User's Guide
Table Of Contents
- Payflow Fraud Protection Services User’s Guide
- Preface
- Overview
- How Fraud Protection Services Protect You
- Configuring the Fraud Protection Services Filters
- Assessing Transactions that Triggered Filters
- Activating and Configuring the Buyer Authentication Service
- Performing Buyer Authentication Transactions Using the SDK
- Testing the Buyer Authentication Service
- Buyer Authentication Transaction Overview
- Buyer Authentication Terminology
- Buyer Authentication Server URLs
- Detailed Buyer Authentication Transaction Flow
- Call 1: Verify that the cardholder is enrolled in the 3-D Secure program
- Call 2: POST the authentication request to and redirect the customer’s browser to the ACS URL
- Call 3: Validate the PARES authentication data returned by the ACS server
- Call 4: Submit the intended transaction request to the Payflow server
- Example Buyer Authentication Transactions
- Buyer Authentication Transaction Parameters and Return Values
- ECI Values
- Logging Transaction Information
- Screening Transactions Using the Payflow SDK
- Downloading the Payflow SDK (Including APIs and API Documentation)
- Transaction Data Required by Filters
- Transaction Parameters Unique to the Filters
- Existing Payflow Parameters Used by the Filters
- Response Strings for Transactions that Trigger Filters
- Accepting or Rejecting Transactions That Trigger Filters
- Logging Transaction Information
- Responses to Credit Card Transaction Requests
- Fraud Filter Reference
- Testing the Transaction Security Filters
- Good and Bad Lists
- AVS Failure Filter
- BIN Risk List Match Filter
- Country Risk List Match Filter
- Email Service Provider Risk List Match Filter
- Geo-location Failure Filter
- International IP Address Filter
- International Shipping/Billing Address Filter
- IP Address Match Filter
- Shipping/Billing Mismatch Filter
- Total Item Ceiling Filter
- Total Purchase Price Ceiling Filter
- Total Purchase Price Floor Filter
- USPS Address Validation Failure Filter
- ZIP Risk List Match Filter
- Deactivating Fraud Protection Services
- Index
Performing Buyer Authentication Transactions Using the SDK
Buyer Authentication Terminology
6
34 Fraud Protection Services User’s Guide
2. If the cardholder is enrolled, then your program redirects the customer to the issuing bank’s
buyer authentication page. The customer submits their username and password. The
issuing bank authenticates the customer’s identity by returning a payer authentication
response value to your program.
3. Your program then validates the authentication response.
4. If the authentication data is valid, then your program submits a standard Payflow
authorization or sale transaction that includes the buyer authentication data.
NOTE: The Buyer Authentication Service supports only Sale and Authorization transaction
types.
Buyer Authentication Terminology
The following terms are used in this chapter:
TABLE 6.1 Buyer Authentication terminology
Term Definition
MPI The Merchant Plug-in software component that implements merchant's client
functionalities in 3-D Secure protocol. The 3-D Secure server at
https://buyerauth.com/DDDSecure/MerchantPlug-In
implements MPI's
specification as a payment gateway.
PAREQ The Payer Authentication Request message that you send to the issuing bank’s
buyer authentication page.
PARES Payer Authentication Response, digitally signed by the issuing bank.
CAVV Cardholder Authentication Verification Value. The value generated by card
issuing bank to prove that the cardholder has been authenticated with a
particular transaction.
XID Buyer authentication Transaction ID. Used only by Verified by Visa to identify a
unique buyer authentication transaction.
ECI E-Commerce Indicator. The ECI value indicates the level of security supported
by the merchant when the cardholder provided the payment card data for an
Internet purchase. When returned in a buyer authentication response, it is
determined by the issuing bank.
Authentication
Status
Key component in the 3-D Secure protocol. A server run by card issuer
performing functionalities of enrolling a card for 3-D Secure, verifying card
enrollment, and authenticating cardholder and issuing a digitally signed
payment authentication response (PARES).