Buyers/credit Card Holders
The intention behind the system is that cardholders will have a decreased risk of other people being able to use their payment cards fraudulently on the Internet.
In most current implementations of 3-D Secure, the issuing bank or its ACS provider prompts the buyer for a password that is known only to the bank/ACS provider and the buyer. Since the merchant does not know this password and is not responsible for capturing it, it can be used by the issuing bank as evidence that the purchaser is indeed their cardholder. This is intended to help decrease risk in two ways:
- Copying card details, either by writing down the numbers on the card itself or by way of modified terminals or ATMs, does not result in the ability to purchase over the Internet because of the additional password, which is not stored on or written on the card.
- Since the merchant does not capture the password, there is a reduced risk from security incidents at online merchants; while an incident may still result in hackers obtaining other card details, there is no way for them to get the associated password.
3-D Secure does not strictly require the use of password authentication. It is said to be possible to use it in conjunction with smart card readers, security tokens and the like. These types of devices might provide a better user experience for customers as they free the purchaser from having to use a secure password. Some issuers are now using such devices as part of the Chip Authentication Program or Dynamic Passcode Authentication schemes.
One significant disadvantage is that cardholders are likely to see their browser connect to unfamiliar domain names as a result of vendors' MPI implementations and the use of outsourced ACS implementations by issuing banks, which might make it easier to perform phishing attacks on cardholders.
Read more about this topic: 3-D Secure
Famous quotes containing the words credit, card and/or holders:
“Money is a poor man’s credit card.”
—Marshall McLuhan (1911–1980)
“What is the disease which manifests itself in an inability to leave a party—any party at all—until it is all over and the lights are being put out?... I suppose that part of this mania for staying is due to a fear that, if I go, something good will happen and I’ll miss it. Somebody might do card tricks, or shoot somebody else.”
—Robert Benchley (1889–1945)
“The doctrine of those who have denied that certainty could be attained at all, has some agreement with my way of proceeding at the first setting out; but they end in being infinitely separated and opposed. For the holders of that doctrine assert simply that nothing can be known; I also assert that not much can be known in nature by the way which is now in use. But then they go on to destroy the authority of the senses and understanding; whereas I proceed to devise helps for the same.”
—Francis Bacon (1560–1626)