Research and Findings

Sun, 03/22/2009 - 12:03

n9986

Offline

Joined: 03/14/2009

Juice: 57

Research and Findings

Hi,

I have started work on this after research. I had like to post my findings on the 3DSecure system here.

The 3DSecure system requires interaction between various parties to authenticate. I am giving a top level generic view of how the data flows.

1. The merchant needs to subscribe to a Merchant Plug-in(MPI) and an Access Control Server(ACS). Wikipedia[1] speaks on detail about what are these.

2. When a buyer checks out his payment information is collected and sent by Merchant to MPI for authentication request.

3. Once the MPI confirms, the merchant will redirect the user to the ACS for actual authentication.

4. The reply of a successful authentication will from the ACS is received by the merchant.

5. Merchant sends this information back to MPI which processes it and gives some values.

6. These values can then be sent to the payment gateway to avail the benefits of this authentication.

So the actual flow is:

Merchant -> MPI -> Merchant -> ACS (Customer redirect) -> Merchant -> MPI -> Merchant -> Gateway

The Merchant -> MPI -> Merchant Calls can be implemented thru cURL.

Merchant -> ACS (Customer redirect) -> Merchant calls are usually done through an inline frame or by redirecting the user fully to another page (will not give consistent site branding then). Wikipedia has interesting write up at the same page on all issues considering different approaches.

So any 3DSecure implementation can be worked out if there exists:

- A 3D Secure basic protocol module (which does all the data throwing between entities and the one I am creating right now)
- An MPI module (these calls tend to be specific to every MPI. hence can be abstracted in an MPI module.)
- A Gateway module (many of these already exist)

Therefore, The 3DSecure module:
1. Calls the MPI module for the authentication request.
2. Handles the ACS Authentication based on the MPI reply.
3. Gives response from ACS to MPI Module.
4. Passes the Processed data recieved from MPI to gateway module.

Where,
PAReq = Verify Enrollment Request

Am new to module creations and wondering if this is the right approach. Will need to leanr quite a bit of stuff.

I am trying to code this now and any feedback on possible advices/guidelines are greatly appreciated.

References:
[1] http://en.wikipedia.org/wiki/3-D_Secure

3D Secure Support By: n9986 (9 replies) Sat, 03/14/2009 - 03:10

Re: 3D Secure Support By: Ryan (03/17/2009 - 09:04)
- Thanks By: n9986 (03/17/2009 - 09:35)
  - Research and Findings By: n9986 (03/22/2009 - 12:03)
    - Problem with Credit Card number By: n9986 (03/27/2009 - 20:40)
      - Anyone? By: n9986 (03/29/2009 - 11:17)
        Never Mind By: n9986 (03/30/2009 - 21:39)
        Completed and Secure By: n9986 (04/23/2009 - 10:51)
        Re: Completed and Secure By: Ryan (04/25/2009 - 18:07)
        3D Secure - MPI By: cheokpl (10/11/2009 - 08:17)

Ubercart

Research and Findings

Navigation

User login