>
<isDuplicated>0</isDuplicated>
<isPossibleFraud>0</isPossibleFraud>
<fraudResult/>
<explanation/>
<threeDSecure>Y</threeDSecure>
<score/>
</transaction>
<authorization>
<number>A55A</number>
<date>17/02/09 09:52</date>
</authorization>
</doAuthorizationResponse>


Boack Office

Menu 'Technical follow-up of webservice calls' to find the call of the web service verifyEnrollment allows to see the details of the verifyEnrollment.

The result of the 3DSecure transaction is then visible in the Payline Administration Center: on the results of a search and in the detail of the transaction 3DSecure tab:

Screen searches for transactions:


Detail of the 3DSecure transaction




3D Secure payment scheme







  • Aucune étiquette