Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.I have received email from Global Payments (Realex) saying that:
Here's what you need to know:
From September 2019, most ecommerce payments will have to undergo Strong Customer Authentication (SCA).
A new authentication protocol is being introduced by the Card Schemes (Mastercard, Visa, etc.) called 3D Secure 2 (3DS v2).
Global Payments will be supporting the 3DS v2 protocol by introducing options that will make it easy for you to comply with the SCA requirement.
What Do I Need to Do?
As you're integrated with our Hosted Payment Page (HPP), there are additional fields that need to be sent in the HPP POST, which will ensure you're compliant with the regulation. When you update your integration to support these additional required fields, we'll seamlessly transition you to 3DS v2, once it's supported, without any further changes being needed.
Please click on the link below to obtain the details of the changes.
What you'll need to do?
We'd recommend that you forward this communication to your web developer and/or shopping cart provider to ensure that they're aware of these required changes.
We've set a deadline of May 2019 for you to make the HPP changes. This supports our recommendation to complete any changes that are required well in advance of the SCA being introduced. Failure to make the changes may affect your ability to process successful transactions.
Integration type Communication of Changes Target Date for changes to be made
Hosted Payment Page On this email May - 2019
Shoping Carts and Platforms Mar - 2019 Jun - 2019
API; Apr - 2019 Jun - 2019
MOTO No action needed No action needed
Comments
Comment #2
EdPhillis CreditAttribution: EdPhillis commentedYes I need to consider this too. Is anyone going to look at this from the module point of view? My client is thinking of moving away from Realex so if noone is going to do anything to the contrib module then it might be the time to jump ship. would be great if someone could respond to say whether they will be amending the module accordingly.
Comment #3
Tony Sharpe CreditAttribution: Tony Sharpe commentedComment #4
Tony Sharpe CreditAttribution: Tony Sharpe commentedHas anyone managed to update the D7 Global Payments module to implement SCA and work with 3DS2?
Comment #5
EdPhillis CreditAttribution: EdPhillis commentedI dont think anyone is working on this for commerce_realex. I think its time to jump ship if you are able.
Comment #6
stella CreditAttribution: stella at Annertech commentedDrupal 7 work is underway with changes for 3DS2 with HPP nearly complete and should be released in the coming week. A Drupal 8 update will then follow.
Comment #7
Tony Sharpe CreditAttribution: Tony Sharpe commentedExcellent, thanks for the update!
Comment #10
stella CreditAttribution: stella at Annertech commentedComment #11
stella CreditAttribution: stella at Annertech commentedThe 7.x-1.x-dev branch is ready for testing. I need to do some more testing here too, but if others can help on their test sites/sandboxes that would really help speed things along.
Comment #12
skorzhThanks for your work @stella,
with HPP redirect method, GlobalPayments sends response to the '/commerce-realex/redirect/complete' url, but obviously GP can't send response to my local environment. Is there a way to test it locally or it always requires '/commerce-realex/redirect/complete' url to be available in internet to receive response and finalize the order?
Do you know if 3DS2 challenge can be tested? They mentioned some test cards for 3D Secure, but I can't reproduce the SCA challenge anyway.
Comment #13
skorzhI also noticed a few points according to the code:
1) Why Gateway url is "https://hpp.realexpayments.com/pay”, but documentation says "https://pay.realexpayments.com/pay” https://developer.realexpayments.com/#!/hpp/getting-started
2) “redirect_referring_url” setting isn’t used anywhere
3) Should it also send Phone number, or it should be done in alter hook?
Comment #14
skorzhAccording to previous realex remote implementation, It looks like it should use
$response['order_id']instead of$response['commerce_order_id']for$transaction->remote_idincommerce_realex_redirect.inc:1026Comment #15
skorzhThe functionality stopped working after GlobalPayments enabled 3ds v2 for our account.
Now it throws the following error: "508 Mandatory field missing. HPP_BILLING_CITY not present in request. Please contact the merchant."
The module functionality allows to redirect to the checkout page without all billing/shipping filled.
But it looks like these fields are mandatory now.
Comment #16
stella CreditAttribution: stella at Annertech commentedNo, I don't see a way to avoid this. I would recommend that you have a publicly accessible dev or uat environment that you can use for testing this integration.
Both are valid.
It's not used anywhere. It's for informational purposes. As per the help text for that field, you will need to send the value in this form field to Global Payments when setting up your live account with them.
The HPP_CUSTOMER_PHONENUMBER_MOBILE field is conditional. If the cart isn't capturing it, then you don't need to send it in. If you are capturing it, then the
commerce_realex_redirect_dataalter hook is the place to add it.Well remote is different from redirect... "commerce_order_id" is set on line 167 of includes/commerce_realex_redirect.inc in the request data, and this is returned in the response. Is there something not working as expected here?
which version of the module are you using? The HPP_BILLING and HPP_SHIPPING fields are set in the latest dev version of the module - set to a value if available or empty otherwise.