AltaPay gives merchants full control of 3D Secure within the payment flow, allowing you to choose which transactions should have this applied. For example, this could be invoked for transactions above a certain value, or when specific items are in the customer’s basket.
This functionality is set up to allow small changes to the configuration (for example using A/B testing) without involving AltaPay, in order to find the perfect balance between improved conversion and reduced risk.
The payment flow process differs depending on whether:
- 3D Secure is enabled on your terminal
- your customer's credit card is enrolled with 3D Secure (Verified by Visa, MasterCard SecureCode or Dankort Secured by Nets).
For more detailed information, see initiatePayment.
Non-3D Secure
The diagram below illustrates the payment flow process for credit cards that are not enrolled with 3D Secure, or when the 3D Secure is not enabled on the terminal.
- Your customer enters their credit card details on your checkout page.
- As the merchant/processor, you pass the credit card on to AltaPay using the initiatePayment method.
- AltaPay processes the payment, and sends you the XML response with information about the transaction.
3D Secure (Verified by Visa, MasterCard SecureCode or Dankort Secured by Nets)
The diagram below illustrates the payment flow process if 3D Secure is enabled on the terminal, and your customer's credit card is enrolled with 3D Secure (Verified by Visa, MasterCard SecureCode or Dankort Secured by Nets).
- Your customer enters their credit card details on your checkout page.
- As the merchant/processor, you pass the credit card on to AltaPay using the initiatePayment method.
- AltaPay processes the payment, and sends you the XML response with information about the transaction.
- When your customer is redirected back to you after a successful 3D Secure authentication, you finalise the payment by calling the verify3dSecure method.
- From the verify3dSecure method, you get an XML response, with the result of the transaction.
The response contains a parameter called RedirectResponse. It contains a URL to which you must redirect your customer to authenticate their credit card with the issuer/ACS. When redirecting your customer to that URL, you include a set of POST parameters, containing card information, transaction data, and a URL to which your customer is redirected when the 3D Secure authentication succeeds or fails.
