The AUTHENTICATE and AUTHORISE methods are specifically for use by merchants who are either;

(i) unable to fulfil the majority of orders in less than 6 days (or sometimes need to fulfil them after 30 days)

(ii) do not know the exact amount of the transaction at the time the order is placed (for example, items shipped priced by weight, or items affected by foreign exchange rates).

Unlike normal PAYMENT or DEFERRED transactions, AUTHENTICATE transactions do not obtain an authorisation at the time the order is placed. Instead the card and card holder are validated using the 3D-Secure mechanism provided by the card-schemes and card issuing banks.

(More information can be found by downloading the VSP Protocol and Integration document)

Your site will register your transaction with a TxType of AUTHENTICATE, and redirect the customer to VSP Server to enter their card details. VSP Form will contact the 3D-Secure directories to check if the card is part of the scheme. If it is not, then the card details are simply held safely at Protx and your SuccessURL is sent a Status of REGISTERED

N.B. This also happens if you do not have 3D-Secure active on your account or have used the Apply3DSecure flag to turn it off.

If, however, the card is part of the 3D-Secure scheme, the customer is redirected to their card issuing bank for authentication (read further information on the 3D Secure process). Here they will authenticate themselves and be returned to VSP Form.

If they have not passed authentication, your rule base is consulted to check if they can proceed for authorisation anyway. If not, your FailureURL is sent a Status of REJECTED. If they failed authentication but can proceed, your SuccessURL is sent a REGISTERED status. If the user passed authentication with their bank and a CAVV/UCAF value is returned, your SuccessURL is sent a Status of AUTENTICATED and a CAVV value for you to store if you wish.

In all cases, the customer’s card is NEVER authorised. There are no shadows placed on their account and your acquiring bank is not contacted. The customer’s card details and their associated authentication status are simply held at Protx for up to 90 days, a limit set by the card schemes, (30 days for International Maestro cards) awaiting an AUTHORISE or CANCEL request from your site.

(More information can be found by downloading the VSP Protocol and Integration document)

To charge the customer when you are ready to fulfil the order, you’ll need to log into VSP Admin, select the Authenticated/Registered transaction and click Authorise. You can Authorise any amount up to 115% of the value of the Authentication and use any number of Authorise requests against an original Authentication so long as the total value of those authorisations does not exceed the 115% limit, and the requests are inside the 90 days limit. This is the stage at which your acquiring bank is contacted for an auth code. AVS/CV2 checks are performed at this stage and rules applied as normal. This allows you great flexibility for partial shipments or variable purchase values. If the AUTHENTICATE transaction was AUTHENTICATED (as opposed to simply REGISTERED) all authorisations will be fully 3D-Secured, so will still receive the fraud liability shift.

When you have completed all your Authorisations, or if you do not wish to take any, you can select CANCEL from your VSP Admin screens to archive away the Authentication and prevent any further Authorisations being made against the card. This happens automatically after 90 days.

(More information can be found by downloading the VSP Protocol and Integration document)