User's Guide
Table Of Contents
- Payflow Fraud Protection Services User’s Guide
- Preface
- Overview
- How Fraud Protection Services Protect You
- Configuring the Fraud Protection Services Filters
- Assessing Transactions that Triggered Filters
- Activating and Configuring the Buyer Authentication Service
- Performing Buyer Authentication Transactions Using the SDK
- Testing the Buyer Authentication Service
- Buyer Authentication Transaction Overview
- Buyer Authentication Terminology
- Buyer Authentication Server URLs
- Detailed Buyer Authentication Transaction Flow
- Call 1: Verify that the cardholder is enrolled in the 3-D Secure program
- Call 2: POST the authentication request to and redirect the customer’s browser to the ACS URL
- Call 3: Validate the PARES authentication data returned by the ACS server
- Call 4: Submit the intended transaction request to the Payflow server
- Example Buyer Authentication Transactions
- Buyer Authentication Transaction Parameters and Return Values
- ECI Values
- Logging Transaction Information
- Screening Transactions Using the Payflow SDK
- Downloading the Payflow SDK (Including APIs and API Documentation)
- Transaction Data Required by Filters
- Transaction Parameters Unique to the Filters
- Existing Payflow Parameters Used by the Filters
- Response Strings for Transactions that Trigger Filters
- Accepting or Rejecting Transactions That Trigger Filters
- Logging Transaction Information
- Responses to Credit Card Transaction Requests
- Fraud Filter Reference
- Testing the Transaction Security Filters
- Good and Bad Lists
- AVS Failure Filter
- BIN Risk List Match Filter
- Country Risk List Match Filter
- Email Service Provider Risk List Match Filter
- Geo-location Failure Filter
- International IP Address Filter
- International Shipping/Billing Address Filter
- IP Address Match Filter
- Shipping/Billing Mismatch Filter
- Total Item Ceiling Filter
- Total Purchase Price Ceiling Filter
- Total Purchase Price Floor Filter
- USPS Address Validation Failure Filter
- ZIP Risk List Match Filter
- Deactivating Fraud Protection Services
- Index
Fraud Protection Services User’s Guide 41
Performing Buyer Authentication Transactions Using the SDK
Example Buyer Authentication Transactions
6
Example Validate Authentication Response
RESULT[1]=0&RESPMSG[2]=OK&AUTHENTICATION_ID[20]=8d4d5ed66ac6e6faac6d&AUTHEN
TICATION_STATUS[1]=Y&CAVV[28]=OTJlMzViODhiOTllMjBhYmVkMGU=&ECI[1]=5&XID[28]
=YjM0YTkwNGFkZTI5YmZmZWE1ZmY
Displaying the ACS Form
The Issuer ACS page presents transaction information to the cardholder. Visa/MasterCard
require that the HTML page for displaying the ACS form must be presented in an in-line
frame set. This window must occur within the same browser session as your e-commerce
transaction.
The window should have the following browser-independent attributes:
width=390 (minimum), height=400 (minimum), resizable=no, scrollbars=yes, toolbar=no,
location=no, directories=no, status=yes, menubar=no
Example Payflow Authorization or Sale Transaction
The Buyer Authentication Service supports only Authorization and Sale transaction types.
The name-value pairs that you submit with the intended Payflow transaction depend upon
whether the cardholder is enrolled in the 3-D Secure program, as follows:
Cardholder Enrolled in 3-D Secure Program
You perform the intended transaction using the standard name-value pairs plus the values
returned to the Validate Authentication transaction: AUTHENTICATION_ID,
AUTHENTICATION_STATUS, CAVV, XID, and ECI. The following is an example name-
value pair parameter string.
"TRXTYPE=S&TENDER=C&PARTNER=PayPal&VENDOR=SuperMerchant&USER=SuperMerchant&
PWD=x1y2z3&ACCT=5555555555554444&EXPDATE=0308&AMT=123.00&AUTHENTICATION_ID[
20]=8d4d5ed66ac6e6faac6d&CAVV[28]=OTJlMzViODhiOTllMjBhYmVkMGU=&AUTHENTICATI
ON_STATUS[1]=1&ECI[1]=5&XID[28]=YjM0YTkwNGFkZTI5YmZmZWE1ZmY"
Cardholder Not Enrolled
If there is no PAREQ returned in the response to the Verify Enrollment call, then the
cardholder is not enrolled. You perform the intended transaction using the standard name-
value pairs plus the AUTHENTICATION_ID, AUTHENTICATION_STATUS, and ECI
returned by the Verify Enrollment transaction. The following is an example name-value pair
parameter string.
"TRXTYPE=S&TENDER=C&PARTNER=PayPal&VENDOR=SuperMerchant&USER=SuperMerchant&
PWD=x1y2z3&ACCT=5555555555554444&EXPDATE=0308&AMT=123.00&AUTHENTICATION_ID[
20]=8d4d5ed66ac6e6faac6d&AUTHENTICATION_STATUS[1]=O&ECI[1]=7&"
Example Payflow Authorization or Sale Transaction Response
For Visa transactions, the response includes a CARDSECURE value of Y (card issuer judges
CAVV to be valid), N (card issuer judges CAVV to be invalid), or X (cannot determine
validity of CAVV).