Adyen

Aria supports Adyen's RevenueProtect+, a fraud protection mechanism. The API validate_acct_fraud_scoring_m now sends fraud-related customer data to Adyen's customizable rules engine to return more granular fraud scoring for payment transactions.

After you have configured the Adyen Payment Gateway in Aria, a “FraudScoring Options” section appears on the Processing Options Tab (see image below).

Details on the fraud options are as follows:

1. Send Fraud Scoring Request: When set to true, Aria sends a request to Adyen to return fraud scoring information. If the fraud score returned is below the Fraud Scoring Threshold or the Fraud Score response is "Not Successful," Aria modifies the status based on "Change Status on Fraud Scoring Failure" setting. "Send Fraud Scoring Request" must be set to "True" to enable the "Change Status on Fraud Scoring Review" menu.
2. Change Status on Fraud Scoring Review: When set to true, Aria changes the status of the Master Plan Instance(s) to the value selected on the "Status on Fraud Scoring Review" drop-down menu, and the Fraud Score response is "Review." "Change Status on Fraud Scoring Review" must be set to "True" to enable the "Status on Fraud Scoring Review" drop-down menu.
3. Status on Fraud Scoring Review: This parameter governs the behavior for changing the status when Fraud Scoring is enabled and Change Status on Fraud Scoring Review is set to "True."

The following payment methods are accepted with the Adyen/Aria integration:

Aria supports 3D Secure authentication for payment transactions processed through the Adyen Payment Gateway. When calling APIs authorize_electronic_payment_m, validate_acct_fraud_scoring_m, or update_payment_method_m  Aria parses the results to support either Manual or Dynamic 3D Secure authentication.

Note: If you enable Adyen’s Dynamic 3DS service, you must configure it in Adyen’s configuration portal. 3DS configuration is not possible in the Aria UI.

For Manual 3D Secure you will need to manually initiate the 3D Secure using the parameter <attempt_3d_secure>. The possible values for this parameter are:

• True – 3D Secure is initiated.
• False – 3D Secure is skipped.
• Null or Empty – It will check the configured rule, if any (Dynamic 3D Secure).

3D Secure via APIs (should be PCI Level 1 compliant)

Step 1: For credit card payments call the existing API authorize_electronic_payment_m , or validate_acct_fraud_scoring_m, with parameters listed below along with attempt_3d_secure as true:

• alt_pay_method (enter “1” to use an alternate card than what is stored)
• cc_number
• cc_expire_mm
• cc_expire_yyyy
• end_user_browser_accept_header
• end_user_browser_agent

The update_payment_method_m call will allow you to change the payment method within the <pay_method_type> parameter. The flow for tokenized credit cards is listed below:

• pay_method_type = 13
• bill_agreement_id (this is where the token should be placed)
• end_user_browser_accept_header
• end_user_browser_agent

The output of this API will return <proc_payer_auth_request>, <proc_redirect_issuer_url> and <proc_md>.

Step 2: Using the API response details, create a redirect HTML form to direct the user to issuer’s 3D Secure authentication site URL to enter authentication information (username and password). See image below:

Step 3: Aria will receive the authentication response from the issuer once they submit the form. We parse the response to extract the value that is needed to create and send a second request to Adyen. In this step API authorize_3dsecure_m is used to pass <proc_payer_auth_request>, <proc_md> and <end_user_ip_address> This API call will return the status of 3D Secure Authentication. 

3D Secure via Direct Post

Since Adyen provides the payment session identifier that is used by the card issuer, Aria made use of that session ID instead of Aria’s USS session ID. To accommodate this, the <set_session_m> API accepts an input of <client_session_id> which will be stored against the Aria session that the API creates.

The <get_reg_uss_params_m> will use the <client_session_id> to lookup the session parameters. When allowing credit cards via direct post, ensure the credit card check box is selected under the direct post configuration (Configuration > client settings > USS Reg configuration) and the option for “save card as token” is set to true for tokenized cards.

The direct post 3D Secure flow is listed below:

Step 1: Make a direct post call with an input of “true” in the <attempt_3d_secure> parameter. The highlighted fields below along with the card details (card number, expiration date, and security code) need data prior to submitting the request.

*Please note that this is a raw sample (demonstration) file but you would be expected to develop something similar to this page (with your own look and feel / branding).

The user will need to enter their username and password and then click Submit.

Aria supports the following Adyen Notifications for eligible payment methods:

• Authorization
• Capture
• Cancellation
• Capture Failed
• Refund
• Refund Failed

This feature sends flags distinguishing cardholder initiated transactions (CIT) and merchant initiated transactions (MIT) within the <recurring_processing_model_ind> parameter of the following API calls:

• assign_acct_plan_m
• authorize_electronic_payment_m
• cancel_acct_plan_m
• collect_from_account_m
• create_acct_billing_group_m
• create_acct_complete_m
• create_order_m
• create_order_with_plan_m
• manage_pending_invoice_m    
• replace_acct_plan_m
• settle_account_balance_m
• update_acct_billing_group_m
• update_acct_complete_m
• update_acct_plan_m
• update_acct_plan_multi_m
• update_payment_method_m
• validate_acct_fraud_scoring_m

This feature is applicable for both credit cards (Visa, MasterCard and Discover) and tokenized credit cards.

The input values for the <recurring_processing_model_ind> are the following:

0:  Cardholder-Initiated Transaction—Credentials on File: a credit card transaction initiated by the cardholder for a new order or a plan upgrade that uses a credit card that is currently stored in Aria. (Default)

1:  Cardholder-Initiated Transaction—a credit card transaction initiated by the cardholder for a new account or creating an order that uses an alternate credit card that is not currently stored in Aria.

2:  Merchant-Initiated Transaction—Standing Instruction – Recurring: a credit card transaction initiated by Aria’s clients for a recurring charge that uses a credit card that is currently stored in Aria.

3: Merchant-Initiated Transaction—Unscheduled Credentials on File: a credit card transaction initiated by Aria’s clients for a non-recurring charge (one-time order or plan upgrade) that uses a credit card that is currently stored in Aria.

The output field of this call is <proc_initial_auth_txn_id>. For Visa and Mastercard, Adyen is passing the networkTxReference that Aria will capture and pass for subsequent MIT transactions. At this time, Adyen is not passing this value for Discover cards.

Aria will pass the <soft_descriptor> parameter (item description) to Adyen in applicable API calls. The following API calls will include this parameter:

• authorize_electronic_payment_m
• collect_from_account_m
• create_order_m
• create_order_with_plan_m
• issue_refund_to_acct_m
• settle_account_balance_m

Aria will truncate soft descriptor values that exceed the following character limits:

• Visa Cards – 25 characters
• MasterCard – 22 characters
• Other cards – 135 characters

Aria will parse unique transaction reference IDs returned from Adyen in the <proc_payment_id> parameter for declined transactions. Transactions include but are not limited to the following:

• Payments
• Authorizations
• Captures
• Voices
• Reverses
• Refunds
• Balance Inquires

If no reference ID is returned from Adyen, Aria returns a NULL value for <proc_payment_id>. The following API calls include the <proc_payment_id> output parameter:

• create_acct_complete_m
• update_acct_complete_m
• create_order_with_plan_m
• create_order_m
• assign_acct_plan_m
• replace_acct_plan_m
• update_acct_plan_m
• update_acct_plan_multi_m
• settle_account_balance_m
• collect_from_account_m
• authorize_electronic_payment_m
• validate_payment_information_m
• validate_acct_fraud_scoring_m
• gen_rb_m
• manage_pending_invoice_m

With the Adyen integration, error codes can be returned by Aria for a specific Card Verification Value (CVV) response. This configuration lies within the collection groups and payment gateways tab in the UI (Configuration > Payments > Collection Groups):

The integration with Adyen also offers Address Verification Service responses. This configuration is also within the collection groups and payment gateways tab of the UI. See image below for possible configuration options:

When authorizing a card, Aria provides the option to authorize a $0 or $1 transaction on the card to ensure the card is in good standing prior to offering a service to the account. The system override settings listed in the image below are to reverse the authorizations on the card after the verifications. The settings can be enabled for all or specific card types. This configuration in the UI is at the collection group level.