Thread: Phone orders and 3D Secure

A general question to developers and store owners. How are you handling Phone Orders when you have 3D Secure enabled in your payment gateway?

As a store owner, you want to capture all of your orders in one place (ideally ASPDNSF) but you dont want to be asking Customers for their 3D Secure password when on the phone.... (and in v9, the 3D Secure window doesn't appear to work correctly when in phone order entry mode).

Typically, I understand the usual approach is...

1. Take MOTO (MailOrder / Telephone Orders) offline using a virtual terminal from the payment provider (e.g. SagePay)
or
2. Have a different merchant account id for phone orders with 3D Secure switched off.

Neither of these are ideal, in the first instance you'd need to get these orders into ASPDNSF or at least consolidate them. In the second, ASPDNSF can't support multiple payment routes for phone/non-phone orders.

Any advice appreciated.

Adam

Just looking through old posts, the recommendation seems to be to make a code change to allow payment by COD or Purchase Order at checkout *if* the order is being made under impersonation mode.

This allows the order to go through but needs the Customer's payment to be collected offline.

Is this still the best solution to recommend to our Store owner clients?

impersonation will never work !

3D auth cant be done through the impersonation feature....it's been VERY badly thought through by the dev team (sorry !)

waste of time....just ignore it if you're going to be using 3D secure

Good Morning, Compatriots

I really want to add corrections to our workload to honor the needs of the UK (and other locales that are suffering). We are challenged enough to "just" understand the US issues and it would REALLY help if you could please contact me with your suggestions (can you shoot for words of one syllable as a starting point? assume that we are thick as [insert thick word here]) and tell us what we need to do. Can you please do that by email at jo@aspdotnetstorefront.com? That way I can make sure that we take your needs very seriously. And, incidentally, if you can identify what we need to improve in version 8 and separately in version 9, that would be fantastic. I hope you don't mind me putting the burden of identification on you, but it'll make it far more likely that I can start to make improvements.
Thanks.

Hi Jo,

In response to your request for info regarding product deficiencies, I've yet to speak to a developer who doesn't tell me how poorly crafted the phone order system is. Several mention they're considering writing their own etc. because making ASPDNSF's work is, in most cases, impossible.

Phone order / impersonation process is a key business function requirement of ours and one of the key factors in purchasing ASPDNSF. Now, after 18 months and $75k of development I'm being told that, for the most part, this key function doesn't work.

I suppose, if this long promoted function of the cart doesn't work, and the developer forums show lot's of discussion on this matter with ASPDNSF staff further confirming the issue with this feature, all I'm left with is to scrap the project on this platform and take action against ASPDNSF for cost as well as loss of income for prolonged development and re-development time.

Now, that should push this issue with phone order / impersonation right to the top of the heap.

Thanks

Jim

Originally Posted by ChuteDr

I suppose, if this long promoted function of the cart doesn't work, and the developer forums show lot's of discussion on this matter with ASPDNSF staff further confirming the issue with this feature, all I'm left with is to scrap the project on this platform and take action against ASPDNSF for cost as well as loss of income for prolonged development and re-development time.

Don't be ridiculous!

Of course it works - although it may not work the way you want it to.
It does however work in exactly the same way as when you had your free trial before you bought anything.


TTFN

(a slightly bemused) BFG

Just me chipping in again.

As BFG says, the phone order system does work. We just have issues with it in the UK when combined with the 3D Secure system because it currently pops up a 'whats your card password' screen at checkout.

What we've done for the time being is to detect if a phone order is being processed during checkout and if it is, present the admin with a purchase order payment option.
Instead of a PO number, they enter the transaction reference from the SagePay virtual terminal (where they've taken the payment).

Not ideal because they have to enter the customer details twice but it has allowed the project to launch.

As a next step, we plan to develop a full 'MOTO' system into the ASPDNSF Sagepay payment gateway that detects if a phone order is being processed and if it is, flags the payment as a telephone order and switches off 3D Secure for that transaction.

Luckily, SagePay's API supports this model so it *should* work - I'll report back once we've got around to coding it.

Adam

They are hoping to implement a new type of online security to replace 3D Secure.

Your card will have a small LED screen and keypad. When purchasing online you will be asked for your random code.

You type your pin on the card and a random string is displayed on the card. This could be read out over the phone or entered online.

Hopefully this will come sooner than later. 3D Secure is a real pain, the only way we get around it is taking the order online and selecting "Customer services to contact me" then using the SagePay terminal.

Be interesting to see where webopius gets with the turning off 3D Secure for phone orders.

We had the same problem. Now all fixed once our developer got his head around it. All you have to do is post an "M" to Sagepay M = MOTO transaction. When taking a telephone order and you will not be presented with the 3D screen. You do need to have a MOTO account setup along side your E commerce account with Sagepay, but that only takes a few days to setup. Remember it will still fail even though you are posting an “M” if you don’t have a MOTO account.

yeah thats a cute way DaveW......wishlist pls !??!

Sorry for the delay in responding... a progress update.

We've modified the v9 SagePay gateway so that it can detect if the Customer is being impersonated (in a phone order) and it now sends account type = "M" (MOTO Transaction) to SagePay rather than the standard "E" (eCommerce transaction).

...and it appears to work.

During checkout, phone orders no longer popup the 3DSecure window asking for the customer's card password.

The only situation this still can't handle is the Ad-Hoc charge screen which still asks for 3D Secure (because of course the Customer isn't being impersonated). What we might do here is simply check if the current customer is an Admin and disable 3D Secure but this probably needs to be improved to deploy generally.

We've tested this in our dev environment using our SagePay test accounts and will move this to live tomorrow. I'll let you know if we discover any problems.

Adam