As you may know, PSD2 arrived almost a year ago and is here to stay. Nowadays, it is mandatory for our terminal to have PSD2 active. What happens? That in Redsys it is not active by default; when they create a new terminal, they must configure everything, including everything that represents PSD2.
PSD2 must be active to avoid problems with collections, as if not, cardholders like Visa or MasterCard will not be able to complete their payments, as authentication will not be required, the challenge will not be the correct one, or the flow will not be correct.
This is further aggravated when we use InSite or payment with 1-click, as errors appear on the site itself.
How can we know if we have everything active correctly? It is very simple; although we want to use InSite, we must perform a preliminary test with redirection. In reality, with InSite, it can also be seen, but so many factors come into play that it is better to use redirection for verification.
Since the problem will always occur with cards v2.1 and v2.2 subject to PSD2, we will use a test card of this type, so when we reach Redsys, we will enter the card 4548816131164386 with an expiration date of 12/32 and CVV 123. Once entered, it will take us to the Challenge; when we reach the challenge screen, we will see if our terminal is well configured or not. Be careful, with cards v.1.0.2 this V1 screen should not appear either, only that the payment will not fail.
If it is not well configured, it will show us in red and flashing “V1 Authentication Simulator”
If this appears, we can contact the bank, because they will surely have many clients to pay.
In the case of the v2.2 card I indicated, this screen should appear.
You can clearly see that in the authentication it indicates the version of the card.
If the card is a V1.0.2, we should see the Finanet authentication
You see that it is quite simple to check in the test terminal, and with redirection if everything regarding PSD2 is working or not.
But, how do I know if it is well configured through InSite or tokenization? For this, we will need to pull logs.
Logically, you can check if the logs are active and if it is with my premium plugin for Redsys, I do not know the level of debug that other plugins offer.
Look at this log entering a v2.2 card in a terminal that is not configured correctly:
12-02-2021 @ 12:29:28 - /****************************
12-02-2021 @ 12:29:28 - The XML
12-02-2021 @ 12:29:28 - /****************************
12-02-2021 @ 12:29:28 -
12-02-2021 @ 12:29:28 - <REQUEST><DATOSENTRADA><DS_MERCHANT_AMOUNT>3685</DS_MERCHANT_AMOUNT><DS_MERCHANT_ORDER>100000000058</DS_MERCHANT_ORDER><DS_MERCHANT_MERCHANTCODE>XXXXXXXXXXXXXXX</DS_MERCHANT_MERCHANTCODE><DS_MERCHANT_TERMINAL>1</DS_MERCHANT_TERMINAL><DS_MERCHANT_TRANSACTIONTYPE>0</DS_MERCHANT_TRANSACTIONTYPE><DS_MERCHANT_CURRENCY>978</DS_MERCHANT_CURRENCY><DS_MERCHANT_IDOPER>XXXXXXXXXXXXXXXXXXXXXXX</DS_MERCHANT_IDOPER><DS_MERCHANT_EMV3DS>{"threeDSInfo":"CardData"}</DS_MERCHANT_EMV3DS></DATOSENTRADA><DS_SIGNATUREVERSION>HMAC_SHA256_V1</DS_SIGNATUREVERSION><DS_SIGNATURE>XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</DS_SIGNATURE></REQUEST>
12-02-2021 @ 12:29:28 - $XML_RETORNO 14 IniciaPeticion: SimpleXMLElement Object
(
[CODIGO] => 0
[INFOTARJETA] => SimpleXMLElement Object
(
[Ds_Order] => 100000000058
[Ds_MerchantCode] => 036763159
[Ds_Terminal] => 1
[Ds_TransactionType] => 0
[Ds_EMV3DS] => {"protocolVersion":"NO_3DS_v2","threeDSInfo":"CardConfiguration"}
[Ds_Card_PSD2] => Y
[Ds_Signature] => E0KE/r+s7nNE9G3uXwBXvd6TTM1NDQoG6RV9EwfINxY=
)
)
12-02-2021 @ 12:29:28 - $respuesta: stdClass Object
(
[protocolVersion] => NO_3DS_v2
[threeDSInfo] => CardConfiguration
)
12-02-2021 @ 12:29:28 - $respuesta->protocolVersion: NO_3DS_v2In the first step, we ask Redsys what type of card it is
<DS_MERCHANT_EMV3DS>{“threeDSInfo”:”CardData”}</DS_MERCHANT_EMV3DS>
We do this because we need to know what card it is, as depending on the version of the card, we must proceed one way or another.
In this case, we can see the response $respuesta->protocolVersion: NO_3DS_v2 which tells us it is a NO_3DS_v2. So we are starting off on the wrong foot. There are also many numbers that we may not be able to complete the payment.
If we do the same on a well-configured terminal, we will get the following:
12-02-2021 @ 16:46:42 - /****************************
12-02-2021 @ 16:46:42 - The XML
12-02-2021 @ 16:46:42 - /****************************
12-02-2021 @ 16:46:42 -
12-02-2021 @ 16:46:42 - <REQUEST><DATOSENTRADA><DS_MERCHANT_AMOUNT>10000</DS_MERCHANT_AMOUNT><DS_MERCHANT_ORDER>100000003156</DS_MERCHANT_ORDER><DS_MERCHANT_MERCHANTCODE>XXXXXXXXXXXX</DS_MERCHANT_MERCHANTCODE><DS_MERCHANT_TERMINAL>1</DS_MERCHANT_TERMINAL><DS_MERCHANT_TRANSACTIONTYPE>0</DS_MERCHANT_TRANSACTIONTYPE><DS_MERCHANT_CURRENCY>978</DS_MERCHANT_CURRENCY><DS_MERCHANT_IDOPER>XXXXXXXXXXXXXXXXXXXXXXX</DS_MERCHANT_IDOPER><DS_MERCHANT_EMV3DS>{"threeDSInfo":"CardData"}</DS_MERCHANT_EMV3DS></DATOSENTRADA><DS_SIGNATUREVERSION>HMAC_SHA256_V1</DS_SIGNATUREVERSION><DS_SIGNATURE>XXXXXXXXXXXXXXXXXXXXXXXXX</DS_SIGNATURE></REQUEST>
12-02-2021 @ 16:46:42 - $XML_RETORNO 14 IniciaPeticion: SimpleXMLElement Object
(
[CODIGO] => 0
[INFOTARJETA] => SimpleXMLElement Object
(
[Ds_Order] => 100000003156
[Ds_MerchantCode] => 349567461
[Ds_Terminal] => 1
[Ds_TransactionType] => 0
[Ds_EMV3DS] => {"protocolVersion":"2.2.0","threeDSServerTransID":"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX","threeDSInfo":"CardConfiguration"}
[Ds_Card_PSD2] => Y
[Ds_Signature] => XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=
)
)
12-02-2021 @ 16:46:42 - $respuesta: stdClass Object
(
[protocolVersion] => 2.2.0
[threeDSServerTransID] => XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[threeDSInfo] => CardConfiguration
)
12-02-2021 @ 16:46:42 - $respuesta->protocolVersion: 2.2.0We can now see that the response is $respuesta->protocolVersion: 2.2.0 so the difference is very clear. And we will also see the Challenge v2.2 screen
But there is more. As I said, there are several configurations that must be active on the site, and if any of them are not active, it can cause problems. So it could be that this point was correct and returned that the protocol to be used is 2.2, with which my plugin would start to perform all the steps for protocol 2.2.
In one of the steps, if the terminal were not well configured by our bank, we could encounter this response like this (trimmed):
acctInfo: : {"threeDSInfo":"AuthenticationData","protocolVersion":"2.1.0","browserAcceptHeader":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","browserColorDepth":"24","browserIP":"80.XX.XX.XX",...}}
11-05-2021 @ 13:22:18 - trataPeticion 10: <REQUEST><DATOSENTRADA><DS_MERCHANT_AMOUNT>900</DS_MERCHANT_AMOUNT><DS_MERCHANT_ORDER>100000000136</DS_MERCHANT_ORDER><DS_MERCHANT_MERCHANTCODE>XXXXXXXXXXXX</DS_MERCHANT_MERCHANTCODE><DS_MERCHANT_TERMINAL>1</DS_MERCHANT_TERMINAL><DS_MERCHANT_TRANSACTIONTYPE>0</DS_MERCHANT_TRANSACTIONTYPE><DS_MERCHANT_CURRENCY>978</DS_MERCHANT_CURRENCY><DS_MERCHANT_IDOPER>XXXXXXXXXXXXXXXXXXXXXXXX</DS_MERCHANT_IDOPER><DS_MERCHANT_EXCEP_SCA>LWV</DS_MERCHANT_EXCEP_SCA><DS_MERCHANT_EMV3DS>{"threeDSInfo":"AuthenticationData","protocolVersion":"2.1.0",...}</DS_MERCHANT_EMV3DS></DATOSENTRADA><DS_SIGNATUREVERSION>HMAC_SHA256_V1</DS_SIGNATUREVERSION><DS_SIGNATURE>Ckba7sIir5FtBpCyPRqisFVQaMngw3NPc6MbfBUJjBQ=</DS_SIGNATURE></REQUEST>
11-05-2021 @ 13:22:23 -
11-05-2021 @ 13:22:23 - $XML_RETORNO 13: SimpleXMLElement Object
(
[CODIGO] => 0
[OPERACION] => SimpleXMLElement Object
(
[Ds_Amount] => 900
[Ds_Currency] => 978
[Ds_Order] => 100000000136
[Ds_Signature] => gwkc5JNecdaPp9vuntavjIFg2urNiADau+hB1yv8Gws=
[Ds_MerchantCode] => 124770314
[Ds_Terminal] => 2
[Ds_TransactionType] => 0
[Ds_EMV3DS] => {"threeDSInfo":"ChallengeRequest","protocolVersion":"1.0.2","acsURL":"https://sas.redsys.es/sas/Secure","PAReq":"eJxVUttuwjAM/ZWq7yMXyrjIZOoo0/oQhqDbe5RG0AlSlrRb+fs5UHZ5SOJjW8f2ceChOx6iT+N8Vdt5zAY0jozVdVnZ3Tx+LZ7uJvGDgGLvjMm2RrfOCJDGe7UzUVXOY1d6VXVfyjNlNRsnCUs45YwxOkKLsymllN+zWMA63ZgPAX0tgaUGHMgNIqnTe2UbAUp/POYrMWKUsiGQHsLRuDwT2+VGLtepXG4Wz+mqAHJ1g1VHIxYvcr1Jo7d8mxfpFsjFCbpubePOYswTIDcArTuIfdOc/IyQprVmV+uq9nipw8CaBkhIAPLb1roNlkfCriqFfE/Pslh2MnvtVll+lu+SySz9wjMHEjKgVI0RNzEiNpxxPuM40MUP6hg6EdMBpTjjFcAp1Ej7SAj8dQCq73A5ZzEdT3CSGwLTnWprMAP1/LGhNF7jAP3z2/3iOUisG1Tt76b4EDc1YjwZJ5NkEmS/pATyCvXilA4v7AEACSSk3yjp/wNa//7JN5c+wi4=","MD":"8098f2fb1bf6c7988c026be7944cd61e7231b05f"}Look at the previous code. It is an old log, and I have not found one from v2.2, but it is 2.1 and the problem is the same, so it works well for demonstration. At the beginning, you will see this {“threeDSInfo”:”AuthenticationData”,”protocolVersion”:”2.1.0″... since it is a 2.1 card (I remember that we got this in the first step I showed). But look further down in the $XML_RETORNO 13, we can see that although we are telling Redsys it is a 2.1, it indicates a challenge for a 1.0.2 {“threeDSInfo”:”ChallengeRequest”,”protocolVersion”:”1.0.2″,”acsURL”:… so it is not doing things as it should.
Be careful, the above can happen for two different reasons; one is that you have modified the checkout in some way, and a series of necessary data is not being sent as they could not be obtained, causing a fallback from 2.1.0 (or 2.2) to 1.0.2. And the second reason is an error in the Redsys configuration.
And you may be wondering, how do I request this from Redsys to avoid problems? You should request 3 things; two are actually the same, but there are banks that understand it differently. You must request:
- Activation of PSD2
- Activation of EMV 3DS protocol.
- Activation of PSD2 Flow.
If they activate the above correctly, you should not have problems with any type of card, neither in redirection, nor in InSite, nor with payment with 1-click. If something is not correct, your clients will have errors.
I personally do not quite understand why this is not active by default in Redsys and must be activated manually, but it is like that, and we must be attentive.
You know that as a user of my premium plugin, you have support, and it includes installation, configuration, and testing, and on many occasions, I enter email threads with Redsys, as it is the fastest way to solve it. So even though you have an explanation of everything here, open a ticket and I will help you without problems.
