Payment service should support 3D Secure authorization

Reported by Roman Yepishev on 2010-10-08
180
This bug affects 40 people
Affects Status Importance Assigned to Milestone
Payment service
Critical
Anthony Lenton

Bug Description

<rye> hi, does pay.ubuntu.com support 3D secure payments ?
ricardokirkner:
  RBS Worldpay sends us the code for 3DSECURE if the card requires it but we're not doing anything with it atm.
  Actually, the user will see an error message about that and the payment will not be authorized,

Possible workaround: As listed in bug 996247 it may work for some people to change the currenty from USD to Euros.

Roman Yepishev (rye) on 2010-10-08
visibility: private → public
Changed in canonical-payment-service:
milestone: none → 1.1.0
Changed in canonical-payment-service:
milestone: 1.1.0 → none
Changed in canonical-payment-service:
importance: Undecided → Wishlist
status: New → Triaged
Changed in canonical-payment-service:
importance: Wishlist → Medium
description: updated
Selene Scriven (toykeeper) wrote :

I had an angry customer today because he couldn't buy anything due to this issue. Pay #14871

Ian Nicholson (imnichol) wrote :

I'd love to give Canonical my money, but I can't because they don't support 3DSecure.

Julien Funk (jaboing) wrote :

I believe this is affecting more users than initially surmised, proposing to escalate this defect and begin work on it ASAP.

Changed in canonical-payment-service:
importance: Medium → Critical
assignee: nobody → Ricardo Kirkner (ricardokirkner)
Selene Scriven (toykeeper) wrote :

If I recall correctly, I've had a total of three complaints about this. There are also 20 "me too"s on this bug, plus 7 from dupes.

I had one person report that they could use their card in USC in 2011-11, but not in 2012-05, and they don't think they changed anything. Did this used to work?

On 06/01/2012 01:35 PM, Selene Scriven wrote:
> If I recall correctly, I've had a total of three complaints about this.
> There are also 20 "me too"s on this bug, plus 7 from dupes.
>
> I had one person report that they could use their card in USC in
> 2011-11, but not in 2012-05, and they don't think they changed anything.
> Did this used to work?
>
I think that it may have worked for me previously, but I can't say for
certain. I know that I've been dealing with this problem for a while
and only now became frustrated enough to file a bug.

Mark East (feasty) wrote :

It definitely worked for me before. It also caused my regular Ubuntu one payments to fail out of the blue. I believe it has been introduced within the past 6-8 weeks.

tags: added: ca-escalated
Jon Hanna (jonhanna) wrote :

Note on the work-around. Switching to paying in Euros may still work for some, but it definitely didn't work for me.

Jon Hanna (jonhanna) wrote :

Response to Selene's question, "I had one person report that they could use their card in USC in 2011-11, but not in 2012-05, and they don't think they changed anything. Did this used to work?"

This would depend upon their bank, building society or other card provider. A given credit/debit card provider may have any of the following policies in dealing with 3D Secure (the brand of the overall system, "Verified by Visa" and "MasterCard SecureCode" being trademarks of those cards handling of it):

1. Ignore it even exists. (Happy days).
2. Handle it if asked. (Happy days if you've no code to handle it, though you may get better merchant account rates if you do).
3. Insist it be handled, but allow the cardholder to skip using it if they aren't registered (I don't know if this will be an error or not as far as the payment handler goes).
4. Insist it be handled, and once the user has been transferred to the 3D Secure implementation, insist that they use it, registering for it if necessary. (Ironically, the first time I was forced to register was buying something from the Canonical shop, this was 2012-01 having not had to use it 2011-12 with the same card). I imagine that this case will almost definitely trigger the error here.

Obviously, all banks were at policy 1 in the days when it didn't exist. Most now implement it, and increasingly more are insisting upon it at least being handled (policies 3 & 4). According to their publicity material, the system adds safeguards to customers. A more cynical view is that they don't help customers much, but do help the banks a bit as they carry most of the costs of card fraud and the banks will hence "offer" this whether the customers want it or not. As a cardholder's bank changes policy in this regard, they'll move from not affected by this bug, to affected by it, even with the same card.

David Pitkin (dpitkin) wrote :

We need to have a count each day of the # of repsonses from RBS that return the code 3DSECURE.

Ian Nicholson (imnichol) wrote :

I hope it's noted that I can't spend my money in the Ubuntu Software
Store until this is fixed, and I can't recommend Ubuntu to others if I
can't guarantee that they'll be able to purchase content.

Brian Visel (eode) wrote :

I still use Ubuntu, but I used to recommend Ubuntu to lots of people.
This is one of the things that has changed that for me.

Jon Hanna (jonhanna) wrote :

David, stats are always useful but I see two questions with that:

1. What level is "high"? Without that, it's just a number.

2. It'd be artificially low. It wouldn't count the payment from me I would have made on Saturday to subscribe my daughter to Ubuntu One Music, because I know that Canonical can't take my money. I at least know I can pay through paypal and am subscribed to the bug so I will know when I can use the payment service, how to calculate the repeat business lost by those who just give up? How many lost sales does the first lost sale become?

David Pitkin (dpitkin) wrote :

Jon,

I have the stats I need, so you know, high for me is a double digit percentage of all transactions. The number of secondary transactions that are lost is not easily countable other than "This bug affects 26 people. Does this bug affect you?" but that is always the case. The number lost yesterday is something I can know.

AJenbo (ajenbo) wrote :

3D Secure can be switched one by the banks for the card holder if a user uses a paysite that requres it. It might also be switched on when you get a new credit card. Ergo the number of affected users is only going to grow.

Changed in canonical-payment-service:
status: Triaged → In Progress
Changed in canonical-payment-service:
assignee: Ricardo Kirkner (ricardokirkner) → Anthony Lenton (elachuni)
Jon Hanna (jonhanna) wrote :

Does anyone know what happens with cards that can be used with 3D Secure, but which don't insist on it? If such cards are accepted, does anyone know if this results in penalties and/or refusal to accept charge-backs from the merchant account?

Changed in canonical-payment-service:
status: In Progress → Fix Committed
Brian Visel (eode) wrote :

Yaaaaay! Thank you! Now we can give you our money, and our faith in the process is somewhat restored.

Jon Hanna (jonhanna) wrote :

Confirmed as working by this satisfied customer, merrily syncing his music again :)

Jon Hanna (jonhanna) wrote :

Wait a second. I only just realised that while my payment was taken on a card that I previously couldn't use because of this bug, I wasn't brought to my bank's implementation of 3D Secure.
The card is with a 3D Secure -using bank, but hasn't yet been used with 3D Secure. Surely I should have been brought to such a page, no?

Jon Hanna (jonhanna) wrote :

Alas, that payment is also stuck "In Progress". Did I prematurely act on something that was committed but not deployed?

Javier Alvarez (neiker) wrote :

I'm trying to buy 'LIMBO' in Ubuntu 12.04, but I get this error :S

Brian Visel (eode) wrote :

It appears this is still an issue. Perhaps fix was committed but not released? ..either way, this definitely needs review, per Javier's statement.

Changed in canonical-payment-service:
status: Fix Committed → In Progress
Brian Visel (eode) wrote :

I haven't tested this yet, as I haven't had occasion to make another purchase yet (and have mostly been offline, anyways). My 'yay' was based on the statement that this was fixed, not on a test that verified it was so. I had previously worked around the issue using euro-based purchase, which worked for me. It would be really disappointing if, on my next recommendation or purchase, I get the 3DSECURE error again, as Javier has.

On Thu 19 Jul 2012 04:29:31 AM ART, Jon Hanna wrote:
> Wait a second. I only just realised that while my payment was taken on a card that I previously couldn't use because of this bug, I wasn't brought to my bank's implementation of 3D Secure.
> The card is with a 3D Secure -using bank, but hasn't yet been used with 3D Secure. Surely I should have been brought to such a page, no?
>

The 3DSECURE feature is under final testing and will be enabled shortly.

Ricardo

Changed in canonical-payment-service:
status: In Progress → Fix Committed
Brian Visel (eode) wrote :

Thank you for that clarification.

Jon Hanna (jonhanna) wrote :

I may have benefitted from a change of policy with my card provider. Sorry if I left anyone astray.

tags: added: os-support
Joshua Hoover (joshuahoover) wrote :

Ubuntu One users who received a 3DSecure error message when attempting to pay for an Ubuntu One subscription in the past will now have success paying with their credit card.

Changed in canonical-payment-service:
status: Fix Committed → Fix Released

This is confirmed working in Ubuntu Pay. Customers purchasing in the software centre app on Ubuntu are still unable to purchase due to a separate issue (bug #1033516) which is being worked on and expected to be available soon. Please follow that bug for more information.

Charles Lease (mellowchuck-y) wrote :

Still doesn't work...... I'm in USA and so is my bank and US dollars payment still does not work..... have to choose EUR for work-around.

I also called my bank and they say it's on the merchant's end.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Related questions