E-Payment Integrator V6 - Online Help
E-Payment Integrator V6
Questions / Feedback?

ThreeDSecure Component

Properties   Methods   Events   Configuration Settings   Errors  

The ThreeDSecure component is used to implement a 3-D Secure MPI (Merchant Plug-In).

Syntax

nsoftware.InPay.Threedsecure

Remarks

This component is based on the 3-D Secure 1.0.2 specification, and simplifies the creation and handling of all messages to and from 3-D Secure Compliant Directory and Access Control servers. This is accomplished by adding an additional layer of abstraction between the developer and the 3-D Secure protocol. There is no need to deal with raw sockets, SSL handshakes, or XML packet formatting. All SSL communications to and from the Directory and Access Control servers are handled by the component.

This component can be easily integrated with an online payment system or shopping cart. There are three steps to integrating this component with an existing online payment system or shopping cart.

For help getting started and Visa Product Integration Testing (PIT) please see the following tutorials:

Getting Startedhttp://www.nsoftware.com/kb/articles/3dsecure.rst
Visa Product Integration Testing (PIT)http://www.nsoftware.com/kb/articles/pit.rst

Before making any transactions the following properties must be set with values acquired from Visa:

MerchantBankId
MerchantCountryCode
MerchantName
MerchantNumber
MerchantPassword
MerchantURL
DirectoryServerURL

Card Range Request (CRReq)

The component allows you to query the Directory Server for credit card ranges enrolled in the 3-D Secure program. This step is optional. If a submitted card is not within the currently retrieved ranges, then the card is not enrolled in 3-D Secure. Once the above configuration properties are set, sending a Card Range Request is simple. Set the MessageId (each message requires a unique MessageId), and then call the method RequestCardRanges. The card ranges will be returned in the fields Begin, End, and Action. After a successful Card Range Request the SerialNumber property will contain a serial number which indicates to the Directory Server the current state of your local cache. When submitting another Card Range Request, only the ranges which have changed since the last SerialNumber will be returned.

Verify Enrollment Request (VEReq)

Even if a card number is included in the ranges returned in the previous step, there is no guarantee that this card is actually enrolled in 3-D Secure. To determine if a card number is actually enrolled in the program, you must send a Verify Enrollment Request (VEReq). Update the MessageId and then set the CardNumber. Now call the VerifyEnrollment method. If the CardNumber is enrolled , the CardEnrolled property will contain "Y" (Yes). Otherwise it will contain "N" (No) or "U" (Service Unavailable). In addition, the ACSURL property will contain the URL for the Access Control Server to which a Payer Authentication Request must be sent.

Payer Authentication Request (PAReq)

After determining that the CardNumber in question is enrolled, a Payer Authentication Request (PAReq) must be sent to the ACSURL that was returned in the previous step. This request must be sent through the cardholder's browser, and thus cannot be sent by the component itself. The GetAuthenticationPacket method will return the compressed Payer Authentication Request (PAReq) packet, which can then be submitted through the cardholder's browser using the Javascript below.


Response.Write("<form name='downloadForm' action='" & ACSURL & "' method='POST'>")
Response.Write("  <INPUT type='hidden' name='PaReq'   value='" & GetAuthenticationPacket & "'>")
Response.Write("  <input type='hidden' name='TermUrl' value='Termination URL that the ACS will post back to'>")
Response.Write("  <input type='hidden' name='MD'      value='Merchant Data needed to complete transaction'>")
Response.Write("</form>")
Response.Write("<script>"  )
Response.Write("window.onload = submitForm;")
Response.Write("function submitForm() { downloadForm.submit(); }")
Response.Write("</script>"  )

The TermUrl is the location of a page that will handle the rest of the ordering process. The Visa Access Control Server will post back to the URL entered in this field with the results of the Payer Authentication Request. The MD field should contain any additional information needed by the merchant to complete the transaction. This may include information such as a TransactionId, MessageId, or any other data needed to match the response with a pending authentication. This may be raw text, XML, or any other data type. It is not recommended that sensitive data such as a CardNumber be contained in this field. If this is unavoidable, such sensitive data must be encrypted.

Once a Payer Authentication Response (PARes) is received by the web page indicated in the TermUrl field, use the CheckAuthenticationResponse to decompress, verify, and parse the response. The result of the transaction will be contained in the AuthenticationStatus property. The Payer Authentication Response is digitally signed by the Access Control Server, and the certificate used to sign the response will be contained in the AuthenticationCertificate property. If this certificate does not match the RootCertificate the authentication fails and the component will throw an error. Likewise, if the information in the Payer Authentication Response does not exactly match that given in the original Authentication Request the component will throw an error. The properties that must be identical include MerchantBankId, MerchantNumber, TransactionId, TransactionAmount, CurrencyCode, and CurrencyExponent.

In addition to the previously set Merchant Properties, the following fields are required to build a valid Payer Authentication Request packet:

CardExpMonth
CardExpYear
CardNumber
CurrencyCode
CurrencyExponent
MessageId
TransactionAmount
TransactionDescription
TransactionDisplayAmount
TransactionId
RootCertificate

Property List


The following is the full list of the properties of the component with short descriptions. Click on the links for further details.

ACSURLFully qualified URL of an Access Control Server.
AuthenticationCAVVCardholder Authentication Verification Value.
AuthenticationCAVVAlgorithmIndicates the algorithm used to generate the AuthenticationCAVV value.
AuthenticationCertificateContains the signing certificate for the PARes message returned by the ACS.
AuthenticationECIValue to be passed in the authorization message.
AuthenticationErrorURLLocation where authentication errors are posted to.
AuthenticationStatusIndicates whether a transaction qualifies as an authenticated transaction.
AuthenticationTimeDate and time Payer Authentication Response message was signed by the ACS.
AuthenticationXIDThe unique transaction identifier.
BrowserAcceptHeaderHTTP accept header sent from the cardholder's browser.
BrowserDeviceCategoryIndicates the type of cardholder device.
BrowserUserAgentHeaderHTTP user-agent header sent from the customer's browser.
CardEnrolledIndicates whether the CardNumber can be authenticated.
CardExpMonthExpiration month of the credit card specified in CardNumber .
CardExpYearExpiration year of the credit card specified in CardNumber .
CardNumberCustomer's credit card number to be authenticated.
CardRangesA collection of card ranges to be added to or removed from the cache.
CurrencyCodeIdentifies the type of currency used by the merchant.
CurrencyExponentMinor units of currency.
DataPacketOutContains the data packet sent to the server.
DirectoryServerURLThe address of the Directory Server.
EnrollmentErrorURLLocation where card range and enrollment verification errors are posted to.
ErrorPacketContains an XML-formatted error packet after receiving an invalid response from the Directory or Access Control Server.
ExtensionAny data necessary to support additional features.
MerchantBankIdThe number which identifies the merchant's bank or processor.
MerchantCountryCodeIdentifies the country where the merchant is located.
MerchantNameContains the name of the merchant.
MerchantNumberA unique number used to identify the merchant within the VisaNet system.
MerchantPasswordMerchant's password.
MerchantURLMerchant's URL.
MessageIdUnique identification number for each message.
ProtocolVersionIndicates the 3-D Secure protocol version.
ProxyA set of properties related to proxy access.
RecurEndDateThe date after which no further authorizations should be performed.
RecurFrequencyAn integer indicating the minimum number of days between authorizations.
RecurInstallmentsAn integer indicating the maximum number of permitted authorizations for installment payments.
ResponsePacketContains the response returned by the Directory Server or ACS.
RootCertificateContains the certificate used to verify the signature of the PARes message returned by the ACS.
SerialNumberSerial number indicating the state of the current card range cache.
SSLAcceptServerCertInstructs the component to unconditionally accept the server certificate that matches the supplied certificate.
SSLCertThe certificate to be used during SSL negotiation.
SSLServerCertThe server certificate for the last established connection.
TimeoutA timeout for the component.
TransactionAmountPurchase amount to be authorized.
TransactionDateOptionally contains the date of the transaction.
TransactionDescriptionBrief description of goods to be purchased.
TransactionDisplayAmountPurchase amount to be authorized.
TransactionIdContains a unique transaction identifier.
VendorCodeVendor-specific error code or explanatory text.

Method List


The following is the full list of the methods of the component with short descriptions. Click on the links for further details.

CheckAuthenticationResponseChecks the response returned from the Access Control Server.
ConfigSets or retrieves a configuration setting.
GetAuthenticationPacketReturns the Payer Authentication Request packet that is to be sent to the ACS.
GetResponseVarParses additional information out of the response.
InterruptInterrupts the current action.
RequestCardRangesSends a Card Range Request message to the Directory Server.
ResetClears all properties to their default values.
VerifyEnrollmentVerifies that the CardNumber is enrolled in the 3-D Secure program.

Event List


The following is the full list of the events fired by the component with short descriptions. Click on the links for further details.

CardRangeFired when the response to a card range request is received.
DataPacketInFired when receiving a data packet from the server.
DataPacketOutFired when sending a data packet to the server.
ErrorInformation about errors during data delivery.
SSLServerAuthenticationFired after the server presents its certificate to the client.
SSLStatusShows the progress of the secure connection.

Configuration Settings


The following is a list of configuration settings for the component with short descriptions. Click on the links for further details.

EscapeFieldsIndicates whether merchant-set data fields are automatically escaped by the component before transmission.
IgnoreInvalidCAVVAlgorithmsIndicates whether ignore invalid AuthenticationCAVVAlgorithm values.
iReqCodeReturns the iReqCode returned in the response.
UseResponseCAChainDetermines whether the certificate chain included in the Payer Authentication Response (PARes) is used when verifying the signature.
AcceptEncodingUsed to tell the server which types of content encodings the client supports.
AllowHTTPCompressionThis property enables HTTP compression for receiving data.
AuthorizationThe Authorization string to be sent to the server.
BytesTransferredContains the number of bytes transferred in the response data.
EncodeURLIf set to true the URL will be encoded by the component.
FollowRedirectsDetermines what happens when the server issues a redirect.
GetOn302RedirectIf set to true the component will perform a GET on the new location.
HTTPVersionThe version of HTTP used by the component.
IfModifiedSinceA date determining the maximum age of the desired document.
KeepAliveDetermines whether the HTTP connection is closed after completion of the request.
MaxRedirectAttemptsLimits the number of redirects that are followed in a request.
OtherHeadersOther headers as determined by the user (optional).
ProxyAuthorizationThe authorization string to be sent to the proxy server.
ProxyAuthSchemeThe authorization scheme to be used for the proxy.
ProxyPasswordA password if authentication is to be used for the proxy.
ProxyPortPort for the proxy server (default 80).
ProxyServerName or IP address of a proxy server (optional).
ProxyUserA user name if authentication is to be used for the proxy.
TransferredDataLimitThe maximum number of incoming bytes to be stored by the component.
UseChunkedEncodingEnables or Disables HTTP chunked encoding for transfers.
ChunkSizeSpecifies the chunk size in bytes when using chunked encoding.
UsePlatformHTTPClientWhether or not to use the platform HTTP client.
UserAgentInformation about the user agent (browser).
KerberosSPNThe Service Principal Name for the Kerberos Domain Controller.
ConnectionTimeoutSets a separate timeout value for establishing a connection.
FirewallAutoDetectTells the component whether or not to automatically detect and use firewall system settings, if available.
FirewallHostName or IP address of firewall (optional).
FirewallPasswordPassword to be used if authentication is to be used when connecting through the firewall.
FirewallPortThe TCP port for the FirewallHost;.
FirewallTypeDetermines the type of firewall to connect through.
FirewallUserA user name if authentication is to be used connecting through a firewall.
KeepAliveTimeThe inactivity time in milliseconds before a TCP keep-alive packet is sent.
KeepAliveIntervalThe retry interval, in milliseconds, to be used when a TCP keep-alive packet is sent and no response is received.
LingerWhen set to True, connections are terminated gracefully.
LingerTimeTime in seconds to have the connection linger.
LocalHostThe name of the local host through which connections are initiated or accepted.
LocalPortThe TCP port in the local host where the component binds.
MaxLineLengthThe maximum amount of data to accumulate when no EOL is found.
MaxTransferRateThe transfer rate limit in bytes per second.
TCPKeepAliveDetermines whether or not the keep alive socket option is enabled.
UseIPv6Whether or not to use IPv6.
TcpNoDelayWhether or not to delay when sending packets.
ReuseSSLSessionDetermines if the SSL session is reused.
SSLCipherStrengthThe minimum cipher strength used for bulk encryption.
SSLEnabledProtocolsUsed to enable/disable the supported security protocols.
SSLProviderThe name of the security provider to use.
SSLSecurityFlagsFlags that control certificate verification.
OpenSSLCADirThe path to a directory containing CA certificates.
OpenSSLCAFileName of the file containing the list of CA's trusted by your application.
OpenSSLCipherListA string that controls the ciphers to be used by SSL.
OpenSSLPrngSeedDataThe data to seed the pseudo random number generator (PRNG).
SSLAlgorithmListA string that controls the cipher algorithms to be used by SSL.
AbsoluteTimeoutDetermines whether timeouts are inactivity timeouts or absolute timeouts.
FirewallDataUsed to send extra data to the firewall.
InBufferSizeThe size in bytes of the incoming queue of the socket.
OutBufferSizeThe size in bytes of the outgoing queue of the socket.
CodePageThe system code page used for Unicode to Multibyte translations.

 
 
Copyright (c) 2015 /n software inc. - All rights reserved.
Build 6.0.5528.0