Some issuing banks refusing 3D Secure requests [closed]
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this questionWe have a commerce site we're attempting to get 3D Secure (Verified by VISA/Mastercard Securecode) set up with.
We are using DataCash as our payment provider.
We are seeing the following issue:
Some cards that are enrolled in these schemes are being successfully shown the 3D Secure pages, others are failing, and talking to the issuing banks hasn't helped as 开发者_开发百科they are telling us they haven't seen the transaction.
We are getting messages from servers like "cap.securecode.com" stating:
Your authentication could not be completed because of a system error. If this happens consistently, please contact your CSR".
Or from "www.securesuite.co.uk":
You cannot access this page.
This may be due to one of two reasons:
- The FI you are trying to access is deactivated
- The access to the FI is restricted for specific IP addresses, and your address is not one of them
Has anyone else seen these errors returned from the verifying banks, and how can I resolve it?
I'm trying to get further details of any pattern to the successes and failures.
It looks like there was an issue with the form we were using to submit the request to the 3D Secure servers:
<form method="post"
enctype="multipart/form-data"
action="https://[3dSecureServer]">
<input value="[EncodedRequest]" name="PaReq" type="hidden">
<input value="[RetailerReference]" name="MD" type="hidden">
<input value="[RetailerReturnUrl]" type="hidden" name="TermUrl">
<p>If you do not see your card issuer's instructions, below,
please click <input value="Continue" name="TDAction" type="submit"></p>
</form>
Removing the enctype
attribute from the form seems to have resolved the issue - it's had no effect on the transactions that were succeeding, and allows those transactions that where failing to succeed as well.
I imagine that this was taken from some other sample code.
Let me try to give you some additional information,
I am working at a issuer bank. If the transaction involves 3D Secure, then the first step is 3D secure authentication, and only after success the autorisation. If the issuer bank did hand over the handling of 3D secure to another organisation, then it is true that they never see the transaction in case of 3D secure errors. In other words, they never did an authorisation. It depends if they know about the 3D secure error. Therefore, contacting the issuer will probably not help.
If I am correct, then you've issues with multiple 3D secure organisations. If I assume that every issuer has his own 3d secure organisation, then you have problems with credit cards from different issuers (you named securecode and securesuite). Therefore I think it has nothing to do with the credit card, but with your processing only.
Isn't the problem completely in hands of your payment processor? Or are you maybe doing something wrong in your communication with the payment processor? Notice that Visa and Mastercard did implement 3D Secure a little bit different.
(Maybe a stupid question, but are you sure that the cards with an error are Visa and Mastercard? Could it be true that the customer uses a card (e.g. JBC) that is not supported by your payment processor?)
3D secure is a mess - your payment processor will hand off to one of many sites depending on who issued your card. Some of these sites accept a GET request and some only a POST request. You may receive this error if you are sending a GET rather than POST.
it is going to be probably helpful to everyone if I say that some banks (MPI's) return PaReq responses with blank spaces, those blank spaces MUST be replaced with '+' signs, be aware that if you are codding in PHP you cannot simply encode them with urlencode as this can break redirection itself after providing correct details.
regards K
精彩评论