Magento – Implementing 3D Secure verification in Custom API based payment method in magento

I created a new controller action and redirected users to it from getOrderPlaceRedirectUrl(). This new controller action will show a hidden form that displays the MD, PaReq etc as hidden fields. This form can then auto submit to the ACS URL.

Some untested pseudo-code is below. You'll need to modify it according to your needs but hopefully it gets the idea across.

Inside your payment method instance:

function getOrderPlaceUrl() {
    Mage::getModel('core/session')->setMd('valuehere'); //  Set all the 3DS params into the session by the time this function call finished.  Don't set them here in actual code - bad style.  This is just for demonstration.
    return Mage::getUrl('module/payment/action');
}

app/code/local/Namespace/Module/controllers/Payment.php:

class Namespace_Module_PaymentController extends Mage_Core_Controller_Varien_Front {
    public function redirectAction() {
        $this->loadLayout();
        $this->renderLayout();
    }
}

app/design/frontent/base/default/layout/module.xml:

<namespace_module_payment_redirect>
    <reference name="content">
        <block type="namespace_module/payment_redirect</block" name="namespace.module.payment.redirect" template="namespace/module/payment/redirect.tpl" />
    </reference>
</namespace_module_payment_redirect>

app/code/local/Namespace/Module/Block/Payment/Redirect.php:

class Namespace_Module_Block_Payment_Redirect extends Mage_Core_Block_Abstract
    public function getMd() {
        return Mage::getModel('core/session')->getMd();
    }
}

app/design/frontend/base/default/templates/module/payment/redirect.tpl:

<form action="payment_gateway_url_here" method="post">
    <input type="hidden" name="MD" value="<?php print $this->getMd(); ?>" />
</form>

Note: I first saw and answered this question on SO. Unsure of the protocol for handling duplicate questions across SE sites. Perhaps someone will advise?