The Worldwide Standard for Online Payment Authentication
What is 3D Secure?
3D Secure is a standard protocol in the payments industry that aims to detect and prevent credit card fraud, and in turn to protect credit card holders, merchants, and banks from security fraud. 3D Secure has been adopted by Visa, Mastercard, American Express, JCB, Discover, UnionPay, as well as many other regional card schemes. Recently, the advent of 3D Secure 2 (3DS2) has ushered in a new era for the protocol, with improvements to the accuracy of fraud detection, and much improved cardholder usability.
About 3D SECURE AUTHENTICATION
3D Secure is an authentication protocol for online credit card payments, and it has been the de facto authentication standard since the year 2000. A recent revision to the protocol has produced "3D Secure 2”, which includes many added features and benefits over 3DS1. But while the industry is gradually transitioning from 3DS1 towards its successor, 3DS1 still remains the most widely adopted authentication protocol for eCommerce transactions. 3D Secure was designed by Visa in 1999, and has since been adopted by other card schemes. You may have used 3D Secure before when asked to type in a password during eCommerce checkout, or you may recognise the protocol by its various market branded names.
3DS1 has been widely deployed in all countries around the world, and has a long, proven record of solving credit card fraud issues for merchants, payment gateways, and banks alike.
How it Works
The capital "D" in "3D Secure" stands for "domain", and there are 3 of them: the acquiring domain, the issuing domain, as well as the interoperability domain to link the two together.
ACCESS CONTROL SERVER (ACS)
The issuing domain is where the issuing banks operate. They are the ones who issue cards to cardholders, who then use the card to purchase goods and services. The issuing bank needs to deploy an Access Control Server, also known as "ACS", in order to receive 3D Secure messages, process the messages, and authenticate the card user.
The interoperability domain consists of just the Directory Server, which is deployed by card schemes, and can be considered the glue between the acquiring and issuing domains. If a merchant wants to authenticate a credit card and its user, how do they know which issuing bank to contact? The answer is simple: they send a message to the card scheme's Directory Server, which holds a "directory" of all the BIN ranges corresponding issuing banks. The Directory Server will receive the message from the MPI, check the card number against the BIN range directory that it holds, and forward that message onto the correct issuing bank. The issuing bank would then proceed with authenticating the card user.
MERCHANT PLUG-IN (MPI)
The acquiring domain is where the merchant, payment gateway, and acquiring banks sit. They initiate the transaction, which they wish to be authenticated. In order to do so, entities in the acquiring space need to deploy a "merchant plug-in", also known as "MPI".
Where does GPayments fit into this?
As specialists in 3D Secure, we developed all components of the 3D Secure ecosystem. Whether you're a merchant in the Canada, an issuing bank in Italy, or a regional card scheme in South East Asia looking for a Directory Server, we have the right solution to help you with all your 3D Secure needs.
Our MPI, aptly named "ActiveMerchant", provides acquiring side cardholder authentication. ActiveMerchant is a very stable and mature product with easy installation, a standard API based integration, and an intuitive user interface. ActiveMerchant has been tried, tested, and proven by online merchants, payment gateways, acquiring banks from all 5 continents of the globe.Find out more about ActiveMerchant
ActiveAccess is our ACS solution, and has been deployed by issuing banks, enterprises, government, and other application service providers from all around the world. ActiveAccess provides 3D Secure e-Commerce transaction authentication, as well as multi-factor user authentication. ActiveAccess also can process both 3DS1 and 3DS2 transactions, which means clients can easily support both protocols during the transition period.Find out more about ActiveAccess
ActiveDS (Directory Server)
ActiveDS is our Directory Server, which was initially built for internal testing. But as we continuously worked on it, it gradually developed into the full-fledged product that it is today. ActiveDS has been deployed by a local card scheme in Kyrgyzstan, and we continuously receive interest from regional card schemes around the world.Find out more about ActiveDS