3-D Secure

From Wikipedia, the free encyclopedia

3-D Secure (tm) is a XML-based protocol to allow authentication of cardholders of credit card companies in epayment transactions. The 3-D Secure™ protocol was developed by Visa to improve the security of Internet payments. It was adopted and is offered with the service name Verified_by_Visa and MasterCard SecureCode. The main difference between Visa and MasterCard implementations resides in the method to generate the AAV (Accountholder Authentication Value): MasterCard uses UCAF (Universal Cardholder Authentication Field) and Visa uses CAVV (Cardholder Authentication Verification Value). The protocol has also being adopted by JCB International under the service called J/Secure.

Contents 1 Description and basic aspects of the protocol 2 References 3 See also 4 External links

[edit] Description and basic aspects of the protocol

The basic concept of the protocol is to tie the financial authorization process with an online authentication. This authentication is based on a 3 domain model (that is the 3-D in the name). The three domains are: Acquirer Domain (the commerce), the Issuer Domain (the bank issuer of the credit card) and finally the Interoperability Domain (Worldwide credit card and support).

The protocol uses XML messages sent over SSL connections with Client Authentication (this allow the authenticity of both peers, the Server and the Client, using Digital Certificates).

Each Issuer could use any kind of authentication method (the protocol does not cover this) but typically, a password-based method is used, so to effectively buy in Internet means using a secret password tied to the card.

In order for a VISA or MasterCard member Bank to use the service, it has to operate a compliant software that support the latest protocol specifications. Currently the specifications are under version 1.0.2. Previous versions 0.7 (only used in VISA USA) and 1.0.1 have become redundant and are no longer supported. Make a note that MasterCard and JCB have adopted version 1.0.2 of the protocol only. Once a compliant software is installed, member bank will perform Product Integration Testing with the Payment System Server before it rolls out the system.

[edit] References

• http://partnernetwork.visa.com/pf/3dsec/main.jsp

[edit] See also

• eCommerce
• XML
• SET

[edit] External links

• Visa 3-D Secure Payment Program
• Secure Hosting Ltd. [1] Payment Service Processor. Follows the 3-D Secure Payment Program.