Implementing DataCash 3DSecure in C#

Question

Hi, I've been tasked with implementing 3D Secure credit card verification on our existing site. I was just wondering if anyone had any example code to setting up 3D Secure?

I've been right through the documentation, however found nothing.

Answer 1

I'd tried to get one of the guys I work with to post something here, as he's acutally written this for one of our clients, but I'll take you through what I understand the process to be.

Basically once you have performed whatever pre-validation requests you perform (with the DataCash binary files for example), you then submit the payment request to DataCash using the DataCash agent to send the payment request.

If you've got 3D Secure set up on your DataCash account, and you've sent through the fields to say this transaction can happen with 3DS you'll probably get a status code returned of 150:

<?xml version="1.0" encoding="UTF-8"?>
<Response>
  <CardTxn>
    <card_scheme>...</card_scheme>
    <country>...</country>
    <issuer>...</issuer>
    <ThreeDSecure>
      <acs_url>...</acs_url>
      <pareq_message>...</pareq_message>
    </ThreeDSecure>
  </CardTxn>
  <datacash_reference>...</datacash_reference>
  <merchantreference>...</merchantreference>
  <mode>TEST</mode>
  <reason>3DS Payer Verification Required</reason>
  <status>150</status>
  <time>...</time>
</Response>

Along with the ThreeDSecure block in the CardTxn element.

You then need to take the acs_url and pareq_message, and use these to submit a request to the cards issueing bank for authorisation.

This usually takes the form of a self-submitting JavaScript form, that could post into an IFrame:

<!-- Action comes from acs_url returned by DataCash -->
<form method="post" 
      target="3dAuthFrame"
      action="https://testserver.datacash.com/acs"&gt;
  <!-- Value comes from pareq_message returned by DataCash -->
  <input value="[...]"
         name="PaReq"
         type="hidden" />
  <!-- Value is a merchant specified identifier that is dislayed to the user -->
  <input value="[...]"
         name="MD" 
         type="hidden" />
  <!-- Value is a public URL that the 3D Secure server will post back to -->
  <input type="hidden" 
         name="TermUrl" 
         value="[...]"/>
  <p>
    If you do not see your card issuer's instructions, below, please click 
    <input value="Continue" name="TDAction" type="submit" />
  </p>
  <iframe style="width:100%;height:400px" 
          src="javascript:''"
          name="3dAuthFrame"></iframe>
  <script type="text/javascript">
    document.forms[0].elements.TDAction.click();
    document.forms[0].elements.TDAction.disabled=true;</script>
</form>

The page at TermUrl will then recieve a call from the 3D secure servers, with Form fields "PaRes" and "MD" (i.e. the response from the issueing bank, and the reference you supplied earlier).

You then submit these authorization details back to DataCash as a Historical transaction to complete the payment.

Details around this can be found in section D.4. 3-D Secure, with DataCash MPI in the Developers Guide, and on this page (may require login).

If you require more details, let me know, and I'll try and get some more detail here.

Answer 2

I've written an article on this now... http://www.alexjamesbrown.com/geek/implementing-datacash-3d-secure-with-asp-net/

Hope this helps people who stumble on this from Google....