3D Secure Processing Issues
Incident Report for Braintree
Postmortem

Impact Description

During the incident window, impacted customers attempting to check out using 3D Secure on web browsers and iOS devices may have experienced errors that prevented them from completing the verification process. On iOS devices, errors in the BTThreeDSecureRequest.m file may have caused apps to perform an exit system call. Customers on web browsers may have experienced Access Denied errors in the 3DS iframe pop-up.

Root Cause

A 3D Secure deploy on 18 June 2019 increased the size of the lookup payload when additional fields were included. To initiate the 3D Secure process using the iOS SDK, the iOS client sends a URL parameter and the lookup payload is included in this URL parameter. By including additional data, the length of the URL was increased. At some point in the authentication cycle, the newly-lengthened URL was being truncated and as a result, the information in the authentication response was incomplete and unable to be parsed accurately. This led to exception errors that customers experienced when checking out. For the JS web SDK, additional information included in URL changed how this was presented to our CDN provider, which flagged the malformed requests and led our CDN provider to halt requests to the callback URL with an “Access Denied” error.

Corrective Actions & Preventative Measures

  • Once engineers were able to confirm the cause of these errors, a fix was immediately implemented. This returned 3D service to normal across iOS devices and web browsers.
  • Continuous integration workflows and pre-production testing for 3D Secure will be audited and improved across all SDKs and devices.
  • Enhanced monitoring and detection of 3D Secure issues on a platform-specific basis will be implemented.
  • More extensive monitoring and alerting of CDN checks and issues will be introduced.
Posted 2 months ago. Jun 21, 2019 - 21:44 UTC

Resolved
This incident is now resolved and 3D Secure on iOS returned to normal at approximately 16:15 UTC.
Posted 2 months ago. Jun 19, 2019 - 16:24 UTC
Update
We are still investigating this issue.
Posted 2 months ago. Jun 19, 2019 - 15:33 UTC
Investigating
We're currently investigating an elevated rate of errors for 3D Secure on iOS devices. An update will be provided as soon as possible.

Symptoms
Errors during the 3DS verification process on checkout.
Posted 2 months ago. Jun 19, 2019 - 14:32 UTC
This incident affected: 3D Secure.