tlconnor-activemerchant 1.20.4 → 1.23.0

data/lib/active_merchant/billing/gateways/migs/migs_codes.rb

@@ -0,0 +1,100 @@
+module ActiveMerchant
+  module Billing
+    module MigsCodes
+      TXN_RESPONSE_CODES = {
+        '?' => 'Response Unknown',
+        '0' => 'Transaction Successful',
+        '1' => 'Transaction Declined - Bank Error',
+        '2' => 'Bank Declined Transaction',
+        '3' => 'Transaction Declined - No Reply from Bank',
+        '4' => 'Transaction Declined - Expired Card',
+        '5' => 'Transaction Declined - Insufficient funds',
+        '6' => 'Transaction Declined - Error Communicating with Bank',
+        '7' => 'Payment Server Processing Error - Typically caused by invalid input data such as an invalid credit card number. Processing errors can also occur',
+        '8' => 'Transaction Declined - Transaction Type Not Supported',
+        '9' => 'Bank Declined Transaction (Do not contact Bank)',
+        'A' => 'Transaction Aborted',
+        'C' => 'Transaction Cancelled',
+        'D' => 'Deferred Transaction',
+        'E' => 'Issuer Returned a Referral Response',
+        'F' => '3D Secure Authentication Failed',
+        'I' => 'Card Security Code Failed',
+        'L' => 'Shopping Transaction Locked (This indicates that there is another transaction taking place using the same shopping transaction number)',
+        'N' => 'Cardholder is not enrolled in 3D Secure (Authentication Only)',
+        'P' => 'Transaction is Pending',
+        'R' => 'Retry Limits Exceeded, Transaction Not Processed',
+        'S' => 'Duplicate OrderInfo used. (This is only relevant for Payment Servers that enforce the uniqueness of this field)',
+        'U' => 'Card Security Code Failed'
+      }
+
+      ISSUER_RESPONSE_CODES = {
+        '00' => 'Approved',
+        '01' => 'Refer to Card Issuer',
+        '02' => 'Refer to Card Issuer',
+        '03' => 'Invalid Merchant',
+        '04' => 'Pick Up Card',
+        '05' => 'Do Not Honor',
+        '07' => 'Pick Up Card',
+        '12' => 'Invalid Transaction',
+        '14' => 'Invalid Card Number (No such Number)',
+        '15' => 'No Such Issuer',
+        '33' => 'Expired Card',
+        '34' => 'Suspected Fraud',
+        '36' => 'Restricted Card',
+        '39' => 'No Credit Account',
+        '41' => 'Card Reported Lost',
+        '43' => 'Stolen Card',
+        '51' => 'Insufficient Funds',
+        '54' => 'Expired Card',
+        '57' => 'Transaction Not Permitted',
+        '59' => 'Suspected Fraud',
+        '62' => 'Restricted Card',
+        '65' => 'Exceeds withdrawal frequency limit',
+        '91' => 'Cannot Contact Issuer'
+      }
+
+      VERIFIED_3D_CODES = {
+        'Y' => 'The cardholder was successfully authenticated.',
+        'E' => 'The cardholder is not enrolled.',
+        'N' => 'The cardholder was not verified.',
+        'U' => 'The cardholder\'s Issuer was unable to authenticate due to a system error at the Issuer.',
+        'F' => 'An error exists in the format of the request from the merchant. For example, the request did not contain all required fields, or the format of some fields was invalid.',
+        'A' => 'Authentication of your Merchant ID and Password to the Directory Server Failed (see "What does a Payment Authentication Status of "A" mean?" on page 85).',
+        'D' => 'Error communicating with the Directory Server, for example, the Payment Server could not connect to the directory server or there was a versioning mismatch.',
+        'C' => 'The card type is not supported for authentication.',
+        'M' => 'This indicates that attempts processing was used. Verification is marked with status M - ACS attempts processing used. Payment is performed with authentication. Attempts is when a cardholder has successfully passed the directory server but decides not to continue with the authentication process and cancels.',
+        'S' => 'The signature on the response received from the Issuer could not be validated. This should be considered a failure.',
+        'T' => 'ACS timed out. The Issuer\'s ACS did not respond to the Authentication request within the time out period.',
+        'P' => 'Error parsing input from Issuer.',
+        'I' => 'Internal Payment Server system error. This could be caused by a temporary DB failure or an error in the security module or by some error in an internal system.'
+      }
+
+      class CreditCardType
+        attr_accessor :am_code, :migs_code, :migs_long_code, :name
+        def initialize(am_code, migs_code, migs_long_code, name)
+          @am_code        = am_code
+          @migs_code      = migs_code
+          @migs_long_code = migs_long_code
+          @name           = name
+        end
+      end
+
+      CARD_TYPES = [
+        # The following are 4 different representations of credit card types
+        # am_code: The active merchant code
+        # migs_code: Used in response for purchase/authorize/status
+        # migs_long_code: Used to pre-select card for server_purchase_url
+        # name: The nice display name
+        %w(american_express AE Amex             American\ Express),
+        %w(diners_club      DC Dinersclub       Diners\ Club),
+        %w(jcb              JC JCB              JCB\ Card),
+        %w(maestro          MS Maestro          Maestro\ Card),
+        %w(master           MC Mastercard       MasterCard),
+        %w(na               PL PrivateLabelCard Private\ Label\ Card),
+        %w(visa             VC Visa             Visa\ Card')
+      ].map do |am_code, migs_code, migs_long_code, name|
+        CreditCardType.new(am_code, migs_code, migs_long_code, name)
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/gateways/moneris.rb

@@ -101,9 +101,7 @@ module ActiveMerchant #:nodoc:
           :amount     => amount(money),
           :pan        => creditcard.number,
           :expdate    => expdate(creditcard),
-          :crypt_type => options[:crypt_type] || @options[:crypt_type],
-          :cvv        => creditcard.verification_value,
-          :billing_address => options[:address] || options[:billing_address]
+          :crypt_type => options[:crypt_type] || @options[:crypt_type]
         }
       end
       
@@ -131,9 +129,7 @@ module ActiveMerchant #:nodoc:
 
         Response.new(successful?(response), message_from(response[:message]), response,
           :test          => test?,
-          :authorization => authorization_from(response),
-          :avs_result    => {:code => response[:avs_result_code]},
-          :cvv_result    => response[:cvd_result_code] && response[:cvd_result_code].last
+          :authorization => authorization_from(response)
         )
       end
       
@@ -176,32 +172,10 @@ module ActiveMerchant #:nodoc:
         actions[action].each do |key|
           transaction.add_element(key.to_s).text = parameters[key] unless parameters[key].blank?
         end
-
-        add_avs_info(transaction, parameters)
-        add_cvd_info(transaction, parameters)
-
+        
         xml.to_s
       end
-
-      def add_avs_info(transaction, parameters)
-        if address = parameters[:billing_address]
-          street_number, street_name = address[:address1].split(' ', 2)
-
-          avs_info = transaction.add_element('avs_info')
-          avs_info.add_element('avs_street_number').text  = street_number
-          avs_info.add_element('avs_street_name').text    = street_name
-          avs_info.add_element('avs_zipcode').text        = address[:zip]
-        end
-      end
-
-      def add_cvd_info(transaction, parameters)
-        if cvd_value = parameters[:cvv]
-          cvd_info = transaction.add_element('cvd_info')
-          cvd_info.add_element('cvd_indicator').text  = '1'
-          cvd_info.add_element('cvd_value').text      = cvd_value
-        end
-      end
-
+    
       def message_from(message)
         return 'Unspecified error' if message.blank?
         message.gsub(/[^\w]/, ' ').split.join(" ").capitalize

data/lib/active_merchant/billing/gateways/moneris_us.rb

@@ -0,0 +1,211 @@
+require 'rexml/document'
+
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+
+    # To learn more about the Moneris (US) gateway, please contact 
+    # ussales@moneris.com for a copy of their integration guide. For 
+    # information on remote testing, please see "Test Environment Penny Value 
+    # Response Table", and "Test Environment eFraud (AVS and CVD) Penny 
+    # Response Values", available at Moneris' {eSelect Plus Documentation 
+    # Centre}[https://www3.moneris.com/connect/en/documents/index.html].
+    class MonerisUsGateway < Gateway
+      TEST_URL = 'https://esplusqa.moneris.com/gateway_us/servlet/MpgRequest'
+      LIVE_URL = 'https://esplus.moneris.com/gateway_us/servlet/MpgRequest'
+      
+      self.supported_countries = ['US']
+      self.supported_cardtypes = [:visa, :master, :american_express, :diners_club, :discover]
+      self.homepage_url = 'http://www.monerisusa.com/'
+      self.display_name = 'Moneris (US)'
+  
+      # login is your Store ID
+      # password is your API Token
+      def initialize(options = {})
+        requires!(options, :login, :password)
+        @options = { :crypt_type => 7 }.update(options)
+        super      
+      end      
+    
+      # Referred to as "PreAuth" in the Moneris integration guide, this action 
+      # verifies and locks funds on a customer's card, which then must be 
+      # captured at a later date.
+      # 
+      # Pass in +order_id+ and optionally a +customer+ parameter.
+      def authorize(money, creditcard, options = {})
+        debit_commit 'us_preauth', money, creditcard, options        
+      end
+      
+      # This action verifies funding on a customer's card, and readies them for 
+      # deposit in a merchant's account.
+      # 
+      # Pass in <tt>order_id</tt> and optionally a <tt>customer</tt> parameter
+      def purchase(money, creditcard, options = {})
+        debit_commit 'us_purchase', money, creditcard, options
+      end
+     
+      # This method retrieves locked funds from a customer's account (from a 
+      # PreAuth) and prepares them for deposit in a merchant's account.
+      # 
+      # Note: Moneris requires both the order_id and the transaction number of
+      # the original authorization.  To maintain the same interface as the other
+      # gateways the two numbers are concatenated together with a ; separator as
+      # the authorization number returned by authorization
+      def capture(money, authorization, options = {})
+        commit 'us_completion', crediting_params(authorization, :comp_amount => amount(money))
+      end
+
+      # Voiding requires the original transaction ID and order ID of some open 
+      # transaction. Closed transactions must be refunded. Note that the only 
+      # methods which may be voided are +capture+ and +purchase+.
+      # 
+      # Concatenate your transaction number and order_id by using a semicolon 
+      # (';'). This is to keep the Moneris interface consistent with other 
+      # gateways. (See +capture+ for details.)
+      def void(authorization, options = {})
+        commit 'us_purchasecorrection', crediting_params(authorization)
+      end
+      
+      # Performs a refund. This method requires that the original transaction 
+      # number and order number be included. Concatenate your transaction 
+      # number and order_id by using a semicolon (';'). This is to keep the 
+      # Moneris interface consistent with other gateways. (See +capture+ for 
+      # details.)
+      def credit(money, authorization, options = {})
+        deprecated CREDIT_DEPRECATION_MESSAGE
+        refund(money, authorization, options)
+      end
+   
+      def refund(money, authorization, options = {})
+        commit 'us_refund', crediting_params(authorization, :amount => amount(money))
+      end
+
+      def test?
+        @options[:test] || super
+      end
+    private # :nodoc: all
+    
+      def expdate(creditcard)
+        sprintf("%.4i", creditcard.year)[-2..-1] + sprintf("%.2i", creditcard.month)
+      end
+      
+      def debit_commit(commit_type, money, creditcard, options)
+        requires!(options, :order_id)
+        commit(commit_type, debit_params(money, creditcard, options))
+      end
+      
+      # Common params used amongst the +purchase+ and +authorization+ methods
+      def debit_params(money, creditcard, options = {})
+        {
+          :order_id   => options[:order_id],
+          :cust_id    => options[:customer],
+          :amount     => amount(money),
+          :pan        => creditcard.number,
+          :expdate    => expdate(creditcard),
+          :crypt_type => options[:crypt_type] || @options[:crypt_type]
+        }
+      end
+      
+      # Common params used amongst the +credit+, +void+ and +capture+ methods
+      def crediting_params(authorization, options = {})
+        {
+          :txn_number => split_authorization(authorization).first, 
+          :order_id   => split_authorization(authorization).last, 
+          :crypt_type => options[:crypt_type] || @options[:crypt_type]
+        }.merge(options)
+      end
+      
+      # Splits an +authorization+ param and retrives the order id and 
+      # transaction number in that order.
+      def split_authorization(authorization)
+        if authorization.nil? || authorization.empty? || authorization !~ /;/
+          raise ArgumentError, 'You must include a valid authorization code (e.g. "1234;567")' 
+        else
+          authorization.split(';')
+        end
+      end
+  
+      def commit(action, parameters = {})
+        response = parse(ssl_post(test? ? TEST_URL : LIVE_URL, post_data(action, parameters)))
+
+        Response.new(successful?(response), message_from(response[:message]), response,
+          :test          => test?,
+          :authorization => authorization_from(response)
+        )
+      end
+      
+      # Generates a Moneris authorization string of the form 'trans_id;receipt_id'.
+      def authorization_from(response = {})
+        if response[:trans_id] && response[:receipt_id]
+          "#{response[:trans_id]};#{response[:receipt_id]}"
+        end
+      end
+      
+      # Tests for a successful response from Moneris' servers
+      def successful?(response)
+        response[:response_code] && 
+        response[:complete] && 
+        (0..49).include?(response[:response_code].to_i)
+      end
+                                               
+      def parse(xml)
+        response = { :message => "Global Error Receipt", :complete => false }
+        hashify_xml!(xml, response)
+        response
+      end
+      
+      def hashify_xml!(xml, response)
+        xml = REXML::Document.new(xml)
+        return if xml.root.nil?
+        xml.elements.each('//receipt/*') do |node|
+          response[node.name.underscore.to_sym] = normalize(node.text)
+        end
+      end
+
+      def post_data(action, parameters = {})
+        xml   = REXML::Document.new
+        root  = xml.add_element("request")
+        root.add_element("store_id").text  = options[:login]
+        root.add_element("api_token").text = options[:password]
+        transaction = root.add_element(action)
+
+        # Must add the elements in the correct order
+        actions[action].each do |key|
+          transaction.add_element(key.to_s).text = parameters[key] unless parameters[key].blank?
+        end
+        
+        xml.to_s
+      end
+    
+      def message_from(message)
+        return 'Unspecified error' if message.blank?
+        message.gsub(/[^\w]/, ' ').split.join(" ").capitalize
+      end
+
+      # Make a Ruby type out of the response string
+      def normalize(field)
+        case field
+          when "true"     then true
+          when "false"    then false
+          when '', "null" then nil
+          else field
+        end        
+      end
+      
+      def actions
+        {
+          "us_purchase"           => [:order_id, :cust_id, :amount, :pan, :expdate, :crypt_type],
+          "us_preauth"            => [:order_id, :cust_id, :amount, :pan, :expdate, :crypt_type],
+          "us_refund"             => [:order_id, :amount, :txn_number, :crypt_type],
+          "us_ind_refund"         => [:order_id, :cust_id, :amount, :pan, :expdate, :crypt_type],
+          "us_completion"         => [:order_id, :comp_amount, :txn_number, :crypt_type],
+          "us_purchasecorrection" => [:order_id, :txn_number, :crypt_type],
+          "us_cavv_purchase"      => [:order_id, :cust_id, :amount, :pan, :expdate, :cavv],
+          "us_cavv_preauth"       => [:order_id, :cust_id, :amount, :pan, :expdate, :cavv],
+          "us_batchcloseall"      => [],
+          "us_opentotals"         => [:ecr_number],
+          "us_batchclose"         => [:ecr_number]
+        }
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/gateways/nab_transact.rb

@@ -59,7 +59,7 @@ module ActiveMerchant #:nodoc:
       end
 
       def purchase(money, credit_card_or_stored_id, options = {})
-        if credit_card_or_stored_id.is_a?(ActiveMerchant::Billing::CreditCard)
+        if credit_card_or_stored_id.respond_to?(:number)
           #Credit card for instant payment
           commit :purchase, build_purchase_request(money, credit_card_or_stored_id, options)
         else

data/lib/active_merchant/billing/gateways/ogone.rb

@@ -9,17 +9,23 @@ module ActiveMerchant #:nodoc:
     # communication between Ogone systems and your e-commerce website.
     #
     # This implementation follows the specification provided in the DirectLink integration
-    # guide version 4.2.0 (26 October 2011), available here:
+    # guide version 4.3.0 (25 April 2012), available here:
     # https://secure.ogone.com/ncol/Ogone_DirectLink_EN.pdf
     #
     # It also features aliases, which allow to store/unstore credit cards, as specified in
-    # the Alias Manager Option guide version 3.2.0 (26 October 2011) available here:
+    # the Alias Manager Option guide version 3.2.1 (25 April 2012) available here:
     # https://secure.ogone.com/ncol/Ogone_Alias_EN.pdf
     #
-    # It was last tested on Release 4.89 of Ogone DirectLink + AliasManager (26 October 2011).
+    # It also implements the 3-D Secure feature, as specified in the DirectLink with
+    # 3-D Secure guide version 3.0 (25 April 2012) available here:
+    # https://secure.ogone.com/ncol/Ogone_DirectLink-3-D_EN.pdf
+    #
+    # It was last tested on Release 4.92 of Ogone DirectLink + AliasManager + Direct Link 3D
+    # (25 April 2012).
     #
     # For any questions or comments, please contact one of the following:
-    # - Nicolas Jacobeus (nj@belighted.com),
+    # - Joel Cogen (joel.cogen@belighted.com)
+    # - Nicolas Jacobeus (nicolas.jacobeus@belighted.com),
     # - Sébastien Grosjean (public@zencocoon.com),
     # - Rémy Coutable (remy@jilion.com).
     #
@@ -52,17 +58,46 @@ module ActiveMerchant #:nodoc:
     #   puts response.success?      # Check whether the transaction was successful
     #   puts response.message       # Retrieve the message returned by Ogone
     #   puts response.authorization # Retrieve the unique transaction ID returned by Ogone
+    #   puts response.order_id      # Retrieve the order ID
     #
     # == Alias feature
     #
-    #   To use the alias feature, simply add :store in the options hash:
+    #   To use the alias feature, simply add :billing_id in the options hash:
     #
     #   # Associate the alias to that credit card
-    #   gateway.purchase(1000, creditcard, :order_id => "1", :store => "myawesomecustomer")
+    #   gateway.purchase(1000, creditcard, :order_id => "1", :billing_id => "myawesomecustomer")
     #
     #   # You can use the alias instead of the credit card for subsequent orders
     #   gateway.purchase(2000, "myawesomecustomer", :order_id => "2")
     #
+    #   # You can also create an alias without making a purchase using store
+    #   gateway.store(creditcard, :billing_id => "myawesomecustomer")
+    #
+    #   # When using store, you can also let Ogone generate the alias for you
+    #   response = gateway.store(creditcard)
+    #   puts response.billing_id  # Retrieve the generated alias
+    #
+    # == 3-D Secure feature
+    #
+    #   To use the 3-D Secure feature, simply add :d3d => true in the options hash:
+    #   gateway.purchase(2000, "myawesomecustomer", :order_id => "2", :d3d => true)
+    #
+    #   Specific 3-D Secure request options are (please refer to the documentation for more infos about these options):
+    #     :win_3ds         => :main_window (default), :pop_up or :pop_ix.
+    #     :http_accept     => "*/*" (default), or any other HTTP_ACCEPT header value.
+    #     :http_user_agent => The cardholder's User-Agent string
+    #     :accept_url      => URL of the web page to show the customer when the payment is authorized.
+    #                         (or waiting to be authorized).
+    #     :decline_url     => URL of the web page to show the customer when the acquirer rejects the authorization
+    #                         more than the maximum permitted number of authorization attempts (10 by default, but can
+    #                         be changed in the "Global transaction parameters" tab, "Payment retry" section of the
+    #                         Technical Information page).
+    #     :exception_url   => URL of the web page to show the customer when the payment result is uncertain.
+    #     :paramplus       => Field to submit the miscellaneous parameters and their values that you wish to be
+    #                         returned in the post sale request or final redirection.
+    #     :complus         => Field to submit a value you wish to be returned in the post sale request or output.
+    #     :language        => Customer's language, for example: "en_EN"
+    #
     class OgoneGateway < Gateway
 
       URLS = {
@@ -80,8 +115,16 @@ module ActiveMerchant #:nodoc:
 
       SUCCESS_MESSAGE = "The transaction was successful"
 
+      THREE_D_SECURE_DISPLAY_WAYS = { :main_window => 'MAINW',  # display the identification page in the main window
+                                                                # (default value).
+                                      :pop_up      => 'POPUP',  # display the identification page in a pop-up window
+                                                                # and return to the main window at the end.
+                                      :pop_ix      => 'POPIX' } # display the identification page in a pop-up window
+                                                                # and remain in the pop-up window.
+
       OGONE_NO_SIGNATURE_DEPRECATION_MESSAGE   = "Signature usage will be required from a future release of ActiveMerchant's Ogone Gateway. Please update your Ogone account to use it."
       OGONE_LOW_ENCRYPTION_DEPRECATION_MESSAGE = "SHA512 signature encryptor will be required from a future release of ActiveMerchant's Ogone Gateway. Please update your Ogone account to use it."
+      OGONE_STORE_OPTION_DEPRECATION_MESSAGE   = "The 'store' option has been renamed to 'billing_id', and its usage is deprecated."
 
       self.supported_countries = ['BE', 'DE', 'FR', 'NL', 'AT', 'CH']
       # also supports Airplus and UATP
@@ -152,6 +195,14 @@ module ActiveMerchant #:nodoc:
         perform_reference_credit(money, reference, options)
       end
 
+      # Store a credit card by creating an Ogone Alias
+      def store(payment_source, options = {})
+        options.merge!(:alias_operation => 'BYOGONE') unless options.has_key?(:billing_id) || options.has_key?(:store)
+        response = authorize(1, payment_source, options)
+        void(response.authorization) if response.success?
+        response
+      end
+
       def test?
         @options[:test] || super
       end
@@ -164,7 +215,7 @@ module ActiveMerchant #:nodoc:
 
       def reference_transaction?(identifier)
         return false unless identifier.is_a?(String)
-        reference, action = identifier.split(";")
+        _, action = identifier.split(";")
         !action.nil?
       end
 
@@ -188,21 +239,44 @@ module ActiveMerchant #:nodoc:
 
       def add_payment_source(post, payment_source, options)
         if payment_source.is_a?(String)
-          add_alias(post, payment_source)
+          add_alias(post, payment_source, options[:alias_operation])
           add_eci(post, options[:eci] || '9')
         else
-          add_alias(post, options[:store])
+          if options.has_key?(:store)
+            deprecated OGONE_STORE_OPTION_DEPRECATION_MESSAGE
+            options[:billing_id] ||= options[:store]
+          end
+          add_alias(post, options[:billing_id], options[:alias_operation])
           add_eci(post, options[:eci] || '7')
+          add_d3d(post, options) if options[:d3d]
           add_creditcard(post, payment_source)
         end
       end
 
+      def add_d3d(post, options)
+        add_pair post, 'FLAG3D', 'Y'
+        win_3ds = THREE_D_SECURE_DISPLAY_WAYS.key?(options[:win_3ds]) ?
+          THREE_D_SECURE_DISPLAY_WAYS[options[:win_3ds]] :
+          THREE_D_SECURE_DISPLAY_WAYS[:main_window]
+        add_pair post, 'WIN3DS', win_3ds
+
+        add_pair post, 'HTTP_ACCEPT',     options[:http_accept] || "*/*"
+        add_pair post, 'HTTP_USER_AGENT', options[:http_user_agent] if options[:http_user_agent]
+        add_pair post, 'ACCEPTURL',       options[:accept_url]      if options[:accept_url]
+        add_pair post, 'DECLINEURL',      options[:decline_url]     if options[:decline_url]
+        add_pair post, 'EXCEPTIONURL',    options[:exception_url]   if options[:exception_url]
+        add_pair post, 'PARAMPLUS',       options[:paramplus]       if options[:paramplus]
+        add_pair post, 'COMPLUS',         options[:complus]         if options[:complus]
+        add_pair post, 'LANGUAGE',        options[:language]        if options[:language]
+      end
+
       def add_eci(post, eci)
         add_pair post, 'ECI', eci.to_s
       end
 
-      def add_alias(post, _alias)
+      def add_alias(post, _alias, alias_operation = nil)
         add_pair post, 'ALIAS', _alias
+        add_pair post, 'ALIASOPERATION', alias_operation unless alias_operation.nil?
       end
 
       def add_authorization(post, authorization)
@@ -242,7 +316,15 @@ module ActiveMerchant #:nodoc:
 
       def parse(body)
         xml_root = REXML::Document.new(body).root
-        convert_attributes_to_hash(xml_root.attributes)
+        response = convert_attributes_to_hash(xml_root.attributes)
+
+        # Add HTML_ANSWER element (3-D Secure specific to the response's params)
+        # Note: HTML_ANSWER is not an attribute so we add it "by hand" to the response
+        if html_answer = REXML::XPath.first(xml_root, "//HTML_ANSWER")
+          response["HTML_ANSWER"] = html_answer.text
+        end
+
+        response
       end
 
       def commit(action, parameters)
@@ -259,7 +341,7 @@ module ActiveMerchant #:nodoc:
           :avs_result    => { :code => AVS_MAPPING[response["AAVCheck"]] },
           :cvv_result    => CVV_MAPPING[response["CVCCheck"]]
         }
-        Response.new(successful?(response), message_from(response), response, options)
+        OgoneResponse.new(successful?(response), message_from(response), response, options)
       end
 
       def successful?(response)
@@ -326,5 +408,15 @@ module ActiveMerchant #:nodoc:
         response_hash
       end
     end
+
+    class OgoneResponse < Response
+      def order_id
+        @params['orderID']
+      end
+
+      def billing_id
+        @params['ALIAS']
+      end
+    end
   end
 end