for i in infinity

Introduction

What is 3D secure?

3D Secure is a latest initiative for fraud prevention launched by Visa and MasterCard. 3D Secure adds additional password authentication step to complete the online transactions. A detailed introduction is available at http://www.sagepay.com/developers/industry_knowledge/3d_secure.asp.
This tutorial is a guide to set up a Ruby on Rails test environment for 3D Secure payment transactions using ActiveMerchant plugin.

And why should we care?

3D Secure is becoming an industry standard and it is mandatory for processing Mastero card payments. Also, the deadline for 3-D Secure mandate (United Kingdom) for Maestro transactions is January 31st, 2010 and we want to make sure our applications are compliant by that date.

How does it work?

Fig 1: 3D Secure transaction

Setup

1. Patch ActiveMerchant plugin

To get this working, apply this patch to add 3D Secure support for SagePay gateway. The patch is taken from http://github.com/tekin/active_merchant, however it is modified for SagePayGateway instead of ProtxGateway. Alternately, you can use http://github.com/dynamic50/active_merchant to follow this tutorial.

2. Set up SagePay simulator environment

Apply for a simulator account at https://support.sagepay.com/apply/. The registration process is instant and the support team is quick in responding to your queries. Once your account is created, log on to configure the simulator for direct messages.

Clicking on the “Direct” button takes us to Direct Options and parameters admin page.

Set response for authorization POSTs to 3DAUTH as shown below. In short, we are forcing the response for all validate requests to be 3DAUTH.

http://whatismyip.com for help.

Also, select the “Simulate Direct” checkbox.

In config/environments/development.rb

Make a note that test and simulator are different environments for SagePay payment gateway.

3D Secure Payment Transaction

A typical 3D secure transaction works in four steps as shown in Fig 1. Initialize the gateway and a dummy valid credit card:

Step 1: Authorize

Note: the amount is in pence and order_id can be any unique identifier for your transaction.
The response of this request gives us the PAReq, MD and ACSURL values:

@three_d_secure=true and @success=false imply that we need to complete the 3DSecure authorization first.

Step 2: 3D Authorization

To initiate the 3D Secure authorization, we should post PAReq, MD and the callback url (TermURL) to ACSURL.
We can do it using curl command as:

The response is a html page, captured in temp.html. Edit it and pick up the VPSTxID.
The simulator allows us to send different responses for multiple scenarios. We assume that we have entered correct password and we want to simulate a successful 3D transaction. In this case, we respond to this action by clicking the ‘OK’ button.
This can be done as:

Essentially, we have simulated a “correct 3d password submit” action. The gateway should return a PARes token (for the initiated PAReq value) which can be found out from temp.html.

Step 3: Complete 3D authorization

On the console, call:

The response should be similar to:

@message=”Success” confirms that the 3D authorization was successful. As a last step, we need to complete the transaction by capturing this payment.

Step 4: Capture Payment

SagePay requires you to remember the order_id that you used to initiate the authorization. Get the authorization code from previous response and prefix it with the order id.

Ex: =”a6f8c776ac58dcf08;{FB448BBF-CB72-414A-B293-316004162EEB};6598;OUWEBUCWL3;three_d_complete”
Where order_id=’a6f8c776ac58dcf08′

The aim of this tutorial was to demonstrate a 3D secure payment transaction with details of the tokens exchanged between gateway and the client application. On these lines, we can extend rails support for other gateways to handle 3D Secure authentication. Please leave your comments with suggestions or issues.

Here is a snippet to parse a given http response into plain text. Basically it removes html tags, css blocks, script tags and yield visible text elements as seen in browser.

Gives:

I am starting a series of posts dealing with blockers at work. Here is the first one using gem bundler on Snow Leopard and mysql Mac OS X 10.5 (x86_64) version.

Command:

Error:

Solution:
Compile the bundled mysql gem with correct options. That is, locate your mysql_config and create a bundler_config.yml in application root dir.

Run:

This is a quick guide to set up auto_complete text fields in forms rendered by ActiveScaffold plugin.
I am not a huge fan of ActiveScaffold, but found these steps worth publishing after doing this for one typical project requirement.

1. Models

2. Install ActiveScaffold and AutoComplete Plugins

3. Controller Configuration

This renders a drop down list for country field, instead of the default create/replace form. However, we need to render an auto completing text box for which we need to replace the form column.

4. Form column override

Next step is to override the form column. Create a file named _country_form_column.html.erb in app/views/cities folder.

The second option :method => :get is needed to avoid the InvalidAuthenticityToken error generated by the ajax post request.

5. Since the form now returns country[name] instead of record[country_id] in params, we need to assign country object before creating city record. The CitiesController finally looks like:

Having tweetdeck open on same workspace often cause distractions during work. This even made me to abstain from using twitter for last two weeks. Now I have a setup of a special device for twitter in the form of Mimo 740 7″ Touchscreen monitor. I was impressed with the features packed in this device and that too in affordable price (150£). Although the mimo website shows ‘out of stock’ for this model, it is still available for sale on amazon and play.

I have always loved adding monitors to my notebook, but this model offers features of more than just a monitor. I find it most suitable as a secondary monitor for my macbook, dedicated for tweetdeck. The best part is, you need not worry about video cards and graphic ports for your machine, as it connects using the standard USB port (without using external power supply) and works with XP/Vista/OSX. The user experience with the touchscreen is decent but certainly not comparable to that of iPhones. You can switch between replies/direct messages/facebook status updates, scroll the tweet list by dragging the scrollbar using the touch features. The main drawback is the size of UI controls with the traditional desktop applications (button size, scrollbar width etc) which make it slightly difficult to control using fingers.

The inbuild mic and camera helps to configure it as a portable skype device (of course with cords), which can be kept away from the computer and controlled using touch screen. Some more applications, which I found appropriate for use on this device are youtube (in full screen mode), a dedicated console/terminal while coding, Colloquy for IRC, iChat, etc. It would be interesting to see how people build applications targeted for such touch enabled devices to enrich the user experience for commonly used services.

Follow me on twitter!