Scribd Logo
Upload

Welcome to Scribd!

  • Description and Basic Aspects

    Uploaded by

    Amutha Arun
    8 views1 page
    The 3-D Secure protocol ties online financial authorizations to an authentication process using a three-domain model: the acquirer domain of the merchant and paying bank, the issuer domain of the card-issuing bank, and the interoperability domain providing infrastructure. It uses XML messages over SSL and client authentication to ensure server and client authenticity. A purchase triggers redirection to the card issuer's site for password-based authorization, typically receiving a one-time password by SMS or email. Implementations are currently at version 1.0.2, adopted by MasterCard and JCB, requiring compliant software and testing by member banks before rollout.

    Original Description:

    oop

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The 3-D Secure protocol ties online financial authorizations to an authentication process using a three-domain model: the acquirer domain of the merchant and paying bank, the issuer domain of the card-issuing bank, and the interoperability domain providing infrastructure. It uses XML messages over SSL and client authentication to ensure server and client authenticity. A purchase triggers redirection to the card issuer's site for password-based authorization, typically receiving a one-time password by SMS or email. Implementations are currently at version 1.0.2, adopted by MasterCard and JCB, requiring compliant software and testing by member banks before rollout.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    8 views1 page

    Description and Basic Aspects

    Uploaded by

    Amutha Arun
    The 3-D Secure protocol ties online financial authorizations to an authentication process using a three-domain model: the acquirer domain of the merchant and paying bank, the issuer domain of the card-issuing bank, and the interoperability domain providing infrastructure. It uses XML messages over SSL and client authentication to ensure server and client authenticity. A purchase triggers redirection to the card issuer's site for password-based authorization, typically receiving a one-time password by SMS or email. Implementations are currently at version 1.0.2, adopted by MasterCard and JCB, requiring compliant software and testing by member banks before rollout.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 1

    Description and basic aspects

    The basic concept of the protocol is to tie the financial authorization process with an online authentication. This
    authentication is based on a three-domain model (hence the 3-D in the name). The three domains are:

    Acquirer Domain (the merchant and the bank to which money is being paid).

    Issuer Domain (the bank which issued the card being used).

    Interoperability Domain (the infrastructure provided by the card scheme, credit, debit, prepaid or other type
    of finance card, to support the 3-D Secure protocol). Interoperability Domain includes the Internet, MPI,
    ACS and other software providers

    The protocol uses XML messages sent over SSL connections with client authentication[citation needed] (this ensures
    the authenticity of both peers, the server and the client, using digital certificates).
    A transaction using Verified-by-Visa or SecureCode will initiate a redirection to the website of the card issuing
    bank to authorize the transaction. Each issuer could use any kind of authentication method (the protocol does
    not cover this) but typically, a password-based method is used, so to effectively buy on the Internet means
    using a password tied to the card. The Verified-by-Visa protocol recommends the bank's verification page to
    load in an inline frame session. In this way, the bank's systems can be held responsible for most security
    breaches. Today, with the ease of sending white-listed text messages from registered bank senders, it is easy
    to send a one-time password as part of an SMS text message to users' mobile phones and emails for
    authentication, at least during enrollment and for forgotten passwords.
    The main difference between Visa and MasterCard implementations lies in the method to generate the UCAF
    (Universal Cardholder Authentication Field): MasterCard uses AAV (Accountholder Authentication Value) and
    Visa uses CAVV (Cardholder Authentication Verification Value).

    Implementations
    The specifications are currently at version 1.0.2. Previous versions 0.7 (only used by Visa USA) and
    1.0.1 have become redundant and are no longer supported. MasterCard and JCB have adopted version 1.0.2
    of the protocol only.
    In order for a Visa or MasterCard member bank to use the service, the bank has to operate compliant software
    that supports the latest protocol specifications. Once compliant software is installed, the member bank will
    perform product integration testing with the payment system server before it rolls out the system.

    You might also like