Worldpay Invisible - Changes

[XN-Matt]

Just received this from lovely WP

Dear Customer

 

We are preparing to introduce a new XML integration method that could change the way you submit payments to the WorldPay Payment Service. This new XML integration method supports 3-D Secure authentication, which would help you meet MasterCard’s SecureCode mandate for Maestro card payments. All merchants that currently connect to WorldPay using one of the Invisible integration methods – capturing payment details on their own server and transmitting the data directly for processing – may be affected by this change.

 

3-D Secure is an authentication technology that has been developed by Visa and MasterCard to support their cardholder authentication services: Verified by Visa (VbyV) and MasterCard SecureCode (MCSC). These services offer a secure method for authenticating a cardholder at the time of the transaction (cardholders register a password – similar to a PIN number – with their Card Issuer and use it when shopping online).

 

SECURECODE MANDATE FOR MAESTRO

From 30th June 2008, MasterCard requires that your website has adopted SecureCode in order for you to continue accepting Maestro card payments (although note that 3-D Secure support is not mandatory for Visa and MasterCard payments). Your acquirer is responsible for ensuring that you have implemented SecureCode and may insist that full support is in place by the deadline in order for you to continue to accept Maestro. In some circumstances, financial penalties may apply for non-compliance. In addition, some Issuers may choose to decline non-SecureCode Maestro payments from 1st July, 2008.

 

WHAT DO YOU HAVE TO DO?

To benefit from 3-D Secure and meet the SecureCode mandate for Maestro, your technical personnel will need to make changes to your systems to support the new XML integration method. For details of the new integration method, please refer to the technical guide in the Technical Details section below.

 

Before making any changes to your systems, you may wish to assess the suitability of the Invisible integration model for your business and consider the option of using a WorldPay hosted payment page instead.

 

Using the Invisible integration model is only worthwhile for those businesses that have a high transaction turnover because of the cost involved in adhering to strict security levels as detailed in the Payment Card Industry Data Security Standards (PCI DSS). You should ensure that you are familiar with the PCI DSS standards and make your own assessment of what is required to comply. For more information, please refer to PCI Security Standards Council at: http://www.pcisecuritystandards.org.

 

WORLDPAY HOSTED PAYMENT PAGE OPTION

By moving to the WorldPay hosted payment page, much of the significant burden of meeting PCI DSS standards is removed and 3-D Secure will already be in place on the payment page without any additional work on your part. Should you wish to discuss changing to the WorldPay hosted payment page, please contact: support@worldpay.com.

 

TECHNICAL DETAILS

To implement the new XML integration method, please refer to the following advanced copy of the ‘Submitting Transactions in the Direct Model’ guide, which gives full details. This guide should help technical personnel begin planning changes to your systems. The guide is available at:

http://www.contact.worldpay.com/comms/dxml.pdf.

 

Although a new integration method is being introduced, other changes to functionality are minimal and you may continue to receive payment responses via the HTML payment response (callback) feature and use the existing remote administration facilities should you wish to do so.

 

Note: if you have an existing Invisible installation and no longer use it or now use a hosted payment page instead, please contact us to cancel your installation at: integrations@worldpay.com.

 

WHAT HAPPENS NEXT?

Please start testing the changes you intend to make to your system. Full access to the new functionality will be available shortly. At that time, we will send you a communication letting you know the exact date when you can begin implementing the new integration method, full documentation (including examples of scripts / source code using ASP, Java and PHP) and further details about recurring payments (FuturePay).

 

We appreciate that you have been given late notice about the introduction of the new integration method and if you would like further assistance, please do not hesitate to contact our Technical Support department at: support@worldpay.com.

 

Has anyone else received it and been able to work anything out about it and recurring transactions etc? (without having to use the normal, nasty Futurepay)

 

M

[XN-Matt]

Just an update. Although this will cause the existing module to break.

 

You CAN still process recurring Maestro transactions via Worldpay but will need two accounts and for Worldpay to set you up with another admin account that has to facility to process cards without the CVC/CVV.

 

Contact Worldpay support if you need help with this.

 

M