User's Guide
Table Of Contents
- Payflow Fraud Protection Services User’s Guide
- Preface
- Overview
- How Fraud Protection Services Protect You
- Configuring the Fraud Protection Services Filters
- Assessing Transactions that Triggered Filters
- Activating and Configuring the Buyer Authentication Service
- Performing Buyer Authentication Transactions Using the SDK
- Testing the Buyer Authentication Service
- Buyer Authentication Transaction Overview
- Buyer Authentication Terminology
- Buyer Authentication Server URLs
- Detailed Buyer Authentication Transaction Flow
- Call 1: Verify that the cardholder is enrolled in the 3-D Secure program
- Call 2: POST the authentication request to and redirect the customer’s browser to the ACS URL
- Call 3: Validate the PARES authentication data returned by the ACS server
- Call 4: Submit the intended transaction request to the Payflow server
- Example Buyer Authentication Transactions
- Buyer Authentication Transaction Parameters and Return Values
- ECI Values
- Logging Transaction Information
- Screening Transactions Using the Payflow SDK
- Downloading the Payflow SDK (Including APIs and API Documentation)
- Transaction Data Required by Filters
- Transaction Parameters Unique to the Filters
- Existing Payflow Parameters Used by the Filters
- Response Strings for Transactions that Trigger Filters
- Accepting or Rejecting Transactions That Trigger Filters
- Logging Transaction Information
- Responses to Credit Card Transaction Requests
- Fraud Filter Reference
- Testing the Transaction Security Filters
- Good and Bad Lists
- AVS Failure Filter
- BIN Risk List Match Filter
- Country Risk List Match Filter
- Email Service Provider Risk List Match Filter
- Geo-location Failure Filter
- International IP Address Filter
- International Shipping/Billing Address Filter
- IP Address Match Filter
- Shipping/Billing Mismatch Filter
- Total Item Ceiling Filter
- Total Purchase Price Ceiling Filter
- Total Purchase Price Floor Filter
- USPS Address Validation Failure Filter
- ZIP Risk List Match Filter
- Deactivating Fraud Protection Services
- Index
Activating and Configuring the Buyer Authentication Service
Configuring Buyer Authentication
5
30 Fraud Protection Services User’s Guide
5. When the customer enters their password and clicks Submit, the ACS verifies the
password and posts a response to the TermURL (the page on your site that is configured to
receive ACS responses).
6. Submit a Validate Authentication Response transaction request (type Z) to validate (ensure
that the message has not been falsified or tampered with) and decompose the
Authentication Response from the card-issuing bank (ACS). See “Example Validate
Authentication Response” on page 41.
7. The response contains the following data elements:
–XID
– Authentication Status
– ECI. E-commerce Indicator
– Visa: CAVV. Cardholder Authentication Verification Value
— or —
MasterCard: AAV. Accountholder Authentication Value
Submit these values, along with the standard transaction data, in a standard Sale or
Authorization transaction request, as described in “Call 4: Submit the intended transaction
request to the Payflow server” on page 38.