Reputation: 141
SagePay 3D Secure V2 Flow
I'm following the SagePay API Docs to integrate 3D Secure: https://developer.sage.com/api/payments/additional-integrations/3-D-secure/
In TEST, when I don't send secureCustomerAuthentication object I get sent down the fallback route which is fine. However, when I do send the secureCustomerAuthentication object all transactions are coming back as 'Authorised' and it doesn't invoke the 3DS/cRes flow.
I've tried every card listed here: https://www.opayo.co.uk/support/12/36/test-card-details-for-your-test-transactions
Any ideas how I could invoke the SagePay 3DSv2 flow?
Upvotes: 0
Views: 2865
Answers (3)
Reputation: 303
This can be achieved by setting the apply3DSecure to “Force” when you are creating the transaction request.
The default setting is "apply3DSecure": "UseMSPSetting"
docs: https://developer-eu.elavon.com/docs/opayo/spec/api-reference#operation/createTransaction
Upvotes: 0
Reputation: 53
I had the same issue and eventually contacted their support. The following is what I got back which did help me when I was testing. Hope the same is true for you.
We've now updated the 3D secure process on all 4 integration methods (Form, Server, Direct and PI) to follow the 3DS2.0 frictionless checkout experience. This means in order to trigger the challenge in 3D secure 2.0, or default back to the 3DS1.0 experience, you need to pass some specific magic values in the CardHolder field (entered into Card Holder Name on the payment pages if using Form or Server):
The table below lists the magic values to use for the value of CardHolder when submitting your Direct transaction request. This will simulate various 3D-Authenticated transaction responses:
SUCCESSFUL - This is returned for a frictionless flow where authentication is successful
NOTAUTH - This is returned for a frictionless flow where authentication is NOT successful
CHALLENGE - This is returned for a challenge flow, where the cardholder will be re-directed to the ACS to enter two-factor authentication. A CReq, VPSTxId, ACSURL and StatusDetail will also be returned. Once you re-direct to the ACSURL, entering the correct password displayed on the site will simulate a successful authentication, entering any other password will simulate an un-successful authentication.
ROOFATTEMPT - The cardholder attempted to authenticate themselves, but the process did not complete. A CAVV is returned and this is treated as being successfully authenticated.
NOTENROLLED - This means the card is not enrolled in the 3D-Secure scheme.
TECHDIFFICULTIES* - 3D-Secure authentication was unable to complete. No authentication occurred.
STATUS201DS - Simulates fallback to 3DSv1. You will receive a PAReq, MD, ACSURL and StatusDetail on Direct/PI integration
ERROR - Simulates an error condition where 3D-Authentication cannot be performed due to data errors or service unavailability in one of the parties involved in the check.
Upvotes: 4
Reputation: 1
I had to set Apply3DSecure to 1 to force the test system to respond with a status of 3dauth
Upvotes: 0
Related Questions
- SagePay AES form integration
- Sagepay Direct 3D Secure Blank Page Issue
- 3DSv2 Sagepay Direct Integration basics
- 3DSv2 Sagepay Direct Integration 'page not found' after correct challenge
- sagepay TLS 1.2 update
- SagePay Test account Pre-authorisation processing
- SagePay .Net Integration Kit - Error when returning NOTAVAILABLE value for 3dSecureStatus
- SagePay V3 Form Integration using CFML - AES Encryption
- Does anyone have a working example of Omnipay and Sagepay Server or Sagepay Direct (with 3D Secure)?
- SagePay Protocol Violation Error