Ok, so I am trying to buy the game, been trying for 1.5 hours now !

When I come to the idiotic 3-d shit it tells me I am using the wrong password which I aint ! Why the hell is it so freakin hard to buy THIS game? All the other games I have bought does not require all this information!

What password do you enter? You had to set two passwords you know? One to access your profile and the forums, another to unlock the game and play online. Are you sure you enter the right one?

"3-d shit"? Is this some of the Visa protection by any chance?

In which case, not LFS' fault, it's your bank...

in that case its your bank

It' s quite saw how poorly the banking world has informed their customers about the 3D security checks. My bank never sent me any information and the lady on the phone didn't know what I was talking about.

But I'm glad you have managed to get it working.

These 3D checks will become mandatory for everyone in time. Some websites indeed won't ask for them yet, but you'll find more and more sites that will, because it helps protect against internet fraud. So it's a good thing Not just for webstores, but also for customers. Just make sure you don't forget the 3D Secure password because then it's annoying when you want to pay, but cannot.

It's particularly the interest of the bank itself. They have to pay for every fraud.

No they don't. They'll get the money back form the store and apply a fee as well, so the store owner is the duped one.

I hate 3D Secure. I'm currently working on an integration with Datacash for a company that sell cloud / virtual hosting and the most arse-backwards part of the whole job is dealing with the ACS providers and their stupid requirements.

And who came up with this stupid system anyway? Who decided it was a good idea to authenticate a customer with his/her card-issuing bank by using a third-party service at a third-party URL that the customer can't even verify has any business dealing with their card transaction? How is that more secure exactly?

hum? The 3d secure checks take place on the bank's (card issuer) website. A familiar interface, at least for me, as it looks the same as my regular internet banking.

-client fills in card details either on the shop site itself, or a 3rd party (like Sagepay for us)
-client is forwarded to their bank to verify the 3d secure password
-client is returned back to previous site.

Doesn't seem so difficult? Or is it done differently where you are?

Quote from Victor :

-client fills in card details either on the shop site itself, or a 3rd party (like Sagepay for us)
-client is forwarded to their bank to verify the 3d secure password
-client is returned back to previous site.

Doesn't seem so difficult? Or is it done differently where you are?

Yes. According to Wikipedia it's different for most people:

Quote :

In 3-D Secure protocol, ACS (Access Control Server) is on the issuer side (banks). Currently, most banks outsource ACS to a third party. This means the buyer's web browser shows unfamiliar domain names instead of the banks' domain names.

Not only that, but they're usually loaded in an iframe too, making it harder for users to verify where the page is being served from and whether they ought to trust it or not. It is a ripe phishing opportunity just waiting to happen.

Ic, didn't know that outsourcing part. Does sound like certain banks don't really care that much (gee really?).

dirty if your with santander bank.. then im not suprised, i had that trying to buy something off amazon. and expect a call from their fraud department in the morning.

hopeless goons.

Quote from Victor :

Ic, didn't know that outsourcing part. Does sound like certain banks don't really care that much (gee really?).

And some of the ACS services are really unfriendly / half-arsed / shoddily coded. I came across one that would not accept my return URL because it was presented as a folder path and I hadn't stuck a trailing slash on the end of it. Add the trailing slash and fine, suddenly everything works, but without it their service complained that my URL was invalid and refused to use it.

The whole situation with 3D Secure makes no sense to me. It's just a lot of work for no benefit. If the customer's card is already compromised then what are the chances that their 3DS password is still secure? It's all bullshit, probably insisted upon by the card scheme's insurers, who understand **** all about online security.

Can't you use PayPal to pay with credit card?

Edit: nvm, I see OP is S2 licensed already.