David,
AFAIK, 3D secure is similar to "Verified by Visa" in addition to that it
also supports Mastercard. In 3D secure customer authenticate with their
banker (issuer bank) and not the Visa or MasterCard site and yes they
waives the right to repudiation as they use their bank userid/password
to authenticate.
I know some of the merchant banks in UK made it mandatory to use 3D
secure for CC processing. I am not sure how useful it could be for end
customers but vendor have little choice when their merchant bank makes
it mandatory to use 3D secure as part of CC processing. Only alternative
is to switch to the other merchant bank which may not be feasible sometime.
Thanks,
Raj
David E Jones wrote:
On a side note, is 3D Secure like the old "Verified by Visa" thingy
that was supposed to make things more secure for "customers" but by
using it customers actually waived the right to repudiation. In other
words, if someone was able to get your CC information and Verified by
Visa username/password then they could commit fraud and Visa wouldn't
help you out with it at all.
In other words, for your extra pain of signing up and using the
problem, the customer was rewarded by not being able to repudiate
fraudulent charges.
If the same is true for 3D Secure then chances are it won't be on the
radar for very long... when was the last time anyone here was asked to
implement for Verified by Visa?
-David
On Oct 19, 2008, at 11:05 PM, Christopher L wrote:
Yes, it's a complete rethink on how to ensure non-repudiation.
It's also less of a "call to a gateway" as it is a redirection to the
card issuer. The goal is to keep the PIN from the merchants and card
processors.
Here's the flow, IIRC.
1. User enters in a CC number into a storefront.
2. Storefront queries the CC number to determine participation in
3dsecure.
3. Response and issuer authentication url is returned.
4. Storefront redirects the user to the card issuer, with an
encrypted payload. This could be in a pop-up.
5. User authenticates with card issuer.
6. Card issuer redirects the user back to the storefront with a code
in an xml doc signed by the issuer.
7. Storefront adds the code to the authorization that is sent to the
credit card processor.
In my experience, merchants get very worried (and rightly so) about
the redirection/pop-up because you lose control of the user. It's
essential to make it a smooth experience. If it's not, you lose
sales because the customers don't come back from the redirect.
Chris Lombardi
Date: Sun, 19 Oct 2008 13:27:43 -0700
From: [EMAIL PROTECTED]
To: dev@ofbiz.apache.org
Subject: Re: [Fwd: Re: I want to discuss integration 3D Secure
Credit Card with ofbiz.]
I did not catch that, thanks, Chris.
This would be a independent service that the different CC services
could
call it while building thier call to the gateway they are using.
it would still be in the third party service.
3DsecureService.java
Christopher L sent the following on 10/19/2008 1:02 PM:
3D Secure isn't a payment processor. It's a supplemental
authentication service that authenticates the cardholder to the
*card issuing bank*.
The output of 3D Secure is an encrypted hash (not a payment auth)
that is then sent via your normal payment authorization service.
So, you really can't implement ccAuth, ccCapture, etc.
Sarvesh is trying to find out where in the checkout process this
additional authentication step could go to then be utilized by all
the payment authorization services. I'm familiar with 3D Secure,
but unfortunately not familiar with the ofbiz ecommerce module, or
I'd suggest something myself.
Chris Lombardi
Date: Sun, 19 Oct 2008 12:41:03 -0700
From: [EMAIL PROTECTED]
To: dev@ofbiz.apache.org
Subject: Re: [Fwd: Re: I want to discuss integration 3D Secure
Credit Card with ofbiz.]
I read
http://docs.ofbiz.org/display/OFBIZ/Credit+Card+3D+Secure++Authentication+Integration+with+ofbiz
and see no difference than using the CC service called by
PaymentGatewayServices
all the services now, had web interfaces at one time.
Raj Saini sent the following on 10/19/2008 8:43 AM:
BJ,
3D secure is not same as normal CC authorization. 3D secure has a
issuer
bank authentication and it happens in 2 phases. And that is the
reason
this proposal is to make 3D secure generic enough to integrate with
OFBiz so that it can easily hooked up in other payment processors.
Thanks,
Raj
BJ Freeman wrote:
look at the third party code under the financial folder.
applications\accounting\src\org\ofbiz\accounting\thirdparty
provide
ccAuth
ccCapture
at a minimum
and
ccRefund
ccRelease
ccCredit
ccAuthCapture
if the provider supports them.
http://docs.ofbiz.org/display/OFBIZ/OFBiz+Beginner%27s+Development+Guide+Using+Practice+Application
see part 1
Sarvesh sent the following on 10/17/2008 7:26 AM:
Hi,
I want to discuss integration 3D Secure Credit Card with ofbiz. I
have got
it working(using protx simulator) by changing some of ofbiz
files but
still
it is not generic so I want to discuss it with the user
community to
make it
generic for general usage.
Thanks
Sarvesh.
