How To Leave Open Orders Not Passed Through 3D Secure

amdowney · January 22, 2016, 12:00am

So a fraudster has slipped through the net with my colleague releasing a payment for a medium value order that was red flagged in sagepay.

I see in CSCart the response details show the following (Address: NOTCHECKED + 3d secure: ATTEMPTONLY)

Payment processor response
Status: 0000 : The Authorisation was Successful. (OK) (AVS/CVV2: {SECURITY CODE MATCH ONLY}) (Address: {NOTCHECKED}) (PostCode: {NOTCHECKED}) (CV2: {MATCHED}) (3D Result: {ATTEMPTONLY})

So there must be a way to configure the cart to automatically cancel this order or leave it as open as it is clearly a fraud transaction? It set it as processing and sent the emails, which did not help the situation on a busy day back after Chrismas.

Thanks - Ad

ecomlabs · January 22, 2016, 12:00am

What payment processor do you use in your store?

amdowney · January 22, 2016, 12:00am

sage pay direct. I'm assuming I can access these return variables and and edit the response in the script accordingly?

ecomlabs · January 25, 2016, 12:00am

Yes, please edit the following file:

app/payments/sagepay_direct.php

At the bottom you can find how the $pp_response array is generated depending on the received response.

amdowney · February 2, 2016, 12:00am

Thanks, simple and effective mod:

Changed: 
$pp_response[‘order_status’] = ‘P’;
to:
//mod

if ($response[‘3DSecureStatus’] == ‘OK’) {

$pp_response[‘order_status’] = ‘P’;

}

else

{

$pp_response[‘order_status’] = ‘A’; //Fraud Checking

}

//end mod

ecomlabs · February 3, 2016, 12:00am

Thank you for sharing this information