Checks the response returned from the Access Control Server.
Public Sub CheckAuthenticationResponse(ByVal ResponseData As String)
After redirecting the cardholder's browser to post the Payer Authentication Request (PAReq) to the URL indicated in the ACSURL property, the Access Control Server (ACS) will post back to the TermURL indicated in the redirection code (see GetAuthenticationPacket for details). The data posted back to this URL is the Payer Authentication Response (PARes), and it should be checked with this CheckAuthenticationResponse method.
The CheckAuthenticationResponse method first decodes and decompresses ResponseData, and stores that decompressed data in the ResponsePacket property. The method then parses the response, checks that the merchant and transaction properties are identical to those submitted in the authentication request, and verifies the digital signature of the response contained in AuthenticationCertificate against the RootCertificate.
If authentication was successful, (regardless of the result of the signature verification), AuthenticationStatus will contain "Y". If authentication fails the AuthenticationStatus will contain "N". If the authentication is successful, you must pass the TransactionId, AuthenticationCAVV, and AuthenticationECI properties in the credit card authorization request (handled by other software) in order to qualify for the extra protection and discount. If the AuthenticationStatus is "N" you MUST NOT complete the transaction.
Note: Even if the AuthenticationStatus contains a "Y", the transaction may not be considered authenticated if the signature verification fails. A transaction may only be considered authenticated if no errors are generated by this CheckAuthenticationResponse method, and the value of AuthenticationStatus is "Y".
CheckAuthenticationResponse also validates certain fields in the ResponseData match properties submitted in the request. If the instance of the object is not maintained between the redirection to the ACS and when you call CheckAuthenticationResponse, then the following properties associated with the transaction will have to be reset to the values submitted in the request (for instance, these may be stored in a database). These properties include:
Note: CardNumber must be set to last 4 digits of the card number preceded by zeroes. For instance:
- 0000000001234 (13-digit PAN)
- 0000000000001234 (16-digit PAN)