How To Leave Open Orders Not Passed Through 3D Secure

So a fraudster has slipped through the net with my colleague releasing a payment for a medium value order that was red flagged in sagepay.

I see in CSCart the response details show the following (Address: NOTCHECKED + 3d secure: ATTEMPTONLY)

Payment processor response
Status: 0000 : The Authorisation was Successful. (OK) (AVS/CVV2: {SECURITY CODE MATCH ONLY}) (Address: {NOTCHECKED}) (PostCode: {NOTCHECKED}) (CV2: {MATCHED}) (3D Result: {ATTEMPTONLY})

So there must be a way to configure the cart to automatically cancel this order or leave it as open as it is clearly a fraud transaction? It set it as processing and sent the emails, which did not help the situation on a busy day back after Chrismas.

Thanks - Ad

What payment processor do you use in your store?

sage pay direct. I'm assuming I can access these return variables and and edit the response in the script accordingly?

Yes, please edit the following file:


At the bottom you can find how the $pp_response array is generated depending on the received response.

Thanks, simple and effective mod:


$pp_response[‘order_status’] = ‘P’;


if ($response[‘3DSecureStatus’] == ‘OK’) {
$pp_response[‘order_status’] = ‘P’;
$pp_response[‘order_status’] = ‘A’; //Fraud Checking
//end mod

Thank you for sharing this information