How to Proceed 3D Secure transactions for cards that are stored in Vault using BrainTree API

0
votes

I have tried braintree API into my Dotnet webform application and was able to create transactions successfully. Now i got stuck up in one of the issues of setting up transactions for 3D secure verification for Cards that are stored in Braintree Vault.

In the API they have mentioned to pass the NONCE FROM SERVER and amount from Client side to verify the transaction. But however im unable to get that link. Also im very much confused in accessing Liability Shifted concept. Can i have better explanation on this?

I have gone through the API very thoroughly but unable to figure out this issue.

My Requirement: I need to create 3DSecure transactions within my applications for cards that are enabled for 3D Secure. How ever if a customer did not enable 3D secure i should be able to complete the transaction.(This i understood by passing 3D Secure - Required attribute to false from server side) Now i also need to save the card details in Vault for Saved Cards Section. So when im trying to invoke the 3DSecure for Saved cards section the response.nonce that was generated from Client side is same the Nonce that was generated at Server side. So it says NONCE ALREADY USED.

So please help me in this regard. Thanks in advance.

Srikanth

1
asp.netbraintree

1 Answers

1
votes

I work as a developer at Braintree. If your server and client side code are integrated properly the nonce returned by the verify3DS() method on the client should be different than the one originally generated on your server.

SERVER SIDE: Generate a payment method nonce on your server using the payment method's token.

// Generate a nonce for the payment method on your server

var result = gateway.PaymentMethodNonce.Create("PaymentMethodToken");
var nonce = result.Target.Nonce;

Note: I'm working on including code snippets like this in our documentation to prevent confusion in the future about how to generate nonces on the server.

CLIENT SIDE: Use nonce from the server to verify card. Then use nonce from the client to complete transaction.

var paymentMethodNonce = 'nonce_from_server';

client.verify3DS({
  amount: 500,
  creditCard: paymentMethodNonce
}, function (error, response) {
  if (!error) {
    // 3D Secure finished. 
    // Use nonce in response to create transaction. This should be different from the nonce created on your server.

    // console.log(response.nonce);
  } else {
    // Handle errors
  }
});

As for your question about Liability Shift, the 3D-Secure protocol can shift the liability of fraud from you as a merchant to card issuers depending on which parties participate in 3D-Secure.

The response object in the callback contains details on whether liability is shifted or whether a liability shift is possible for the given payment method. 

client.verify3DS({
  amount: 500,
  creditCard: paymentMethodNonce
}, function (error, response) {
  if (!error) {
    // Response will also include liability shift details for you to use

    // console.log(response.verificationDetails);
  } else {
    // Handle errors
  }
});

I recommend revisiting the documentation on what to do with the liability shift response values. Hope that helps!