Correct payments with cards – 3D secure verification

By Jumpstarter

There are times when some of the Jumpstarter customers are having issues with completing a donation payment with their credit/debit cards.

3dsecure
The reason that some of these payments fail was unfortunately due to 3D secure.

3D Secure is a technical standard created by Visa and MasterCard to further secure CNP (Card-holder Not Present) transactions over the Internet. 3D Secure protects a buyer’s credit card against unauthorised use when shopping online. This service enables buyers to validate transactions you make over the internet by requesting a personal code (usually sent to your cell phone or email address as a one time PIN). It helps protect against fraudulent use by unauthorised individuals.

This however is controlled by the buyers bank and not our payment portal PayGate, so in all of these cases, the buyer enters the OTP however the page that verifies the OTP, which is controlled by the bank and not PayGate, timesout.

This sadly is out of our control as the bank would verify the OTP and should their 3D secure verification fail the payment verification will “hang”.

This is not unique to PayGate and you will experience the same issues regardless of the payment gateway that you use. The reason for this is because PASA (Payments Association of South Africa) has now enforced 3D secure verification on ALL payments.

The way that 3D secure verification used to work before it was enforced was as follows:

  1. The card holder enters their card information (16 digit card number, expiry date etc.) on the PayGate engine
  2. PayGate submits the data to our acquiring bank
  3. Our acquiring bank authorises the transaction (by communicating with the credit card network and issuing bank)
  4. The response (success or failure) is passed back up the chain to the card holder

Now that 3D Secure is enforced there is a lot more handoffs in the process:

  1. The card holder enters their card information (16 digit card number, expiry date etc.) on the PayGate engine
  2. PayGate contacts a directory server to ascertain whether the card is enrolled in 3D Secure
  3. The directory server responds with a message indicating that the card is registered
  4. PayGate uses the message to redirect the cardholder to a “3D Secure” page served by the issuing bank
  5. The cardholder authenticates themselves to the issuing bank on the 3D Secure page (One Time PIN, known password etc.)
  6. The result of this authentication is returned to PayGate
  7. PayGate submits the card information and the 3D Secure authentication result to our acquiring bank
  8. Our acquiring bank authorises the transaction (by communicating with the credit card network and issuing bank)
  9. The response (success or failure) is passed back up the chain to the card holder

As you can see there is a lot more handoffs in the process with 3D secure verification, and unfortunately if any of the above steps fails the payment will not go through.

Leave a Reply