topic Re: 3-D Secure support among APIs? in Integration and Testing

3-D Secure support among APIs?

eternicode — Tue, 16 Nov 2010 18:05:24 GMT

Is 3-D Secure supported by any of the APIs? I'm specifically interested in CIM.

Also, are gateway-hosted forms available for CIM?

Re: 3-D Secure support among APIs?

richarddavies — Tue, 16 Nov 2010 23:47:48 GMT

The only reference I can currently find to 3D Secure is:

http://developer.authorize.net/guides/AIM/Transaction_Data_Requirements/Cardholder_Authentication_.htm and p27 of http://www.authorize.net/support/AIM_guide.pdf

This is only in AIM, and seems to imply that we would need to use a third-party service to do the 3D Secure check, and just feed the check results into AIM.

Is this really the case that only AIM supports 3D Secure, and in that case you have to use a third-party service?

Where would I find such a third-party 3D Secure service?

I'm hoping the answer is rather simpler and that CIM and SIM can both use 3D secure somehow?

Re: 3-D Secure support among APIs?

Elaine — Mon, 22 Nov 2010 09:43:57 GMT

You can use Verified by Visa with both AIM and CIM. To use Verified by Visa with CIM transactions please include the x_authentication_indicator and x_cardholder_authentication_value in <extraOptions> of the createCustomerProfileTransactionRequest.

You will need to obtain a 3rd party provider in order to provide the means in which the cardholder can authenticate themselves, which will provide you with the x_authentication_indicator and x_cardholder_authentication_value values to include.

Verified by Visa and MasterCard SecureCode are not available features in the SIM API.

Thank you,

Elaine

Re: 3-D Secure support among APIs?

smithdale87 — Tue, 26 Mar 2013 13:51:37 GMT

I know this post is quite old, but I'm having trouble getting the gateway to accept transactions in CIM that contain the x_authentication_indicator and x_cardholder_authentication_value values in extra options. The gateway simply responds with:

 <resultCode>Error</resultCode>
    <message>
      <code>E00027</code>
      <text>This transaction cannot be accepted.</text>
    </message>

If I pass all the exact same data, but don't put the x_authentication_indicator and x_cardholder_authentication_value, Authorize.net accepts the transaction without a problem.

Is there some option that I'm supposed to turn on to enable 3DS payments in CIM?

Edit: I forgot to mention, I'm doing all of this in the authorize.net sandbox.

Re: 3-D Secure support among APIs?

RaynorC1emen7 — Tue, 26 Mar 2013 14:30:47 GMT

how did you pass the extrasOption?

<extraOptions>x_authentication_indicator=xxxx&x_cardholder_authentication_value=xxx</extraOptions>

Re: 3-D Secure support among APIs?

smithdale87 — Wed, 27 Mar 2013 03:02:08 GMT


<createCustomerProfileTransactionRequest xmlns="AnetApi/xml/v1/schema/AnetApiSchema.xsd">
  <merchantAuthentication>
    <name>****</name>
    <transactionKey>****</transactionKey>
  </merchantAuthentication>
  <transaction>
    <profileTransAuthCapture>
      <amount>82.45</amount>
      <shipping>
        <amount>11.50</amount>
        <name>Overnight</name>
      </shipping>
      <customerProfileId>****</customerProfileId>
      <customerPaymentProfileId>****</customerPaymentProfileId>
      <customerShippingAddressId>****</customerShippingAddressId>
      <order>
        <description>Some description</description>
      </order>
    </profileTransAuthCapture>
  </transaction>
  <extraOptions>
    <![CDATA[x_authentication_indicator=5&x_cardholder_authentication_value=****]]>
  </extraOptions>
</createCustomerProfileTransactionRequest>

This is what a message looks like that gives the "Transaction cannot be accepted" response. I'm URL encoding the x_cardholder_authentication_value also, because when I don't do that, I get an "Invalid extra options" error message.

Any ideas?

Re: 3-D Secure support among APIs?

RaynorC1emen7 — Wed, 27 Mar 2013 11:38:28 GMT

It your directResponse look like <directResponse>3,1,288,This transaction cannot be accepted.,...... ?

Re: 3-D Secure support among APIs?

smithdale87 — Wed, 27 Mar 2013 11:55:09 GMT

Correct, here is the full direct response:

  <directResponse>3,1,288,This transaction cannot be accepted.,,P,0,,description,82.45,CC,auth_capture,,****,,,,,,****,,,,*****,,,,****,****,****,****,US,,,11.50,,,404E3A175A5F029B9078D246843B32A8,,,,,,,,,,,,,XXXX0002,Visa,,,,,,,,,,,,,,,,,****</directResponse>

Re: 3-D Secure support among APIs?

RaynorC1emen7 — Wed, 27 Mar 2013 12:24:39 GMT

are you using a test account?

288

Merchant is not registered as a Cardholder Authentication participant. This transaction cannot be accepted.

The merchant has not indicated participation in any Cardholder Authentication Programs in the Merchant Interface.

Re: 3-D Secure support among APIs?

smithdale87 — Wed, 27 Mar 2013 12:33:13 GMT

Yes, test account. Where do I register as a cardholder authentication participant

Re: 3-D Secure support among APIs?

RaynorC1emen7 — Wed, 27 Mar 2013 12:38:21 GMT

I haven't try it, but email developer@authorize.net to request it on the test account.

Re: 3-D Secure support among APIs?

smithdale87 — Wed, 27 Mar 2013 13:27:00 GMT

Ahah! Found the setting in the interface. It's under Account -> Security Settings -> Cardholder Authentication. Once I check the "I am enrolled in Verified by Visa" and "I am enrolled in Mastercard SecureCode", then the transaction was approved.

Thanks for your help!

Re: 3-D Secure support among APIs?

notprathap — Mon, 08 Jul 2013 10:36:31 GMT

Hi guys,

I am currently integrating 3d secure pin in our website. What I don't understand is, what is the necessity to pass the 3d secure verification response details to AIM? I understand that we integrate with one of the 4 providers for 3d pin - and they respond with authentication indicator and authentication value. I suppose these two values would indicate by themselves if the cardhoder is authenticated or not, am I right?

My question is, will passing those values to AIM make any difference to the fact that the cardholder is authenticated or not? Could we not just decide even before passing these values to AIM to deny the transaction, if the cardholder is not authenticated, based on the values returned from the 3d secure service provider?