{"id":657,"date":"2017-09-04T19:56:44","date_gmt":"2017-09-04T09:56:44","guid":{"rendered":"https:\/\/54.66.202.3\/?p=657"},"modified":"2022-06-21T14:14:22","modified_gmt":"2022-06-21T04:14:22","slug":"pit-testing-guide-3d-secure-with-visa","status":"publish","type":"post","link":"https:\/\/www.gpayments.com\/blog\/user-guide\/pit-testing-guide-3d-secure-with-visa\/","title":{"rendered":"PIT Testing Guide – 3D Secure with Visa"},"content":{"rendered":"

This blog provides supplementary information for GPayments’ MPI (ActiveMerchant)<\/a> clients undergoing Visa Product Integration Testing (PIT).<\/span><\/p>\n

Visa has mandated that PIT testing is carried out for all new 3-D Secure MPI implementations<\/a>, before they go into production, in all Visa regions.<\/span><\/p>\n

The first step in Visa PIT testing is to enrol for Product Integration Testing (PIT) at the Visa PIT site.<\/span> \u00a0<\/b><\/p>\n

<\/p>\n

Visa PIT Enrolment<\/span><\/h1>\n

The following fields on the Visa PIT Enrolment form, found on the Visa PIT site, require specific ActiveMerchant information:<\/span><\/p>\n

BIN<\/b> – enter the <\/span>Acquirer BIN<\/b> associated with your testing. Using the ActiveMerchant Administration interface, you will need to set up an Acquirer with this BIN and a Merchant that will use this Acquirer.<\/span><\/p>\n

Component Type(s)<\/b> – select the <\/span>MPI <\/b>checkbox.<\/span><\/p>\n

Merchant ID<\/b> – you can use a dummy Merchant ID, but you will need to have a Merchant profile set up in ActiveMerchant with this dummy number. The Merchant ID can be found in <\/span>ActiveMerchant Administration<\/b> > <\/span>Merchants <\/b>> <\/span>Find Merchant <\/b>> <\/span>Merchant Details <\/b>> <\/span>Merchant ID<\/b>. <\/span><\/p>\n

Merchant Password and Confirm Password<\/b> – you need to know whether you will be using a Merchant Password or an SSL client certificate for authentication to the 3-D Secure Directory Server.<\/span><\/p>\n

If you are unsure which one you should be using, check with your Visa Regional Representative or the Acquiring Bank.<\/span><\/p>\n

Merchant Password<\/b><\/p>\n

Enter an 8-character, non-production merchant password in <\/span>Merchant Password<\/b> and <\/span>Confirm Password<\/b>. This can be any value but must match the Merchant Password in ActiveMerchant.<\/span><\/p>\n

SSL client certificate<\/b><\/p>\n

Leave the password fields blank and an SSL client certificate will be requested from the PIT at a later stage. Once you have submitted the form, you can use the <\/span>Email <\/b>and <\/span>Password <\/b>used on the enrolment form to login to the Visa PIT site.<\/span><\/p>\n

ActiveMerchant Configuration (MPI)<\/span><\/h1>\n

This section describes the steps for preparing ActiveMerchant for PIT testing, which correspond to the MPI setup steps in the Visa PIT User’s Guide.<\/span><\/p>\n

NOTE: Configuration steps vary depending on your Visa Region and whether you use Merchant ID \/ Password or SSL client authentication for Directory Server authentication.<\/span><\/p>\n

Acquirer BIN<\/strong><\/h4>\n
    \n
  1. \u00a0\u00a0<\/span> Go to <\/span>ActiveMerchant Administration<\/b> > <\/span>Merchants<\/b> > <\/span>Acquirers<\/b> > <\/span>New<\/b><\/li>\n
  2. \u00a0\u00a0<\/span> Enter the <\/span>Acquirer BIN<\/b><\/li>\n
  3. \u00a0\u00a0<\/span> Click the <\/span>Apply <\/b>button<\/span><\/li>\n<\/ol>\n

    NOTE: Ensure that the Acquirer BIN set in this section matches the one you entered in your PIT profile.<\/span><\/p>\n

    Cipher Suites<\/strong><\/h3>\n

    ActiveMerchant supports the TLS_RSA_WITH_3DES_EDE_CBC_SHA (TLS) and SSL_RSA_WITH_3DES_EDE_CBC_SHA (SSL Version 3) cipher suites.<\/span><\/p>\n


    \n<\/span>NOTE: Ensure that these cipher suites are not on the list of Disabled Ciphers and Protocols in your ActiveMerchant config file: <\/span>ActiveMerchant_Home_Directory\/config\/config.xml<\/span><\/i>.<\/span><\/p>\n

    Visa PIT Root Certificate<\/span><\/h3>\n

    Downloading the Certificate<\/strong><\/h4>\n

    Download the DER-formatted PIT Root Certificate from the hyperlink provided in the MPI Setup section of the Visa PIT User’s Guide.<\/span>
    \n<\/span><\/p>\n

    If you experience any issues downloading the certificate, contact your Visa Region representative.<\/span><\/p>\n

    Importing the Certificate<\/strong><\/h4>\n
      \n
    1. \u00a0\u00a0<\/span> Go to <\/span>ActiveMerchant Administration <\/b>> <\/span>Settings <\/b>> <\/span>CA Certificates <\/b>> <\/span>Import<\/b><\/li>\n
    2. \u00a0\u00a0<\/span> Click the <\/span>Choose File<\/b> button and select the DER-formatted PIT Root certificate file<\/span><\/li>\n
    3. \u00a0\u00a0<\/span> Click the <\/span>Import<\/b> Button<\/span><\/li>\n
    4. \u00a0\u00a0<\/span> Click the <\/span>restart <\/b>link provided in the confirmation message to restart the server for the changes to take effect.<\/span><\/li>\n<\/ol>\n

      Merchant ID and Password Configuration<\/span><\/h2>\n

      Configure ActiveMerchant as follows for regions that use Merchant ID and Password:<\/span><\/p>\n

      Merchant ID and Password<\/span><\/h3>\n
        \n
      1. Go to <\/span>ActiveMerchant Administration <\/b>> <\/span>Merchants <\/b>> <\/span>Find Merchant <\/b>> <\/span>Merchant Details<\/b><\/li>\n
      2. Acquirers <\/b>– select the Acquirer BIN from the <\/span>BIN <\/b>dropdown list for the Visa provider and set the Merchant Password in the <\/span>Password <\/b>column<\/span><\/li>\n
      3. Click the <\/span>Apply<\/b> button<\/span><\/li>\n<\/ol>\n

        NOTE: Ensure that the Merchant ID and Password set in this section match those in your PIT profile.<\/span><\/i><\/p>\n

        Visa Directory URL<\/span><\/h3>\n
          \n
        1. \u00a0\u00a0<\/span> Go to <\/span>ActiveMerchant Administration<\/b> > <\/span>Settings <\/b>> <\/span>Directory Servers<\/b><\/li>\n
        2. \u00a0\u00a0<\/span> Select <\/span>Visa <\/b>from the <\/span>Provider <\/b>drop down list<\/span><\/li>\n
        3. \u00a0\u00a0<\/span> Set <\/span>Cache update<\/b> to <\/span>Disabled<\/b><\/li>\n
        4. \u00a0\u00a0<\/span> Set the <\/span>Primary directory<\/b> to <\/span>https:\/\/pitwsi.3dsecure.net:5443\/ds<\/span> and set the status to <\/span>Enabled<\/b><\/li>\n
        5. \u00a0\u00a0<\/span> Click the <\/span>Apply<\/b> button<\/span><\/li>\n<\/ol>\n

          Client Authentication Certificate Configuration<\/span><\/h2>\n

          Configure ActiveMerchant using the steps below for regions that use client authentication certificates.<\/span><\/p>\n

          Merchant ID<\/span><\/h3>\n
            \n
          1. \u00a0\u00a0<\/span> Go to <\/span>ActiveMerchant Administration<\/b> > <\/span>Merchants <\/b>> <\/span>Find Merchant <\/b>> <\/span>Merchant Details<\/b><\/li>\n
          2. \u00a0\u00a0<\/span> Acquirers <\/b>– Select the Acquirer BIN from the <\/span>BIN <\/b>drop down list for the Visa provider and leave Password blank<\/span><\/li>\n
          3. \u00a0\u00a0<\/span> Click the <\/span>Apply<\/b> button<\/span><\/li>\n<\/ol>\n

            NOTE: Ensure that the Merchant ID set in this section matches the one in your PIT profile.<\/span><\/i><\/p>\n

            Visa Directory URL<\/span><\/h3>\n
              \n
            1. \u00a0\u00a0<\/span> Go to <\/span>ActiveMerchant Administration<\/b> > <\/span>Settings <\/b>> <\/span>Directory Servers<\/b><\/li>\n
            2. \u00a0\u00a0<\/span> Select <\/span>Visa <\/b>from the <\/span>Provider <\/b>drop down list<\/span><\/li>\n
            3. \u00a0\u00a0<\/span> Set <\/span>Cache update<\/b> to <\/span>Disabled<\/b><\/li>\n
            4. \u00a0\u00a0<\/span> Set the <\/span>Primary directory <\/b>to <\/span>https:\/\/pit-wsi.3dsecure.net:443\/dsm<\/span> and set the status to <\/span>Enabled<\/b><\/li>\n
            5. \u00a0\u00a0<\/span> Click the <\/span>Apply<\/b> button<\/span><\/li>\n<\/ol>\n

              SSL Client Certificate<\/span><\/h3>\n

              For authentication with an SSL client certificate, a Certificate Signing Request (CSR) must be generated and submitted to the PIT certificate generator to be signed by Visa’s CA. The certificate, which is generated by PIT, needs to be loaded into ActiveMerchant’s KeyStore to be used for establishing a connection to the Visa Directory Server.<\/span><\/p>\n

              Generating a Certificate Request<\/strong><\/h4>\n
                \n
              1. \u00a0\u00a0<\/span> Go to <\/span>ActiveMerchant Administration<\/b> > <\/span>Merchants <\/b>> <\/span>Find Merchant <\/b>> <\/span>Merchant Details <\/b>page > <\/span>Merchant Certificates <\/b>tab > <\/span>Create<\/b><\/li>\n
              2. \u00a0\u00a0<\/span> Select the <\/span>Key Size <\/b>to be used for the <\/span>Certificate Request<\/b> from the drop down list<\/span><\/li>\n
              3. \u00a0\u00a0<\/span> Select <\/span>Visa <\/b>from the <\/span>Provider <\/b>drop down list<\/span><\/li>\n
              4. \u00a0\u00a0<\/span> Common name <\/b>– you must enter the fully qualified domain name of your server or an externally accessible IP address. This will be validated when ActiveMerchant attempts to establish a connection to the PIT Directory Server<\/span><\/li>\n
              5. \u00a0\u00a0<\/span> Organization<\/b>, <\/span>Organizational unit<\/b>, <\/span>City <\/b>and <\/span>Province <\/b>\u2013 you can enter any data in these fields<\/span><\/li>\n
              6. \u00a0\u00a0<\/span> Two-letter country code <\/b>– enter the ISO 3166 code for the country in which the merchant resides, e.g. AU should be used for Australia<\/span><\/li>\n
              7. \u00a0\u00a0<\/span> Select an SHA2 <\/span>Hash algorithm <\/b>from the dropdown list<\/span><\/li>\n
              8. \u00a0\u00a0<\/span> Click the <\/span>Apply<\/b> button to create the certificate request<\/span><\/li>\n
              9. \u00a0\u00a0<\/span> Copy the <\/span>Certificate content<\/b>, including the BEGIN and END tags, from the generated Certificate Request.<\/span><\/li>\n<\/ol>\n

                Signing the Certificate Request<\/strong><\/h4>\n
                  \n
                1. \u00a0\u00a0<\/span> Go to the Visa PIT site.<\/span><\/li>\n
                2. \u00a0\u00a0<\/span> Click the <\/span>Request Certificate<\/span> link<\/span><\/li>\n
                3. \u00a0\u00a0<\/span> Select <\/span>MPI SSL Client Certificate<\/b> (for authentication to DS)<\/b><\/li>\n
                4. \u00a0\u00a0<\/span> Paste the certificate content into <\/span>Cert Request (PEM)<\/b><\/li>\n
                5. \u00a0\u00a0<\/span> Click the <\/span>Submit<\/b> button. The generated client certificate DER-encoded certificate and the PKCS#7 certificate chain will be shown on the page and will also be emailed to you<\/span><\/li>\n
                6. \u00a0\u00a0<\/span> Save the .p7 file, from the email, into your working directory.<\/span><\/li>\n<\/ol>\n

                  Installing the Signed Certificate<\/strong><\/h4>\n
                    \n
                  1. \u00a0\u00a0<\/span> Go to <\/span>ActiveMerchant Administration <\/b>> <\/span>Merchants <\/b>> <\/span>Find Merchant <\/b>> <\/span>Merchant Details <\/b>page > <\/span>Merchant Certificates <\/b>tab > <\/span>Install<\/b><\/li>\n
                  2. \u00a0\u00a0<\/span> Select <\/span>Visa <\/b>from the <\/span>Provider <\/b>drop down list<\/span><\/li>\n
                  3. \u00a0\u00a0<\/span> Certificate content <\/b>– click the <\/span>Choose File<\/b> button and attach the <\/span>p.7 certificate file<\/b> generated by PIT<\/span><\/li>\n
                  4. \u00a0\u00a0<\/span> Click the <\/span>Install<\/b> button<\/span><\/li>\n<\/ol>\n

                    Next Steps<\/span><\/h1>\n

                    Visa PIT Test Cases<\/span><\/h2>\n

                    Once you have configured ActiveMerchant,<\/a> run through the test cases provided in Visa’s 3-D Secure Production Integration Testing (PIT) Test Plan Guide.<\/span><\/p>\n

                    Feedback \/ Support<\/span><\/h2>\n

                    If you have any specific comments or suggestions on how to improve this supplementary information, contact us.<\/span><\/p>\n

                    [ecko_button color=”gray” size=”large” url=”https:\/\/gpayments.com\/contact”]Contact Us[\/ecko_button]<\/p>\n","protected":false},"excerpt":{"rendered":"

                    This blog provides supplementary information for GPayments’ MPI (ActiveMerchant) clients undergoing Visa Product Integration Testing (PIT). Visa has mandated that PIT testing is carried out for all new 3-D Secure MPI implementations, before they go into production, in all Visa regions. The first step in Visa PIT testing is to enrol for Product Integration Testing […]<\/p>\n","protected":false},"author":1,"featured_media":1154,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[9],"tags":[],"class_list":["post-657","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-user-guide"],"aioseo_notices":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.gpayments.com\/blog\/wp-json\/wp\/v2\/posts\/657","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.gpayments.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.gpayments.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.gpayments.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.gpayments.com\/blog\/wp-json\/wp\/v2\/comments?post=657"}],"version-history":[{"count":14,"href":"https:\/\/www.gpayments.com\/blog\/wp-json\/wp\/v2\/posts\/657\/revisions"}],"predecessor-version":[{"id":1398,"href":"https:\/\/www.gpayments.com\/blog\/wp-json\/wp\/v2\/posts\/657\/revisions\/1398"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.gpayments.com\/blog\/wp-json\/wp\/v2\/media\/1154"}],"wp:attachment":[{"href":"https:\/\/www.gpayments.com\/blog\/wp-json\/wp\/v2\/media?parent=657"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.gpayments.com\/blog\/wp-json\/wp\/v2\/categories?post=657"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.gpayments.com\/blog\/wp-json\/wp\/v2\/tags?post=657"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}