FACTSHEET

1 ActiveServer Cross-Platform Cardholder Authentication www.gpayments.com

ActiveServer
!"#$%&'$(# )*+%(,+-."+-&,
Frictionless Fraud Prevention with 3D Secure 2

March 2020 - v1.7

Copyright © 2020 GPayments Pty Ltd

1 ActiveServer Cardholder Authentication www.gpayments.com

Multi-Channel Authentication
for eCommerce
with GPayments’ ActiveServer Solution

Authentication for Web & Mobile Transactions

THE NEED FOR AUTHENTICATION The 3DS protocol has been giving customers
peace of mind for 16 years by providing an
With the ever-increasing trend towards online
extra layer of security in card-not-present
services, there is a greater requirement for
online transactions. GPayments’ ActiveServer
the authentication of users during
leverages the latest improvements from the
transactions and banking activities to:
EMVCo 3DS2 protocol (such as multi-factor
• Reduce the potential for online fraud
authentication and biometrics) to give
• Reduce the cost of processing
merchants the security, which has always
fraudulent transactions
been provided by 3DS, with the additional
• Increase cardholder confidence in benefits of native support for mobile
using online services applications and the new frictionless
• Comply with international regulations authentication flow.
such as PCI-DSS, EMVCo guidelines and
the EU Payment Services Directive
THE BENEFITS OF 3DS2
(PSD2).
Multi-Channel Authentication for Web & Mobile
In the physical world, these requirements are
With the significant increase in Internet usage
largely overcome and managed. However,
and with a view to capturing new markets,
with online transactions, there is an increasing
most merchants now offer their customers a
need to ensure these goals are met. When
variety of ways to purchase online, including
comparing the physical and virtual worlds,
both traditional browser-based eCommerce
additional authentication is required to prove
and in-app purchases. Recognising the
a user's identity in the virtual world. The
necessity to support new and evolving
development of strategies to address the
payment channels, in addition to traditional
need for increased security for online
PC desktop and browser-based transactions,
authentication has been paramount and has
ActiveServer includes the ability to natively
resulted in the emergence of the 3D Secure
support authentication of app-based
(3DS) protocol for eCommerce.
transactions on mobile and other consumer
connected devices.

Copyright © 2020 GPayments Pty Ltd

2 ActiveServer Cardholder Authentication
Frictionless Flow
Another key benefit for merchants in 3DS2 is the
introduction of the frictionless flow. While many
rule-based engines have been available in the
market in the past, 3DS is the only protocol to
offer issuer-approved authentication for
merchant liability shift. The former 3DS required
users to go through an initial sign up process,
remember static passwords, and it utilised the
invasive challenge screen, which often ended up
leading to cart abandonment. 3DS2 offers a
seamless way for cardholders to be authenticated
between the merchant and issuer and the
prediction is that in most cases authentication
activity will be invisible to the cardholder, leading
to a significant increase in conversion rates.
Copyright © 2020 GPayments Pty Ltd
www.gpayments.com
Non-Payment Authentication
3DS2 also supports cardholder verification
for non-payment transactions, allowing
merchants to verify a cardholder’s identity
with its issuer, without needing to process
a charge, all within the security of the 3DS
ecosystem. This is useful for scenarios
such as adding a payment card to a digital
wallet or managing recurring transactions.
A new device channel introduced in 3DS2
is 3DS2 Requestor Initiated (3RI). This
channel allows authentication to be
initiated from the merchant’s 3DS
Requestor environment, which is useful
for managing recurring transactions, or
checking if a card is still valid.
3 ActiveServer Cardholder Authentication www.gpayments.com

ActiveServer Features

CARD BRANDS SUPPORTED MERCHANT DASHBOARD

GPayments’ ActiveServer supports A merchant dashboard, available via the web
all of the major card schemes: administration panel, allows users to quickly gauge key
• American Express statistics and information regarding server performance
• Diners Club International and authentication usage. Multiple merchant profiles
• JCB can also be added to the system and managed through
this panel.
• Mastercard
! UnionPay (Q3 2020)
• Visa REAL-TIME AUTHENTICATION STATISTICS

PCI-DSS READY
ActiveServer adheres to Payment
Card Industry (PCI)
recommendations for cardholder
data security. The following
features are built-in to ensure
ongoing PCI-DSS compliance.

• Two Factor Authentication for

administrative personnel
• Truncated PAN storage
• Central application logging TRANSACTION REPORTS
system Detailed transaction reports can be viewed for all
• System audit event logs completed transactions for business or troubleshooting
purposes. Transaction reports can be viewed per
GPAYMENTS’ TESTLABS merchant or for all merchants in the system.
ActiveServer clients will be offered
access to GPayments 3DS2
TestLabs. ActiveServer can connect
to our EMVCo-compliant ACS,
Mobile SDK, and Directory Server
products, to provide end-to-end
test capability of your
implementation. Different access
packages are available to be
customised by our business team
to suit your requirements.

Copyright © 2020 GPayments Pty Ltd

4 ActiveServer Cardholder Authentication
EXTENSIVE APIs
GPayments’ ActiveServer offers easy to
use RESTful APIs based on industry
standards, for merchants to integrate
with their existing systems. Requests
can be sent and received in JSON
format and the API comes with detailed
documentation and sample code to
offer a seamless experience.
Authentication API
ActiveServer exposes its authentication
components to allow merchants to
embed API code within their existing
checkout process. This code calls
ActiveServer to perform the 3DS
Authentication and return the
authentication response. This is a
flexible model, which offers merchants
the ability to utilise ActiveServer
remotely over the Internet from the
merchant's own network.
Admin API
ActiveServer exposes an API to its
administration services, enabling
system administrators and developers
to integrate merchant and acquirer
management tasks with existing
infrastructure. The Admin API is
particularly useful for merchant
aggregators and payment gateways
who already maintain and manage
some of the merchant information
required for setting up merchant
profiles, thereby integrating
ActiveServer’s merchant management
tasks within a merchant’s own system
and significantly reducing
administration overhead.
Copyright © 2020 GPayments Pty Ltd
www.gpayments.com
INTEROPERABILITY WITH ACTIVEMERCHANT AND
THE 3DS1 PROTOCOL
Moving the industry from 3DS1 to 3DS2 is a massive
undertaking and even though the incentives are there for both
the merchant and issuing sides, we anticipate 3DS1 will still be
operational for years to come. To assist with supporting the
two protocols in parallel, ActiveServer includes a protocol
router, which can be enabled by merchants to allow the
appropriate 3DS flow to be determined for each cardholder. If
the cardholder is enrolled in 3DS2, the ActiveServer
authentication flow continues as usual; if not, the merchant
can choose to continue with their existing 3DS1 flow. This
feature will allow full interoperability with GPayments’ MPI
solution, ActiveMerchant, as well as existing MPI solutions with
minimal merchant side code changes.
ROLE BASED USER MANAGEMENT
Predefined Role Management
ActiveServer offers pre-defined roles, allowing separation of
duties. Administrator duties can be split between business,
system and user admin roles. ActiveServer can also provide
access roles to individual merchant entities to manage their
profiles, or read-only access to view their transaction statistics
and reports.
CLOUD READY DEPLOYMENT
If deploying GPayments’ ActiveServer as an In-House solution,
it comes ready for deployment on the cloud straight out-of-
the-box and is usable on many platforms including public
cloud vendors like Amazon Web Services and Google Cloud
Platform. Load balancing and clustering are all possible, with
Docker support also available.
MIGRATION FROM ACTIVEMERCHANT
For clients who are current users of our 3DS1 offering,
ActiveMerchant Enterprise, ActiveServer provides a migration
tool to import specific data to ease and streamline your
upgrade process.
5 ActiveServer Cardholder Authentication
Additional Core Functionality
GPayments’ ActiveServer comes with the following core features:
• Intelligent Reporting - key business
information available from reporting
functionality provided through the
administration web application.
• Application Server and OS Agnostic -
ability to utilise any popular web
container to launch ActiveServer via a
WAR file or deploy as a standalone
application utilising Spring. This
extends to all popular operating
systems including Windows and Linux
based systems.
• HSM Agnostic - compatibility with
most major general purpose
Hardware Security Modules for
encryption, including Thales, Gemalto,
AWS KMS, or any PKCS11 compatible
HSM’s.
• Database Agnostic - support for
major leading relational database
systems, including Oracle, MySQL,
MSSQL, Postgres, DB2 and AWS RDS.
Copyright © 2020 GPayments Pty Ltd
www.gpayments.com
• Easy Product Activation - simple
management of all ActiveServer
instances deployed via a token-based
activation procedure linked to the
organisation’s account with
GPayments.
• Multiple 3DS Requestors and
Merchants - ability to add multiple
3DS Requestors and merchants to the
same ActiveServer instance.
• Web-Based Documentation -
extensive web-based documentation,
covering ActiveServer’s functionality,
available for all user roles.
• Ease of Migration - for existing
customers, GPayments is available to
develop a plan and identify the tools
needed for migrating to ActiveServer.
• Settings management - a rich set of
features allow the customisation of
the ActiveServer administration
interface and server for In-House
implementations.
6 ActiveServer Cardholder Authentication www.gpayments.com

Product Implementation Options

1. GPAYMENTS HOSTED SERVICE • Serviced by experts - Save time and

GPayments Hosted Service provides an resources by allowing our team of 3DS2

enterprise level Software as a Service (SaaS) professionals to manage the service for

solution for cardholder authentication. Hosted you, leaving you to focus on your

using one of the world leader’s in cloud business. We will keep the software

services, it features a secure and highly running, up-to-date and cover any support

redundant, multi-tenancy ActiveServer cluster questions you may have.

for all our customers around the globe. With
PCI compliance and card scheme certification
managed by our experienced operations
team, our hosted service is the convenient and
stress free way to implement your 3DS2
needs.
Benefits of the hosted service
• Full PCI compliance - All PCI certification
and maintenance is handled by the
GPayments operations team, reducing the
scope of your organisation’s investment.
• Card scheme compliance – Card scheme
certification and compliance programs are
also handled by GPayments, allowing for
an expedited time to market.
• Integrate via powerful API - Our
comprehensive, yet simple, Authentication
and Administration API’s are RESTful
based and allow you to integrate your
payment services easily with ActiveServer.
• Reliability and redundancy - Utilising a
comprehensive cloud based system
health monitoring and diagnostic service,
system status will always be monitored to
ensure maximum availability for your
business. A high availability database
deployment will provide a secure and high
performance backend to ensure that your
data is always safe.
• Easy to manage - Your service can be
managed easily from our client
dashboard, including initial activation,
viewing your subscription details, usage
and system status. Access to your
ActiveServer instance is also securely
granted via the web-based administration
panel at your customised sub-domain on
our server for you to perform all
administration tasks.

2. IN-HOUSE IMPLEMENTATION
If you prefer to implement 3DS2 in-house, ActiveServer has been designed to be easily deployed in
a high availability cluster set up out-of-the-box in your environment. The software and
documentation suite are all available from our website for download or view. Installation and
management packages can also be discussed and tailored to fit your situation as required.

Copyright © 2020 GPayments Pty Ltd

8 ActiveServer Cardholder Authentication www.gpayments.com

ABOUT

GPayments
GPayments is a company focused on delivering
authentication products for online transactions
and providing a range of solutions for card
schemes, financial institutions, online service
providers, merchants and cardholders.

With over fifteen years experience, GPayments has

a long history of pioneering and innovation in the
field of eCommerce and security and is recognised
as a leader in authentication solutions. The
strong, long-term relationships we have built with
our loyal, blue chip client base are as a result of
our experience, expertise and record of success.
GPayments is a well respected provider of
products and services to financial
institutions throughout Asia Pacific, Europe,
Middle East and North America

As a founding member of Visa International’s 3-D
Secure Forum and having worked closely with
Mastercard on their Secure Payment Application
protocol, GPayments has an intimate knowledge of
online authentication and payment security
requirements. It is based on such knowledge and
experience that GPayments produces its quality
products for the banking and payments industry.
GPayments has an extensive list of banking clients
throughout Asia Pacific, Europe, the Middle East
and North America, where its products have been
implemented. GPayments has also partnered with
key financial sector service providers to implement
significant bank-grade payment and
authentication solutions for their clients. Services
to clients and partners have included project
management, development, customisation,
implementation, integration, training and ongoing
support. The expertise available through
GPayments would ensure a successful
implementation of your solution.
GPayments was a founding member of the
Visa International 3-D Secure Forum
established November 2000 and a major
contributor to the standard
GPayments partnered with Mastercard in
the development and evolution of its
Secure Payment Application (SPA) protocol
in 2000 and was the provider of the SPA
global test facility for Mastercard
International
GPayments’ authentication platform,
ActiveAccess, was the chosen solution for
Mastercard’s Asia Pacific Online
Authentication Service (MOAS) for 3-D
Secure and multi-factor authentication
GPayments products are certified 3D
Secure compliant solutions, 3DS 1.0.2 and
3DS 2.1.0, for Mastercard, Visa, American
Express, JCB and Diners Club International /
Discover.

Copyright © 2020 GPayments Pty Ltd

9 ActiveServer & ActiveSDK Cardholder Authentication www.gpayments.com

FACTSHEET
3DS SERVER

3dsecure@gpayments.com +61 2 9453 5411 www.gpayments.com

Copyright © 2020 GPayments Pty Ltd