User's Guide
Table Of Contents
- Payflow Pro Fraud Protection Services User’s Guide
- Preface
- Overview
- How Fraud Protection Services Protect You
- Configuring the Fraud Protection Services Filters
- Assessing Transactions that Triggered Filters
- Activating and Configuring the Buyer Authentication Service
- Performing Buyer Authentication Transactions Using the SDK
- Testing the Buyer Authentication Service
- Buyer Authentication Transaction Overview
- Buyer Authentication Terminology
- Buyer Authentication Server URLs
- Detailed Buyer Authentication Transaction Flow
- Call 1: Verify that the cardholder is enrolled in the 3-D Secure program
- Call 2: POST the authentication request to and redirect the customer’s browser to the ACS URL
- Call 3: Validate the PARES authentication data returned by the ACS server
- Call 4: Submit the intended transaction request to the Payflow server
- Example Buyer Authentication Transactions
- Buyer Authentication Transaction Parameters and Return Values
- ECI Values
- Logging Transaction Information
- Screening Transactions Using the Payflow SDK
- Downloading the Payflow SDK (Including APIs and API Documentation)
- Transaction Data Required by Filters
- Transaction Parameters Unique to the Filters
- Existing Payflow Parameters Used by the Filters
- Response Strings for Transactions that Trigger Filters
- Accepting or Rejecting Transactions That Trigger Filters
- Logging Transaction Information
- Responses to Credit Card Transaction Requests
- Fraud Filter Reference
- Testing the Transaction Security Filters
- Good and Bad Lists
- AVS Failure Filter
- BIN Risk List Match Filter
- Country Risk List Match Filter
- Email Service Provider Risk List Match Filter
- Freight Forwarder Risk List Match Filter
- Geo-location Failure Filter
- International IP Address Filter
- International Shipping/Billing Address Filter
- IP Address Match Filter
- Shipping/Billing Mismatch Filter
- Total Item Ceiling Filter
- Total Purchase Price Ceiling Filter
- Total Purchase Price Floor Filter
- USPS Address Validation Failure Filter
- ZIP Risk List Match Filter
- Deactivating Fraud Protection Services
- Index
Activating and Configuring the Buyer Authentication Service
Testing and Activating the Service
5
28 Fraud Protection Services User’s Guide
5. When the customer enters their password and clicks Submit, the ACS verifies the
password and posts a response to the TermURL (the page on your site that is configured to
receive ACS responses).
6. Submit a Validate Authentication Response transaction request (type Z) to validate (ensure
that the message has not been falsified or tampered with) and decompose the
Authentication Response from the card-issuing bank (ACS). See “Example Validate
Authentication Response” on page 39.
7. The response contains the following data elements:
–XID
– Authentication Status
– ECI. E-commerce Indicator
– Visa: CAVV. Cardholder Authentication Verification Value
— or —
MasterCard: AAV. Accountholder Authentication Value
Submit these values, along with the standard transaction data, in a standard Sale or
Authorization transaction request, as described in “Call 4: Submit the intended transaction
request to the Payflow server” on page 36.
Testing and Activating the Service
1. Make these other required UI modifications:
Payment page pre-messaging. The example text shown below and in the red boxes in the
figure must appear on your payment page to advise the customer that authentication may
take place.
Example text in “Learn More” box on the left:
Why am I being asked for a password to use my credit card?
Can I purchase a car rantal for someone else using my credit or debit card?
Can I add drivers to my reservation?
More questions?
Example text in “reminder”:
After you check the “Purchase” button, your transaction will be processed.
For your security, Verified by Visa may ask you for information on the next page.
N
OTE: Buyer Authentication can only be activated when Fraud Protection Services is live.