User's Guide
Table Of Contents
- Payflow Fraud Protection Services User’s Guide
- Preface
- Overview
- How Fraud Protection Services Protect You
- Configuring the Fraud Protection Services Filters
- Assessing Transactions that Triggered Filters
- Activating and Configuring the Buyer Authentication Service
- Performing Buyer Authentication Transactions Using the SDK
- Testing the Buyer Authentication Service
- Buyer Authentication Transaction Overview
- Buyer Authentication Terminology
- Buyer Authentication Server URLs
- Detailed Buyer Authentication Transaction Flow
- Call 1: Verify that the cardholder is enrolled in the 3-D Secure program
- Call 2: POST the authentication request to and redirect the customer’s browser to the ACS URL
- Call 3: Validate the PARES authentication data returned by the ACS server
- Call 4: Submit the intended transaction request to the Payflow server
- Example Buyer Authentication Transactions
- Buyer Authentication Transaction Parameters and Return Values
- ECI Values
- Logging Transaction Information
- Screening Transactions Using the Payflow SDK
- Downloading the Payflow SDK (Including APIs and API Documentation)
- Transaction Data Required by Filters
- Transaction Parameters Unique to the Filters
- Existing Payflow Parameters Used by the Filters
- Response Strings for Transactions that Trigger Filters
- Accepting or Rejecting Transactions That Trigger Filters
- Logging Transaction Information
- Responses to Credit Card Transaction Requests
- Fraud Filter Reference
- Testing the Transaction Security Filters
- Good and Bad Lists
- AVS Failure Filter
- BIN Risk List Match Filter
- Country Risk List Match Filter
- Email Service Provider Risk List Match Filter
- Geo-location Failure Filter
- International IP Address Filter
- International Shipping/Billing Address Filter
- IP Address Match Filter
- Shipping/Billing Mismatch Filter
- Total Item Ceiling Filter
- Total Purchase Price Ceiling Filter
- Total Purchase Price Floor Filter
- USPS Address Validation Failure Filter
- ZIP Risk List Match Filter
- Deactivating Fraud Protection Services
- Index
Fraud Protection Services User’s Guide 37
Performing Buyer Authentication Transactions Using the SDK
Detailed Buyer Authentication Transaction Flow
6
Example ACS Redirect Code
The following example HTML page redirects a customer to an ACS URL with a PAREQ and
returns the URL for receiving the PARES. Customize tags marked with $ with your
information.
<HTML>
<head>
<title>Authentication Body</title>
<SCRIPT LANGUAGE="Javascript">
function OnLoadEvent()
{
document.downloadForm.submit();
}
</SCRIPT>
</head>
<body bgcolor="{$BACKCOLOR}" background="{$BACKGROUND}"
onload="OnLoadEvent()">
<form name="downloadForm" action="{$acsUrl}" method="POST">
<noscript>
<br/>
<br/>
<center>
<h1>Processing your 3-D Secure Transaction</h1>
<h2>JavaScript is currently disabled or is not supported
by your
browser.<br/></h2>
ACS
POST
and
Redirect
2
Name
Password
HTTP method="POST"
PaReq=J84H+To4vv6K
TermUrl=http://merchantpage.com
MD=<state info>
HTTP method="POST"
PaRes=Qi84$nFWpx2M93
MD=<echoed state info>
Redirect
Customer
Issuer's
ACS server
(providing
3-D Secure
Service)
"Please
authenticate
this
customer."
"Yes, the customer
is the valid cardholder,
and here's the digitally signed
Payer Authentication
Response (PaRes) data."
Username
Password
Client
Browser