问题
We're currently updating our SagePay integration to enforce 3DSecure in line with the EU regulations coming into force.
However our tests have found that, even though 3DSecure is marked as a 'Fail', the payment was still authorised. We havent set up any specific rules in the Admin system other than the 3D Secure check. (none of the other 3d secure tick boxes are checked and there are no values in the min/max fields).
We want to set up our system so that if 3Dsecure fails it does not authorise the transaction. How do we do this?
回答1:
I'm getting exactly the same issues. Pass all of the details correctly and every test card comes back as successfully authorised. This is different to yesterday when I was being sent to the challenge page (which subsequently gave me a 404 error), so I can only surmise that SagePay haven't actually finished writing their 3DSv2 handling.
The "Magic Value" you can pass as the CardHolder doesn't actually do anything either and I'm also getting a server error when passing some of the new fields such as ThreeDSRequestorAuthenticationInfoXML and AcctInfoXML.
Waiting to hear back from an e-mail I've sent to their support team yesterday.
回答2:
Changing the Cardholder field to the magic value CHALLENGE worked for me
That will make the status returned as "3DAUTH" (I was always getting "OK" before using the magic value); you will also get the Sage simulator ACSURL ("https://test.sagepay.com/3ds-simulator/html_challenge"). See example of my request and response
SENT:
"VPSProtocol=4.00&TxType=PAYMENT&Vendor=[YOUR_VENDOR_HERE]&VendorTxCode=[YOUR_VENDOR_TX_CODE]&Amount=8.05&Currency=GBP&Description=LDN payment&CardHolder=CHALLENGE&CardNumber=4929 0000 0000 6&CV2=123&ExpiryDate=0120&CardType=VISA&BillingSurname=TestSurname&BillingFirstnames=TestName&BillingAddress1=88&BillingCity=Glasgow&BillingPostCode=412&BillingCountry=GB&DeliverySurname=TestSurnameB&DeliveryFirstnames=TestNameB&DeliveryAddress1=test address line 1&DeliveryCity=Glasgow&DeliveryPostCode=412&DeliveryCountry=GB&CustomerEMail=test@email.com&Apply3DSecure=1&ChallengeWindowSize=01&ThreeDSNotificationURL=[YOUR_URL]&BrowserAcceptHeader=text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3&BrowserUserAgent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36&BrowserJavascriptEnabled=1&BrowserJavaEnabled=1&BrowserLanguage=en-GB&BrowserColorDepth=8&BrowserScreenHeight=480&BrowserScreenWidth=640&BrowserTZ=0&ClientIPAddress=127.0.0.1"
RECEIVED:
"VPSProtocol=4.00; Status=3DAUTH; StatusDetail=2021 : Please redirect your customer to the ACSURL, passing CReq.; VPSTxId={9A9461B6-C8A8-CDE5-75FC-EBABFA6BB5FD}; 3DSecureStatus=OK; ACSURL=https://test.sagepay.com/3ds-simulator/html_challenge; CReq=ewogICJtZXNzYWdlVHlwZSIgOiAiQ1JlcSIsCiAgIm1lc3NhZ2VWZXJzaW9uIiA6ICIyLjEuMCIsCiAgInRocmVlRFNTZXJ2ZXJUcmFuc0lEIiA6ICJmMWZkNWJhOS0xZTAzLTQ4NGQtOGQzNi0zMTU5MTM5N2Y2YmIiLAogICJhY3NUcmFuc0lEIiA6ICJmNzgxOTYwMS1iN2VhLTRkMWUtYWY0MS00ZjRhYTY1NjQ3MjMiLAogICJjaGFsbGVuZ2VXaW5kb3dTaXplIiA6ICIwMSIKfQ"
See link to the documentation on this, magic numbers on page 28: Sage direct-integration protocol 4.00
来源:https://stackoverflow.com/questions/57392637/sagepay-payment-authorised-despite-3dsecure-failure