support@protx.com
 
Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9

VSP Direct Custom Integration: Step 4 (3D Secure Authentication ONLY)

Step 4: VSP Direct replies to your registration POST

(N.B: ALL code examples and references to integration kit files within this document are related
to the ASP kit ONLY. To download kits in other languages please visit the Downloads page.)









VSP Direct stores all the information from your transaction registration POST in the Protx secure database before replying to that POST with 6 fields (see Appendix A2 - Page 37 - VSP Direct Protocol and Integration Guideline).

These returned fields are as follows;

Status: If a sucessful Protx 3D-Secure Merchant Plug-In (MPI) request has occured then the Status Detail field will be populated as '3DAUTH'. (if the MPI request has been unsucessful for any reason then the Status will be returned accordingly - see Appendix A2 - Page 37 - VSP Direct Protocol and Integration Guideline document).

Status detail: If a sucessful Protx 3D-Secure Merchant Plug-In (MPI) request has occured then the Status field will be populated with a message informing you to redirect your customer to their Issuing Bank to complete 3D-Authentication. (if the MPI request has been unsucessful for any reason then an appropriate readable message will be provided informing you as to why the error occured).

3DSecureStatus: If a sucessful Protx 3D-Secure Merchant Plug-In (MPI) request has occured then the 3DSecureStatus field will be populated as 'OK'. (if the MPI request has been unsucessful for any reason then the Status will be returned accordingly - see Appendix A2 - Page 38 - VSP Direct Protocol and Integration Guideline document).

MD: This is the unique 'identifier' to your 3D Secure transaction - It is highly advisable that you store this value as it will also be your unique idenifier for the transaction until the VendorTxCode and VPSTxId are returned later in the transaction process.

PAReq: A preformatted, encrypted field. This is the 3D-Secure message that the customer's card Issuing Bank decodes to begin the 3D-authentication process. This is created and encrypted by the Protx MPI and you should NOT attempt to modify it. If you do, the 3D-Secure authentication step will fail and this, in turn, will fail your transaction.

ACSURL: This field contains the fully qualified URL address of the Issuing Bank's 3D-Secure module, as provided via the Protx 3D-Secure Merchant Plug-In (MPI) from the Visa / Mastercard directory service in the VERes (Verification Result)

Please see below screenshot of the 'vsp_purchase.asp' page which handles the above results (please note that this example does NOT show the capture of the '3DSecureStatus' nor the 'StatusDetail' values)




**IMPORTANT**
You are advised to store the Status, 3DSecureStatus and MD values, but the ACSURL and PAReq values should NEVER be stored. Doing so would require you to undergo auditing by the card scheme, so unless you are already PCI-DSS compliant, you should avoid doing this. These values only need to be used in the next step to redirect your shopper to their Issuing Bank and should then be discarded.


The first step of the 3D Secure VSP Direct transaction is now complete. You have registered a 3D-Secure transaction with Protx. We have stored your payment details and replied with everything you need to send your shopper for 3D-Authentication. The next parts of the process, steps 5 to 7, are out of Protx's control and rely on a communication between you, your customer and your customer's card Issuing Bank.

Back to top

 © Copyright 2008 Protx Limited (a division of Sage (UK) Limited)    Terms of Use | Security Policy | Privacy Policy | General Feedback | Webmaster