Magento 1.x Security Patch Notice
For Magento Open Source 1.5 to 1.9, Magento is providing software security patches through June 2020 to ensure those sites remain secure and compliant. Visit our information page for more details about our software maintenance policy and other considerations for your business.
3D Secure Credit Card Validation
Magento Open Source includes the option to use 3D Secure authentication for payment transactions made with Authorize.Net. Cardinal Centinel® is the company that provides the 3D Secure Credit Card Validation service.
During checkout, the customer is prompted to enter a secret code that is assigned to the card, which is then used to confirm the identity of the cardholder. The bank also provides additional data elements to confirm the cardholder’s identity. The service provider arranges the communication between the banks and payment systems. 3D Secure authentication can be used for orders placed from the store, or from the Admin.
Customer Workflow
During the checkout process, the customer selects the Authorize.Net payment method, enters the credit card information, and clicks the Continue button. During Order Review, the bank that issued the credit card displays a form to verify the customer’s identity. Depending on the bank’s requirements, the customer might be required to enter a secret code, log in to an account, or complete another activity.
After submitting the form, the customer is returned to Order Review. The customer clicks the Place Order button. If the authentication succeeds, the customer proceeds to the order confirmation page. If the authentication fails for any reason, an error message appears and the customer can select another payment method or try again with Authorize.Net.
Admin Workflow
When creating an order from the Admin that uses 3D Secure with Authorize.Net, a form appears with the fields to enter the credit card information, and a Start/Reset Validation button. After you complete the credit card information, and click the Start/Reset Validation button, the bank that issued the credit card displays a form to verify the customer's identity. Depending on the bank’s requirements, you might be required to enter a secret code, log in to an account, or complete another activity on behalf of the customer. If successful, a message indicates that the transaction has been validated, and you can proceed with the order.
3D Secure Authentication from the Admin
Step 1: Complete the 3D Secure Configuration
| 1. | On the Admin menu, select System > Configuration. Then in the panel on the left, under Sales, select Payment Services. |
| 2. | Click to expand the 3D Secure Credit Card Validation section. Then, do the following: |
| a. | Enter the following credentials that are required to connect to the Cardinal Centinel system: |
- Processor ID
- Merchant ID
- Password
| b. | To test 3D Secure Validation before going live in the store, set Test Mode to “Yes.” |
| c. | To save a log file of all interactions between your server and the Cardinal Centinel system, set Debug Mode to “Yes.” |
| 3. | When complete, click the Save Config button. |
Step 2: Enable 3D Secure for Authorize.Net
| 1. | On the Admin menu, select System > Configuration. Then in the panel on the left under Sales, select Payment Methods. |
| 2. | Click to expand the Authorize.Net section, and scroll down to the 3D Secure section. Then, do the following: |
| a. | Set Enable 3D Secure Card Validation on Frontend to “Yes.” |
If you are use Magento Secure Payment Bridge, you can ignore the additional settings.
| b. | In the Severe 3D Secure Card Validation field, specify if you want severe validation to be applied to credit card purchases made through the Centinel system. Severe validation removes merchant liability for any chargebacks that may occur. |
| c. | In the Centinel API URL field, enter the URL that was provided by Cardinal Centinel to establish the connection with their system. |
| 3. | When complete, click the Save Config button. |