User's Guide
Table Of Contents
- Payflow Fraud Protection Services User’s Guide
- Preface
- Overview
- How Fraud Protection Services Protect You
- Configuring the Fraud Protection Services Filters
- Assessing Transactions that Triggered Filters
- Activating and Configuring the Buyer Authentication Service
- Performing Buyer Authentication Transactions Using the SDK
- Testing the Buyer Authentication Service
- Buyer Authentication Transaction Overview
- Buyer Authentication Terminology
- Buyer Authentication Server URLs
- Detailed Buyer Authentication Transaction Flow
- Call 1: Verify that the cardholder is enrolled in the 3-D Secure program
- Call 2: POST the authentication request to and redirect the customer’s browser to the ACS URL
- Call 3: Validate the PARES authentication data returned by the ACS server
- Call 4: Submit the intended transaction request to the Payflow server
- Example Buyer Authentication Transactions
- Buyer Authentication Transaction Parameters and Return Values
- ECI Values
- Logging Transaction Information
- Screening Transactions Using the Payflow SDK
- Downloading the Payflow SDK (Including APIs and API Documentation)
- Transaction Data Required by Filters
- Transaction Parameters Unique to the Filters
- Existing Payflow Parameters Used by the Filters
- Response Strings for Transactions that Trigger Filters
- Accepting or Rejecting Transactions That Trigger Filters
- Logging Transaction Information
- Responses to Credit Card Transaction Requests
- Fraud Filter Reference
- Testing the Transaction Security Filters
- Good and Bad Lists
- AVS Failure Filter
- BIN Risk List Match Filter
- Country Risk List Match Filter
- Email Service Provider Risk List Match Filter
- Geo-location Failure Filter
- International IP Address Filter
- International Shipping/Billing Address Filter
- IP Address Match Filter
- Shipping/Billing Mismatch Filter
- Total Item Ceiling Filter
- Total Purchase Price Ceiling Filter
- Total Purchase Price Floor Filter
- USPS Address Validation Failure Filter
- ZIP Risk List Match Filter
- Deactivating Fraud Protection Services
- Index
Fraud Protection Services User’s Guide 39
Performing Buyer Authentication Transactions Using the SDK
Example Buyer Authentication Transactions
6
the standard sale or authorization transaction data, you include buyer authentication data, as
follows:
Cardholder is Enrolled in the 3-D Secure Program
You perform the intended Payflow authorization or sale payment transaction using the
standard name-value pairs plus the values returned to the Validate Authentication
transaction: AUTHENTICATION_ID, AUTHENTICATION_STATUS, CAVV, XID, and
final ECI.
Cardholder is Not Enrolled
If there is no PAREQ returned in the response to the Verify Enrollment call, then the
cardholder is not enrolled and you do not perform any additional buyer authentication
transactions. You perform the intended Payflow authorization or sale payment transaction
using the standard name-value pairs plus the AUTHENTICATION_ID,
AUTHENTICATION_STATUS, and ECI values returned by the Verify Enrollment call.
XMLPay Users: Pass AUTHENTICATION_STATUS=<status>,
AUTHENTICATION_ID=<id>, CAVV=<cavv value>, XID=<xid value>, and ECI=<eci
value> in the ExtData for Authorization and Sale transactions.
Example Buyer Authentication Transactions
The values returned in the transaction responses shown in these examples are described in
“Buyer Authentication Transaction Parameters and Return Values” on page 42. Standard
Payflow return values are described in Gateway Developer’s Guide and Reference (
PDF).
All return parameter names for transactions with the Buyer Authentication Server include
length tags. Length tags specify the exact number of characters and spaces that appear in the
value. For example, RESPMSG[2]=OK.
Standard
Payflow Sale
Transaction
with Buyer
Authentication
data
4
(Standard values:)
TRXTYPE=S
TENDER=C
AMT=42.00
ACCT=5105510551055555
EXPDATE=0308
(Buyer Authentication values:)
AUTH_ID=1A3D4G
AUTH_STATUS=Y
CAVV=li409JK4aUv5Kq
ECI=2
XID=3Pm95VwzG8YeJ
Payflow
Server
RESULT=0
PNREF=VXYZ01234569
RESPMSG=APPROVED
"Here's a Sale transaction,
and I've included
Buyer Authentication data"
"OK, here are the
results for the Sale,
and I've logged the
Buyer Authentication data"