User's Guide
Table Of Contents
- Payflow Pro Fraud Protection Services User’s Guide
- Preface
- Overview
- How Fraud Protection Services Protect You
- Configuring the Fraud Protection Services Filters
- Assessing Transactions that Triggered Filters
- Activating and Configuring the Buyer Authentication Service
- Performing Buyer Authentication Transactions Using the SDK
- Testing the Buyer Authentication Service
- Buyer Authentication Transaction Overview
- Buyer Authentication Terminology
- Buyer Authentication Server URLs
- Detailed Buyer Authentication Transaction Flow
- Call 1: Verify that the cardholder is enrolled in the 3-D Secure program
- Call 2: POST the authentication request to and redirect the customer’s browser to the ACS URL
- Call 3: Validate the PARES authentication data returned by the ACS server
- Call 4: Submit the intended transaction request to the Payflow server
- Example Buyer Authentication Transactions
- Buyer Authentication Transaction Parameters and Return Values
- ECI Values
- Logging Transaction Information
- Screening Transactions Using the Payflow SDK
- Downloading the Payflow SDK (Including APIs and API Documentation)
- Transaction Data Required by Filters
- Transaction Parameters Unique to the Filters
- Existing Payflow Parameters Used by the Filters
- Response Strings for Transactions that Trigger Filters
- Accepting or Rejecting Transactions That Trigger Filters
- Logging Transaction Information
- Responses to Credit Card Transaction Requests
- Fraud Filter Reference
- Testing the Transaction Security Filters
- Good and Bad Lists
- AVS Failure Filter
- BIN Risk List Match Filter
- Country Risk List Match Filter
- Email Service Provider Risk List Match Filter
- Freight Forwarder Risk List Match Filter
- Geo-location Failure Filter
- International IP Address Filter
- International Shipping/Billing Address Filter
- IP Address Match Filter
- Shipping/Billing Mismatch Filter
- Total Item Ceiling Filter
- Total Purchase Price Ceiling Filter
- Total Purchase Price Floor Filter
- USPS Address Validation Failure Filter
- ZIP Risk List Match Filter
- Testing Buyer Authentication Transactions Using the Payflow SDK
- Deactivating Fraud Protection Services
- Index
Fraud Protection Services User’s Guide 115
Testing Buyer Authentication Transactions Using the Payflow SDK
Buyer Authentication Testing Procedures
C
Example Return Values
The result should look like the following:
RESULT[1]=0&RESPMSG[2]=OK&AUTHENTICATION_ID[20]=8d4d5ed66ac6e6faac6d&AUTHEN
TICATION_STATUS[1]=Y&CAVV[28]=OTJlMzViODhiOTllMjBhYmVkMGU=&ECI[2]=05&XID[28
]=YjM0YTkwNGFkZTI5YmZmZWE1ZmY=
NOTE: The = character at the end of the XID value is correct (it is the 28th character).
Step 3 Submit the Payflow Sale or Authorization transaction with buyer
authentication data
Direct the sale or authorization transaction (TRXTYPE=S or A) to the test Payflow server:
pilot-payflowpro.paypal.com.
The response should include a value for CARDSECURE.
To Generate a Particular CARDSECURE value (Visa only)
– Any dollar amount with 11 cents (xx.11) causes CARDSECURE=N
– Any dollar amount with 22 cents (xx.22) causes CARDSECURE=X
– All other amounts cause CARDSECURE=Y
z If the Cardholder is Enrolled:
If the Validate Authentication transaction returns a verified enrollment, include the
following additional buyer authentication name-value pairs from the Validate
Authentication response:
AUTHENTICATION_ID
AUTHENTICATION_STATUS
CAVV (The test servers use the following CAVV values for all accounts:
ZDQzMTMzMjhhMTc1MzgwZTAwNTA= returns a response of 1,
814UqW4Wg0aBA5w0wR8wuQQFBQA= returns a response of 6,
all others return 2.)
XID (Visa only)
ECI
z Otherwise:
Include the following additional buyer authentication name-value pairs from the Verify
Enrollment response:
AUTHENTICATION_ID
AUTHENTICATION_STATUS
ECI