User's Guide
Table Of Contents
- Payflow Fraud Protection Services User’s Guide
- Preface
- Overview
- How Fraud Protection Services Protect You
- Configuring the Fraud Protection Services Filters
- Assessing Transactions that Triggered Filters
- Activating and Configuring the Buyer Authentication Service
- Performing Buyer Authentication Transactions Using the SDK
- Testing the Buyer Authentication Service
- Buyer Authentication Transaction Overview
- Buyer Authentication Terminology
- Buyer Authentication Server URLs
- Detailed Buyer Authentication Transaction Flow
- Call 1: Verify that the cardholder is enrolled in the 3-D Secure program
- Call 2: POST the authentication request to and redirect the customer’s browser to the ACS URL
- Call 3: Validate the PARES authentication data returned by the ACS server
- Call 4: Submit the intended transaction request to the Payflow server
- Example Buyer Authentication Transactions
- Buyer Authentication Transaction Parameters and Return Values
- ECI Values
- Logging Transaction Information
- Screening Transactions Using the Payflow SDK
- Downloading the Payflow SDK (Including APIs and API Documentation)
- Transaction Data Required by Filters
- Transaction Parameters Unique to the Filters
- Existing Payflow Parameters Used by the Filters
- Response Strings for Transactions that Trigger Filters
- Accepting or Rejecting Transactions That Trigger Filters
- Logging Transaction Information
- Responses to Credit Card Transaction Requests
- Fraud Filter Reference
- Testing the Transaction Security Filters
- Good and Bad Lists
- AVS Failure Filter
- BIN Risk List Match Filter
- Country Risk List Match Filter
- Email Service Provider Risk List Match Filter
- Geo-location Failure Filter
- International IP Address Filter
- International Shipping/Billing Address Filter
- IP Address Match Filter
- Shipping/Billing Mismatch Filter
- Total Item Ceiling Filter
- Total Purchase Price Ceiling Filter
- Total Purchase Price Floor Filter
- USPS Address Validation Failure Filter
- ZIP Risk List Match Filter
- Deactivating Fraud Protection Services
- Index
Fraud Protection Services User’s Guide 29
Activating and Configuring the Buyer Authentication Service
Configuring Buyer Authentication
5
8. Download the Gateway Developer’s Guide and Reference (PDF).
9. Configure the Payflow SDK as described in the developer’s guide.
Generate Transaction Request Software
1. Submit a Verify Enrollment transaction request (type E) to determine whether the
cardholder is enrolled in either the Verified by Visa or MasterCard SecureCode service.
See the example on page 40.
2. The response is either Enrolled or Not Enrolled. See the example responses on page 40.
3. If the customer is enrolled, you populate the response data into a form page (hosted on your
server) and post it to the URL of the card issuing bank (ACS) indicated in the response.
Make sure the TermUrl field is properly specified, as this is where the ACS will post the
response. See “Example ACS Redirect Code” on page 37.
4. The ACS responds to the post by presenting an Authentication window to the customer.
By Visa/MasterCard requirements, the HTML page for displaying the ACS form must be
presented in-line (within the same browser session as the e-commerce transaction),
preferably as framed-inline.
The ACS form should be displayed in a frame set, as shown in the following example. The
message across the top of the frame is required.
NOTE: You should not employ pop-up windows. They will be blocked by pop-up blocking
software.