User Manager *** * *

* Welcome Page * ** */ Purpose /* - The 'Active Session' tab reflects who is logged in and provides the menu options which the logged in user is able to access or use.

* Login * ** * Purpose * - To log in to the secure BackOffice Website, login credentials are emailed to the merchant during the take-on process by the acquirer. * Action: * User Group - enter your Billing Details ID User Name - type in Administrator if you are the administrator or the username for the profile that was created. Password - this is the Administrator password sent to you with the Billing Details ID by email. Copy and paste it from the email.

3D Secure

3D Secure * ** 3D secure is an EMVCO standard which is made up of 6 major card brand networks, allowing merchants to accept and process authenticated online transactions by cardholders with their bank prior to the actual authorization of the payment. Through the iVeri Gateway, the following 3D secure authentication services from the card schemes are supported Verified by VISA (VbV), SecureCode by Mastercard,  SafeKey by American Express,  UPOP by UPI Protect Buy by Diners SPA Also, important to note, the Gateway currently supports two version of 3D secure – 3D secure V1.x and 3D Secure V2.x, support however is subject to acquirer and regional mandates where the Gateway has a footprint. Merchant Benefits * Acceptance of authenticated transactions via 3D secure deters unauthorized card use.

3D Secure

3D Secure * ** 3D secure is an XML-based security protocol for online credit and debit card transactions. 3D Secure adds an authentication step for online payments, making it possible for cardholders to authenticate their online transactions with their card issuers, using a password or OTP. Benefits of using 3D secure * Reduces fraudulent debit & credit card transactions processed through online platforms Gives the merchants and acquiring bank liability protection 3D secure providers * CyberSource Bankserve 3D secure with iVeri * High: 3D secure – If a merchant is deemed high risk, the acquiring bank can set merchants on this level. Merchants that want lowest possible risk can also opt for this level. Medium: 3D secure/attempted- This option gives merchants a broader reach in the cards the

3D Secure 2 implementation using the Form Post

3D Secure 2 implementation using the Form Post * ** Merchant can POST Form variables to the 3DS 2 endpoint, which is redirect over the browser. On completion of the 3D secure process, the Gateway will return the result to the merchant ReturnURL. The result returned to the merchant will either allow for the continuation of the Authorisation/debit instruction or result in the termination of the transaction by the merchant to the customer. Format: Form Data Form Post request Sample * <form name="Form1" method="post"action="https://portal.iveri.net/threedsecure/EnrollmentInitial" id="Form1"> <input type="hidden" name="ApplicationID" id="ApplicationID" value="{ca8a6eae-a469-4b39-bef3-aa029ca3a806}" /> <input type="hidden" name="ReturnUrl" id="ReturnUrl" value="https://[domain]/Lite/Result.asp"

3D Secure 2 implementation using the Pop-Up Method

3D Secure 2 implementation using the Pop-Up Method * ** Mandatory Requirements * Merchants can use the from the Gateway or they can build their own:* jQuery =  [portal domain]/scripts/jquery/js/https://jquery.min.js/ Bootstrap = [portal domain] /scripts/jquery/js/https://jquery.tdsbox.js/ Step1:*  Initialize the popup Include the following javascript code on your webpage that you want to initiate 3DS from: $(document).ready(function () { tdsboxInitialise('[portal domain]', tdsboxComplete); }); Step2:  *Load the popup and shows the modal dialog function loadModal() { var jsonObject = { ApplicationID : $("#ApplicationID").val(), MerchantReference : $("#MerchantReference").val(), Amount : $("#Amount").val(), Currency : $("#Currency").val(), PAN : $("#PAN").val(), ExpiryDate : $("#ExpiryDate")

3D Secure 2 Test Cases BY 3D secure Vendor/MPI

3D Secure 2 Test Cases BY 3D secure Vendor/MPI * ** The MPI test cases that should be used are depended on the acquiring bank that holds the merchant agreement or PSP that will be processing the payments on the Gateway on behalf of the merchant Things to note about the test cards:* CVV not required Expiry must be current or future date BANKSERV * Frictionless Full authentication * Scenario 1 * Authenticated Frictionless Transaction * Test Values * Visa*:4069425217889137 MC:*5163426869252246 DINERS*:36135230403232 Expected results - Lookup * EnrolledStatus: Y paresTxStatus: Y TDS2.transStatus: Y ECI (Visa): 05 ECI (MCI): 02 ECI (DINERS): 05 PARESVERIFIED: true PROTOCOL: 3DS 2.1.0 MD_STATUS: 1 MD_ERROR_MESSAGE: Authenticated Action:  Merchant should proceed with the authorization message Not

3D secure transaction process flow

3D secure transaction process flow * ** Cardholder is on the merchant’s checkout page, ready to pay for their order. They will input and submit their card details on the payment page hosted by the Gateway. The Gateway will proceed to check if the card in use is enrolled in 3DS by sending a request to the Directory Server. Directory Server will respond with enrollment status. Considering the response is positive and the card is enrolled for 3DS,  The Gateway will redirect to the issuer ACS for authentication The ACS will prompt the cardholder to insert and submit OTP/Password/credential(etc.) Considering the authentication was successful, the response is returned to the gateway to confirm successful authentication Gateway then forwards the transaction details to the acquirer for authorizati

3DS 2 Parameters

3DS 2 Parameters * ** Response Parameters * Parameter * Description * Merchant ReturnUrl Mandatory: The URL which the Gateway will post return response parameters to ApplicationID Mandatory: Merchant Application ID generated upon the creation of the merchant profile on the iVeri Gateway MerchantReference Mandatory: A merchant generated identifier that is unique within a specified time that identifies a transaction sequence. Amount Mandatory: The total value of the transaction in the smallest unit of the currency specified (eg in cents) Currency Mandatory: The ISO 4217 currency code of the value of the transaction. e.g., USD or ZAR or GBP PAN Mandatory: Card number used for transaction ExpiryDate Mandatory: The last month of the validity period of the card, formatted as MMYY or   MMYYYY Car