Sagepay direct upgrade 4.0 does not open 3d secure page in live mode

Question

I am upgrading sagepay(opayo) direct from 2.23 to 4.0. After upgrade 3d secure page is not opening in live mode.

I have used sagepay direct mode. After giving the card details got the "Status=3DAUTH". Then i redirect to another page where 3d secure page will open in an iframe.

In Test mode checking: After full implementation i have tested in test mode. In test mode "challan" page came up successfully and its successfully authenticated. And payment successful.

Test In live Mode: When i test in live mode with soldo virtual card its successfully open the 3d secure page. After approve the payment from soldo app, payment is successfull. And its done.

Now when i try amex card it shown 3d secure page loading screen and then given below error.

Oops ! An error occurred!!!
Internal processing Error..!!!

Now i have tried to do payment in master card. In this case when i redirect to 3d secure page. No thing is showing in iframe. And its stuck.

I have sending below params when trying to 1st call

$strPost = $strPost . "&Apply3DSecure=0";
$strPost = $strPost . "&AccountType=E";
$strPost = $strPost . "&BrowserAcceptHeader=text/html,application/xhtml+xml,application/xml&BrowserColorDepth=24&BrowserJavaEnabled=1&BrowserJavascriptEnabled=1&BrowserLanguage=en-GB&BrowserScreenHeight=1080&BrowserScreenWidth=1920&BrowserTZ=%2B300&BrowserUserAgent=Mozilla&ChallengeWindowSize=01";

$strPost = $strPost . "&ThreeDSNotificationURL=".$strYourSiteFQDN."3DCalBack.php?pagename=transactionRegistration.php&VendorTxCode=".$strVendorTxCode;

$strPost = $strPost ."&COFUsage=FIRST&InitiatedType=CIT&MITType=UNSCHEDULED";

ACSURL submit form

<form name="form" action="{$ACSURL}?creq=".$strCReq" method="POST">
    <input type="hidden" name="PaReq" value="{$strPAReq}"/>
    <input type="hidden" name="creq" value="{$strCReq}"/>
    <input type="hidden" name="TermUrl" value="{$TermUrl}?VendorTxCode={$strVendorTxCode}"/>
    <input type="hidden" name="MD" value="{$strMD}"/>
    <input type="hidden" name="VPSTxId" value="{$strVPSTxId}"/>
    <input type="hidden" name="mode" value="secure3d"/> 
</form>

Please help me get fixed 3d secure page.

Answer 1

First, make sure this is not a Frictionless Authentication. From the docs:

For a frictionless authentication, the 3D Secure scheme has enough information about the cardholder to provide an instant authentication result. When the authentication process has completed the transaction is submitted for authorisation.

I.e there is need to ask for the code and redirect to the 3-D Secure page (or show it in iframe). If necessary, you may use the Apply3DSecure=1 param in your initial request to SagePay, so that 3-D Secure check is always forced.

Second, for the 3-D Secure v2 redirection the list of the form fields should be:

<form action="{$ACSURL}" method="post">
      <input type="text" name="ACSTransID" value="{$strACSTransID}" />
      <input type="text" name="creq" value="{$strCReq}" />
      <input type="text" name="TermUrl" value="{$TermUrl}?VendorTxCode={$strVendorTxCode}" />
</form>

All data should be POST-ed, and you should include the ACSTransID value from the response to your initial request. Note: fields PaReq and MD are related to 3-D Secure v1. If for some reason you would like to keep the backwards compatibility your current integration should be fine. In such case you may check the response for the initial request:

• if it contains CReq and ACSTransID fields, then SagePay expects the communication via v2 protocol
• if there are PaReq and MD fields, it's v1 protocol

However, 3-D Secure v1 is going to be withdrawn soon on October, 15 2022. So apparently keeping the backwards compatibility is not necessary.