Global Iris

26 views
Skip to first unread message

Luke Plant

unread,
Feb 18, 2014, 10:05:38 AM2/18/14
to django-...@googlegroups.com
Hi all,

I'm implementing a gateway for "Global Iris", which I will submit as a pull request to django-merchant fairly soon. It's used by HSBC in the UK, documented here:


There are two components:

* "RealAuth" - this fits perfectly as a gateway, and I've implemented it as such.

* "RealMPI". This is an implementation of "3D secure" (also known as "Verified by Visa", or "SecureCard") that integrates with "RealAuth". To summarise, before authorising a payment using a gateway, you redirect the user to a site run by their own bank where they have to put in (part of) their password to verify the transaction. They are then redirected to the ecommerce site which proceeds with the transaction (after verification etc). The motivation is to shift liability for fraud and chargebacks from the merchant to the card issuer.

I would like to add RealMPI to django-merchant, as well as RealAuth. It doesn't fit into the 'gateway' model, but, despite the fact that it doesn't actually process payments, it does fit into the 'integration' model quite well. The only difference is that once it succeeds, the payment hasn't been made - rather, you are safe to proceed with the gateway authorisation.

Let me know if you think there is a better way to approach this.

Also, my patch will use lxml, as it provides a much nicer way to handle XML than minidom.

Regards,

Luke

Thejaswi Puthraya

unread,
Feb 18, 2014, 11:16:38 AM2/18/14
to django-...@googlegroups.com
Hi Luke,

On Tue, Feb 18, 2014 at 8:35 PM, Luke Plant <l.pla...@cantab.net> wrote:

[snipped]

> * "RealMPI". This is an implementation of "3D secure" (also known as
> "Verified by Visa", or "SecureCard") that integrates with "RealAuth". To
> summarise, before authorising a payment using a gateway, you redirect the
> user to a site run by their own bank where they have to put in (part of)
> their password to verify the transaction. They are then redirected to the
> ecommerce site which proceeds with the transaction (after verification etc).
> The motivation is to shift liability for fraud and chargebacks from the
> merchant to the card issuer.

This sounds similar to Stripe.js. From their docs at [1]:
"""
With Checkout, you never have to handle sensitive card data. It's
automatically converted to a token which you can safely send to your
servers and use to charge your customers. In other words, the card
isn't charged on the client-side; we send a token representing the
card data to your server, which you can then charge.
"""

[1] https://stripe.com/docs/tutorials/checkout#tokens

>
> I would like to add RealMPI to django-merchant, as well as RealAuth. It
> doesn't fit into the 'gateway' model, but, despite the fact that it doesn't
> actually process payments, it does fit into the 'integration' model quite
> well. The only difference is that once it succeeds, the payment hasn't been
> made - rather, you are safe to proceed with the gateway authorisation.

Please check [2] and [3]. You can observe in [2] that we invoke the
gateway to complete the transaction after we have received the
authorization token. So, I think the RealMPI will be a mix of an
integration and the RealAuth gateway and will require the user to
subclass a method to implement his flow. Mentioning this in docs and
having an example should hopefully suffice.

[2] https://github.com/agiliq/merchant/blob/master/billing/integrations/stripe_integration.py
[3] https://github.com/agiliq/merchant/blob/master/example/app/integrations/stripe_example_integration.py

>
> Let me know if you think there is a better way to approach this.
>
> Also, my patch will use lxml, as it provides a much nicer way to handle XML
> than minidom.

As long as it is documented, there is no problem with bundling
external dependencies.

Looking forward to your pull request.

--
Cheers
Thejaswi Puthraya
http://thejaswi.info/
Reply all
Reply to author
Forward
0 new messages