VISA 3D secure fails to authenticate

[miurahr]

• Did you search for similar issues before submitting this one?
  Yes

• Describe the issue you encountered:
  It fails when EC site goes credit card authetication step. It is on acs.cafis-paynet.jp for Japan VISA group.
  After I entered credentials in auth page and going back to EC site, EC site fails to get auth result and fails transaction.

When disable protection for ads and tracking, the transaction have been succedded, and problem was gone.

• Platform (Win7, 8, 10? macOS? Linux distro?):
  Mint Linux

• Brave Version (revision SHA):
  2d2ee2f

• Steps to reproduce:

  1. go to https://nttxstore.jp/
  2. put something in busket
  3. see busket and proceed to buy.
  4. enter VISA credit card number and personal information
  5. you may see 3D Secure authentication page
  6. enter credential
  7. goes back to EC site and show auth error page.

• Actual result:
  Credit card transaction fails

• Expected result:
  Credit card transaction success

• Will the steps above reproduce in a fresh profile? If not what other info can be added?
  Yes

• Is this an issue in the currently released version?
  Yes

• Can this issue be consistently reproduced?
  Yes

• Extra QA steps:
  1.
  2.
  3.

• Screenshot if needed:

• Any related issues:
  3D Secure payment stage issue on www.currys.co.uk #4770

[luixxiul]

would you mind trying again by disabling shields and seeing if it goes well?

[miurahr]

Yes, it works. When disabling shields, it goes well.
It seems a problem in following senario;

1. Moving from EC site to Card site is successful.

2. Processing in Card site also succeed.

3. When return from Card site to original EC site with Payer Authentication Response(PAR), the shields may block it.

4. EC site can not detect an authentication result, then it fails its transaction.

[luixxiul]

Brave blocks 3rd party cookies by default and I assume that's the reason here.

#1268

[miurahr]

OK, This is a result of the brave behavior in design. It may be better to help users to understand he/she need to configure exceptions by theirselves when credit card transaction by document or suggestion.

It is a little bit stressful for me, as an one of ordinal consumers, to see a credit transaction failure. :-\

[StephaneColson]

I have the same issue, cannot make a flight order on British Airways with Shields up, it's stressful, just like @miurahr said, because I was not sure of the status of my payment, I had a blank page after already typing all my credit card informations, and my bank 3D secure page never showed.
Then I reprocess the order with the Shield down and could finally end the payment.

I don't know exactly what should be done but as a user, there is something wrong (apart from that, I love Brave for the moment)

[miurahr]

@StephaneColson This is happen because "3D Secure" protocol is designed many years ago with "insecure" paradigm from a view point of security technology in 2018.
3D secure requires 3rd party cookies and data that includes permission from bank where is"3rd" among consumer(us) and provider(shop). Shields blocks 3rd party cookies.

[StephaneColson]

Yes I understand @miurahr but I also agree with you when you say "It is a little bit stressful for me, as an one of ordinal consumers, to see a credit transaction failure." WDYT @bsclifton ? Is it possible to detect that a 3D secure process is going to start then send a warning to the user?