3D Secure – Works with the plugin?

Kevin,

I don’t have idea on stripe + 3Dsecure

Does stripe has any doc to it I will have to check and see what it takes for 3D secure

Currently it doesn’t support

Thank s

Hi we love your plugin but we would also like to use the 3d secure option that stripe provide i can eee from an earlier post you requested the docs so i have pasted them below.

many thanks
Damien

3D Secure Guide Beta

3D Secure provides an additional layer for authenticating cardholders. Stripe users can implement 3D Secure to protect themselves from liability for fraudulent transactions.
Supported cards & countries

Stripe currently supports 3D Secure for Visa and Mastercard.

This API can be used by merchants in Europe, Australia, Canada, and the United States.
General Flow

There are several steps involved in a 3D Secure transaction.

First, you initiate a 3D Secure transaction from a stored card or a card token. This will return an ID that you will use to create the charge, and a URL that you will use to authenticate the cardholder.

Second, you direct the cardholder’s browser to the URL you received. Typically this is done by opening the URL in an iframe (described below), or by redirecting the entire page (described below). After authentication completes, Stripe returns the result of the authentication.

Third, you create a charge using the 3D Secure object as your source parameter.
Deciding whether to use 3D Secure

Although using 3D Secure helps prevent fraudulent charges and improves decline rates with certain card issuers, 3D Secure does add extra steps to the checkout process, which can be a suboptimal user experience.

You might find the right balance by only using 3D Secure when the charge will be declined without it.

You can check the three_d_secure supported property on a card objects (on a customer object, or on a card token API response). If its value is “required”, then it is likely that this card will decline charges that do not use 3D Secure.
Example: Authenticating in an iframe using Stripe.js
Step 1: Initiating a 3D Secure transaction

If you are initiating 3D Secure from a card stored on a customer object, you need to initiate the 3D Secure object server-side as described in the API docs.

If you are initiating 3D Secure using a card token, you can use Stripe.js:

Stripe.threeDSecure.create({
card: “tok_EiVqH64tfMyVOLOYmqGknPL1”,
amount: 1099,
currency: ‘eur’,
}, callbackFunction);

The first argument to threeDSecure.create is a JavaScript object containing:

card: the ID of a card token
amount: the amount of the charge you are going to make
currency: the currency of the charge you are going to make

The second argument to threeDSecure.create is a callback that you provide to handle the result of the lookup. When the lookup is complete, it will be called with 2 arguments:

status: an HTTP status code
response: a 3D Secure object, as described in the API docs

If the result object’s status is redirect_pending, you should continue with Step 2 to authenticate the cardholder.

If status is succeeded, it is not possible to authenticate the cardholder, but you will not be liable if the cardholder reports that the transaction was fraudulent. There will be no redirect_url, and you can skip directly to Step 3.

If 3D Secure is not supported for this card (or if there is some other failure), the API will return an error. If desired, you can continue without 3D Secure by creating a charge from the card or card token.
Step 2: Authenticating the cardholder

Stripe.threeDSecure.createIframe(redirectUrl, container, callbackFunction);

This will insert an iframe containing an authentication page for the cardholder’s bank into your page, and register a function to be called when authentication completes.

The first argument to threeDSecure.createIframe is the redirect_url obtained from the 3D Secure object in Step 1.

The second argument to threeDSecure.createIframe is the ID of the DOM element that you would like to insert the iframe into, or the DOM Element itself.

The third argument to threeDSecure.createIframe is a callback that you provide to handle the result of the authentication. When authentication is complete, it will be called with 1 argument:

result is a JavaScript object with 4 properties:
id: this is the ID of the 3D Secure object created in Step 1.
status: this can be “succeeded” or “failed”
authenticated: true or false, indicating whether the cardholder was authenticated
error_code: null unless status was “failed”

If the result object’s status is succeeded, you should continue with Step 3.

If the result object’s status is failed, you may display an error, or decide to continue without 3D Secure, by creating a charge from the card or card token.
Step 3: Completing the charge

Once the 3D Secure object is in state succeeded, you can charge it like you would charge a card:

curl https://api.stripe.com/v1/charges \
-u sk_test_d7FJsBgl6KEHjW80q0SWOzYm: \
-d source=tds_CtjIcCARJL3spTcXUx7YYOEW \
-d amount=1500 \
-d currency=gbp

This will charge the card that was passed in Step 1.

If the 3D Secure object that is passed in is not in state succeeded (e.g. if authentication was not completed, or if the cardholder failed authentication), this request will fail with an invalid_request_error.

If the amount, and currency (and customer, if present) do not match the values that were passed in Step 1, this request will fail with an invalid_request_error.

Once the charge has been made, it is not possible to make another charge from this 3D Secure object.
Testing 3D Secure

Most test cards will always return status: “succeeded” without going through the full flow, but you can use these cards in test mode to test the full 3D Secure flow:

4000000000003055: all transactions on this card will succeed
4000000000003063: only successful 3D Secure transactions on this card will succeed

Advanced: Full-page redirect

If you do not want to display the bank’s authentication page in an iframe, you can redirect the whole page.
Step 1

First, initiate a 3D Secure transaction with the return_url parameter. You can do this with the Stripe.js function Stripe.threeDSecure.create as described above, or from the server side:

curl https://api.stripe.com/v1/3d_secure \
-u sk_test_d7FJsBgl6KEHjW80q0SWOzYm: \
-d card=tok_189fBz2eZvKYlo2CdKhUJ5IM \
-d amount=1500 \
-d currency=gbp \
-d return_url=”https://example.org/continue-checkout”

The Stripe response will contain a status property and a redirect_url property, as described above.
Step 2

Next, redirect the cardholder’s browser to the issuer’s 3D Secure server. The redirect must be performed with a POST request. The simplest way to do this is with HTML like:

<html>
<body onload=”document.autoRedirect.submit();”>
<form name=”autoRedirect” method=”POST” action=”[redirect_url from response]”>
</form>
</body>
</html>

Upon redirection, the cardholder will go through the issuer’s 3D Secure authentication process.
Step 3

When the issuer’s authentication process has completed (with success or failure), the cardholder’s browser will be redirected to the return_url you provided in Step 1, using an GET request.

This request’s URL will include a status parameter indicating the status of the cardholder’s authentication. Its value will be either succeeded or failed.

If status is succeeded, continue with Step 4.

If status is failed, an error_code parameter will be present. At this point you can abandon the charge, or continue without 3D Secure.
Step 4

Complete the charge as described above.