fjbender
commented
8 years ago Appreciate your feedback!
I'll go into more detail concerning 3D Secure and push it here.
Closed judgej closed 8 years ago
fjbender
commented
8 years ago Appreciate your feedback!
I'll go into more detail concerning 3D Secure and push it here.
fjbender
commented
8 years ago Closed with d962ff7
judgej
commented
8 years ago Thank you, that addition is useful. However, could I just clear up one point?
Most gateways I have dealt with ask the merchant site to send the end user off to the authorising bank to enter their 3D Secure details. The bank then sends the user back to the merchant site with a token. That token is then sent to the payment gateway to get the final payment status back in return. That may include the full transaction details, or may require another request to get that, depending on the gateway.
Now, the PAYONE documentation seems to imply the user is NOT sent to the authorising bank. Instead the user goes to the PAYONE site, where a page wraps the authorising bank's 3D Secure form in an iframe, or perhaps sends the user off to the bank with a return URL going to PAYONE and NOT the merchant site. So the merchant site does not get the user to interact with the authorising bank at all. Is this correct?
I'm asking, because the above is implied, but some of the parameters (that are not explained) in the documentation seem to hint otherwise, e.g. the 3D Secure fields that are sent in a [Shop Server] payment (i.e. authorize) request to PAYONE.
Just wanted to get that cleared up if possible. Thank you in advance :-)
fjbender
commented
8 years ago Sure, no problem.
We send the customer off to their bank, but we route them through our platform, so we know that they followed the redirect. The merchant site does not get the user to interact with the authorizing bank, yes. It's all done through our platform.
The 3D Secure parameters you're thinking off are for the scenario where the merchant has a high level of PCI compliance and wants to store the CC data themselves. In this case they can inquire at our platform it 3D Secure is enabled for the card at hand and act accordingly. These parameters are not needed in the setting described in this Very Simple Integration.
judgej
commented
8 years ago Thanks - that's great. I'm writing a PHP payment gateway driver, so knowing this flow was important for describing how to use the driver. Thank you again - this is clear.
Great introduction - helps to fill gaps in how this gateway works that the technical documents just don't tackle.
Now, 3D Secure. How does that work for ONEPAY? Compared to other gateways, the messages that the 3D Secure results are sent to simply does not make a lot of sense, so I'm guess it works differently to other gateways. Any examples of 3D Secure end-to-end that you can give us?
Thanks!